Hey all
I'm fairly new to rock caching. With aufs, if you reduce the cache size in
the config it'll start slowly reducing it down the new size.
I've done that with a ~137GB rock store (reduced it to 10240MB) but it
'aint changing after reloading the config.
cache_dir rock /var/spool/squid/rock 1
On 19/05/17 01:20, erdosain9 wrote:
And... for last
How i read this??
Delay pools configured: 5
Pool: 1
Class: 2
Aggregate:
Max: 100
Restore: 100
Current: 100
Individual:
Max: 512000
On 19/05/17 04:33, erdosain9 wrote:
Negotiate Authenticator Statistics:
program: /lib64/squid/negotiate_kerberos_auth
number active: 35 of 35 (0 shutting down)
requests sent: 39928
replies received: 39893
queue length: 40
avg service time: 854 msec
Two things to take note of with these reports.
On 05/18/2017 11:40 AM, chcs wrote:
> HTTPS/SSL Interception , Enable SSL filtering, splice all, CA: Let's Encript
> autority
> One more cuestion:
> With 2 CA differents certificates to block twitter.com >> differents results
>
> Issuer: self-signed0 10.0.0.100 TAG_NONE/403 4709 GET
> http
On 18.05.2017 19:40, chcs wrote:
One more cuestion:
With 2 CA differents certificates to block twitter.com>> differents results
Issuer: self-signed0 10.0.0.100 TAG_NONE/403 4709 GET
https://www.twitter.com/ - HIER_NONE/- text/html
Result: no problem, it's show me squid custom error page
Is
One more cuestion:
With 2 CA differents certificates to block twitter.com >> differents results
Issuer: self-signed0 10.0.0.100 TAG_NONE/403 4709 GET
https://www.twitter.com/ - HIER_NONE/- text/html
Result: no problem, it's show me squid custom error page
Issuer: Let's encript 0 10.0.0.100
Negotiate Authenticator Statistics:
program: /lib64/squid/negotiate_kerberos_auth
number active: 35 of 35 (0 shutting down)
requests sent: 39928
replies received: 39893
queue length: 40
avg service time: 854 msec
ID # FD PID # Requests # Replies Flags Time Offset
Reque
and 35, someone it's eating...and by the way the first "error" (a lot of
numbers and letters its happening)
Negotiate Authenticator Statistics:
program: /lib64/squid/negotiate_kerberos_auth
number active: 35 of 35 (0 shutting down)
requests sent: 35222
replies received: 35221
queue length: 0
avg s
Look this
Negotiate Authenticator Statistics:
program: /lib64/squid/negotiate_kerberos_auth
number active: 25 of 25 (0 shutting down)
requests sent: 27331
replies received: 27306
queue length: 11
avg service time: 389 msec
I change to 25... and in this moment i have queue length 11... there i
On 05/18/2017 03:17 AM, Dieter Bloms wrote:
> I wrote some custom error pages and activated style sheets in the header of
> the error pages like:
>
>
> %l
>
>
> In the squid.conf file I set err_page_stylesheet to my stylesheet file and I
> restarted squid.
> My expectation was, that the cont
On 05/18/2017 06:46 AM, arun.xavier wrote:
> is it possible to configure squid to peek/splice pinned requests?
It is impossible. The TLS client decides which certificates are pinned
to which servers. Squid cannot know that because the client commitment
to pin is not expressed in the TLS protocol
Thanks you all!
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Documentation-for-squidclient-tp4682457p4682464.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid
On 05/18/2017 06:48 AM, erdosain9 wrote:
> Where i can find documentation for the opcion on squidclient, many of them
> are self-explanatory but for example this:
You are not looking for squidclient documentation! You are looking for
Cache Manager reports (a.k.a. pages) documentation. The "mgr:X"
W dniu 18.05.2017 o 15:07, erdosain9 pisze:
And for example, if i have this
Negotiate Authenticator Statistics:
program: /lib64/squid/negotiate_kerberos_auth
number active: 20 of 20 (0 shutting down)
requests sent: 23980
replies received: 23980
queue length: 0
avg service time: 8 msec
ID #
The issue is crystal:
tlsv1 alert unknown ca
Check you configured CA bundle available for squid.
