On 2/09/2015 2:35 a.m., Jasper Van Der Westhuizen wrote:
> Good day everyone
>
> I have a problem with my Squid proxy cache. On two occasions over the last
> week the cache partitions have filled up to 100%. I have 4 load balanced
> nodes with 100GB cache partitions each. All of them have fill
When a browser requests https://www.example.com/index.html, Squid with ssl-bump
sends two requests to the URL rewriter:
1. CONNECT www.example.com:443
2. GET https://www.example.com/index.html
The URL rewriter must _not_ block the first and send an alternative URL for the
second.
Caveat: thi
On 2/09/2015 11:50 a.m., Alex Samad wrote:
> Hi
>
> I have squid setup to use
> NTLM and then faill back to basic.
>
> when it fails back to basic, my user put in
>
> firstname.surname@a.b.c which fails.
>
> if they put in firstname.surname it works
>
> is there some way to get squid to strip
On 2/09/2015 12:59 p.m., Oliver Webb wrote:
> Hopefully quite a simple one (to ask anyway!):
> In Squid 3.5.7 *with working Peek and Splice* how can I give my
> url_rewrite_program access to the decrypted URL?
> eg. https://example.com/malware-that-the-url-rewriter-will-block.exe.pdf
You nee
On 2/09/2015 10:30 a.m., Tarot Apprentice wrote:
> Is there an easier way of getting updated builds on Debian?
>
> The Jessie (stable) repo has 3.4.8 in it. Even Stretch (testing/next release)
> has 3.4.8 in it. Only the experimental version is up to date with 3.5.7. Is
> the only option to buil
Hopefully quite a simple one (to ask anyway!):
In Squid 3.5.7 *with working Peek and Splice* how can I give my
url_rewrite_program access to the decrypted URL?
eg. https://example.com/malware-that-the-url-rewriter-will-block.exe.pdf
Many Thanks,
Oliver
Hi
I have squid setup to use
NTLM and then faill back to basic.
when it fails back to basic, my user put in
firstname.surname@a.b.c which fails.
if they put in firstname.surname it works
is there some way to get squid to strip off the @<.*>
also is there some way to change the info in the di
On 09/01/2015 03:57 PM, Yuri Voinov wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
This is bad idea - to cache the same gifs with unique parameters. They keeps
unchanged for one HTTP-session in best case. You cache will overloads with this
small same gifs with unique parameters.
Onl
Is there an easier way of getting updated builds on Debian?
The Jessie (stable) repo has 3.4.8 in it. Even Stretch (testing/next release)
has 3.4.8 in it. Only the experimental version is up to date with 3.5.7. Is the
only option to build your own to get a current release?
MarkJ
___
Hey Kinkie,
If you want to publish this specific version as an RPM I would be happy
to build couple of them with this patch.
Eliezer
On 01/09/2015 11:26, Kinkie wrote:
Hi all,
I am currently working on some performance improvements for the
next version of squid; I need some help from vol
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
This is bad idea - to cache the same gifs with unique parameters. They
keeps unchanged for one HTTP-session in best case. You cache will
overloads with this small same gifs with unique parameters. Only store
ID saves this situation. In other hand,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
02.09.15 0:16, Marcus Kool пишет:
>
>
> On 09/01/2015 03:08 PM, Yuri Voinov wrote:
>>
> Better to write store-id rule which cut off parameters and store gif.
>
> Something like this:
>
>
^https?:\/\/(.+?)\/(.+?)\.(js|css|jp(?:e?g|e|2)|gif|png|bmp
On 09/01/2015 03:08 PM, Yuri Voinov wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Better to write store-id rule which cut off parameters and store gif.
Something like this:
^https?:\/\/(.+?)\/(.+?)\.(js|css|jp(?:e?g|e|2)|gif|png|bmp|ico|svg|web(p|m))
http://$1.squidinternal/$2.$3
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
And, finally, trackers is relatively easy to block ;) Simple. Against
caching and garbaging cache storage. With ufdbGuard, for example :)
02.09.15 0:00, Marcus Kool пишет:
>
>
> On 09/01/2015 05:14 AM, FredB wrote:
>> More precisely
>>
>> I reduce
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Better to write store-id rule which cut off parameters and store gif.
