Re: [squid-users] Youtube "challenges"

Hi and thanks for the feedback. I have Splice running OK however want I really want to do is to allow the splice when a user opens a link that navigates to https://www.youtube.com/embed/blahblah but not allow the user just to go directly to https://www.youtube.com and access the full site. I c

Re: [squid-users] Android OS / Updates

Thanks! I meant if Squid can cache Android installs? I am deploying 10+ new Android devices and wanted to cache the OS On Tue, Feb 23, 2016 at 9:54 PM, Amos Jeffries wrote: > On 24/02/2016 5:52 p.m., John Pearson wrote: > > Is it possible to cache Android OS files and Android OS update files ? >

Re: [squid-users] [squid-announce] Squid 3.5.15 is available

Hello! After installing 3.5.15 on ubuntu 12.04 I get squid crash: 2016/02/24 10:07:23 kid1| assertion failed: FwdState.cc:447: "serverConnection() == conn" 3.5.14 had no such problem. Thank you! 24.02.2016 08:46, Amos Jeffries пишет: The Squid HTTP Proxy team is very pleased to announc

Re: [squid-users] Android OS / Updates

On 24/02/2016 5:52 p.m., John Pearson wrote: > Is it possible to cache Android OS files and Android OS update files ? > Squid does not know anthing about files. It does know about URLs though. The tool at will tell you whether any particular HTTP URL is cacheable. Amos __

[squid-users] [squid-announce] Squid 4.0.7 beta is available

The Squid HTTP Proxy team is very pleased to announce the availability of the Squid-4.0.7 release! This release is a security release resolving several major vulnerabilities found in the prior Squid releases. The major changes to be aware of: * SQUID-2016:2 - Multiple Denial of Service issues

[squid-users] [squid-announce] Squid 3.5.15 is available

The Squid HTTP Proxy team is very pleased to announce the availability of the Squid-3.5.15 release! This release is a security release resolving several major vulnerabilities found in the prior Squid releases. The major changes to be aware of: * SQUID-2016:2 - Multiple Denial of Service issue

[squid-users] [squid-announce] [ADVISORY] SQUID-2016:2 Multiple Denial of Service issues in HTTP Response processing

__ Squid Proxy Cache Security Update Advisory SQUID-2016:2 __ Advisory ID:SQUID-2016:1 Date: February 23, 2016 Summary:Multiple Denial

Re: [squid-users] Squid: Small packets and low performance between squid and icap

[+ squid-dev; bcc ssquid-users] Hi Alex, Sorry about the late reply. Please see inline. >> Here's the behavior I have seen: When the connection is set up, the >> buffer gets a size of 16KB (default). Squid reads from the socket, >> parses the data, and then sends it towards c-icap as appropriat

[squid-users] Android OS / Updates

Is it possible to cache Android OS files and Android OS update files ? ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] any way to get squid-4 compiled on CentOS-6?

That’s the version I’m on actually (RPM compiled by me): squid-3.5.13-1.el6.x86_64 openssl-1.0.1e-42.el6_7.2.x86_64 I’m not setting sslproxy_cipher in my config, so I guess that’s not it. My openssl library the problem perhaps? > On 24 Feb 2016, at 11:17 AM, Amos Jeffries wrote: > > On 24/02/

Re: [squid-users] any way to get squid-4 compiled on CentOS-6?

On 24/02/2016 12:24 p.m., Dan Charlesworth wrote: > Thanks Amos, good to know. I didn’t see your original reply for some reason; > sorry about that. > > I thought I had read that these sort of errors could be avoided in Squid-4: > Error negotiating SSL connection on FD 66: error:1408A0C1:SSL > r

Re: [squid-users] any way to get squid-4 compiled on CentOS-6?

Thanks Amos, good to know. I didn’t see your original reply for some reason; sorry about that. I thought I had read that these sort of errors could be avoided in Squid-4: Error negotiating SSL connection on FD 66: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher (1/-1) But now

Re: [squid-users] bump files

On 24/02/2016 11:46 a.m., HackXBack wrote: > i mean like > acl ssl_ext urlpath_regex > \.(jp(e?g|e|2)|gif|png|tiff?|bmp|tga|svg|ico|swf|crx|webarchive|flv|x-flv|JPG)(\?|\/\?) > ssl_bump bump ssl_ext > The answer is no. Amos ___ squid-users mailing li

Re: [squid-users] whatsapp image download fails

1st whatsapp use port 443 and not port 80 2nd whatsapp images download used pinned connections so you must splice this connections because it cant bump, i think you are seeing TAG_NONE when trying to download. Good luck. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.