Either FB, Twitter works via browser.
Apps (usually uses from mobiles) also required to install proxy CA into
devices. If they pinned, just write splice acl to pass it without bump.
18.05.2017 16
W dniu 18.05.2017 o 14:48, erdosain9 pisze:
Hi.
Where i can find documentation for the opcion on squidclient, many of them
are self-explanatory but for example this:
[root@squid ~]# squidclient mgr:external_acl
HTTP/1.1 200 OK
Server: squid/3.5.20
Mime-Version: 1.0
Date: Thu, 18 May 2017 12:40:5
And... for last
How i read this??
Delay pools configured: 5
Pool: 1
Class: 2
Aggregate:
Max: 100
Restore: 100
Current: 100
Individual:
Max: 512000
Restore: 5
And for example, if i have this
Negotiate Authenticator Statistics:
program: /lib64/squid/negotiate_kerberos_auth
number active: 20 of 20 (0 shutting down)
requests sent: 23980
replies received: 23980
queue length: 0
avg service time: 8 msec
ID # FD PID # Requests # Replies
Hi.
Where i can find documentation for the opcion on squidclient, many of them
are self-explanatory but for example this:
[root@squid ~]# squidclient mgr:external_acl
HTTP/1.1 200 OK
Server: squid/3.5.20
Mime-Version: 1.0
Date: Thu, 18 May 2017 12:40:54 GMT
Content-Type: text/plain;charset=utf-8
E
Hello Amos,
The issue seems to be certificate pinning, is it possible to configure squid
to peek/splice pinned requests and to bump all other requests?
-
- Arun Xavier
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-works-with-ssl-bump-in-intercep
Thanks for the quick response, I have tried different versions of squid &
luckily now I have already configured squid-4.0.19, so I will try
/on_unsupported_protocol/ directive.
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-works-with-ssl-bump-in-inter
On 18/05/17 22:59, Marcus Kool wrote:
You have not stated which version of Squid you are using but my guess
is that it is 3.5.x.
facebook app and other apps use port 443 but do not use HTTPS and
therefore Squid does not how to bump it and consequently the app does
not work.
What you need is
On 18/05/17 21:41, Flashdown wrote:
Dear Eliezer,
Please have look into http://bugs.squid-cache.org/show_bug.cgi?id=4711
the patches for this issue are already done. Many thx to Christos
Tsantilas!
@Amos: I hope you consider adding the patch to Squid 3.5 as well,
since for now it just has b
You have not stated which version of Squid you are using but my guess is that
it is 3.5.x.
facebook app and other apps use port 443 but do not use HTTPS and therefore
Squid does not how to bump it and consequently the app does not work.
What you need is the not yet stable Squid 4.0 and use the
I have configured squid with ssl-bump (intercept mode) and it works as
expected while accessing secure sites from browsers.
What I have done so far.
- Configured squid.
- created a root& intermediate certificate for dynamic cert generation in
squid.
installed the same root certificate in m
Dear Eliezer,
Please have look into http://bugs.squid-cache.org/show_bug.cgi?id=4711
the patches for this issue are already done. Many thx to Christos
Tsantilas!
@Amos: I hope you consider adding the patch to Squid 3.5 as well, since
for now it just has been added to Squid 4, maybe the reaso
Hello,
I use squid 3.5.25 compiled with following options:
Squid Cache: Version 3.5.25
Service Name: squid
configure options: '--prefix=/usr' '--sysconfdir=/etc/squid'
'--bindir=/usr/sbin' '--sbindir=/usr/sbin' '--localstatedir=/var'
'--libexecdir=/usr/sbin' '--datadir=/usr/share/squid' '--man
I think that the answers on how to re-compile squid for windows with special
options might be the diladale part of the issue.
They compile squid with mostly default and they have enough experience and
knowledge on how to recompile squid to match the requirement of the thread.
I still think that
Hey List,
Since one of the subjects is SSL and specifically SSL-BUMP I noticed a
change today and found out that:
For Chrome 58 and later, only the subjectAlternativeName extension, not
commonName, is used to match the domain name and site certificate.
If the certificate doesn’t have the correct
29 matches
Mail list logo
