Yay that you got it going with LibreSSL.
But I'm still interested in why you got the errors in the first place
with OpenSSL. It is supposed to be the better supported one :-P
So if you have the time to assist my edufication;
what version OpenSSL was this exactly that you built against?
("git pu
On 23/06/2016 5:17 p.m., David wrote:
> So far Squid worked nice, but recently it shutdown again and again with:
>
> Preparing for shutdown after xxx requests
>
> has someone a hint what that causes squid to shutdown
>
That message only occurs in the case the some external command was sent
to S
So far Squid worked nice, but recently it shutdown again and again with:
Preparing for shutdown after xxx requests
has someone a hint what that causes squid to shutdown
Squid Cache: Version 3.5.19
on Archlinux
free -h:
total usedfree shared
Puffer/
2016-06-22 17:06 GMT+03:00 Amos Jeffries :
> The final step is to edit the /usr/local/etc/squid/mime.conf config file
> and replace the "SN.png" listed there for internal-logo with your image
> filename.
> Then squid -k reconfigure to load the change.
That did the trick, thank you!
> As Eliezer
On 23/06/2016 7:10 a.m., Yuri Voinov wrote:
>
> Unknown intermediate certificate, that's all.
>
> Dig to the direction sslproxy_foreign_intermediate_certs parameter.
>
Maybe, or outdated ca-certificates info package. Every so often a big
updated happens and people find this happening.
AIUI, th
I notice that I've comnpiled squid3 with --enable-icmp but I don't need
thsi option because I don't work eith parent caches.
So I will try to reconfigure squid3 withouth the ICMP option (no pinger at
all), and I expect not to see any IPv6 warning.
Regards,
2016-06-22 21:29 GMT-03:00 Alejandro Ca
I can't see anything about IPv6:
*cat /etc/default/networking:*
# Configuration for networking init script being run during
# the boot sequence
# Set to 'no' to skip interfaces configuration on boot
#CONFIGURE_INTERFACES=yes
# Don't configure these interfaces. Shell wildcards supported/
#EXCLUD
On Thursday 23 June 2016 at 01:22:45, Alejandro Cabrera Obed wrote:
> #ifconfig
>
> eth0 Link encap:Ethernet HWaddr 00:50:53:b2:6e:88
> inet addr:10.17.133.114 Bcast:10.17.135.255 Mask:255.255.252.0
>
> loLink encap:Local Loopback
> inet addr:127.0.0.1 Mask:2
#ifconfig
eth0 Link encap:Ethernet HWaddr 00:50:53:b2:6e:88
inet addr:10.17.133.114 Bcast:10.17.135.255 Mask:255.255.252.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4488 errors:0 dropped:96 overruns:0 frame:0
TX packets:986 errors
On Thursday 23 June 2016 at 01:08:33, Alejandro Cabrera Obed wrote:
> 2016/06/22 19:56:35| pinger: Unable to start ICMPv6 pinger.
>
> But after that the squid3 daemon runs OK.
What's the output from "ifconfig" on that machine?
Antony.
--
It may not seem obvious, but (6 x 5 + 5) x 5 - 55 equal
Hi people, when I start squid3 service, I have these lines in the
/var/log/squid3/cache.log file:
2016/06/22 19:56:35 kid1| Pinger socket opened on FD 12
2016/06/22 19:56:35| pinger: Initialising ICMP pinger ...
2016/06/22 19:56:35| pinger: ICMP socket opened.
2016/06/22 19:56:35| icmp_sock: (97)
OK Antony thank you!!
2016-06-22 18:28 GMT-03:00 Roberto Carna :
> Amos, just a last comment:
>
> My squid.conf from Squid3 has this line:
>
> #Default:
> # logfile_rotate 0
>
> So the parameter you mentiones it's just setup.
>
> Any other thing relative to log problem?
>
> 2016-06-22 11:4
On Wednesday 22 June 2016 at 23:28:56, Roberto Carna wrote:
> My squid.conf from Squid3 has this line:
>
> #Default:
> # logfile_rotate 0
>
> So the parameter you mentiones it's just setup.
You do realise that # at the start of a line means it is a comment and has no
effect, right?
Antony.
Amos, just a last comment:
My squid.conf from Squid3 has this line:
#Default:
# logfile_rotate 0
So the parameter you mentiones it's just setup.
Any other thing relative to log problem?