Re: [squid-users] bump files

i mean like acl ssl_ext urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|tga|svg|ico|swf|crx|webarchive|flv|x-flv|JPG)(\?|\/\?) ssl_bump bump ssl_ext -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/bump-files-tp4676075p4676140.html Sent from the Squid - Users

Re: [squid-users] Youtube "challenges"

On 24/02/2016 11:19 a.m., Darren wrote: > > Hi > > As Google owns the entire food chain (when you use Chrome talking to Youtube) > SSL_Bump upsets everything and the browser blocks access detecting the MITM > bump. > > I am looking at school level protection so I want to avoid installing cert

Re: [squid-users] Youtube "challenges"

Hi As Google owns the entire food chain (when you use Chrome talking to Youtube) SSL_Bump upsets everything and the browser blocks access detecting the MITM bump. I  am looking at school level protection so I want to avoid installing certs on the clients and create a seamless experience. I a

Re: [squid-users] Youtube "challenges"

Sounds like a controlled at home environment why not implement ssl bump ? On 24 February 2016 at 00:40, Chris Horry wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > > On 2/23/2016 08:39, Antony Stone wrote: >> On Tuesday 23 February 2016 at 13:57:52, Chris Horry wrote: >> >>> On 2/

Re: [squid-users] Rock Store max object size 3.5.14

23/02/2016 16:40, Yuri Voinov wrote: When you CPU's/cores waiting for HDD access, they got high-loag. Are you sure it would show up as "User" load and not as "Wait" ? On linux "TOP" it shows something like: %Cpu0 : 99,0 *us*, 1,0 sy, 0,0 ni, 0,0 id, 0,0 *wa*, 0,0 hi, 0,0 si, 0,0 st

Re: [squid-users] Rock Store max object size 3.5.14

Hey, Some of the emails was probably off-list from some reason so responding here. Since you are having some issues with the current way that the proxy works since it gets to 100% CPU and probably your clients\users suffering from an issue I would suggest to try another approach to get coup

Re: [squid-users] Rock Store max object size 3.5.14

On 02/23/2016 12:11 PM, Heiler Bemerguy wrote: > > Thanks Alex. > > We have a simple cache_dir config like this, with no "workers" defined: > cache_dir rock /cache2 8 min-size=0 max-size=32767 > cache_dir aufs /cache 32 96 256 min-size=32768 FWIW, I do not know whether aufs and rock play

Re: [squid-users] SSL bump memory leak

On 24/02/2016 10:08 a.m., Steve Hill wrote: > On 23/02/16 17:30, Amos Jeffries wrote: > >> And a leak (real or pseudo) means they are still hanging around in >> memory for some reason other than cert-cache references (being in the >> cache by definition is not-leaking). For example as part of acti

Re: [squid-users] SSL bump memory leak

On 23/02/16 17:30, Amos Jeffries wrote: > And a leak (real or pseudo) means they are still hanging around in > memory for some reason other than cert-cache references (being in the > cache by definition is not-leaking). For example as part of active TLS > sessions when the core was produced. Seem

Re: [squid-users] Squid 3.5.12

This is what i got: Could not Activate TLS connection On Tue, Feb 23, 2016 at 12:46 PM, Amos Jeffries wrote: > On 24/02/2016 9:10 a.m., Nando Mendonca wrote: > > Hi All, > > > > I had Squid 3.5.12 running with ldap authentication on port 389 great. > I now need to run squid on port 636. With

Re: [squid-users] Squid 3.5.12

On 24/02/2016 9:10 a.m., Nando Mendonca wrote: > Hi All, > > I had Squid 3.5.12 running with ldap authentication on port 389 great. I now > need to run squid on port 636. With my same configuation i'm unable to get > squid working. > > What compile options do i need? I was using basic_ldap_au

Re: [squid-users] Rock Store max object size 3.5.14

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The rule is simple. If threads on processor(s) are in the queue to the disk - the bottleneck is disk. If the disks or network interfaces (IO threads) waits execution on processor(s) - CPU(s) bottleneck. PS. And, man, 1600 users is not a high load

Re: [squid-users] Squid 3.5.12

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 This is not about compilation options. This about configuration, man. 24.02.16 2:10, Nando Mendonca пишет: > Hi All, > > I had Squid 3.5.12 running with ldap authentication on port 389 great. I now need to run squid on port 636. With my same con

