On 2025-04-11 01:08, Amos Jeffries wrote:
On 11/04/25 03:47, Jonathan Lee wrote:
Hello fellow Squid users,
Does anyone use pfSense squid package that knows a possible solution
to this issue ? I have went as far as to remove all custom config and
go to complete splice all and it still occurs w
On 2025-04-08 08:24, Michael Tint wrote:
I'm running into a blocking issue while deploying Squid 6.13 ... My goal is
to enable the PROXY protocol support via the following config line:
http_port 3128 proxy-protocol
The correct http_port option name for enabling PROXY protocol support is
no
, Apr 02, 2025 at 11:21:15AM -0400, Alex Rousskov wrote:
On 2025-04-02 10:45, Dave Dykstra wrote:
We're trying rock cache for the first time, on squid 6.13. The
machine is quite large and heavily used, with 10 workers configured,
140G of shared memory cache, and 500G of rock cache configure
On 2025-04-02 10:45, Dave Dykstra wrote:
We're trying rock cache for the first time, on squid 6.13. The
machine is quite large and heavily used, with 10 workers configured,
140G of shared memory cache, and 500G of rock cache configured.
However, the cacheNumObject SNMP counter is staying quite
On 2025-03-18 06:25, David Touzeau wrote:
We note that Squid performs a client DNS PTR query each time client
sends query.
We have taken care to ensure that
* that the log model does not use machine names
* No acls concerning workstation hostnames are added.
FWIW, the phrase "workstati
regards,
Ankor.
вт, 11 мар. 2025 г. в 17:12, Alex Rousskov
mailto:rouss...@measurement-factory.com>>:
On 2025-03-10 23:56, Andrey K wrote:
> > Alex: FWIW, related future Squid improvements may include:
> > * Detecting such shar
0,23 136
1212704040 /dev/shm/squiduser-cf__readers.shm
squid.use 3685356 root 9u REG 0,23 2093368
1212704041 /dev/shm/squiduser-tls_session_cache.shm
Kind regards,
Ankor.
пт, 7 мар. 2025 г. в 17:48, Alex Rousskov
mailto:rouss.
ments may include:
* Detecting such shared memory segments clashes; refusing to start.
* Disabling shared memory use when caching is completely disabled.
Quality pull requests welcome.
Cheers,
Alex.
чт, 6 мар. 2025 г. в 17:11, Alex Rousskov:
On 2025-03-06 08:59, Amos Jeffries wrote:
On 2025-03-06 08:59, Amos Jeffries wrote:
On 6/03/25 19:17, Andrey K wrote:
Hello,
I have a similar configuration: two SMP squids running on the same OEL
host.
They were built with different configurations: with different
installation path prefixes and different names of binary files: squid
On 2025-03-02 15:47, Lubos Uhliarik wrote:
2024/10/16 17:52:44 kid10| Adaptation support is off.
2024/10/16 17:52:44 kid10| assertion failed: Queue.cc:388: "EX"
Squid v6 has a few changes that affect SMP startup and shutdown
sequences. Since you have ruled out upgrading to a supported versio
On 2025-02-26 01:58, Amos Jeffries wrote:
On 26/02/25 00:33, BENJAMIN DELANNOY wrote:
> Please detail what you mean by "choice" or "decision". For example, do
you want to stop the timer when Squid makes its final http_access
decision?
I mean I want to monitor the latency on what I could mana
feature-enhance-of-fix-something
HTH,
Alex.
On Wed, Feb 19, 2025 at 5:39 PM Alex Rousskov wrote:
On 2025-02-19 06:26, BENJAMIN DELANNOY wrote:
> For % next hop and stops when the last response byte is received." Are we
> talking of last request / last response of a
On 2025-02-26 07:05, Matus UHLAR - fantomas wrote:
I'd like squid to avoid considering using ipv6,
because even if any ipv6 attempt failed, there still were some being made
... at least I assume so from squid logs:
1740062747.503 0 192.0.2.1 NONE_NONE/503 0 CONNECT ad.turn.com:443
- HIER
On 2025-02-25 09:56, Alex Rousskov wrote:
On 2025-02-25 09:47, Thomas PALFRAY wrote:
we tried version 6.13 as recommended, but the behavior is the same.
