Thanks mike.
But I think Amos is right.
On 25 July 2015 at 00:27, Mike wrote:
> I see a few issues.
>
> 1. The report from the log shows a 192.168.*.* address, common LAN IP
>
The ip 192.168.122.1 is the ip address of virtual interface (acts as a
default gateway for Virtual machines). I did N
Thanks Amos,, mike
On 25 July 2015 at 03:20, Amos Jeffries wrote:
> On 25/07/2015 4:59 a.m., Jagannath Naidu wrote:
> > 1. Its not a transparent proxy.
> >
> > 2. My clients get wpad configuration from AD server. So there are two
> > question.
> > 2.1 :I know that wpad is used to identify pr
On 25/07/2015 11:53 a.m., Alex Wu wrote:
> further analysis indicated that master process created
> quid-ssl_session_cache.shm.
>
> In other words, it needs a https_port or http_port with ssl-bump in outside
> any process number to create this shared memeory segment.
>
> Furthermore, the code
On Fri, 2015-07-24 at 19:15 -0500, Stanford Prescott wrote:
> Thanks for that. Any ideas why I am experiencing that?
>
>
>
> Stan
>
>
>
>
> On Fri, Jul 24, 2015 at 7:07 PM, James Lay
> wrote:
>
> On Fri, 2015-07-24 at 17:25 -0500, Stanford Prescott wrote:
>
> > I
Thanks for that. Any ideas why I am experiencing that?
Stan
On Fri, Jul 24, 2015 at 7:07 PM, James Lay wrote:
> On Fri, 2015-07-24 at 17:25 -0500, Stanford Prescott wrote:
>
> I have a working implementation of Squid 3.5.5 with ssl-bump. When 3.5.5
> is started with ssl-bump enabled all the s
On Fri, 2015-07-24 at 17:25 -0500, Stanford Prescott wrote:
> I have a working implementation of Squid 3.5.5 with ssl-bump. When
> 3.5.5 is started with ssl-bump enabled all the squid and ssl_crtd
> processes start and Squid functions as intended when bumping ssl
> sites. However, when I bump Squid
further analysis indicated that master process created
quid-ssl_session_cache.shm.
In other words, it needs a https_port or http_port with ssl-bump in outside any
process number to create this shared memeory segment.
Furthermore, the code should be simplied like this:
diff --git a/squid-3.5.6
There is a problem
The code isSslServer looks for https configuration. If no one found, it will
not create /run/shm/ssl_session_cache.shm.
Late, the code somewhere else can not find it, so the process would not start
it self.
I am not clear which worker is called first to initialize_session_ca
I have a working implementation of Squid 3.5.5 with ssl-bump. When 3.5.5 is
started with ssl-bump enabled all the squid and ssl_crtd processes start
and Squid functions as intended when bumping ssl sites. However, when I
bump Squid to 3.5.6 squid seems to start but ssl_crtd does not and Squid
3.5.6
tks amos for the info
now i figure why forcing full video on some Firefox i tough v3.5.6 has bug
it turn out its
some firefox has media.mediasource.webm.enabled;false that will play webm yt
full video and u only see 380p
no other on quality setting if you enable this to true all the quality in yt
On 25/07/2015 7:24 a.m., Alex Wu wrote:
> If I define 4 workers, and use the following way to allocate workers:
>
> if ${process_number} = 4
> //do something
> else
> endif
The "else" means the wrapped config bit applies to *all* workers and
processes of Squid except the one in the if-condition (
On 25/07/2015 4:59 a.m., Jagannath Naidu wrote:
> 1. Its not a transparent proxy.
>
> 2. My clients get wpad configuration from AD server. So there are two
> question.
> 2.1 :I know that wpad is used to identify proxy server and port(and rest
> other bypass rules). When clients resolve to wpad.
On 25/07/2015 6:57 a.m., Mike wrote:
> I see a few issues.