2016-06-22 11:42 GMT-03:00 Amos Jeffries :
> On 23/06/2016 1:44 a.m., Roberto Carna wrote:
>> Dear Antony, t
It already has :)
Jun 22 09:41:09 gateway (squid-1): 192.168.1.109 - -
[22/Jun/2016:09:41:09 -0600] "CONNECT 31.13.76.84:443 HTTP/1.1"
i.instagram.com - 200 0 TAG_NONE:ORIGINAL_DST
Jun 22 15:09:26 gateway (squid-1): 192.168.1.109 - -
[22/Jun/2016:15:09:26 -0600] "CONNECT 31.13.76.84:443 HTTP/1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I suggest this will not solve your unknown cipher issue. :)
23.06.2016 3:12, James Lay пишет:
> Had zero issues when compiling against libressl-2.4.1. I now have ChaCha
> Poly cipher support...happy
days!
>
> James
>
> On 2016-06-22 13:29, Jame
Had zero issues when compiling against libressl-2.4.1. I now have
ChaCha Poly cipher support...happy days!
James
On 2016-06-22 13:29, James Lay wrote:
So yea...git pulled latest ssl, here's my results:
make[3]: Entering directory
`/home/nobackup/build/squid-3.5.19/src/anyp'
depbase=`echo Por
OK, I'll do that.
And what about the "nocreate" option in the logrotate file for
squid3???Do I have to delete or change for waht option???
Thanks a lot again, this is my last question.
2016-06-22 14:02 GMT-03:00 Amos Jeffries :
> On 23/06/2016 4:32 a.m., Roberto Carna wrote:
>> Amos and Antony,
So yea...git pulled latest ssl, here's my results:
make[3]: Entering directory `/home/nobackup/build/squid-
3.5.19/src/anyp'
depbase=`echo PortCfg.lo | sed 's|[^/]*$|.deps/&|;s|\.lo$||'`;\
/bin/bash ../../libtool --tag=CXX --mode=compile g++
-DHAVE_CONFIG_H -I../.. -I../../include -I.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Unknown intermediate certificate, that's all.
Dig to the direction sslproxy_foreign_intermediate_certs parameter.
23.06.2016 1:07, sebastien.boulia...@cpu.ca пишет:
>
> Hu ?
>
>
>
> My CA is known… Where is the issue ? :(
>
> The sy
Hu ?
My CA is known... Where is the issue ? :(
The system returned:
(71) Protocol error (TLS code: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
SSL Certficate error: certificate issuer (CA) not known:
/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies,
Inc./OU=http://certs.starf
Ah crud...well shoot...thanks for the information...means I'll have to
bypass it for now..and using latest Squid...always keep it updated ; -
) Thank you.
James
On Wed, 2016-06-22 at 22:58 +0600, Yuri Voinov wrote:
> OpenSSL still not support ChaCha-Poly this days. And unknown when be
> supported.
On 23/06/2016 4:32 a.m., Roberto Carna wrote:
> Amos and Antony, thanks a lot for your help.
>
> At first, I'll enable IPv6 in my Debian box.
>
> And for the log problem, I couldn't understand what yoy said
> Amos...please can you detail what I have to do in order to avoid log
> rotation problems
To be honest, I am not 100% clear on Squid's various modes. If reverse
proxy mode is capable of doing the decrypt/re-encrypt stuff, I'm fine
with using it. Any pointers to HOWTOs or FAQs that might help?
Best,
Jessica
On Thu, 23 Jun 2016, Amos Jeffries wrote:
On 22/06/2016 11:15 p.m., jblan
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL still not support ChaCha-Poly this days. And unknown when be
supported.
This time only exists unsupported patch from CloudFlare. And, as
alternative, LibreSSL. Which is not available for all platforms.
22.06.2016 22:48, Amos Jeffries пише
On 23/06/2016 4:12 a.m., James Lay wrote:
> Well this is newstarted seeing this on Instagram. Message I get
> when debugging:
>
> 2016/06/22 09:43:26| Error negotiating SSL on FD 14: error:140920F8:SSL
> routines:SSL3_GET_SERVER_HELLO:unknown cipher returned (1/-1/0)
>
> And sure enough...ev
Amos and Antony, thanks a lot for your help.
At first, I'll enable IPv6 in my Debian box.
And for the log problem, I couldn't understand what yoy said
Amos...please can you detail what I have to do in order to avoid log
rotation problems???