Thank you for testing v6.13. That test eliminates many suspects.
What additional information would you need to understand the the problem
On 2025-02-25 09:47, Thomas PALFRAY wrote:
we tried version 6.13 as recommended, but the behavior is the same.
Thank you for testing v6.13. That test eliminates many suspects.
What additional information would you need to understand the the problem
For the next step in triage, I can offer
traffic with SSL Bump)
Based on this, I would be able to check if a squid server is taking too
much time making a decision.
Is this something feasible?
Please detail what you mean by "choice" or "decision". For example, do
you want to stop the timer when Squid makes its fin
On 2025-02-17 10:02, BENJAMIN DELANNOY wrote:
I try to figure out what is exactly measured with the I don't get what are the difference between them, what is the difference
between "peer response time" & "time spent forwarding to origin
servers",
Have you seen %updated in August 2024, and sq
On 2025-02-12 17:22, Zile Rehman wrote:
I’m Zile Rehman, a Platform Engineer at Orca Security.
Recently, I worked on a forward proxy solution in Kubernetes and found
that there are very few resources available in this area. My goal is to
create an open-source repository with a container image
On 2025-02-07 18:41, Jonathan Lee wrote:
Can someone show me an example of doing one of these requests on the to
do list?
Please direct future development questions and followups to squid-dev
mailing list! This squid-users mailing list is meant for Squid operators
or administrators rather th
On 2025-02-07 05:15, Robin Wood wrote:
I want to write my own ICAP server
FWIW, nearly all attempts to quickly write a production-quality ICAP
server (that I have seen) have failed. The protocol is much more complex
than it seems. In most cases, folks looking for a free ICAP server
should b
On 2025-02-05 05:54, udhayakumar wrote:
if i put whitelist_regex in below config which domains i was try
browse in browser it's says*SSL_ERROR_RX_RECORD_TOO_LONG*
IIRC, that usually happens when Squid responds with a plain text error
page while the browser expects TLS. You may be able to conf
On 2025-02-03 09:07, Thomas PALFRAY wrote:
My team and I are working on setting up *a squid with ssl-bump* to cache
binary content (jpeg, png, pdf and json) on a remote site over HTTPS.
The size of the binary content can vary from a few dozen KB to several
hundred MB.
We had a working HTTP
below) for details.
Thank you,
Alex.
*From:* Alex Rousskov
*Sent:* Thursday, January 23, 2025 9:28:32 AM
*To:* squid-dev@lists.squid-cache.org
*Cc:* VEDIA Christian
*Subject:* Re: [squid-dev] Confirmation of Feature Support of HTTP/2
On 2025-01-22 13: 48, VEDIA Christian wrote: > Do
On 2025-01-22 13:48, VEDIA Christian wrote:
Does the latest version support either [HTTP/2] or HTTP/3?
Hi Christian,
No, Squid v6 does not support HTTP/2+.
are there plans to have this supported in the next release?
No, and there is not enough time to change that because the next rel
On 2025-01-21 05:41, Илья Щелоков wrote:
I have a squid proxy, it sends data to the system via icap. I need to
install another squid between the proxy and the system so that it
receives icap from the proxy
Squid is an ICAP client: it sends ICAP requests and received ICAP responses.
Squid is
On 2025-01-13 13:29, Jonathan Lee wrote:
Is there anyway to use more workers on a non rock system, without
disabling the cache? I can use them when cache is disabled. Without
it I get assertion failed: controller:cc:930: EX"
I will try to clarify in hope to reduce misunderstanding, especially
On 2025-01-10 17:53, Francesco Chemolli wrote:
actually, I found it. sorry for the churn
Just to clarify: Francesco meant to respond to another email (on another
email thread unrelated to this squid-dev thread). -- Alex.
On Fri, Jan 10, 2025 at 10:43 PM Alex Rousskov wrote:
On 2025
On 2025-01-10 15:41, infant vinay wrote:
I am unable to find where to download the Squid 7.x source code or git
repo used for it in the new Squid web page layout that was deployed this
year.
Please provide instructions on how to go about accessing it.
Squid v7 does not exist (yet): We have
On 2025-01-07 04:49, Tony Albers wrote:
Is it possible in squid to ensure that a badly behaving backend
application doesn't eat up all squid resources?
