Re: [squid-users] Squid not using all cache_mem/ Increase TCP_MEM_HIT squid 2.6

Thank you Amos. maximum_object_size_in_memory must be the special setting that I had missed. Memory hits now up to 60% Cache information for squid: Request Hit Ratios: 5min: 84.4%, 60min: 78.6% Byte Hit Ratios: 5min: 80.6%, 60min: 67.9% Request Memory Hit Ratios: 5min: 63.1%, 60min: 66.1% Req

Re: [squid-users] Behind enemy lines (squid behind proxy)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 7/11/2014 11:30 a.m., doc.holli...@usa.com wrote: > >> Sent: Wednesday, November 05, 2014 at 10:48 PM From: "Amos >> Jeffries" > >> On 6/11/2014 2:33 p.m., doc.holliday wrote: >>> >>> I've searched through the internets and tried various things..

Re: [squid-users] assertion failed: client_side.cc:1515: "connIsUsable(http->getConn())

Oh sure, sorry: Squid Cache: Version 3.4.8 configure options:  '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--dat

Re: [squid-users] assertion failed: client_side.cc:1515: "connIsUsable(http->getConn())

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 7/11/2014 12:25 p.m., dan wrote: > Bumping this with another backtrace. Happened at 16:05 this time, > when the system was not very very busy. > > It’s causing squid to crash in such a way that I actually have to > `kill -9` the process in order to

Re: [squid-users] R: R: Problem with Squid 3.4 and transparent SSL proxy

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/11/2014 9:55 p.m., Job wrote: > Thank you Amos, for everything. > > I route with REDIRECT all outgoing connection to port tcp/443 from > my LAN: > > iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT > --to-port 3130 > > in squid, i

Re: [squid-users] Squid 3.4.6 POST upload problem

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 13/11/2014 5:47 a.m., Lorenzo Gollinelli wrote: > Hello, > > we have squid 3.4.6 talking to websense over icap. We have problems > in uploading files larger than 55 kB. > > this is the icap.log when file is correctly uploaded (<55kB): > > 1415810

Re: [squid-users] Forceful Reauthentication

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 13/11/2014 8:27 a.m., santosh wrote: > Hello Team, > > I'm trying to reauthenticate the user once he visits google as per > this url https://workaround.org/squid-acls but it doesnt seem to > reprompt the credentials when i access google , below ar

Re: [squid-users] cache peer problem with two squid one Tproxy --->normal Porxy

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 14/11/2014 2:27 a.m., Ahmed Allzaeem wrote: > Hi Amos , thanks for all explanation. > > But the problem solved when I added the following directives to the > tproxy server : ## forwarded_for off * that breaks any possib

Re: [squid-users] mgr:info question

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 13/11/2014 4:11 p.m., Alberto Klocker wrote: > Looking at the squidclient mgr:info command output I was wondering > what the difference between these two entries are? > > Cache information for squid: Hits as % of all requests: 5min: > 0.7%, 60

Re: [squid-users] cache peer problem with two squid one Tproxy --->normal Porxy

Hi Amos , thanks for all explanation. But the problem solved when I added the following directives to the tproxy server : ## forwarded_for off request_header_access Allow allow all request_header_access Authorization allow all request_header_access WWW-Authenticate all

[squid-users] mgr:info question

Looking at the squidclient mgr:info command output I was wondering what the difference between these two entries are? Cache information for squid: Hits as % of all requests: 5min: 0.7%, 60min: 0.3% Hits as % of bytes sent:5min: 51.3%, 60min: 25.5% I can guess the fir

Re: [squid-users] cache peer problem with two squid one Tproxy --->normal Porxy

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 13/11/2014 7:39 p.m., Ahmed Allzaeem wrote: > Hi amos > > I have changed the both hostnames on two servers : > > [root@tproxy ~]# hostname tproxy.com > > > [root@parent ~]# hostname parent.com > > Good. > but , as I told u last time I can se

Re: [squid-users] OT: why does openssl-1.0.1f not like https://www.bnz.co.nz/?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 13/11/2014 3:22 p.m., Jason Haar wrote: > On 13/11/14 15:04, Amos Jeffries wrote: >> Sounds to me like they are using SSLv3 in their server. > > Yes but "openssl s_client -tls1" also works, it just appears that > openssl cannot negotiate it - it ha

Re: [squid-users] Squid not using all cache_mem/ Increase TCP_MEM_HIT squid 2.6

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 13/11/2014 2:07 p.m., andrew williams wrote: > Hi, I'm getting what I think is too low of MEM_HIT ratio.. I would > like squid to use all of the cache_mem, thus increasing MEM_HIT? You are running a 32-bit build of a Squid version deprecated more

Re: [squid-users] OT: why does openssl-1.0.1f not like https://www.bnz.co.nz/?