>
> 1. The report from the log shows a 192.168.*.* address, common LAN IP
>
> Then in the squid.conf:
> 2. You have wvdial destination as 10.1.*.* addresses, which is a
> completely different internal network.
> Typically there will be no
with this conf it work on the same site in http and not in https
the site is youtube.
#request_header_access Accept-Encoding deny all
#loadable_modules /usr/local/lib/ecap_adapter_modifying.so
#ecap_enable on
#ecap_service ecapModifier respmod_precache \
#uri=ecap://e-cap.org/ecap/services
On 25/07/2015 6:33 a.m., HackXBack wrote:
> Dear Amos,
> you mean if the https is decrypted ?
Yes.
> so yes it is decrypted and full url shown in access.log
> and not this adapter didnt work on https pages,
> it can edit content in http pages and not in https pages .
>
Strange. AFAIK there is n
On 25/07/2015 3:37 a.m., Yuri Voinov wrote:
>
> No. He said that Squid does that itself. The only question - which Squid.
>
I said that for Alternate-Protocol.
It went into 3.4.10 and 3.5.0.3.
> 24.07.15 21:34, joe пишет:
>> tks amos so
>> doing replace beter as
>> reply_header_access Strict-T
On 25/07/2015 3:34 a.m., Yuri Voinov wrote:
>
> 24.07.15 21:15, Amos Jeffries пишет:
>> On 25/07/2015 12:38 a.m., Yuri Voinov wrote:
>>>
>>> https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
>>>
>>> 24.07.15 18:33, joe пишет:
i dont see Strict-Transport-Security in my log header
>
If I define 4 workers, and use the following way to allocate workers:
if ${process_number} = 4
//do something
else
endif
I leave other workers as empty after else, then we encounter this error:
FATAL: Ipc::Mem::Segment::open failed to
shm_open(/squid-ssl_session_cache.shm): (2) No such file or
I see a few issues.
1. The report from the log shows a 192.168.*.* address, common LAN IP
Then in the squid.conf:
2. You have wvdial destination as 10.1.*.* addresses, which is a
completely different internal network.
Typically there will be no internal routing or communication from a
192.168.
Dear Amos,
you mean if the https is decrypted ?
so yes it is decrypted and full url shown in access.log
and not this adapter didnt work on https pages,
it can edit content in http pages and not in https pages .
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com
On 07/24/2015 01:01 PM, Jens Offenbach wrote:
@Marcus:
I am not sure what exactly causes the problems, but could you please make a
test with these two different settings:
cache_mem 4 GB
maximum_object_size_in_memory 1 GB
I think this setting for maximum_object_size_in_memory is too high, ind
1. Its not a transparent proxy.
2. My clients get wpad configuration from AD server. So there are two
question.
2.1 :I know that wpad is used to identify proxy server and port(and rest
other bypass rules). When clients resolve to wpad.abc.com, is there way
that I can overwrite the wpad file off
@Marcus:
I am not sure what exactly causes the problems, but could you please make a
test with these two different settings:
cache_mem 4 GB
maximum_object_size_in_memory 1 GB
I think you will observe the behavior, that I was confronted with. The bad
download rates of 500 KB/sec are gone, when I
On 24 July 2015 at 21:05, Jagannath Naidu <
jagannath.na...@fosteringlinux.com> wrote:
> Dear List,
>
> I have been working on this for last two weeks, but never got it resolved.
>
> We have a application server (SERVER) in our local network and a desktop
> application (CLIENT). The application p
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
No. He said that Squid does that itself. The only question - which Squid.
24.07.15 21:34, joe пишет:
> tks amos so
> doing replace beter as
> reply_header_access Strict-Transport-Security deny all
>
> request_header_replace Strict-Transport-Securi
tks amos so
doing replace beter as
reply_header_access Strict-Transport-Security deny all
request_header_replace Strict-Transport-Security max-age=0
right ?
