Well what I can see is that there are couple queries ID and the issues are:
0x8528: timeout
0x69c2 - timeout
but I am pretty sure that the DNS server that the query is against is:
192.231.203.132:53
So the first thing is to findout what dns servers are defined inside
squid.conf
if you don't ha
Thanks Amos! It works.
New problem:
I am checking whether a url (object) is cached or not by using:
squidclient -p 3129 $url | fgrep X-Cache
I am getting a lot of messy code and when I quit (CRTL-C), squid logs are
showing TCP_HIT_ABORTED.
How can I not get the messy code and just get the resul
Here we go:
# time dig -x 10.100.128.1
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.6 <<>> -x 10.100.128.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 11319
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECT
can you try the next command:
dig -x 10.100.128.1
Eliezer
On 03/03/2016 08:04, Dan Charlesworth wrote:
Like this:
# time nslookup httpbin.org
Server: 192.231.203.3
Address:192.231.203.3#53
Non-authoritative answer:
Name: httpbin.org
Address: 54.175.222.246
real0m0.026s
Like this:
# time nslookup httpbin.org
Server: 192.231.203.3
Address:192.231.203.3#53
Non-authoritative answer:
Name: httpbin.org
Address: 54.175.222.246
real0m0.026s
user0m0.001s
sys 0m0.004s
# time dig httpbin.org
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7
Hey Dan,
What dig+nslookup queries did you tested for?
Eliezer
On 03/03/2016 07:39, Dan Charlesworth wrote:
Right now we have 1 squid box (out of a lot), running 3.5.13, which does
something like this for every request, taking about 10 seconds:
2016/03/03 16:30:48.883 kid1| 78,3| dns_interna
Right now we have 1 squid box (out of a lot), running 3.5.13, which does
something like this for every request, taking about 10 seconds:
2016/03/03 16:30:48.883 kid1| 78,3| dns_internal.cc(1794) idnsPTRLookup:
idnsPTRLookup: buf is 43 bytes for 10.100.128.1, id = 0x733a
2016/03/03 16:30:48.883 k
On 3/03/2016 10:33 a.m., Heiler Bemerguy wrote:
>
> Hello guys..
>
> Thanks for the tips. I've ajusted some stuff here and noticed these
> repeated GETS below.. they are HITS, but why is this happening?
Because lots of clients want the object(s).
If they are HITs then whats the problem? Squid i
On 3/03/2016 12:33 a.m., joe wrote:
>
>>> I dont understand what you are trying to say?
>>> Amos
>
> you guys had 2 patch for 4447 bug right the first patch work the one in
> bug report http://bugs.squid-cache.org/show_bug.cgi?id=4447
>
> so i re download latest patched Squid Cache: Version 3.
On 02/03/2016 21:33, Yuri Voinov wrote:
Yes, and in some places the law prohibit SSL bump completely
But AFAIK here is technical list, not lawer, is it?;)
Yuri,
You are right but since some of us do have legal obligations to some
laws and do not live in a desert on the moon or the sun l
Hello guys..
Thanks for the tips. I've ajusted some stuff here and noticed these
repeated GETS below.. they are HITS, but why is this happening? lol
I have "*range_offset_limit none*" for this domain (*ws.microsoft.com*) and:
*/refresh_pattern -i
(microsoft|windowsupdate)\.com.*\.(cab|exe|ms
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
acl GetSNI at_step SslBump1
acl NoSSLIntercept ssl::server_name netflix.com ntflx.com ntflximg.com
ntflxvideo.com
ssl_bump peek GetSNI
ssl_bump splice NoSSLIntercept
ssl_bump bump all
03.03.16 3:12, Bmahak2005 пишет:
> Ok i read the doc but I am
Ok i read the doc but I am afraid i do not know where yo start
I know that netflix traffic comes from these server domains
.netflix.com
.ntflx.com
.ntflximg.com
.ntflxvideo.com
But how can I setup my config file to just tell squid do not bump netflix
traffic and i am not interested in caching it o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
With peek and splice feature.
http://wiki.squid-cache.org/Features/SslPeekAndSplice
03.03.16 2:45, Bmahak2005 пишет:
> Thanks for the hint. How can I do that ?
>
>
> Sent from my iPhone
>
>> On Mar 2, 2016, at 11:09 AM, Yuri Voinov wrote:
>>
>>
Thanks
Yuri Voinov wrote
> 02.03.16 2:34, Baselsayeh пишет:
>> Yuri Voinov wrote
>>> -BEGIN PGP SIGNED MESSAGE-
>>> Hash: SHA256
>>>
>>> Did you read
>>>
>>> http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit
>>>
>>> this first?
>>>
>>> Look once more to examples.
>>>
Thanks for the hint. How can I do that ?
