Re: [squid-users] is chunked support from clients fully supported?

On 24/01/2015 12:28 p.m., Jason Haar wrote: > Hi there > > The squid.conf.documented file in squid-3.4.10 states (for > chunked_request_body_max_size), "Squid does not have full support for > that feature yet". > > Is that still the case? We have some people running some client software > that re

[squid-users] is chunked support from clients fully supported?

Hi there The squid.conf.documented file in squid-3.4.10 states (for chunked_request_body_max_size), "Squid does not have full support for that feature yet". Is that still the case? We have some people running some client software that requires chunked support and we want to be sure the newer squi

Re: [squid-users] FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This issue not linux-specific, Mike. As a minimum for me - I'm never use Linux. :) 24.01.2015 2:08, Mike пишет: > For a Red Hat/CentOS based OS, selinux causes that. > > The fix I found in this case: > > Before the below “audit2allow” command will

Re: [squid-users] FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

For a Red Hat/CentOS based OS, selinux causes that. The fix I found in this case: Before the below “audit2allow” command will work, you will need to install the needed tool for selinux: * yum -yinstall policycoreutils-python (which will also install a few other dependencies). To temporarily

[squid-users] Reverse proxy through a parent proxy

Squid 3.1+RHEL6.5. I'd like to reverse proxy a linux distro repository, but I am stuck behind a corporate web proxy which I do not control. This is how I accelerate an internal mirror, and it works well: http_port 80 accel defaultsite=myhostname.company.com cache_peer internal.repo.comany.c

Re: [squid-users] Squid ssl-bumping: how does squid verify certificates?

On 24/01/2015 6:20 a.m., agent_js03 wrote: > Hi, > > I am kind of a newbie to SSL, and have been tinkering with squid SSL bumping > for https, so bear with me if this question has already been discussed. So > here is my understanding of how HTTPS works: a browser has a sort of local > repository o

Re: [squid-users] FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Looks like it's got strange certificate from server, Amos. And then dying. I had noticed in tail -f cache.log only certificate errors, sort of argument error or somewhat. I saw at least two such cases at the past three days. After clearing SSL db

Re: [squid-users] FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

On 24/01/2015 6:28 a.m., HackXBack wrote: > yes its work normally at start but after few hours it stop and say > > FATAL: The ssl_crtd helpers are crashing too rapidly, need help! > > now i make cronjob to remove ssl_crtd then create it every 6 hours but this > is not solution !! > > need Amos

Re: [squid-users] FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

yes its work normally at start but after few hours it stop and say FATAL: The ssl_crtd helpers are crashing too rapidly, need help! now i make cronjob to remove ssl_crtd then create it every 6 hours but this is not solution !! need Amos here Thanks Yuri. -- View this message in context: htt

[squid-users] Squid ssl-bumping: how does squid verify certificates?

Hi, I am kind of a newbie to SSL, and have been tinkering with squid SSL bumping for https, so bear with me if this question has already been discussed. So here is my understanding of how HTTPS works: a browser has a sort of local repository of trusted certificates, correct? And when you access an

Re: [squid-users] Squid versions and FreeBSD-10.1 headache

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 24/01/2015 5:32 a.m., Yuri Voinov wrote: > > Amos, > > important not to break Solaris-IPFilter for me ;) > Aye. I will be testing it on your machine. It seems to be "just" a matter of getting autoconf to define the macro with a 0 or 1 value inst

Re: [squid-users] Squid versions and FreeBSD-10.1 headache

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Amos, important not to break Solaris-IPFilter for me ;) WBR, Yuri 23.01.2015 22:17, Amos Jeffries пишет: > On 24/01/2015 4:57 a.m., Odhiambo Washington wrote: > > On 23 January 2015 at 18:29, Odhiambo Washington wrote: > > > To simplify: > > > Sup

Re: [squid-users] Squid versions and FreeBSD-10.1 headache

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 24/01/2015 4:57 a.m., Odhiambo Washington wrote: > On 23 January 2015 at 18:29, Odhiambo Washington wrote: > > To simplify: > > Suppose I wanted to use IPFilter as the Firewall with IPNat, what > are my options? > Option 1) wait for me to fix

Re: [squid-users] Squid versions and FreeBSD-10.1 headache

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 24/01/2015 4:56 a.m., Odhiambo Washington wrote: > On 23 January 2015 at 18:42, Amos Jeffries > wrote: > >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> On 24/01/2015 4:29 a.m., Odhiambo Washington wrote: >>> On 23 January 2015 at 17:33, A