Something like this:
^https?:\/\/(.+?)\/(.+?)\.(js|css|jp(?:e?g|e|2)|gif|png|bmp|ico|svg|web(p|m))
http://$1.squidinternal/$2.$3
And, of course, universal rule for sto
On 09/01/2015 05:14 AM, FredB wrote:
More precisely
I reduced the ttl of the first line
refresh_pattern -i \.(htm|html|xml|css)(\?.*)?$ 10080 100% 10080
#All File 30 days max
refresh_pattern -i
\.(3gp|7z|ace|asx|bin|deb|divx|dvr-ms|ram|rpm|exe|inc|cab|qt)(\?.*)?$ 43200
100% 43200 ignore-no-
On 2/09/2015 3:27 a.m., Posta Esterna wrote:
> Hi,
> i've solved samba and winbind problem winbindd is now running
> misconfiguration of Samba, DNS and DC
>
> wbinfo -t
> and
> wbinfo -p
>
> is ok!
>
> I restarted squid
>
> and in cache.log i find this message 5 times
>
> 2015/09/01 16
On 2/09/2015 2:35 a.m., Jasper Van Der Westhuizen wrote:
> Good day everyone
>
> I have a problem with my Squid proxy cache. On two occasions over the last
> week the cache partitions have filled up to 100%. I have 4 load balanced
> nodes with 100GB cache partitions each. All of them have filled
On 2/09/2015 1:28 a.m., jake driscoll wrote:
> here is my requirement:
>
>> i have a subnet
>> only a small list of sites need to be allowed access to this subnet
>> this subnet should not get access to any other site except the ones in the
> list
>> access for other users will remain the same
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Check it.
This is ISP. They are hands-curved.
01.09.15 21:47, Amos Jeffries пишет:
> On 2/09/2015 1:06 a.m., Yuri Voinov wrote:
>>
>> Found it. My ISP can't pass ICMPv4/v6 to wiki.squid-cache.org . Here is
>> problem.
>>
>> # ping wiki.squid-cach
On 2/09/2015 1:06 a.m., Yuri Voinov wrote:
>
> Found it. My ISP can't pass ICMPv4/v6 to wiki.squid-cache.org . Here is
> problem.
>
> # ping wiki.squid-cache.org
> no answer from wiki.squid-cache.org
>
Perhapse that is involved. But I think you have mistaken what I wrote.
Ping just *uses* ICMP
Hi,
i've solved samba and winbind problem winbindd is now running
misconfiguration of Samba, DNS and DC
wbinfo -t
and
wbinfo -p
is ok!
I restarted squid
and in cache.log i find this message 5 times
2015/09/01 16:54:18| Failed to select source for '[null entry]'
2015/09/01 16:54:18|
Good day everyone
I have a problem with my Squid proxy cache. On two occasions over the last week
the cache partitions have filled up to 100%. I have 4 load balanced nodes with
100GB cache partitions each. All of them have filled up.
I tried to limit the size by using the following cache_dir di
Thanks for the info, Rafael.
Stan
On Mon, Aug 31, 2015 at 11:39 PM, Rafael Akchurin <
rafael.akchu...@diladele.com> wrote:
> The SSL pinning means dropbox application does know the fingerprint of the
> certificate of the connection out-of-band and will simply refuse to work
> with another (even
here is my requirement:
>i have a subnet
>only a small list of sites need to be allowed access to this subnet
>this subnet should not get access to any other site except the ones in the
list
>access for other users will remain the same
I tried the following
acl station-ip src 192.168.1.0/24
acl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Found it. My ISP can't pass ICMPv4/v6 to wiki.squid-cache.org . Here is
problem.
# ping wiki.squid-cache.org
no answer from wiki.squid-cache.org
haribda#ping wiki.squid-cache.org
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 77
On 1/09/2015 10:42 p.m., Yuri Voinov wrote:
>
> Not available when IPv6 enabled on my outgoing interface.
>
> Note: IPv6 globally not used in my country.