On 13/11/14 15:04, Amos Jeffries wrote: > Sounds to me like they are using SSLv3 in their server. Yes but "openssl s_client -tls1" also works, it just appears that openssl cannot negotiate it - it has to be hardwired > Lookup "SSLv3 POODLE" for what is happening in that area. I thought it would

Re: [squid-users] OT: why does openssl-1.0.1f not like https://www.bnz.co.nz/?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 13/11/2014 11:55 a.m., Jason Haar wrote: > Hi there > > I just found I cannot connect to https://www.bnz.co.nz/ using curl > on Ubuntu (7.35 compiled against openssl-1.0.1f), whereas > https://www.kiwibank.co.nz/ works fine. I first thought it was

[squid-users] Squid not using all cache_mem/ Increase TCP_MEM_HIT squid 2.6

Hi, I'm getting what I think is too low of MEM_HIT ratio.. I would like squid to use all of the cache_mem, thus increasing MEM_HIT? Cache information for squid: Request Hit Ratios: 5min: 83.2%, 60min: 81.7% Byte Hit Ratios: 5min: 85.6%, 60min: 69.4% Request Memory Hit Ratios: 5min: 31.0%, 60mi

[squid-users] OT: why does openssl-1.0.1f not like https://www.bnz.co.nz/?

Hi there I just found I cannot connect to https://www.bnz.co.nz/ using curl on Ubuntu (7.35 compiled against openssl-1.0.1f), whereas https://www.kiwibank.co.nz/ works fine. I first thought it was due to my messing around with ssl-bump, but it happens when I don't go through squid too I have a Ce

Re: [squid-users] High CPU-Usage with squid 3.4.9 (and/or 3.4.4)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/10/2014 07:41 PM, Marcus Kool wrote: Indeed but setting debug_options to ALL,9 does not work since the log file already is too big and unmanageable even before Squid begins to do thing that consumes CPU time. I have suggested a full one request

Re: [squid-users] connecting directly to ssl-bump intercept port causes runaway CPU

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey Jason, Indeed it is nasty. I do not remember now how I advised in the past to defend against this issue. There is a "risk" in every system operation and this is one of them. You indeed found this "bug" or security vulnerability! Specially on linu

Re: [squid-users] cache peer problem with two squid one Tproxy --->normal Porxy

Hi amos I have changed the both hostnames on two servers : [root@tproxy ~]# hostname tproxy.com [root@parent ~]# hostname parent.com but , as I told u last time I can see traffic "miss" on the normal proxy , and "miss" on the tproxy server. But it says access denied from normal proxy I m

[squid-users] Forceful Reauthentication

Hello Team, I'm trying to reauthenticate the user once he visits google as per this url https://workaround.org/squid-acls but it doesnt seem to reprompt the credentials when i access google , below are my rules let me know where i'm going wrong # # INSERT

Re: [squid-users] connecting directly to ssl-bump intercept port causes runaway CPU

Typical, I figured out an iptables workaround within seconds of sending my last email I still think squid needs to be able to stop this DoS, but this will stop the issue occurring iptables -t nat -A PREROUTING -d proxy.ip -i lan.interface -p tcp -m tcp --dport 3127 -j REDIRECT --to-ports 9876 #98

Re: [squid-users] connecting directly to ssl-bump intercept port causes runaway CPU

On 12/11/14 18:59, Amos Jeffries wrote: > > That being one of the "NAT security vulnerabilities" mentioned as > reason for mangle table rules. Sorry, I should have said that if I remove the iptables 443 redirect rule, it still occurs! > > 3) Squid connected there to fetch the SSL certificate deta

Re: [squid-users] Problem with https://www.google.com and squid interception

On 11/11/2014 11:47 AM, Peter Gross wrote: Hi, I am a new user of Squid and would first like to thank the developers for this excellent software. This is my first post to the mailing list ... I have been tasked with setting up quite restrictive web access control at work. I plan to use an interce

Re: [squid-users] Problem with https://www.google.com and squid interception

On 11/11/2014 9:05 PM, Yogesh Gawankar wrote: hello peter can you check if your squid does gre return? Yohesh -- there are no Cisco routers in my home network, so no GRE. I will be using GRE when/if I configure squid at work since we have Cisco routers/switches in that network. It is unre

[squid-users] Squid 3.4.6 POST upload problem

Hello, we have squid 3.4.6 talking to websense over icap. We have problems in uploading files larger than 55 kB. this is the icap.log when file is correctly uploaded (<55kB): 1415810436.490 0 192.168.x.x TAG_NONE/000 0 POST http://www.csm-testcenter.org/test DOMAIN/user HIER_NONE/- - this

Re: [squid-users] Cannot purge items that are not upstream anymore

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 13/11/2014 3:04 a.m., Hussam Al-Tayeb wrote: > On Thursday 13 November 2014 02:23:12 Amos Jeffries wrote: >> On 13/11/2014 1:55 a.m., Hussam Al-Tayeb wrote: >>> On Thursday 13 November 2014 01:39:27 Amos Jeffries wrote: On 13/11/2014 12:17 a.m.