Sent from my iPhone
> On Mar 2, 2016, at 11:09 AM, Yuri Voinov wrote:
>
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Nobody can fight SSL pinning in proprietary apps.
>
> The only way I see is to put Netflex under splice ACL and do not d
What about B?
Will it forward https to parent proxy petfectly?
Amos Jeffries wrote
> On 2/03/2016 9:48 a.m., Baselsayeh wrote:
>> Yuri Voinov wrote
>> Aha, I'm stupid.
>>
>> Squid can't re-crypted peer connections. You need to splice peered
>> URL's before tunnel it into your peer.
>>
>> 28.02
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
and, excluding pinning, all of this is not technical problems.. :)
03.03.16 1:51, Matus UHLAR - fantomas пишет:
>> On 02/03/2016 21:09, Yuri Voinov wrote:
>>> Nobody can fight SSL pinning in proprietary apps.
>>>
>>> The only way I see is
On 02/03/2016 21:09, Yuri Voinov wrote:
Nobody can fight SSL pinning in proprietary apps.
The only way I see is to put Netflex under splice ACL and do not do SSL
bump for all Netflex CDN.
On 02.03.16 21:19, Eliezer Croitoru wrote:
In some places the law can prohibit the usage of pinned certif
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Yes, and in some places the law prohibit SSL bump completely
But AFAIK here is technical list, not lawer, is it? ;)
03.03.16 1:19, Eliezer Croitoru пишет:
> In some places the law can prohibit the usage of pinned certificates.
>
> Eliezer
>
>
In some places the law can prohibit the usage of pinned certificates.
Eliezer
On 02/03/2016 21:09, Yuri Voinov wrote:
Nobody can fight SSL pinning in proprietary apps.
The only way I see is to put Netflex under splice ACL and do not do SSL
bump for all Netflex CDN.
__
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Nobody can fight SSL pinning in proprietary apps.
The only way I see is to put Netflex under splice ACL and do not do SSL
bump for all Netflex CDN.
02.03.16 22:29, bma пишет:
> I have installed squid 3.15 on ubuntu 15.10 server. squid was setup w
I have installed squid 3.15 on ubuntu 15.10 server. squid was setup with
sslbump for https traffic. The functionality work without any problem i.e. :
all traffic from both http and https goes through squid and all internet can
be accessed on all devices where certificates are installed. With one
ex
2016/03/02 16:48:18 kid1| varyEvaluateMatch: Oops. Not a Vary match on second
attempt,
'http://extention-file.squid.internal.bugs.squid-cache.org/js/yui/assets/skins/sam/autocomplete.css'
'accept-encoding="gzip,%20deflate,%20sdch"'
2016/03/02 16:48:18 kid1| clientProcessHit: Vary object loop!
2016/
>>I dont understand what you are trying to say?
>>Amos
you guys had 2 patch for 4447 bug right the first patch work the one in
bug report http://bugs.squid-cache.org/show_bug.cgi?id=4447
so i re download latest patched Squid Cache: Version 3.5.15-20160229-r13997
and the bug show up in my cach
I'm not sure if this can solve the problem, but, in my squid.conf I deny
youtube to cache using "cache_deny"
2016-03-02 3:04 GMT-03:00 Yuri Voinov :
>
>
> 02.03.16 2:34, Baselsayeh пишет:
>
>> Yuri Voinov wrote
>>
>>> -BEGIN PGP SIGNED MESSAGE-
>>> Hash: SHA256
>>> Did you read
>>>
>>>
Amos Jeffries wrote
> On 2/03/2016 3:02 p.m., Baselsayeh wrote:
>> My proxy supports connecting to https website by using
>> (Connect Website:443) (as if normal proxy in browser sittings)
>> The problem is that the proxy dosent support tunnels
>
> Yes, that is what we have been trying to tell you.
On 2/03/2016 10:35 p.m., joe wrote:
> Squid Cache: Version 3.5.15-20160229-r13997
> first patch work fine until the second patch
>
>
> assertion failed: FwdState.cc:447: "serverConnection() == conn"
> assertion failed: BodyPipe.cc:232: "!theConsumer"
> assertion failed: store.cc:1890: "isEmpty()"
Squid Cache: Version 3.5.15-20160229-r13997
first patch work fine until the second patch
assertion failed: FwdState.cc:447: "serverConnection() == conn"
assertion failed: BodyPipe.cc:232: "!theConsumer"
assertion failed: store.cc:1890: "isEmpty()"
--
View this message in context:
http://squ
On 2/03/2016 6:05 p.m., John Pearson wrote:
> Hi,
>
> I have squid installed on a machine with two NICs.
> eth0 - wan
> eth1 - lan - 10.0.1.1
>
> Squid server is running on eth1.
> I am trying to use the squidclient to fetch a url so that squid will cache
> it. Like prefetching.
>
> Example:
>
30 matches
Mail list logo
