Re: [squid-users] ssl_bump with cache_peer problem: Handshake fail after Client Hello.

hi Amos, what did you exactly refer to for "These particular use-case issue"? it means in 3.5+, cache_peer can be used with ssl_bump together smoothly? or It resolves the integration problem between squid and proxychains? anyway, I have already upgraded my squid to 3.5.9, but neither for cache_pe

Re: [squid-users] Squid: Small packets and low performance between squid and icap

On 5/11/2015 4:30 p.m., Amos Jeffries wrote: > On 5/11/2015 3:43 p.m., Prashanth Prabhu wrote: >> Hi folks, >> >> I have a setup with ICAP running a custom server alongside Squid. >> While testing file upload scenarios, I ran into a slow upload issue >> and have narrowed it down to slowness between

Re: [squid-users] ssl_bump with cache_peer problem: Handshake fail after Client Hello.

On 5/11/2015 3:47 p.m., maple wrote: > sorry, I post my question again since last time I was not a subscriber yet. > > > > Hi, > > after a lot of google, I finally got this post, I met the exactly same > problem as you, and can't use squid to han

Re: [squid-users] Squid: Small packets and low performance between squid and icap

On 5/11/2015 3:43 p.m., Prashanth Prabhu wrote: > Hi folks, > > I have a setup with ICAP running a custom server alongside Squid. > While testing file upload scenarios, I ran into a slow upload issue > and have narrowed it down to slowness between squid and icap, > especially in the request handli

Re: [squid-users] ssl bump and url_rewrite_program (like squidguard)

On 5/11/2015 11:55 a.m., Edouard Gaulué wrote: > Hi Marcus, > > Well that just an URL rewriter program. You can just test it from the > command line : > echo "URL" | /usr/bin/squidGuard -c /etc/squidguard/squidGuard.conf > > Before I understood it was possible to precise the redirect code I got >

Re: [squid-users] Is ntlm_fake_auth known to work?

On 5/11/2015 11:21 a.m., Edouard Gaulué wrote: > Dear community, > > ntlm_fake_auth looks to be the authentication helper I'm looking for, > but trying to set it as mentionned here doesn't work: > * http://wiki.squid-cache.org/ConfigExamples/Authenticate/LoggingOnly > * > http://dsysadm.blogspot

[squid-users] Transparent HTTPS Squid proxy with upstream parent

Hi I've got a network without direct internet access where I have Squid 3.5.9as a transparent proxylistening on tcp/8080for HTTP and on tcp/8443for HTTPS (redirected via iptablesfrom tcp/80 and tcp/443 respectively). This Squid (proxy-test) doesn't have a direct Internet access either but c

Re: [squid-users] ssl_bump with cache_peer problem: Handshake fail after Client Hello.

sorry, I post my question again since last time I was not a subscriber yet. Hi, after a lot of google, I finally got this post, I met the exactly same problem as you, and can't use squid to handle https traffic behind parent proxy. I also tried w

[squid-users] Squid: Small packets and low performance between squid and icap

Hi folks, I have a setup with ICAP running a custom server alongside Squid. While testing file upload scenarios, I ran into a slow upload issue and have narrowed it down to slowness between squid and icap, especially in the request handling path. The slowness is down to extremely small packets se

Re: [squid-users] ssl bump and url_rewrite_program (like squidguard)

Hi Marcus, Well that just an URL rewriter program. You can just test it from the command line : echo "URL" | /usr/bin/squidGuard -c /etc/squidguard/squidGuard.conf Before I understood it was possible to precise the redirect code I got that: #> echo "https://ad.doubleclick.net/N4061/adi/com.yt

Re: [squid-users] TCP_REFRESH_MODIFIED

Dear Yuri, MR Amos is sure !! we will see a solution Dear Amos ? -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/TCP-REFRESH-MODIFIED-tp4674325p4674378.html Sent from the Squid - Users mailing list archive at Nabble.com. __

[squid-users] Is ntlm_fake_auth known to work?

Dear community, ntlm_fake_auth looks to be the authentication helper I'm looking for, but trying to set it as mentionned here doesn't work: * http://wiki.squid-cache.org/ConfigExamples/Authenticate/LoggingOnly * http://dsysadm.blogspot.fr/2012/03/my-book-live-with-squid-and-fakeauth.html L

[squid-users] caching issues - caching traffic from another proxy, and caching https traffic

Hi, I'm trying to improve our cache hit ratio. We have a fairly complicated layer of squid 3.10 proxies as previously detailed. Problem 1. Some of the traffic is identified by domain to go to another layer of proxies. I've called this proxy otherl1proxy in the squid.conf below. I've noticed t

Re: [squid-users] "NF getsockopt(SO_ORIGINAL_DST)" filling cache.log due to AWS ELB healthchecks