And at last, why do you think the log problem arrives w
Well this is newstarted seeing this on Instagram. Message I get
when debugging:
2016/06/22 09:43:26| Error negotiating SSL on FD 14: error:140920F8:SSL
routines:SSL3_GET_SERVER_HELLO:unknown cipher returned (1/-1/0)
And sure enough...even Wireshark doesn't know what this is:
Any hints on h
Yeah, no go setting ulimit in the init script.
An ancient plugin for our web filtering solution is keeping us on 2.6. We are
moving to a new solution soon.
-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of Amos Jeffries
Sent: Wednesday
On 23/06/2016 3:50 a.m., Amos Jeffries wrote:
> On 23/06/2016 3:44 a.m., B. Cook wrote:
>> Looks to be 101..
>>
>> Is that wrong?
>>
>
> Yeah. That is the OS code for the ICMP error on the remote machine.
>
> The HTTP status code should be either at the top of the page, or in the
> HTTP headers.
On 23/06/2016 3:44 a.m., B. Cook wrote:
> Looks to be 101..
>
> Is that wrong?
>
Yeah. That is the OS code for the ICMP error on the remote machine.
The HTTP status code should be either at the top of the page, or in the
HTTP headers.
Amos
___
squid
Looks to be 101..
Is that wrong?
> The following error was encountered while trying to retrieve the URL:
> http://www.tmz.com/
>
> Connection to 54.230.36.213 failed.
>
> The system returned: (101) Network is unreachable
>
> The remote host or network may be down. Please try the request again.
Hi,
I wonder if anyone is using e2guardian. If so, I'd like to hear experiences.
I used dans guardian some years ago
Thanks in advance!
--
--
Sergio Belkin
LPIC-2 Certified - http://www.lpi.org
___
squid-users mailing list
squid-users@lists.squid-cac
> On Jun 21, 2016, at 11:31 AM, Amos Jeffries wrote:
>
> On 21/06/2016 9:43 a.m., --Ahmad-- wrote:
>> Hi ,
>> i have squid that is working on 3.5 .
>> traffic of t 80 and 443 traffic to Squid via IPTables.
>>
>> Squid then passes traffic to ClamAV via C-ICAP. Squid is configured to
>> intercep
the documentation says:
[http::]>st Total size of request received from client. Excluding chunked
encoding bytes.
so is it possible to have the chunked encoding bytes included?
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://li
On 23/06/2016 2:41 a.m., Pavel Lint wrote:
>
>> How have you determined this? Have you tried connecting to its IPv4 address
>> and encountered an error? If so, what is that error?
>>
>> What does the output of "netstat -lptn | grep 3128" show?
>>
>
> That’s exactly how I determined this. The o
On 23/06/2016 2:00 a.m., B. Cook wrote:
> ...
>
> What can I do about it?
>
> (thank you for working through understanding the problem..)
>
What is the HTTP status code on that error page?
Amos
___
squid-users mailing list
squid-users@lists.squid-ca
On 23/06/2016 1:44 a.m., Roberto Carna wrote:
> Dear Antony, thanks for your help..below is the
> /etc/logrotate.d/squid3 filebut before I have to say I've seen in
> the web that this problem is solved by enabling IPv6, and was reported
> by a ticket (https://forum.opnsense.org/index.php?topic=
> How have you determined this? Have you tried connecting to its IPv4 address
> and encountered an error? If so, what is that error?
>
> What does the output of "netstat -lptn | grep 3128" show?
>
That’s exactly how I determined this. The output from netstat -ltpn is just one
line:
tcp6
On Wednesday 22 June 2016 at 16:21:08, Pavel Lint wrote:
> After compiling and launching squid 3.5.12 on my Red Had Linux
> (3.10.0-327.13.1.el7.x86_64), I face the problem of Squid listening to
> ipv6 only.
How have you determined this? Have you tried connecting to its IPv4 address
and encount
Good evening, dear sirs. Please kindly assist me in resolving this issue.
After compiling and launching squid 3.5.12 on my Red Had Linux
(3.10.0-327.13.1.el7.x86_64), I face the problem of Squid listening to ipv6
only.
Here’s a related (I think) squid log entry:
> 2016/06/21 09:52:44.608 kid1|
Do you think it's necessary to have an additional https antivir proxy to normal
client antivirus? We are using Avast Business that already offers a web
protection. Can an additional antivir proxy significant higher the level of
protection? In general I think two different antivirus programms see
On 22/06/2016 11:58 p.m., reqman wrote:
> squid 3.5.19 on FreeBSD 10.3. The system has a LAN and WAN interface,
> both in private address spaces. System's name is my.host.local,
> listening on LAN at 192.168.0.1:3128. The system is not configured to
> listen on localhost.