Yes, especially if you know about that application behavior in advance.
You can configure Squid to start denying requests for the problematic
On 2025-01-06 00:37, Jonathan Lee wrote:
Can you please help I have noticed for a long time under information
page that Store Disk Files Open is a lot of the times showing 0
Is this of concern?
If your Squid is not configured to use a cache_dir, then seeing zero
Store Disk files open is OK.
On 2025-01-01 12:03, Amos Jeffries wrote:
Also, To prevent regressions in future we will need to check the Anubis
repository is not pushing more "M-staged-PR" tags on each "auto" push.
Anubis completely stopped using git tags in 2019.
Alex.
___
squ
On 2024-12-30 11:55, Jonathan Lee wrote:
what is faster or better for performance? The parsed ssl_bump lists
or the singular list?
To remove very distracting noise, I am posting an abridged version of
your "before" and "after" configurations:
# before
ssl_bump splice A
ssl_bump s
On 2024-12-30 10:02, Francesco Chemolli wrote:
There are a lot of tags attached to Squid's git repository that do
not seem to be relevant; I'm proposing to remove them, unless there's a
reason not to.
Great minds think alike! I was going to propose that as well, but did
not want to interrupt
On 2024-12-27 01:07, Shailesh Vashishth wrote:
I am trying to do the following ToDo in store_client.cc.
// TODO: Convert store_client into AsyncJob; make this call asynchronous
I do not recommend working on that to-do:
1. It is too complex, requiring good understanding of AsyncJob design
tha
ical
application of the techniques used in the topics you have provided.
I would be grateful for practice specifically in my case for a
better understanding of the work.
пн, 23 дек. 2024 г. в 00:42, Alex Rousskov
mailto:rouss...@measurement-factory.com>>:
O
On 2024-12-23 00:27, Eternal Dreamer wrote:
I need some help with my squid-6.7 installation. I need to see
forwarding status codes for my monitoring system, but squidclient -h
3128 mgr:forward is empty. Another stats from mgr:* works fine.
You are suffering from a Squid bug: In many cases, Sq
2023-April/025784.html
HTH,
Alex.
вс, 22 дек. 2024 г. в 22:47, Alex Rousskov
<mailto:rouss...@measurement-factory.com>>:
On 2024-12-22 08:13, A. Pechenin wrote:
> The reason and solution were not simple and obvious at first glance.
> I have two providers access
On 2024-12-22 08:13, A. Pechenin wrote:
The reason and solution were not simple and obvious at first glance.
I have two providers accessing the gateway, the main and backup
channels, and automatic switching is configured when the connection on
the main channel is lost.
To check, I switched the
On 2024-12-21 12:26, A. Pechenin wrote:
This week, when connecting users through a proxy server, some Google
services became inaccessible, such as Calendar, Translator, user profile.
Do you use any ssl_bump directives? You have mentioned a test with
"default configuration file" below. That con
On 2024-12-08 09:26, David Touzeau wrote:
Is there any way or development plan to include “proxy-protocol” in
cache_peer?
I am not aware of any specific current development plans, but there is
interest in adding that feature, and I expect it to be added eventually.
Alex.
Squid is able to
On 2024-12-15 13:32, Hering, Uwe wrote:
We are using squid (version see above) on SLES15, rebuild with
“--enable-ident-lookups".
This works great up to SP5, but is broken with this squid version above
belonging to SP6.
2024/12/12 10:16:06 kid1| FATAL: assertion failed: FilledChecklist.cc:2
On 2024-12-02 03:56, Masanari Iida wrote:
Hi,
I would like to understand memory_pools and memory_pools_limits setting.
In case memory_pools_limit is set to none (as default),
all squid process memory that can be seen by ps(1) is being used by squid?
Yes, for some definition of "being used". So
On 2024-11-26 00:53, Jonathan Lee wrote:
-n Disable lookups and address type conversions. If lookup or
conversion is required because the parameter type (IP or
domain name) does not match the message address type (domain
name or IP), then the ACL would immediately declare a mism
stdout. I can imply redirect
the "squid -k rotate" stderr to /dev/null
but I would like to avoid it when possible - if any error happens,
I't like to know about that.