Hi, Just to close the loop on this issue, I worked offline with Amos. He was able to help me to eliminate all the noise from cache.log, but only for http traffic, not both http and https traffic using the same port, so I ended up using my original configuration. Amos indicated that I would need

Re: [squid-users] TCP_REFRESH_MODIFIED

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 04.11.15 21:59, Amos Jeffries пишет: > On 5/11/2015 3:26 a.m., joe wrote: >> if you notice not only dynamic static img as well >> > > Yeah, and hits and misses. Basically all possible processing codes are > replaced with "SWAPFAI_MISS". > >

Re: [squid-users] TCP_REFRESH_MODIFIED

On 5/11/2015 3:26 a.m., joe wrote: > if you notice not only dynamic static img as well > Yeah, and hits and misses. Basically all possible processing codes are replaced with "SWAPFAI_MISS". Though I do notice that the other log entries are showing things that could not possibly happen on a

Re: [squid-users] TCP_REFRESH_MODIFIED

if you notice not only dynamic static img as well -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/TCP-REFRESH-MODIFIED-tp4674325p4674371.html Sent from the Squid - Users mailing list archive at Nabble.com. ___

Re: [squid-users] TCP_REFRESH_MODIFIED

those ar enough i gess i dont wana flud the forum lol and they ar alot -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/TCP-REFRESH-MODIFIED-tp4674325p4674370.html Sent from the Squid - Users mailing list archive at Nabble.com. __

Re: [squid-users] TCP_REFRESH_MODIFIED

>>I've been trying to figure out how it happens for the last year or so. >>Apparently everybody (all three of you...) but not me can see it happening. >>The proxies I manage do not have it happen, and I can't seem to force it >>to happen either unless I unmount or delete the HDD cache directories

Re: [squid-users] TCP_REFRESH_MODIFIED

1436416269.376343 10.3.2.15 TCP_SWAPFAIL_MISS/304 373 GET http://xch.directrev.com/js/gb.min.js?s=S0003066 - DIRECT/xch.directrev.com application/x-javascript 1436416269.376354 10.3.2.15 TCP_SWAPFAIL_MISS/304 373 GET http://xch.directrev.com/js/gb.min.js?s=S0004215 - DIRECT/xch.directrev.co

Re: [squid-users] TCP_REFRESH_MODIFIED

On 4/11/2015 11:51 p.m., joe wrote: >> I don't think the two are the same at all. > right they ar 2 diferent problem and they ar very bad for production to be > on > >> REFRESH is (in jo's case) an indicator that the private content is being >> checked before use. If the server behaves itself th

Re: [squid-users] how to cache youtube videos

>>its being more complex and complicated but even so every security can be hacked .. 100% :) -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/how-to-cache-youtube-videos-tp4674341p4674366.html Sent from the Squid - Users mailing list archive at Nabble.com. ___

Re: [squid-users] TCP_REFRESH_MODIFIED

translate to browser act like -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/TCP-REFRESH-MODIFIED-tp4674325p4674365.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list

Re: [squid-users] ssl bump and url_rewrite_program (like squidguard)

You need to know what squidGuard actually sends to Squid. squidGuard does not have a debug option for this, so you have to set debug_options ALL,1 61,9 in squid.conf to see what Squid receives. I bet that what Squid receives, is what it complains about: the URL starts with 'https://http' Marcu

Re: [squid-users] ssl bump and url_rewrite_program (like squidguard)

Le 04/11/2015 11:00, Amos Jeffries a écrit : On 4/11/2015 12:48 p.m., Marcus Kool wrote: I suspect that the problem is that you redirect a HTTPS-based URL to an HTTP URL and Squid does not like that. Marcus To give it a try in that direction I now redirect to an https server. And I get : The

Re: [squid-users] TCP_REFRESH_MODIFIED

Loool Joe, really are you going back to V2.7 ? -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/TCP-REFRESH-MODIFIED-tp4674325p4674362.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-us

Re: [squid-users] TCP_REFRESH_MODIFIED

You are right Yuri, its like a proxy bypassed system .. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/TCP-REFRESH-MODIFIED-tp4674325p4674361.html Sent from the Squid - Users mailing list archive at Nabble.com. ___

Re: [squid-users] TCP_REFRESH_MODIFIED

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 04.11.15 17:05, Amos Jeffries пишет: > On 4/11/2015 11:35 p.m., HackXBack wrote: >> and how we can cache Control:private content ? >> must be a choice ? > > Yes. By adding the ignore-private refresh_pattern control. > > Though be aware it still d

Re: [squid-users] TCP_REFRESH_MODIFIED

On 4/11/2015 11:35 p.m., HackXBack wrote: > and how we can cache Control:private content ? > must be a choice ? Yes. By adding the ignore-private refresh_pattern control. Though be aware it still does very bad things to data in most Squid 3.x versions for some configs. It is only fully safe in v4