Re: [squid-users] cache peer problem with two squid one Tproxy --->normal Porxy

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 13/11/2014 1:02 p.m., Ahmed Allzaeem wrote: > Thanks amos > > I have added option notproxy on the tproxy one It became : > cache_peer 77.221.104.97 parent 3127 0 no-tproxy > > > also I changed hostnames in /etc.hosts for both servers and added

Re: [squid-users] Cannot purge items that are not upstream anymore

On Thursday 13 November 2014 02:23:12 Amos Jeffries wrote: > On 13/11/2014 1:55 a.m., Hussam Al-Tayeb wrote: > > On Thursday 13 November 2014 01:39:27 Amos Jeffries wrote: > >> On 13/11/2014 12:17 a.m., Hussam Al-Tayeb wrote: > >>> Hello. I have a problem with 'squidclient -m PURGE' and also > >>>

Re: [squid-users] cache peer problem with two squid one Tproxy --->normal Porxy

Thanks amos I have added option notproxy on the tproxy one It became : cache_peer 77.221.104.97 parent 3127 0 no-tproxy also I changed hostnames in /etc.hosts for both servers and added visible hostname squid for both now on the normal proxy I can see the logs access but still not traffi

Re: [squid-users] cache peer problem with two squid one Tproxy --->normal Porxy

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 13/11/2014 11:55 a.m., Ahmed Allzaeem wrote: > Hi all > > I have two proxies > > > > 1(tproxy) and configured it to get from another normal proxy > > So , my topology is as below > > > > > > Tproxy- listen on 6000--->normal

Re: [squid-users] Cannot purge items that are not upstream anymore

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 13/11/2014 1:55 a.m., Hussam Al-Tayeb wrote: > On Thursday 13 November 2014 01:39:27 Amos Jeffries wrote: >> On 13/11/2014 12:17 a.m., Hussam Al-Tayeb wrote: >>> Hello. I have a problem with 'squidclient -m PURGE' and also >>> the purge command. The

[squid-users] cache peer problem with two squid one Tproxy --->normal Porxy

Hi all I have two proxies 1(tproxy) and configured it to get from another normal proxy So , my topology is as below Tproxy- listen on 6000--->normal proxy listen 3127 The problem is done on the normal proxy , I sont see hit or access logs but I can see logs as below

Re: [squid-users] Cannot purge items that are not upstream anymore

On Thursday 13 November 2014 01:39:27 Amos Jeffries wrote: > On 13/11/2014 12:17 a.m., Hussam Al-Tayeb wrote: > > Hello. I have a problem with 'squidclient -m PURGE' and also the > > purge command. They won't purge urls from disk that are not > > available online anymore or redirect to other links.

Re: [squid-users] Cannot purge items that are not upstream anymore

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 13/11/2014 12:17 a.m., Hussam Al-Tayeb wrote: > Hello. I have a problem with 'squidclient -m PURGE' and also the > purge command. They won't purge urls from disk that are not > available online anymore or redirect to other links. > PURGE was desig

Re: [squid-users] Squid 3.5: Delay parameters bungled what changes ?

Hi, Any news ? feedbacks ? nobody interested ? Bye Fred -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-3-5-Delay-parameters-bungled-what-changes-tp4668259p4668329.html Sent from the Squid - Users mailing list archive at Nabble.com. __

Re: [squid-users] Troubles compiling latest Squid 3.5 on Windows 7 with Cygwin

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/11/2014 10:36 p.m., Rafael Akchurin wrote: > Hello all, > > I am struggling to compile Squid 3.5 on windows 7 x64 using latest > Cygwin. > > During configuration (./configure --disable-wccp --disable-wccpv2) NP: the current 3.5 should need NO

[squid-users] Cannot purge items that are not upstream anymore

Hello. I have a problem with 'squidclient -m PURGE' and also the purge command. They won't purge urls from disk that are not available online anymore or redirect to other links. For example, http://static.firedrive.com/dynamic/previews/75/27577be2d6d86af20265734b64e8d563.jpg which corresponds

[squid-users] Troubles compiling latest Squid 3.5 on Windows 7 with Cygwin

Hello all, I am struggling to compile Squid 3.5 on windows 7 x64 using latest Cygwin. During configuration (./configure --disable-wccp --disable-wccpv2) The following error occurs: checking for ldap.h... (cached) yes checking winldap.h usability... no checking winldap.h presence... yes configur

[squid-users] R: R: Problem with Squid 3.4 and transparent SSL proxy

Thank you Amos, for everything. I route with REDIRECT all outgoing connection to port tcp/443 from my LAN: iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 3130 in squid, i have these configurations: http_port 3128 http_port 3129 intercept https_port 3130 intercept ssl-bum