On 21.11.24 16:16, Alex Rousskov wrote:
If you are OK with not seeing these particular messages in cache.log
On 2024-11-21 08:44, Ralf Hildebrandt wrote:
Can I force certain destinations to be reached using ipv4 only?
Not reliably. IMHO, it is a missing feature (or two).
Various tricks exist, but none of them work well in general, for various
reasons. See other responses on this thread for some spe
On 2024-11-21 07:29, Matus UHLAR - fantomas wrote:
I run squid 6 (currently 6.10) on some debian hosts.
when rotating logs in the night, I get mail about cron output:
2024/11/21 00:00:41| Processing Configuration File:
/etc/squid/squid.conf (depth 0)
2024/11/21 00:00:41| Processing Configurati
On 2024-11-18 09:59, Martin A. Brooks wrote:
I am running 3 squid instances behind a load balancer. It was running
fine for a couple of weeks but but there were suddenly tens of thousands
of this sort of message in the log:
squid[507015]: ERROR: system call failure while accepting a TLS
con
On 2024-11-17 18:41, Gaetano wrote:
We are running three squid proxy 5.5,
Please note that Squid Project does not support Squid v5. I recommend
upgrading to Squid v6+ (regardless of what your Linux distribution
currently ships).
on three different VMs, same
number of CPUs (4), same memor
On 2024-11-14 13:15, slagaute...@hotmail.com wrote:
Recently I have updated
my version from version 6.0 (early age) to the latest version 6.12.
I have some web sites like www.google.com for which my browser never
complete the download of the page. There is a pending request to URIs
like https
ents for my patch within Yocto.
I am very glad to hear that you are making progress.
Good luck,
Alex.
-----Original Message-
From: Alex Rousskov
Sent: Friday, November 8, 2024 5:27
To: squid-users@lists.squid-cache.org
Cc: Marko, Peter (FT D EU SK BFS1)
Subject: Re: [squid-users] v6.12 bu
On 2024-11-07 16:48, Marko, Peter wrote:
Commit [1] removed directory libltdl/m4 from release tarball by merging
all those files into libltdl/aclocal.m4,
Clarification: While commit b4addc22 itself did not remove any
directories or merged any files, bootstrapping Squid after that commit
may
On 2024-10-30 20:46, Jonathan Lee wrote:
Hello, thank you for the update Francesso, there is also some chatter
about bugs within the Netgate community. Is this also related to the
fixes in V7 (please see Redmine attached)?
AFAICT, Redmine Bug #14390 is pretty much unrelated to "Joshua 55"
vul
On 2024-10-30 08:38, Amos Jeffries wrote:
On 31/10/24 00:09, Francesco Chemolli wrote:
Hi all,
do we have any opinion on
https://www.ietf.org/archive/id/draft-ietf-httpbis-cache-groups-02.html
?
This is a further extension of Mark's variant Key header extensions to
HTTP.
When I proposed
On 2024-10-30 07:09, Francesco Chemolli wrote:
do we have any opinion on
https://www.ietf.org/archive/id/draft-ietf-httpbis-cache-groups-02.html
?
"The Cache-Group-Invalidation header field MUST be ignored on
responses to requests that have a safe method (e.g., GET [and HEAD])"
AFAICT, the
on where the
issue is. Authentication seems to be working, but it's like this term either
doesn't pass the credentials along, or it's expecting some other response. Is
there anyone that could help me figure out what the issue is with this?
Thank you,
Josh
-Original Message
desired name; }}
Yes, I have already responded to email with that information. Please
continue that thread:
https://lists.squid-cache.org/pipermail/squid-users/2024-October/027224.html
Alex.
-Original Message-
From: Alex Rousskov
Sent: Thursday, October 24, 2024 4:46 PM
To: Piana
data in the DNS request itself.
- DNS data egress attacks are potent because they exploit a
foundational internet protocol for covert data transmission. Solutions
demand vigilant DNS traffic analysis and strict egress filtering
policies.
---
On Mon, Oct 28, 2024 at 12:14 AM Alex Rousskov
wrote:
those pre-merge self tests
(Submission Checklist).
I will do the steps given in the Submission Checklist and
submit a PR in a day or two.
Thank you for helping me with getting started and
joining the project.
Reg
on Checklist).