Re: [squid-users] TCP_REFRESH_MODIFIED

>I don't think the two are the same at all. right they ar 2 diferent problem and they ar very bad for production to be on >REFRESH is (in jo's case) an indicator that the private content is being >checked before use. If the server behaves itself the answer would be >UNMODIFIED/304 not MODIFIED/

Re: [squid-users] TCP_REFRESH_MODIFIED

and how we can cache Control:private content ? must be a choice ? -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/TCP-REFRESH-MODIFIED-tp4674325p4674357.html Sent from the Squid - Users mailing list archive at Nabble.com. _

Re: [squid-users] how to cache youtube videos

FredT is alright , some ppl cant cache youtube but some can do it its being more complex and complicated but even so every security can be hacked .. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/how-to-cache-youtube-videos-tp4674341p4674356.html Sent from

Re: [squid-users] TCP_REFRESH_MODIFIED

On 4/11/2015 11:53 a.m., HackXBack wrote: > what joe is going to tell us is that his HIT ratio decrease and he is seeing > TCP_REFRESH_MODIFIED instead of tcp_hit when he used V4 > this problem is right also with tcp swalfail miss I don't think the two are the same at all. REFRESH is (in jo's ca

Re: [squid-users] how to get c-icap url category from squid access lo

On 11/04/2015 08:34 AM, Murat K wrote: Hi guys, please can someone tell me if it is possible to send url category info from c-icap to squid access log? The ICAP response headers can be logged using the "adapt::formating code in squid. If you are using the url_check c-icap service then you ca

Re: [squid-users] Refresh_pattern % bug ?

On 4/11/2015 10:54 p.m., FredB wrote: > >> Config parser bug I think. That is one place where % is legitimately >> much higher than 100%. >> >> Amos >> > > Hi > > I open a bug ? > If you would. I'm a little too busy to do it right away. Amos ___ s

Re: [squid-users] how to cache youtube videos

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 04.11.15 16:07, Amos Jeffries пишет: > On 4/11/2015 6:40 p.m., linux admin wrote: >> Can anyone please tell me how to cache youtube videos.?? >> > > Every time anyone publishes that info YT mysteriously change their > system so it gets even more

Re: [squid-users] Banner Insertation

On 4/11/2015 10:31 p.m., Fahimeh Ashrafy wrote: > Hello > I am new member of this mailing list. is it possible to > insert banner by c-icap? could you please help how to start? What is the law in your country about taking somebody elses copyrighted property, altering it, then re-publishing without

Re: [squid-users] how to cache youtube videos

On 4/11/2015 6:40 p.m., linux admin wrote: > Can anyone please tell me how to cache youtube videos.?? > Every time anyone publishes that info YT mysteriously change their system so it gets even more complex and difficult to cache. There are some closed source but freeware tools that can be used

Re: [squid-users] ssl bump and url_rewrite_program (like squidguard)

On 4/11/2015 12:48 p.m., Marcus Kool wrote: > I suspect that the problem is that you redirect a HTTPS-based URL to an > HTTP URL and Squid does not like that. > > Marcus > No it is apparently the fact that the domain name being redirected to is "http". As in: "http://http/something"; Which br

Re: [squid-users] Refresh_pattern % bug ?

> Config parser bug I think. That is one place where % is legitimately > much higher than 100%. > > Amos > Hi I open a bug ? ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Refresh_pattern % bug ?

On 4/11/2015 10:45 p.m., FredB wrote: > Hello > > With 3.5.10 I can't add a value with more than 100 % > > Something like > > refresh_pattern -i \.gif$ 1440 500% 262800 > refresh_pattern -i \.ram 2880 1000% 262800 > > The % should be reduced below 100% - Squid Terminated abnormall

[squid-users] Refresh_pattern % bug ?

Hello With 3.5.10 I can't add a value with more than 100 % Something like refresh_pattern -i \.gif$ 1440 500% 262800 refresh_pattern -i \.ram 2880 1000% 262800 The % should be reduced below 100% - Squid Terminated abnormally - This is a new limit or a bug ? Regards Fred _

Re: [squid-users] TCP_REFRESH_MODIFIED

On 4/11/2015 11:38 a.m., joe wrote: > at least you pay attention on "gvs" :) +1 > > lets forget about youtube:) im just asking why TCP_REFRESH_MODIFIED if > i don't or did not force reload > ignore-privet its working but ignore-reload its not .. suppose to prevent > TCP_REFRESH_MODIFIED from

[squid-users] Banner Insertation

Hello I am new member of this mailing list. is it possible to insert banner by c-icap? could you please help how to start? Thank you ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squ