Probably a good idea there, I have not used bind in a very, very long time, but
I will give it a shot.
I am still having some issues, but at least now they're all within the bounds
of consistent and "what-i-expect" behavior, I just need to think through how to
outsmart a couple issues. The b
Why are you using an intercept port?
IF you don't need it you dont't.
Every time any direct conneciton is done to the proxy port 3128 it will
show this line since the connection is a regular TCP one while the
"intercept" directive instructs squid to fetch information which exists
only on NATTED
It looks like there’s certain hosts that are designed to load balance (or
something) between a few IPs, regardless of geography.
For example pbs.twimg.com resolves to wildcard.twimg.com which returns two
different IPs each time, from a pool of 5–6, at random. Basically rolling the
dice whether
Hi Eliezer,
I've added a single line to my squid.conf:
http_port 3130
And I've modified my AWS ELB healthcheck to monitor port 3130 instead of
3128.
Now my instances are still in the ELB, and the proxy still works as
expected, AND the amount of garbage errors in the cache.log has been
significant
Hey,
I got it all wrong.
You cannot run TCP health test on an intercept port..
An intercept port is expected to not receive Direct TCP connections.
What you see is because squid tries to find information on INTERCEPTED
connection which the case it is not.
If you want to run a health test on the
Hi Eliezer,
I've tried adding a non-intercept line to my squid.conf but it didn't seem
to make a difference.
I've tailed the cache log and run tcpdump on port 3128 on the machine at
the same time to confirm that aws load balancer health checks are what's
causing the getsockopt(SO_ORIGINAL_DST) to
Hey John,
I am pretty sure it is something in the AWS Linux kernel.
In any case you should have some http_port without intercept in the config.
As an example add "http_port 127.0.0.1:1" but I am not sure how it
was on squid 3.1.10, I know it is mandatory since for 3.4.
If you can test the
hi,
I have a working(?) squid 3.10 proxy configuration.
squid-3.1.10-29.18.amzn1.x86_64 on AWS Linux behind an AWS elastic load
balancer.
My problem is that it appears every single AWS elastic load balancer
healthcheck triggers a line like this in cache.log:
2015/10/28 22:35:10| IpIntercept.cc(13
Hi all
I have built squid 3.5.8 with yocto to run on an arm 7.
This build of the OS seems to have different permissions for processes
opening sockets. THe DNS routine fails to open a socket with the
following error
root@test:~# 2015/10/28 22:07:43 testing| Starting Squid Cache version
3.5.8
Is it possible to say thanks in advance? or will it won't work the same
way as after?
Anyway Thanks,
Eliezer
On 28/10/2015 23:24, Alex Rousskov wrote:
FWIW, Factory is working on implementing automatic certificate fetching
feature. That is a huge feature but we are making good progress.
Meanwh
On 10/28/2015 08:09 AM, Yuri Voinov wrote:
> At a minimum, it should write the information on them in the log - in
> an understandable form
I suspect everybody agrees with that statement. I am sure this will be
implemented eventually. No need to argue about that.
Alex.
> 28.10.15 19:55, Amos
On 10/28/2015 07:55 AM, Amos Jeffries wrote:
> What is missing is just some CA in the chain. It needs to be located
> somehow, only then can the decision happen about whether to trust or not
> and see if another up the chain is needed too.
If you are right, then this could be related to bug 4305 t
Hey Jester,
I know that installing bind would probably not be much of a trouble and
I recommend to use it instead of using dnsmasq.
It will do everything much better even if you are using it as a
forwarder and not a recursive DNS service.
Eliezer
On 28/10/2015 20:24, Jester Purtteman wrote:
> -Original Message-
> From: Amos Jeffries [mailto:squ...@treenet.co.nz]
> Sent: Wednesday, October 28, 2015 10:31 AM
> To: Jester Purtteman ; squid-users@lists.squid-
> cache.org
> Subject: Re: [squid-users] Inconsistent accessing of the cache, craigslist.org
> images, wacky stuff.
