Re: [squid-users] header_access debug, pam_appl.h, digest-auth-helper, storeio

> > 1) I got "pam_auth.c:74:31: error: security/pam_appl.h: No such file
> > or directory" when compiling squid-2.6.STABLE16-20070916. I found a
> > nearly identical instance in the list archive more than a year ago.
> > That got me looking into the pam-devel on my host os--Mac OS X 10.4.
> > It turns out pam_appl.h is located in /usr/include/pam/ on OS X 10.4
> > and 10.3, rather than /usr/include/security. A symbolic link takes
> > care of it. I wonder, however, if the developers are open to
> > accommodating this type of OS-specific peculiarities by adjusting
> > during ./configure based on --host=.
>
> so we need a configure test to see which of the two is available, and
> include the proper one..
>
> (should not make that decision based on the host type)

Thanks, Henrik.

> > 2) I narrowed down the cause of my inability to log into several sites
> > to the last line in the 'http_anonymizer paranoid' emulation of
> > squid-2.6 that I was using, namely: "header_access All deny all". I'd
> > like to find out what headers these sites need to see. Could anyone
> > let me know the debug_options number for header_access without going
> > full bore to "debug_options ALL,9"? Currently I'm aware of 33 for
> > reply_mime_type and 28 for ACL debugging. Is there a quick list of all
> > the debug option numbers, without resorting to reading the source
> > code?
>
> Usually login problems means you have blocked cookies..
>

I find "header_access All deny all" appears to be responsible for the cookie blocking.
I'd like to find out what additional header_access I need to allow to let these cookies through. Would enabling
header_access debug help in this regard? Could you point me to a list of all the possible debug_options, other than the source code? =D

Here's the header_access portion of my squid.conf

#Default:
# none
header_access User-Agent deny all
header_access Allow allow all
header_access Authorization allow all
header_access WWW-Authenticate allow all
header_access Cache-Control allow all
header_access Content-Encoding allow all
# to reproduce the old 'http_anonymizer paranoid' feature, as shown in the default squid.conf
header_access Allow allow all
(snipped for brevity)
header_access All deny all

I used Firefox extension LiveHTTPHeader to capture the difference (trying to) logging into youtube,
with the only change to squid.conf being "header_access All deny all" is disabled for the session to the right.

http://www.youtube.com/login?next=/index^M http://www.youtube.com/login?next=/index^M%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca%ca
^M ^MΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚ
POST /login?next=/index HTTP/1.1^M POST /login?next=/index HTTP/1.1^MΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚ
Host: www.youtube.com^M Host: www.youtube.com^MΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚ
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US;^M User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US;^MΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚ
Accept: text/xml,application/xml,application/xhtml+xml,text/h^M Accept: text/xml,application/xml,application/xhtml+xml,text/h^MΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚ
Accept-Language: en,en-us;q=0.5^M Accept-Language: en,en-us;q=0.5^MΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚ
Accept-Encoding: gzip,deflate^M Accept-Encoding: gzip,deflate^MΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚ
Accept-Charset: gb18030,utf-8;q=0.7,*;q=0.7^M Accept-Charset: gb18030,utf-8;q=0.7,*;q=0.7^MΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚ
Keep-Alive: 300^M Keep-Alive: 300^MΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚ
Proxy-Connection: keep-alive^M Proxy-Connection: keep-alive^MΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚ
Referer: http://www.youtube.com/login?next=/index^M Referer: http://www.youtube.com/login?next=/index
 ΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚ
Cookie: GEO=4dbf49b28f5f6763908f946191912f49cxUAAABVUyxuaixhd^M Cookie: GEO=4dbf49b28f5f6763908f946191912f49cxUAAABVUyxuaixhd^MΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚ
Content-Type: application/x-www-form-urlencoded^M Content-Type: application/x-www-form-urlencoded^MΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚ
Content-Length: 89^M Content-Length: 89^MΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚ
current_form=loginForm&next=%2Findex&username=a6u5e&password=^M current_form=loginForm&next=%2Findex&username=a6u5e&password=^MΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚ
HTTP/1.x 303 See Other^M HTTP/1.x 303 See Other^MΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚ
Date: Wed, 19 Sep 2007 00:46:53 GMT^M | Date: Wed, 19 Sep 2007 00:48:29 GMT^MΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚ
> Server: Apache^MΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚ
> Set-Cookie: LOGIN_INFO=fad04c4763311f496b3a8a54e4ac17e5e3QgAA^MΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚ
> Set-Cookie: SOM=; path=/; domain=.youtube.com^MΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚ
> Set-Cookie: TSOM=; path=/; domain=.youtube.com^MΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚ
Cache-Control: no-cache^M Cache-Control: no-cache^MΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚ
(snipped for brevity...)ΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚΚ

> > 3) Does the latest squid-2.6 still need the digest-auth-helper from
> > squid-3PRE if I want to use digest password? Is this going to change?
>
> Squid-2.6 has the same digest helper as Squid-3.

Good to know. Glad I asked.

> > 4) What are the possible squid storeio options on Mac OS X (HFS+ or
> > UFS format)? So far it seems I have to either accept the default (UFS)
> > even though my disk is formatted HFS+, or --enable-storeio=null.
> > Anything else I tried had failed. Is there a matrix of all the storeio
> > possibilities for every OS squid has been compiled on?
>
> only ufs and null I am afraid.. Max OS X do not provide the factilities
> needed for either aufs or diskd.. and coss is still experimental.
>
> the name ufs has no relation to the actual filesystem type used by your
> OS. It's just Squid's name for "cache ontop of unix-like filesystem". A
> better name would be "simple" with aufs being "threaded".

Would aufs and diskd be valid options for squid on Mac OS X if ZFS becomes available for OS X as long rumored?

Finally, question 5) that I've meant to ask for a long time: I find I always have to issue "squid -k shutdown" at least twice, before squid would shut down.
Not too surprisingly "squid -k kill" only needs to be issued once. I'm curious what's causing squid's "resiliency" in the face of "squid -k shutdown"?
Does it have anything to do with the 8 squidGuard redirect_children in my setup?
Received on Tue Sep 18 2007 - 19:48:20 MDT