On 9/09/2015 8:42 a.m., James Lay wrote:
> On 2015-09-08 02:32 PM, Alex Rousskov wrote:
>> On 09/08/2015 02:18 PM, James Lay wrote:
>>
>>> I'm currently having great success with 3.5.8 and this
>>> peek/splice only method using transparent intercept:
>>>
>>> ###
>>> acl
On 9/09/2015 8:14 a.m., Alex Rousskov wrote:
> On 09/08/2015 01:33 AM, Amos Jeffries wrote:
>> On 8/09/2015 6:45 p.m., joseph jose wrote:
>>> Is it possible to configure a squid reverse proxy with SSL-bump enabled?
>
>
>> The concept does not make any sense.
>> * accel / revers-proxy traffic is
ok, I'll do it
2015-09-08 21:30 GMT-03:00 Marcus Kool :
>
>
> On 09/08/2015 09:23 PM, Jorgeley Junior wrote:
>
>> ok, read that already, i set cache_mem to 5GB, so is not ok?
>>
>
> No. Squid will use more than 6 GB with cache_mem set to 5 GB.
> I suggest that you use 2500 MB and after Squid runs
On 09/08/2015 09:23 PM, Jorgeley Junior wrote:
ok, read that already, i set cache_mem to 5GB, so is not ok?
No. Squid will use more than 6 GB with cache_mem set to 5 GB.
I suggest that you use 2500 MB and after Squid runs for 1 hour, see what the
total process size is.
Marcus
2015-09-08
ok, read that already, i set cache_mem to 5GB, so is not ok?
2015-09-08 20:25 GMT-03:00 Marcus Kool :
>
>
> On 09/08/2015 10:39 AM, Jorgeley Junior wrote:
>
>> I have 8GB physical memory and my swap is 32GB.
>> I didn't increase the swap yet, should I?
>>
>
> You must start with reading the memor
On 09/08/2015 10:39 AM, Jorgeley Junior wrote:
I have 8GB physical memory and my swap is 32GB.
I didn't increase the swap yet, should I?
You must start with reading the memory FAQ:
http://wiki.squid-cache.org/SquidFaq/SquidMemory
The general rule for all processes applies: make sure that a
On 2015-09-08 02:32 PM, Alex Rousskov wrote:
On 09/08/2015 02:18 PM, James Lay wrote:
I'm currently having great success with 3.5.8 and this
peek/splice only method using transparent intercept:
###
acl step1 at_step SslBump1
acl step2 at_step SslBump2
acl step3 at_s
On 09/08/2015 02:18 PM, James Lay wrote:
> I'm currently having great success with 3.5.8 and this
> peek/splice only method using transparent intercept:
>
> ###
> acl step1 at_step SslBump1
> acl step2 at_step SslBump2
> acl step3 at_step SslBump3
>
> ssl_bump peek st
On 2015-09-08 01:54 PM, Alex Rousskov wrote:
On 09/07/2015 11:36 PM, Dan Charlesworth wrote:
First, here’s my config (shout out to James Lay):
acl client_hello_peeked at_step SslBump2
ssl_bump splice client_hello_peeked bump_bypass_domains
ssl_bump bump client_hello_peeked
Just in case some
On 09/08/2015 01:33 AM, Amos Jeffries wrote:
> On 8/09/2015 6:45 p.m., joseph jose wrote:
>> Is it possible to configure a squid reverse proxy with SSL-bump enabled?
> The concept does not make any sense.
> * accel / revers-proxy traffic is destined to and terminated by the proxy.
> * ssl-bump
On 09/08/2015 12:31 AM, Hsuan Yu wrote:
> %ts works both in REQMOD and RESPMOD, %>a is OK too.
Great.
> So it seems that % is there another way to carry ORIGINAL_DST in access.log into ICAP
> header using X-Server-IP?
I do not know the answer to your question, but if you are intercepting
HTTP,
On 09/07/2015 11:36 PM, Dan Charlesworth wrote:
> First, here’s my config (shout out to James Lay):
> acl client_hello_peeked at_step SslBump2
> ssl_bump splice client_hello_peeked bump_bypass_domains
> ssl_bump bump client_hello_peeked
Just in case somebody tries to copy this:
AFAICT, in Squid
I have 8GB physical memory and my swap is 32GB.