[squid-users] Squid 3.5.12

Hi All, I had Squid 3.5.12 running with ldap authentication on port 389 great. I now need to run squid on port 636. With my same configuation i'm unable to get squid working. What compile options do i need? I was using basic_ldap_auth do i need to use something else? I can communicate from

Re: [squid-users] Rock Store max object size 3.5.14

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Agreed. High-load big enough caches must utilize _an adequate_ hardware configuration with enough capacity to meet you expectations. And, of course, cache software configuration must fit this hardware, to maximize approaches. 24.02.16 1:55, Amos

Re: [squid-users] Rock Store max object size 3.5.14

[ pPS please dont hijack other peoples threads ... this has nothing to do with YouTube ] On 24/02/2016 8:11 a.m., Heiler Bemerguy wrote: > > Thanks Alex. > > We have a simple cache_dir config like this, with no "workers" defined: > cache_dir rock /cache2 8 min-size=0 max-size=32767 > cache_d

Re: [squid-users] Rock Store max object size 3.5.14

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 A balanced server configuration, on common case, is: At least 3 HDD spindels to 1 (one) CPU/core. This is minimum. Also you need enough IO channels to this HDD's. PC-like configuration is not playable here. 1600 clients already required at a min

Re: [squid-users] Rock Store max object size 3.5.14

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 When you CPU's/cores waiting for HDD access, they got high-loag. Just as a juggler trying to keep in the air 600 oranges. What do you think would be a sweaty jogger? ;) 24.02.16 1:37, Yuri Voinov пишет: > > > > 24.02.16 1:11, Heiler Bemerguy пише

Re: [squid-users] Rock Store max object size 3.5.14

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 24.02.16 1:11, Heiler Bemerguy пишет: > > Thanks Alex. > > We have a simple cache_dir config like this, with no "workers" defined: > cache_dir rock /cache2 8 min-size=0 max-size=32767 > cache_dir aufs /cache 32 96 256 min-size=32768 > > A

Re: [squid-users] Rock Store max object size 3.5.14

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 24.02.16 1:11, Heiler Bemerguy пишет: This is obvious improvements. If you have only one-two HDD controllers, you have bottleneck in IO. You much cores waits HDD access alltogether. First of all you need: - - Either many HDD controlle

Re: [squid-users] Rock Store max object size 3.5.14

Thanks Alex. We have a simple cache_dir config like this, with no "workers" defined: cache_dir rock /cache2 8 min-size=0 max-size=32767 cache_dir aufs /cache 32 96 256 min-size=32768 And we are suffering from a 100% CPU use by a single squid thread. We have lots of ram, cores and disk

Re: [squid-users] any way to get squid-4 compiled on CentOS-6?

On 23/02/2016 1:05 p.m., Dan Charlesworth wrote: > I'm bumping this question back up, because I also would like to know. > > We'd rather not need users of our squid-based software to need to deploy > new CentOS 7 servers to run it. > My reply to Jason on the 12th has not changed. A full system u

Re: [squid-users] Squid 4.06 compile errors on Ubuntu 12.04

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2/23/2016 13:31, Amos Jeffries wrote: > On 23/02/2016 9:02 a.m., Chris Horry wrote: >> Hello All, >> >> Squid 4.06 (and earlier) is failing to compile for me on Ubuntu >> 12.04, Squid 3.x compiled without any issues. >> > >> >> gcc version 4.6

Re: [squid-users] Squid 4.06 compile errors on Ubuntu 12.04

On 23/02/2016 9:02 a.m., Chris Horry wrote: > Hello All, > > Squid 4.06 (and earlier) is failing to compile for me on Ubuntu 12.04, > Squid 3.x compiled without any issues. > > > gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) > > Ran configure with no other options. > > Any guidance appreci

Re: [squid-users] Rock Store max object size 3.5.14

On 02/23/2016 09:15 AM, Heiler Bemerguy wrote: > I'm using Squid Cache: Version 3.5.14 and I'm wondering how big a file > can be on a Rock Store nowardays ? > Is it accepting the full "maximum_object_size" size? Yes, for large-enough cache_dirs, it should. AFAIK, there has been no optimization

Re: [squid-users] SSL bump memory leak

On 24/02/2016 4:31 a.m., Steve Hill wrote: > > There are also a very small number of lines that look something like: > /C=US/ST=California/L=San Francisco/O=Wikimedia Foundation, > Inc./CN=*.wikipedia.org+Sign=signTrusted+SignHash=SHA256 > I think the "+Sign=signTrusted+SignHash=SHA256" part w