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-youtube-caching-tp4672389p4672455.html
Sent f
Dear List,
I have been working on this for last two weeks, but never got it resolved.
We have a application server (SERVER) in our local network and a desktop
application (CLIENT). The application picks proxy settings from IE. And we
also have a wensense proxy server
case 1: when there is no pr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
24.07.15 21:15, Amos Jeffries пишет:
> On 25/07/2015 12:38 a.m., Yuri Voinov wrote:
>>
>> https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
>>
>> 24.07.15 18:33, joe пишет:
>>> i dont see Strict-Transport-Security in my log header
>>>
Thanks, Amos. That was very helpful. Smoothwall Express does not and never
has used systemd, precisely because of the reasons you mention. It does use
udev and we are considering bumping to eudev, but that is a fairly large
change, but likely worth it.
We have some things to think about now with p
On 25/07/2015 12:38 a.m., Yuri Voinov wrote:
>
> https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
>
> 24.07.15 18:33, joe пишет:
>> i dont see Strict-Transport-Security in my log header
>> only alternate-protocol
>> can you post an example link pls
>
Note that the header may be sen
That's are good ideas, I'll try them.
Thanks!!!
2015-07-24 11:57 GMT-03:00 Amos Jeffries :
> On 25/07/2015 2:22 a.m., Jorgeley Junior wrote:
> > Thank you so much for the help.
>
> Cant be much help sorry. I'm just guessing here. Never actually run
> Squid in a chroot myself.
>
> > So, I use the
On 25/07/2015 2:22 a.m., Jorgeley Junior wrote:
> Thank you so much for the help.
Cant be much help sorry. I'm just guessing here. Never actually run
Squid in a chroot myself.
> So, I use the directive 'chroot' in the squid.conf.
> I start squid this way:
> cd /etc/squid-3.5.6
> sbin/squid
> and
On 25/07/2015 12:09 a.m., Sebastian Kirschner wrote:
> Hi ,
>
> I minimized the configuration a little bit(you could see it at the bottom of
> these message).
>
> Also I still try to understand why these error happen ,
Lets be clear. "error" are not happening. If errors happend Squid logs
them
Thank you so much for the help.
So, I use the directive 'chroot' in the squid.conf.
I start squid this way:
cd /etc/squid-3.5.6
sbin/squid
and it starts normally, but when I open the client browser and do an
authentication it logs the errors and don't authenticate, but the squid
doesn't stop runnin
On 25/07/2015 12:10 a.m., Jorgeley Junior wrote:
> please guys, help me.
> Any suggestions?
>
Squid is not generally run in a chroot. The master / coordinator daemon
manager process requires root access for several things and spawns
workers that are dropped automatically to highly restricted acce
On 24/07/2015 11:24 p.m., Posta Esterna wrote:
>
> Thanx Amos,
> Squid was the first problem... using /usr/lib/squid/ntlm_auth instead of
> /usr/bin/ntlm_auth
>
> About upgrading unfortunatelly i have only an old DELL P4 (10 years
> old?) with 1GB of RAM... and for my fortune this is only the PRO
squid v 3.5.6
i dont think range_offset_limit none google
or range_offset_limit -1 google
or
request_header_access Accept-Ranges deny all
reply_header_access Accept-Ranges deny all
request_header_replace Accept-Ranges none
reply_header_replace Accept-Ranges none
ar working any one try v3.5.6 and se
- Original Message -
From: "Antony Stone"
To: squid-users@lists.squid-cache.org
Sent: Friday, July 24, 2015 8:49:13 AM
Subject: Re: [squid-users] log source port from squid server?
> Does http://www.squid-cache.org/Doc/config/logformat/ help?
I saw that page earlier but misunderstood
Response inline.
On 24/07/2015 8:21 a.m., Stanford Prescott wrote:
> After bumping Squid from 3.4.x to 3.5.x in our implementation of Squid in
> the Smoothwall Express v3.1 firewall distro we have begun to have
> complaints from our users about "erratic behavior" of Squid shutting down
> during re
>Is that all sites or just a few special sites?