>
The rest of your country does not matter. For *any* protocol your router
should either have connectivity to your ISP, or not. It still need
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
01.09.15 18:40, FredB пишет:
>
>
>> Hi Fred,
>> By keeping objects 30 days maxi, does it mean you expect to upgrade
>> all
>> windowsupdate objects in 30 days ?
>>
>> I'm still thinking we should have an option forcing some type of
>> objects
>>
windowsupdate is http, no ssl here...
Bye Fred
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/refresh-pattern-and-same-objects-tp4672792p4673014.html
Sent from the Squid - Users mailing list archive at Nabble.com.
__
> Hi Fred,
> By keeping objects 30 days maxi, does it mean you expect to upgrade
> all
> windowsupdate objects in 30 days ?
>
> I'm still thinking we should have an option forcing some type of
> objects
> that could never be deleted... ;o)
>
> Bye Fred
>
>
Hi
Yes perhaps, actually it's just
On 1/09/2015 9:32 p.m., FredB wrote:
>
>>>
>>> refresh_pattern -i \.(htm|html|xml|css)(\?.*)?$ 43200 1000% 43200
>>> -> This is my previous rule "http"
>>
>> Yes.
>>
>> Oh, and there is the less common .chm could be in that set too.
>>
>
>
> Ok added
>
> A last point there is a real difference
Hi Fred,
By keeping objects 30 days maxi, does it mean you expect to upgrade all
windowsupdate objects in 30 days ?
I'm still thinking we should have an option forcing some type of objects
that could never be deleted... ;o)
Bye Fred
--
View this message in context:
http://squid-web-proxy-cach
Hi,
Can participate too, just ping...
Bye Fred
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Volunteers-sought-tp4673002p4673009.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-use
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Not available when IPv6 enabled on my outgoing interface.
Note: IPv6 globally not used in my country.
01.09.15 5:22, Eliezer Croitoru пишет:
> Works for me:
> #curl -Iv wiki.squid-cache.org
> * Rebuilt URL to: wiki.squid-cache.org/
> * Hostname w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I'm interested in.
My setup use custom build 3.4.14 under Solaris 10 x64, patched with
store_miss backported functionality.
Is it acceptable?
01.09.15 14:26, Kinkie пишет:
> Hi all,
>I am currently working on some performance improvements fo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Yep, Chrome
01.09.15 5:22, Eliezer Croitoru пишет:
> Works for me:
> #curl -Iv wiki.squid-cache.org
> * Rebuilt URL to: wiki.squid-cache.org/
> * Hostname was NOT found in DNS cache
> * Trying 2001:4b78:2003::1...
> * Connected to wiki.squid-cac
> >
> > refresh_pattern -i \.(htm|html|xml|css)(\?.*)?$ 43200 1000% 43200
> > -> This is my previous rule "http"
>
> Yes.
>
> Oh, and there is the less common .chm could be in that set too.
>
Ok added
A last point there is a real difference between (\?.*)?$ and (?.*)?$ Here
http://www.squ
On 1/09/2015 7:55 p.m., FredB wrote:
>
>>
>> Trying to avoid override-no-store as long as possible, and target it
>> to
>> problem sites when it is used.
>>
>> And after placing this at the end of the patterns:
>>
>> (\?.*)?$
>>
>>
>
>
> Something like this ?
>
> refresh_pattern -i \.(htm|htm
Hi all,
I am currently working on some performance improvements for the
next version of squid; I need some help from volunteers to verify the
benefit given by a memory pools feature in real-life scenarios, to
better understand how to develop it further.
I need the help of someone who has a somew
More precisely
I reduced the ttl of the first line
refresh_pattern -i \.(htm|html|xml|css)(\?.*)?$ 10080 100% 10080
#All File 30 days max
refresh_pattern -i
\.(3gp|7z|ace|asx|bin|deb|divx|dvr-ms|ram|rpm|exe|inc|cab|qt)(\?.*)?$ 43200
100% 43200 ignore-no-store reload-into-ims store-stale
refre
> The cases I have personally seen that you might run into serious
> trouble
> with are .tiff files, TFF is a "high quality" format. At least its
> very
> high in detail, and I've seen it used with only no-store protection
> to
> send medical, mapping and hi-res photographic data around by softwar
41 matches
Mail list logo