>
> I am trying to replac
...
What can I do about it?
(thank you for working through understanding the problem..)
On Wed, Jun 22, 2016 at 9:55 AM, Amos Jeffries wrote:
> On 23/06/2016 1:25 a.m., B. Cook wrote:
> > when the one of the proxies loses its internet connection.. the default
> > route is gone. Not the rout
On 23/06/2016 1:25 a.m., B. Cook wrote:
> when the one of the proxies loses its internet connection.. the default
> route is gone. Not the route to the machine..
>
> the 12.194 proxy then gives this message:
>
> The following error was encountered while trying to retrieve the URL:
> http://www.
On Wednesday 22 June 2016 at 15:44:42, Roberto Carna wrote:
> Dear Antony, thanks for your help..below is the
> /etc/logrotate.d/squid3 filebut before I have to say I've seen in
> the web that this problem is solved by enabling IPv6, and was reported
> by a ticket (https://forum.opnsense.org/i
On Wednesday 22 June 2016 at 15:49:57, Roberto Carna wrote:
> Also I see in cache.log:
>
> pinger: Initialising ICMP pinger ...
> 2016/06/22 09:58:51| pinger: ICMP socket opened.
> 2016/06/22 09:58:51| icmp_sock: (97) Address family not supported by
> protocol 2016/06/22 09:58:51| pinger: Unabl
Also I see in cache.log:
pinger: Initialising ICMP pinger ...
2016/06/22 09:58:51| pinger: ICMP socket opened.
2016/06/22 09:58:51| icmp_sock: (97) Address family not supported by protocol
2016/06/22 09:58:51| pinger: Unable to start ICMPv6 pinger.
2016/06/22 09:58:51| Pinger exiting.
2016-06-2
On 22/06/2016 11:15 p.m., jblank wrote:
> Slight correction on the Subject (my bad); I meant "when using intercept
> mode", not "when intercepting mode".
>
> On Wed, 22 Jun 2016, jblank wrote:
>
>> Hey all,
>>
>> Thanks to a bizarre client requirement (don't ask, it's head-hurty), I
>> am require
Dear Antony, thanks for your help..below is the
/etc/logrotate.d/squid3 filebut before I have to say I've seen in
the web that this problem is solved by enabling IPv6, and was reported
by a ticket (https://forum.opnsense.org/index.php?topic=879.0) ..can
this be true???
/var/log/squid3/*.log {
On Wednesday 22 June 2016 at 14:53:23, Roberto Carna wrote:
> everything was OK until the /var/log/squid3/access.log rotate to
> access.log.1. From this moment, the access.log file is not present, and the
> squid3 daemon doesn't respond...I'm not sure the cause.
Show us your log rotation script.
when the one of the proxies loses its internet connection.. the default
route is gone. Not the route to the machine..
the 12.194 proxy then gives this message:
The following error was encountered while trying to retrieve the URL:
http://www.tmz.com/
Connection to 54.230.36.213 failed.
The sys
Dear, I've implemented a Squid3 in reverse mode, and when I test it
with some web access from my PC, everything was OK. But when I put it
in production, there are a lot of web access and everything was OK
until the /var/log/squid3/access.log rotate to access.log.1. From this
moment, the access.log
Hey,
What usually is being done is that in the errorpage.css you insert a fully
qualified url of a "self hosted" web service and not squid.
There was a talk about allowing squid to act as a static files web service but
I am not sure it it was done or not.
A simple nginx\apache\lighthttpd or anot
squid 3.5.19 on FreeBSD 10.3. The system has a LAN and WAN interface,
both in private address spaces. System's name is my.host.local,
listening on LAN at 192.168.0.1:3128. The system is not configured to
listen on localhost.
I am trying to replace the squid logo (SN.png) with the logo of my
agency
Slight correction on the Subject (my bad); I meant "when using intercept
mode", not "when intercepting mode".
On Wed, 22 Jun 2016, jbl...@twu.net wrote:
Hey all,
Thanks to a bizarre client requirement (don't ask, it's head-hurty), I am
required to maintain a legacy server which only supports
Hey all,
Thanks to a bizarre client requirement (don't ask, it's head-hurty), I am
required to maintain a legacy server which only supports obsolete SHA-1
encryption. To keep things relatively safe, I'm attempting to contain the
problem within a VM and use Squid on the VM's host to "re-encrypt
57 matches
Mail list logo