>James
I tested a few sites like google , youtube , sparkasse, sparklabs, all with the
same issue.
Mit freundlichen Grüßen / Best Regards
Sebastian
___
squid-users mailing list
squid-users@lists.squid
On Friday 24 Jul 2015 at 13:43, Kevin Kretz wrote:
> From the documentation and reading back through this list's archive, I
> don't see a format code for squid server source port. Has there ever been
> interest in this?
Does http://www.squid-cache.org/Doc/config/logformat/ help?
Antony.
--
P
Hi guys.
I have a squid 3.5.6 + basic_ncsa_auth + chroot and is crashing only when I
do an authentication.
Here is the main confs:
*auth_param basic program /libexec/basic_ncsa_auth /regras/usuarios
auth_param basic children 10 startup=0 idle=1
auth_param basic realm INTERNET-LOGIN NECESSARIO
...
as long as i dont use ssl in my cache man in the midle im safe gov..wise
all other i can do
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-youtube-caching-tp4672389p4672439.html
Sent from the Squid - Users mailing list archive at Nabble.com.
__
Hi,
We're working on correlating our squid logs with other logs upstream in our
network. We'd like to be able to identify a proxied request by network
information from squid's log. Currently we have the squid server IP address,
the destination server's IP address and the destination server's
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
24.07.15 18:33, joe пишет:
> i dont see Strict-Transport-Security in my log header
> only alternate-protocol
> can you post an example link pls
>
>
>
> --
> View this message in context
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
BTW, it you are concern about user's privacy, you must not block neither
QUIC/SPDY nor HSTS. This all about user's privacy.
But in this case forget about caching yt or something. Completely.
24.07.15 18:22, joe пишет:
> you can deny those protoco
On Fri, 2015-07-24 at 12:09 +, Sebastian Kirschner wrote:
> Hi ,
>
> I minimized the configuration a little bit(you could see it at the bottom of
> these message).
>
> Also I still try to understand why these error happen , I increased the Debug
> level and saw that squid tried 48 times to
i dont see Strict-Transport-Security in my log header
only alternate-protocol
can you post an example link pls
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-youtube-caching-tp4672389p4672434.html
Sent from the Squid - Users mailing list archive at Na
On 07/24/2015 03:25 AM, Jens Offenbach wrote:
I have made a quick test of Squid 3.3.8 on Ubuntu 15.04 and I get the same
problem: 100 % CPU usage, 500 KB/sec download rate.
Gesendet: Freitag, 24. Juli 2015 um 07:54 Uhr
Von: "Jens Offenbach"
An: "Marcus Kool" , "Eliezer Croitoru" ,
"Amos Je
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Wrong. To block HSTS you need use
# Disable HSTS
reply_header_access Strict-Transport-Security deny all
alternate-protocol - this from another opera.
UDP/80 and UDP/443 - this about QUIC and SPDY protocol. It's nothing to
HSTS not.
Learn more ;
you can deny those protocol
reply_header_access alternate-protocol deny all
so it wont push the client to use udp 443 or udp 80
that wat they ar doing
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-youtube-caching-tp4672389p4672431.html
Sent from the
please guys, help me.
Any suggestions?
2015-07-23 13:28 GMT-03:00 Jorgeley Junior :
> Befor all, thanks so so much for the answears!!!
> It's exist, I'm sure.
> This is my chroot structre:
> / (linux root)
> /etc
> squid-3.5.6/
> bin/
>purge
Hi ,
I minimized the configuration a little bit(you could see it at the bottom of
these message).
Also I still try to understand why these error happen , I increased the Debug
level and saw that squid tried 48 times to peek but failed.
At the end It says that it got an "Hello", does it mean tha
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Firefox and Chrome use HSTS for yt and some other hardcoded sites, like
twitter. This means force use TLS. From client side.