Re: [squid-users] Squid versions and FreeBSD-10.1 headache

On 23 January 2015 at 18:29, Odhiambo Washington wrote: > > > On 23 January 2015 at 17:33, Amos Jeffries wrote: > >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> On 24/01/2015 3:11 a.m., Odhiambo Washington wrote: >> > On 23 January 2015 at 16:53, Amos Jeffries >> > wrote: >> > >> >>

Re: [squid-users] Squid versions and FreeBSD-10.1 headache

On 23 January 2015 at 18:42, Amos Jeffries wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 24/01/2015 4:29 a.m., Odhiambo Washington wrote: > > On 23 January 2015 at 17:33, Amos Jeffries > > wrote: > > > > > > And the good news is that squid-3.5.1 is now allowing client PCs to >

Re: [squid-users] Squid versions and FreeBSD-10.1 headache

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 24/01/2015 4:29 a.m., Odhiambo Washington wrote: > On 23 January 2015 at 17:33, Amos Jeffries > wrote: > And the good news is that squid-3.5.1 is now allowing client PCs to > browse. Thank you for that. > Horray! > I still have issues to rai

Re: [squid-users] Squid versions and FreeBSD-10.1 headache

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yep, they are mutually exclusive. 23.01.2015 21:29, Odhiambo Washington пишет: > > > On 23 January 2015 at 17:33, Amos Jeffries mailto:squ...@treenet.co.nz>> wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 24/01/2015 3:1

Re: [squid-users] Squid versions and FreeBSD-10.1 headache

On 23 January 2015 at 17:33, Amos Jeffries wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 24/01/2015 3:11 a.m., Odhiambo Washington wrote: > > On 23 January 2015 at 16:53, Amos Jeffries > > wrote: > > > >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > >> > >> On 24/01/2015 2:4

Re: [squid-users] FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've seen this problem on my 3.4.11 build. With much smaller counts of certificates. Looks like a bug. 23.01.2015 19:49, HackXBack пишет: > Dear Yuri , > i didnt understand what you said. > but i put cronjob to that every 6 hours to remove ssl_crt

Re: [squid-users] Squid versions and FreeBSD-10.1 headache

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 24/01/2015 3:11 a.m., Odhiambo Washington wrote: > On 23 January 2015 at 16:53, Amos Jeffries > wrote: > >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> On 24/01/2015 2:47 a.m., Odhiambo Washington wrote: >>> On 23 January 2015 at 16:40, A

Re: [squid-users] Squid versions and FreeBSD-10.1 headache

On 23 January 2015 at 16:53, Amos Jeffries wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 24/01/2015 2:47 a.m., Odhiambo Washington wrote: > > On 23 January 2015 at 16:40, Amos Jeffries > > wrote: > > > >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > >> > >> On 24/01/2015 2:2

Re: [squid-users] FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Now understand. I.e. you have issue after time, yes? Squid starts nornally and after hours or days you have problems with ssl_crtd, yes? 23.01.2015 19:49, HackXBack пишет: > Dear Yuri , > i didnt understand what you said. > but i put cronjob to tha

Re: [squid-users] Squid versions and FreeBSD-10.1 headache

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 24/01/2015 2:47 a.m., Odhiambo Washington wrote: > On 23 January 2015 at 16:40, Amos Jeffries > wrote: > >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> On 24/01/2015 2:20 a.m., Odhiambo Washington wrote: >>> On 23 January 2015 at 16:07, A

Re: [squid-users] FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

Dear Yuri , i didnt understand what you said. but i put cronjob to that every 6 hours to remove ssl_crtd database then create it. because i cant know till now what is the problem and why every 10-20 hours the ssl_crtd helpers are crashing too rapidly ... Still need help to find the issue by the way

Re: [squid-users] Squid versions and FreeBSD-10.1 headache

On 23 January 2015 at 16:40, Amos Jeffries wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 24/01/2015 2:20 a.m., Odhiambo Washington wrote: > > On 23 January 2015 at 16:07, Amos Jeffries > > wrote: > > > >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > >> > >> On 24/01/2015 1:4

Re: [squid-users] Squid versions and FreeBSD-10.1 headache

On 23 January 2015 at 16:29, Amos Jeffries wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 24/01/2015 2:13 a.m., Odhiambo Washington wrote: > > On 23 January 2015 at 15:47, Yuri Voinov > > wrote: > > > >> > >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > >> > >> Once more. You

Re: [squid-users] Squid versions and FreeBSD-10.1 headache

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 24/01/2015 2:20 a.m., Odhiambo Washington wrote: > On 23 January 2015 at 16:07, Amos Jeffries > wrote: > >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> On 24/01/2015 1:47 a.m., Yuri Voinov wrote: >>> >>> Once more. You CANNOT have neithe