I will do the steps given in the Submission Checklist and submit
a PR in a day or two.
Thank you for helping me with getting started and joining the
project.
Regards
Shailesh
On Fri, Oct 4, 2024 at 6:53 PM Alex Rousskov
elping me with getting started and joining the
project.
Regards
Shailesh
On Fri, Oct 4, 2024 at 6:53 PM Alex Rousskov
mailto:rouss...@measurement-factory.com>> wrote:
On 2024-10-03 15:49, Shailesh Vashishth wrote:
>
On 2024-10-25 18:18, Erik Schulz wrote:
I would like to use squid as an egress proxy, to prevent unauthorized egress.
Let's say that the only allowed egress is 'example.com'.
I can define acl along the lines of:
```
acl allowed_domains ssl::server_name .example.com
http_access allow allowed_dom
On 2024-10-25 14:28, GM Test wrote:
I'm not sure if this is the right place to ask this question
Yes, it is.
but in the
*logformat *command, I cannot seem to work out what the square bracket
is for?
When used at the beginning of a logformat %code name, a single square
bracket character s
not be specific to any HTTP(S) transaction that
Squid is handling. If you can test your authentication helper in
isolation by starting it from the command line and feeding it helper
commands, do that.
Alex.
-Original Message-
From: Alex Rousskov
Sent: Thursday, October 24, 2024 4:46
On 2024-10-24 16:23, Piana, Josh wrote:
From what I can tell, squid does not receive a good username. When I check the
access logs, I receive something like this:
24/Oct/2024:16:01:08 -0400.334 10.46.49.190 TCP_DENIED/407 7821 CONNECT
www.google.com:443 - \ HIER_NONE/- text/html ERR_CACHE_A
On 2024-10-24 15:53, Piana, Josh wrote:
Hey Squid users,
Running into an issue I’m trying to figure out.
We have a few acl directives using “proxy_auth_regex –i” and when I have
these active, it blocks any proxy connection with an HTTP 407 error,
according to the logs.
Here’s an example:
#
:
refresh_pattern . 15 20% 1800
override-expire ignore-no-cache ignore-no-store ignore-private
And I always get TCP_MISS. Any other thoughts?
Thanks!
On Thu, Oct 10, 2024 at 12:35 PM Alex Rousskov
<mailto:rouss...@measurement-factory.com>> wrote:
On 2024-10
On 2024-10-09 15:40, Bryan Seitz wrote:
> SSL-Bump Woes
AFAICT, the problem you are trying to solve is not caused by SslBump.
> reply_header_access Cache-Control deny all
> reply_header_add Cache-Control "public, max-age=1800"
The above directives are applied to responses that Squid sends to
On 2024-10-03 15:49, Shailesh Vashishth wrote:
I would like to contribute to the Squid Project and I have picked one
small task out of the ToDos for myself.
Hello Shailesh,
Welcome to the Project and good luck with your first task! If you
need any help, please do not hesitate to ask on
On 2024-09-25 01:57, にば wrote:
We then added the following settings that were in the existing Squid proxy
# SSL_BUMP
acl allowed_https_sites ssl::server_name "/etc/squid/whitelist"
acl allowed_https_sites ssl::server_name "/etc/squid/whitelist_transparent"
acl allowed_https_sites ssl::server_na
On 2024-10-03 11:10, Andrea Venturoli wrote:
> Out of 10 installations, ... on one it's very frequent.
> Any idea on what to check or try? ... Any way to get better logs?
Since the problem is frequent on that one host, I recommend privately
sharing[1] a pointer to compressed debugging cache.lo
On 2024-10-03 10:12, Andrea Venturoli wrote:
On 10/2/24 23:30, Alex Rousskov wrote:
Disadvantages of using eCAP+ClamAV adapter include being dependent on
a relatively old libecap and ClamAV eCAP adapter implementation.
I got it all wrong then... I thought ICAP was older and eCAP was meant
to
On 2024-09-29 12:40, Andrea Venturoli wrote:
I've been using Squid + C-icap + SquidClamAV + ClamAV for a long time in
order to filter web content.
However this has lately been troublesome, leading to occasional
hard-to-diagnose temporary failures ("ICAP protocol error").