24.07.15 18:01, joe пишет:
> http bro no ssl no https
> plain http any one know the way to force yt to use http
> you can
http bro no ssl no https
plain http any one know the way to force yt to use http
you can force google and yt to use http.. other site hard to do
thre is a way i did not try it for facebook and some other site to cache
http insted of https but still u have to use ssl connect on main domain and
th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Either privacy - or caching. Now you haven't alternative. HTTPS without
bump can't be caching. Never.
Antispam reading your letters - you is annoying? Do you want to talk
about it? You strains that Squid will see SSL? Turn strip_query_terms on
and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Also your can disable HSTS ;)
24.07.15 10:33, d...@getbusi.com пишет:
> Not to go off-topic here, but you folks are all SSL Bumping youtube.com /
> googlevideo.com in order to
do this caching, right?
>
>
>
>
> Want to make sure I’m not mi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Well, and so what? What exactly your doing with this adapter?
24.07.15 3:53, HackXBack пишет:
> read the Documentation
>
> http://www.e-cap.org/Documentation
>
>
>
> --
> View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble
Il 24/07/2015 11.22, Amos Jeffries ha scritto:
On 24/07/2015 7:57 p.m., Posta Esterna wrote:
Hi all
i'm very new about squid. I'm tryng to start a squid service (2.6
stable) on a server linux centos 5... it has to connect to an AD server
to authenticate users for internet access...
Yeesh.
On 24/07/2015 5:33 a.m., HackXBack wrote:
> when we can use ecap with https contents ?
Yes, *if* the TLS part of HTTPS has been terminated by Squid.
ie. HTTPS reverse-proxy or SSL-bump interception.
Amos
___
squid-users mailing list
squid-users@lists.s
On 24/07/2015 6:02 a.m., Yuri Voinov wrote:
>
>
>
> 23.07.15 23:57, Amos Jeffries пишет:
>> On 24/07/2015 4:02 a.m., Ulises Nicolini wrote:
>>> Hello,
>>>
>>> I have a basic squid 3.5 configuration with
>>>
>>> maximum_object_size_in_memory 64 KB
>>> maximum_object_size 10 KB
>>> minimum_obj
On 24/07/2015 7:57 p.m., Posta Esterna wrote:
> Hi all
> i'm very new about squid. I'm tryng to start a squid service (2.6
> stable) on a server linux centos 5... it has to connect to an AD server
> to authenticate users for internet access...
Yeesh. Please upgrade. Squid 2.6 was end-of-life'd
On 24/07/2015 7:49 p.m., Jens Offenbach wrote:
> I have found something out... Hopefully, it helps to reproduce and solve the
> issue.
>
> I got it working with a good download rate, but very high CPU usage on Squid
> 3.3.8 and Squid 3.5.6. There seems to be problem with large files that get
>
On 24/07/2015 6:08 a.m., Marcus Kool wrote:
> The strace output shows this loop:
>
>Squid reads 16K-1 bytes from FD 13webserver
>Squid writes 4 times 4K to FD 17 /var/cache/squid3/00/00/
>Squid writes 4 times 4K to FD 12 browser
>
> But this loop does not explain
Hi all
i'm very new about squid. I'm tryng to start a squid service (2.6
stable) on a server linux centos 5... it has to connect to an AD server
to authenticate users for internet access...
squid restart is not so good because in the cache.log file i see this error
(ntlm_auth) invalid opt
I have found something out... Hopefully, it helps to reproduce and solve the
issue.
I got it working with a good download rate, but very high CPU usage on Squid
3.3.8 and Squid 3.5.6. There seems to be problem with large files that get
cached on disk in combination with memory caching. When I
http bro i have i have 300 client and i like to staty standard not violating
privthat much as bluecoat thundercache use http the other use ssl they
have to work in country that alow thim to use ssl
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-you
67 matches
Mail list logo