Re: [squid-users] Squid versions and FreeBSD-10.1 headache

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 24/01/2015 2:13 a.m., Odhiambo Washington wrote: > On 23 January 2015 at 15:47, Yuri Voinov > wrote: > >> >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> Once more. You CANNOT have neither web-server nor other service >> with listening po

Re: [squid-users] Squid versions and FreeBSD-10.1 headache

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This looks like not optimal solution, Henrik. A long time ago, when I meet similar issue, I've draw request way on my proxy host and find cycling configuration. It was chain NAT->proxy->redirector->NAT->proxy To break it I completely differentiate

Re: [squid-users] Squid versions and FreeBSD-10.1 headache

On 01/23/15 14:13, Odhiambo Washington wrote: > > > On 23 January 2015 at 15:47, Yuri Voinov > wrote: > > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Once more. You CANNOT have neither web-server nor other service with > listening por

Re: [squid-users] Squid versions and FreeBSD-10.1 headache

On 23 January 2015 at 16:07, Amos Jeffries wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 24/01/2015 1:47 a.m., Yuri Voinov wrote: > > > > Once more. You CANNOT have neither web-server nor other service > > with listening port 80 on the same host as transparent Squid proxy. > > T

Re: [squid-users] Squid versions and FreeBSD-10.1 headache

On 23 January 2015 at 15:47, Yuri Voinov wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Once more. You CANNOT have neither web-server nor other service with > listening port 80 on the same host as transparent Squid proxy. This is one > and only reason you have looping. > > Look. O

Re: [squid-users] Squid versions and FreeBSD-10.1 headache

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 24/01/2015 1:47 a.m., Yuri Voinov wrote: > > Once more. You CANNOT have neither web-server nor other service > with listening port 80 on the same host as transparent Squid proxy. > This is one and only reason you have looping. > That is not corre

Re: [squid-users] Squid versions and FreeBSD-10.1 headache

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Once more. You CANNOT have neither web-server nor other service with listening port 80 on the same host as transparent Squid proxy. This is one and only reason you have looping. Look. On my transparent 3.4.11 (which was early 2.7) IPFilter redirects

Re: [squid-users] Squid versions and FreeBSD-10.1 headache

On 23 January 2015 at 15:17, Yuri Voinov wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Here is it. > > There is your loop reason. > > root@mail:/usr/src # svn Type 'svn help' for usage. root@mail:/usr/src # sockstat -l | grep 80 www httpd 55941 3 tcp6 *:80

Re: [squid-users] Squid versions and FreeBSD-10.1 headache

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Here is it. There is your loop reason. 23.01.2015 18:16, Odhiambo Washington ?: > > > On 23 January 2015 at 15:13, Yuri Voinov mailto:yvoi...@gmail.com>> wrote: > > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Did you

Re: [squid-users] Squid versions and FreeBSD-10.1 headache

On 23 January 2015 at 15:13, Yuri Voinov wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Did you have any service can listen port 80 on your host? I.e. web-server? > > Yes. There is a webserver on the same host, listening on both 80 and 443. -- Best regards, Odhiambo WASHINGTO

Re: [squid-users] Squid versions and FreeBSD-10.1 headache

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Did you have any service can listen port 80 on your host? I.e. web-server? 23.01.2015 18:10, Odhiambo Washington ?: > > > On 23 January 2015 at 14:57, Yuri Voinov mailto:yvoi...@gmail.com>> wrote: > > > -BEGIN PGP SIGNED MESSAGE- >

Re: [squid-users] Squid versions and FreeBSD-10.1 headache

On 23 January 2015 at 14:57, Yuri Voinov wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > redirection loop can only occurs when reqwiter or NAT misconfigured. > > On early Squid versions to avoid loops was used: > > # Rewriter cycle workaround > url_rewrite_access deny localhost > >

Re: [squid-users] Squid versions and FreeBSD-10.1 headache

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 redirection loop can only occurs when reqwiter or NAT misconfigured. On early Squid versions to avoid loops was used: # Rewriter cycle workaround url_rewrite_access deny localhost rule. Somewhere in your configuration occurs redirector looping.

[squid-users] Squid versions and FreeBSD-10.1 headache

So for the past few days I have been struggling with Squid in intercept mode on FreeBSD-10.1. Using the same squid.conf for Squid-3.4.10 and Squid-3.5.1 and the same Firewall rules (I have tested with IPFilter and PF and these rules work with Squid-2.7.9 on several FreeBSD boxes that I have): 1.