>
>
On 29/10/2015 4:06 a.m., Jester Purtteman wrote:
>
>
>> -Original Message-
>> From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On
>> Behalf Of Amos Jeffries
>> Sent: Tuesday, October 27, 2015 9:07 PM
>> To: squid-users@lists.squid-cache.org
>> Subject: Re: [squid-users
On 29/10/2015 5:11 a.m., Yakovlev, Vadim wrote:
> Hello all,
>
> I'm trying to compile Squid 3.5.10 for Windows with Cygwin, and ran into
> number of problems. Some I was able to resolve, but finally stuck at
> compiling negotiate_sspi_auth helper. In particular, I get "error:
> 'SSP_blobP' was
> -Original Message-
> From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On
> Behalf Of Amos Jeffries
> Sent: Tuesday, October 27, 2015 9:07 PM
> To: squid-users@lists.squid-cache.org
> Subject: Re: [squid-users] Inconsistent accessing of the cache, craigslist.org
> imag
Hello all,
I'm trying to compile Squid 3.5.10 for Windows with Cygwin, and ran into number
of problems. Some I was able to resolve, but finally stuck at compiling
negotiate_sspi_auth helper. In particular, I get "error: 'SSP_blobP' was not
declared in this scope" in negotiate_sspi_auth.cc. The
> -Original Message-
> From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On
> Behalf Of Amos Jeffries
> Sent: Tuesday, October 27, 2015 9:07 PM
> To: squid-users@lists.squid-cache.org
> Subject: Re: [squid-users] Inconsistent accessing of the cache, craigslist.org
> ima
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
It seems to me that all this functionality must be enabled by default in
the SSL proxies. As the base. Do not I have to wrestle with where (and
how) to take intermediate certificates. Or how to define an unknown CA root.
A proxy.
At a minimum, i
Hello to everybody and thank you!
By upgrading to squid 3.4.4 thje problem solves!
I think there is something on Squid 3.1.8, in conjunction with Dansguardian,
that creates some loops the telnettting firewall's LAN ethernet to
the 8080 (Dansguardian) port!
Francesco
_
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Browser do. Bump-enabled proxy is not.
This is significantly limits the possibility of operating SSL bump in a
more or less large installations.
In addition, not every system administrator is able to write any complex
helper in any language. I me
On 28/10/2015 11:57 p.m., Yuri Voinov wrote:
>
>
> 28.10.15 16:47, Amos Jeffries пишет:
>> On 28/10/2015 11:35 p.m., Yuri Voinov wrote:
>>> Hi gents.
>>>
>>> I think, all of you who use Bump, seen much this messages in your
>>> cache.log.
>>>
>>> SSL3_READ_BYTES:sslv3 alert certificate unknown
>>
yes thats right Yuri
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/SSL3-READ-BYTES-sslv3-alert-certificate-unknown-tp4674186p4674190.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-u
I will use class 1 pool. Really thanks. Have a nice day.
CLASSIFICATION: PUBLIC [ ] CONFIDENTIAL [X] RESTRICT [ ]
Matteo De Lazzari
Information Technology
PREVINET S.p.A.
Via E. Forlanini, 24 - 31022 Preganziol (TV) - ITALY
tel +39 - 0422 1745279
matteo.delazz...@previnet.it
Ai sensi del D.Lg
28.10.15 16:47, Amos Jeffries пишет:
On 28/10/2015 11:35 p.m., Yuri Voinov wrote:
Hi gents.
I think, all of you who use Bump, seen much this messages in your
cache.log.
SSL3_READ_BYTES:sslv3 alert certificate unknown
AFAIK, no way to identify which CA is absent in your setup.
I propose to
On 28/10/2015 11:35 p.m., Yuri Voinov wrote:
> Hi gents.
>
> I think, all of you who use Bump, seen much this messages in your
> cache.log.
>
> SSL3_READ_BYTES:sslv3 alert certificate unknown
>
> AFAIK, no way to identify which CA is absent in your setup.
>
> I propose to consider the following
Hi gents.
I think, all of you who use Bump, seen much this messages in your cache.log.
SSL3_READ_BYTES:sslv3 alert certificate unknown
AFAIK, no way to identify which CA is absent in your setup.
I propose to consider the following questions: how do properly support
SSL proxy, if you can not i
I didn't updated this wiki but the current stable is 3.5.9 for CentOS 7
and CentOS 6.
For now I am testing 3.5.10 and it seems to work fine else then couple
specific bugs.
In any case I decided that 3.4.14 will have a release also and I expect
it to be ready as the free time gives me.
Elie
29 matches
Mail list logo