So I'm pondering mov
On 2024-10-01 11:49, Dr.X wrote:
Just wondering if I can have in squid.conf like :
export FRONTEND='1.2.3.4'
http_port {FRONTEND}:3128
But the way above did not work and seems not recognized by squid .
My question is , Is it possible that I identify a variable and give it a
value like string
On 2024-09-30 09:08, Alexis DAVEAU wrote:
wget http://www.squid-cache.org/Versions/v5/squid-5.2.tar.gz
tar -xzf squid-5.2.tar.gz
cd squid-5.2
export CXXFLAGS="-DMAXTCPLISTENPORTS=254"
./configure --prefix=/usr --localstatedir=/var
--libexecdir=/usr/lib/squid --datadir=/usr/share/squid \
--sysc
On 2024-09-23 04:21, Rick Rackow wrote:
The question is, has it been considered to validate the config file
before performing the actual reload
Yes, it has been considered. The progress towards that "reject malformed
configurations during reconfiguration" ideal is painfully slow
(primarily f
On 2024-09-17 10:43, Martin A. Brooks wrote:
On 2024-09-17 15:13, Alex Rousskov wrote:
What makes you think that CONNECT requests are not sent to the
rewriter? In my quick-and-dirty tests, Squid does send CONNECT request
targets to the URL rewriter program and honors rewriter's
rewrit
On 2024-09-17 09:34, Martin A. Brooks wrote:
Proxied HTTPS requests use
CONNECT and, for whatever reason, this appears to bypass the url
rewriter.
What makes you think that CONNECT requests are not sent to the rewriter?
In my quick-and-dirty tests, Squid does send CONNECT request targets to
tate all their rules.
(*) Similar breadcrumbs will be collected for other directives as well.
Alex.
- Mail original -
De: "Alex Rousskov"
À: squid-users@lists.squid-cache.org
Envoyé: Lundi 2 Septembre 2024 22:38:44
Objet: Re: [squid-users] Looking for a solution to identify
he explicit rules
matched. That implicit default is "ever-changing" because it depends on
the last explicit http_access rule action (which, naturally, may change
as folks update their rules).
FWIW, the following FAQ entry covers the same concepts:
https://wiki.squid-cache.org/SquidFaq/Sq
On 2024-09-16 09:58, Piana, Josh wrote:
I removed all of the special, custom ACL's and we still don't have internal to
internal browsing via hostname.
FWIW, these first two http_access rules make all subsequent http_access
rules irrelevant/unused because these two rules match all traffic:
On 2024-09-10 13:54, Carlos André wrote:
My "delay_class" simple DON'T with if I use a acl external (helper -
LDAP or winbind [ext_wbinfo_group_acl], same problem), delay_class work
ok using a acl proxy_auth or acl src but nothing with a external.
I believe your configuration is suffering
to confirm that all valid requests to banned sites are
denied, all other valid requests are allowed, and all invalid requests
are rejected. If necessary, ask questions, file bug reports, patch
Squid, and/or adjust your configuration to pass this test.
HTH,
Alex.
2024年8月8日(木) 21:33 Alex Rousskov
On 2024-09-05 01:52, YAMAGUCHI NOZOMI (JIT ICC) wrote:
If there were duplicate domains in the list of domains used, restarting
the squid would cause the process to stop.
Below is the error statement.
ERROR: 'a.example.com' is a subdomain of 'example.com
FATAL: /etc/squid/squid.conf
Hi Nichol
ork. This whole config
that we have has been pieced together and I'd like to get it to the way it's
supposed to be.
What do you recommend? I can send the whole config again, exactly as we have it
now, and see what we can fix/remove/replace.
Appreicate you helping,
Josh
-Original Messag
- HIER_NONE/- text/html
29/Aug/2024:10:27:17 -0400.514 10.46.49.190 NONE_NONE/500 0 CONNECT hexcelssp:443
JPIANA@AD..COM HIER_NONE/- -
I'm not sure the debugging and extra log details were added correctly, because
these look the same.
Thanks,
Josh
-Original Message-
From: squid
On 2024-08-30 08:35, Michael Egert wrote:
I have a little problem with this helper, it worked fine for a while and
then suddely stopped working.