Re: [squid-users] assertion failed: String.cc:174: "len_ + len < 65536"

On 24/02/2016 5:37 a.m., William Lima wrote: > Hi all, > > It's easy to make a DoS. The reply (and cause) of the problem of the mentioned link: > William; Please do not do that again. The squid-bugs mailing list is for (private) discussion of security related issues like attack PoC. This attack ve

Re: [squid-users] assertion failed: String.cc:174: "len_ + len < 65536"

Hi all, It's easy to make a DoS. The reply (and cause) of the problem of the mentioned link: HTTP/1.1 200 OK Date: Tue, 23 Feb 2016 16:21:28 GMT ETag: "19203-520f81a227f80" Last-Modified: Wed, 30 Sep 2015 14:54:06 GMT Content-Length: 102915 Content-Type: text/javascript Vary: X-RC

[squid-users] Rock Store max object size 3.5.14

Hi guys, I'm using Squid Cache: Version 3.5.14 and I'm wondering how big a file can be on a Rock Store nowardays ? I saw 38 files stored on a cache_dir setup like this: cache_dir rock /cache/rock4 10 min-size=104857601 Is it accepting the full "maximum_object_size" size? (which in my cas

Re: [squid-users] assertion failed: String.cc:174: "len_ + len < 65536"

* Ralf Hildebrandt : > * Ralf Hildebrandt : > > * Marco Berizzi : > > > Hi Folks, > > > > > > I'm running squid 3.5.14 on slackware linux 64 bit (compiled from source). > > > When users connect to > > > http://www.oggi.it/global_assets/js/plugins.js?v=1.6 squid crash with the > > > following mes

Re: [squid-users] assertion failed: String.cc:174: "len_ + len < 65536"

* Ralf Hildebrandt : > * Marco Berizzi : > > Hi Folks, > > > > I'm running squid 3.5.14 on slackware linux 64 bit (compiled from source). > > When users connect to http://www.oggi.it/global_assets/js/plugins.js?v=1.6 > > squid crash with the following message: > > > > assertion failed: String.cc

Re: [squid-users] assertion failed: String.cc:174: "len_ + len < 65536"

* Marco Berizzi : > Hi Folks, > > I'm running squid 3.5.14 on slackware linux 64 bit (compiled from source). > When users connect to http://www.oggi.it/global_assets/js/plugins.js?v=1.6 > squid crash with the following message: > > assertion failed: String.cc:174: "len_ + len < 65536" I can rep

Re: [squid-users] Squid as forward proxy far slow than Shadowsocks

On 23/02/2016 6:41 a.m., Billy.Zheng (zw963) wrote: > and connect to server with shadowssocks android app, the speed is > improve a lot, I can access almost any website as i did in my laptop , > and more faster. > > I love squid, so I want to know why those big difference between those > two softw

[squid-users] SSL bump memory leak

I'm looking into (what appears to be) a memory leak in the Squid 3.5 series. I'm testing this in 3.5.13, but this problem has been observed in earlier releases too. Unfortunately I haven't been able to reproduce the problem in a test environment yet, so my debugging has been limited to what

[squid-users] assertion failed: String.cc:174: "len_ + len < 65536"

Hi Folks, I'm running squid 3.5.14 on slackware linux 64 bit (compiled from source). When users connect to http://www.oggi.it/global_assets/js/plugins.js?v=1.6 squid crash with the following message: assertion failed: String.cc:174: "len_ + len < 65536" I have seen the same error on this thread

Re: [squid-users] Youtube "challenges"

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2/23/2016 08:39, Antony Stone wrote: > On Tuesday 23 February 2016 at 13:57:52, Chris Horry wrote: > >> On 2/23/2016 00:01, Darren wrote: >>> Hi all >>> >>> AI am putting together a config to allow the kids to access >>> selected videos in YouT

Re: [squid-users] Youtube "challenges"

On Tuesday 23 February 2016 at 13:57:52, Chris Horry wrote: > On 2/23/2016 00:01, Darren wrote: > > Hi all > > > > AI am putting together a config to allow the kids to access > > selected videos in YouTube from a page of links on a local server. > > You might want to look into a web filter like

Re: [squid-users] Youtube "challenges"

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2/23/2016 00:01, Darren wrote: > Hi all > > AI am putting together a config to allow the kids to access > selected videos in YouTube from a page of links on a local server. You might want to look into a web filter like Dan's Guardian that integr