I didn't increase the swap yet, should I?
2015-09-08 9:23 GMT-03:00 Marcus Kool :
>
>
> On 09/08/2015 08:11 AM, Jorgeley Junior wrote:
>
>> Thank you all, this is the output:
>> vm.overcommit_memory = 0
>> vm.swappiness = 60
>> I have a Redhat 6.6
>
Amos, did you got time to see my last response?
On Mon, Aug 31, 2015 at 11:04 AM, asad wrote:
> Amos thanks. I was sick over the weekend thus the late reply
>
> Sorry by mistake I left out the mailing-list email on previously mail.
> I would look into the donation link and see how I can tribute
On 09/08/2015 08:11 AM, Jorgeley Junior wrote:
Thank you all, this is the output:
vm.overcommit_memory = 0
vm.swappiness = 60
I have a Redhat 6.6
The value of vm.overcommit_memory is OK.
The default value for vm.swappiness is way too high. It means that Linux swaps
out parts of processes whe
Thank you all, this is the output:
vm.overcommit_memory = 0
vm.swappiness = 60
I have a Redhat 6.6
2015-09-05 15:08 GMT-03:00 Marcus Kool :
> On Linux, an important sysctl parameter that determines how Linux behaves
> with respect to VM allocation is vm.overcommit_memory (should be 0).
> And vm.s
On 2/09/2015 2:35 a.m., Jasper Van Der Westhuizen wrote:
> Good day everyone
>
> I have a problem with my Squid proxy cache. On two occasions over the last
> week the cache partitions have filled up to 100%. I have 4 load balanced
> nodes with 100GB cache partitions each. All of them have filled
Hello together,
My Issue is the following:
Using Squid3 with Kerberos Auth works just fine but does not update the users
group membership in the winbind cache of samba as for examle ntlm_auth does.
So when using /usr/lib/squid3/negotiate_kerberos_auth for Kerberos, the auth
works, but group m
On 8/09/2015 7:45 p.m., Dan Charlesworth wrote:
> This:
> 08/Sep/2015-17:41:38 11049 10.0.1.7 TCP_TUNNEL 200 12871 CONNECT
> api.github.com:443 api.github.com - peek
> Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010.10;%20rv:40.0)%20Gecko/20100101%20Firefox/40.0
> HIER_DIRECT/192.30.252.1
This:
08/Sep/2015-17:41:38 11049 10.0.1.7 TCP_TUNNEL 200 12871 CONNECT
api.github.com:443 api.github.com - peek
Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010.10;%20rv:40.0)%20Gecko/20100101%20Firefox/40.0
HIER_DIRECT/192.30.252.127 -
Compared to this:
08/Sep/2015-17:04:17 13359 10.0.1
On 8/09/2015 4:31 p.m., Jason Enzer wrote:
> Amos
>
> Got the build working finally and the cxx Maxtcp flag shows in my -v but
> still getting the 128 port limit!
>
> What a let down Thought I had it for a moment.
>
If its showing up in squid -v it should be working. It seemed to work
fine
Thanks Amos.
To clarify about the user agents: I’m talking about anything with a (logged)
SSL bump mode of “splice” — I’m not expecting to see one for the synthetic
(“peek") connections. In this case it’s actually intercepted spliced
connections.
Wondering why a spliced connection doesn't log
On 8/09/2015 6:45 p.m., joseph jose wrote:
> Hi,
>
> I have tested squid reverse proxy mode and squid SSL bump both were
> successful and working fine.
>
> Is it possible to configure a squid reverse proxy with SSL-bump enabled?
The concept does not make any sense.
* accel / revers-proxy traffi
On 8/09/2015 5:36 p.m., Dan Charlesworth wrote:
> Hello all
>
> I’ve been testing out an SSL bumping config using 3.5.8 for the last week or
> so and am scratching my head over a couple of things.
>
> First, here’s my config (shout out to James Lay):
>
> acl tcp_level at_step SslBump1
> acl cli
24 matches
Mail list logo