It may help others if you detail "stopped working" based on a test case
involving Squid. AFAICT, your email contains an attempt to manually feed
th
ant to force traffic other
than HTTP and FTP through Squid. In other words, Squid is not a
"universal" proxy that can proxy everything.
HTH,
Alex.
On 2024-08-28 09:14, Alex Rousskov wrote:
On 2024-08-28 08:52, Scott Bates wrote:
Alex: What protocol do those external services use in
On 2024-09-02 15:00, Xavier Lecluse wrote:
I am facing a problem with my actual access.log configuration.
I use this logformat for the access.log :
"logformat timereadable %tl %un %Ss %>Hs %>a:%>p %st %rm %ru %mt %.
But I have some users which are not authentified (because of incompatiblity with
directory.
3. Start Squid.
If the problem persists, share the command you use to start Squid and
any console output you get from that command.
In general, avoid using "squid -k reconfigure" when possible, especially
when using Squid v5 and earlier.
HTH,
Alex.
-Original Message
requests are allowed, and all invalid requests
are rejected. If necessary, ask questions, file bug reports, patch
Squid, and/or adjust your configuration to pass this test.
HTH,
Alex.
2024年8月8日(木) 21:33 Alex Rousskov :
On 2024-08-06 20:59, にば wrote:
When using Squid transparently, is it po
Squid before. And you will learn a few new tricks...
I'll update those logs and wait for your response to this before
sending them or sending you a personal drop link.
A link usually works best.
Thank you,
Alex.
-Original Message-
From: squid-users On Behalf Of Alex
Rousskov
S
HIER_NONE/- text/html
29/Aug/2024:10:27:17 -0400.514 10.46.49.190 NONE_NONE/500 0 CONNECT hexcelssp:443
JPIANA@AD..COM HIER_NONE/- -
I'm not sure the debugging and extra log details were added correctly, because
these look the same.
Thanks,
Josh
-Original Message-
From: squi
all.
I apologize for the wall of text, looking forward to what you guys have to say
about this.
Thanks,
Josh
-Original Message-
From: squid-users On Behalf Of Alex
Rousskov
Sent: Wednesday, August 28, 2024 2:31 PM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-user
On 2024-08-28 14:18, Alex Rousskov wrote:
On 2024-08-28 11:24, Piana, Josh wrote:
Here's the log and (I think) relevant ACL's?
According to your access.log, Squid denies problematic CONNECT requests
with HTTP 407 errors responses. Usually, that means those requests match
an &q
On 2024-08-28 11:24, Piana, Josh wrote:
Here's the log and (I think) relevant ACL's?
According to your access.log, Squid denies problematic CONNECT requests
with HTTP 407 errors responses. Usually, that means those requests match
an "http_access deny" rule. Clearly, you expect an "allow" out
On 2024-08-28 08:52, Scott Bates wrote:
Alex: What protocol do those external services use in problematic
use cases?>> Does Squid see the corresponding requests from VMs?
Squid can only proxy HTTP and FTP...
http and https only
Does Squid log the corresponding problematic transactions to i
On 2024-08-27 14:07, Scott Bates wrote:
My lab is setup as such:
Hypervisor host
Squid VM
Test VM 1 (windows)
Test VM 2 (windows)
Test VM 3 (windows)
I have my proxies setup in the squid config. On the test vms I have the
windows proxy settings pointing to the squid IP and port. If I check the
On 2024-08-26 02:23, Alexandru Mateescu wrote:
In October 2023 the free vulnerabilities scanner of Greenbone (Openvas)
has started reporting high vulnerabilities on squid for all versions.
When I questioned them about it they indicated
https://megamansec.github.io/Squid-Security-Audit/ as the
On 2024-08-23 12:07, Piana, Josh wrote:
The problem we’re having now is that we’re unable to access local
resources on different subnets. For instance, our “main” networks are
10.46.x.x and 10.47.x.x, but the proxy is blocking us when we try to get
to 172.26.x.x as well as 10.96.x.x.
Blocki
On 2024-08-23 06:29, ngtech1...@gmail.com wrote:
OK so the issue was that:
The http_port was used for ssl bump with intercept
I would not phrase it that way because "bump" is a red herring here. I
would instead say that the issue was that "http_port was used for
intercepted TLS traffic" or "
1 - 100 of 1076 matches
Mail list logo
