Re: [squid-users] How to set up a reverse proxy using squid for a simplified scenario?

On 11/02/18 09:39, Yuri wrote: > Ah. My bad. Correctly Defence in depth: > > https://en.wikipedia.org/wiki/Defense_in_depth_(computing) > > > 11.02.2018 02:29, Yuri пишет: >> No. This reason is obviously not strong enough. As by as requirement >> configure firewalls also on servers - whenever th

Re: [squid-users] custom logfile_daemon causing FATAL error

On 02/10/2018 05:51 PM, Michael D wrote: > Greetings all,  > > I have been attempting to write my own logfile_daemon for experimental > purposes, but any daemon I provide causes "FATAL: I don't handle this > error well". I also see "logfileHandleWrite: > daemon:/var/log/squid/access.log: error wri

[squid-users] custom logfile_daemon causing FATAL error

Greetings all,  I have been attempting to write my own logfile_daemon for experimental purposes, but any daemon I provide causes "FATAL: I don't handle this error well". I also see "logfileHandleWrite: daemon:/var/log/squid/access.log: error writing ((32) Broken pipe)" with no other errors in th

Re: [squid-users] How to set up a reverse proxy using squid for a simplified scenario?

Ah. My bad. Correctly Defence in depth: https://en.wikipedia.org/wiki/Defense_in_depth_(computing) 11.02.2018 02:29, Yuri пишет: > No. This reason is obviously not strong enough. As by as requirement > configure firewalls also on servers - whenever they placed. Security in > depth - did you hear

Re: [squid-users] How to set up a reverse proxy using squid for a simplified scenario?

No. This reason is obviously not strong enough. As by as requirement configure firewalls also on servers - whenever they placed. Security in depth - did you hear this term? 11.02.2018 02:26, Peng Yu пишет: >> What is your reason for wanting "no restrictions"? > The proxied servers are behind a fi

Re: [squid-users] How to set up a reverse proxy using squid for a simplified scenario?

> What is your reason for wanting "no restrictions"? The proxied servers are behind a firewall already, which protect them from any unwanted access. Is this reason strong enough to have no restrictions set? -- Regards, Peng ___ squid-users mailing list

Re: [squid-users] Squid SSL db on ramdisk

Yes, confirmed. When I've replaced int m; and int d; to long m; and long d; - works like charm. 11.02.2018 01:08, Yuri пишет: > int m; declaration inside static bool parseBytesOptionValue(size_t * > bptr, char const * value) ? > > If I set it long, as by as int d, seems ok. > > > 11.02.2018 01:0

Re: [squid-users] Squid SSL db on ramdisk

int m; declaration inside static bool parseBytesOptionValue(size_t * bptr, char const * value) ? If I set it long, as by as int d, seems ok. 11.02.2018 01:04, Alex Rousskov пишет: > On 02/10/2018 12:02 PM, Yuri wrote: >> >> 11.02.2018 00:59, Alex Rousskov пишет: >>> On 02/10/2018 10:03 AM, Yuri

Re: [squid-users] Squid SSL db on ramdisk

On 02/10/2018 12:02 PM, Yuri wrote: > > > 11.02.2018 00:59, Alex Rousskov пишет: >> On 02/10/2018 10:03 AM, Yuri wrote: >> >>> What is correct syntax for -M option? >> The correct syntax is, roughly, >> >> -M [bytes|KB|MB|GB] > Exactly with space between integer and units? Without anything be

Re: [squid-users] Squid SSL db on ramdisk

11.02.2018 00:59, Alex Rousskov пишет: > On 02/10/2018 10:03 AM, Yuri wrote: > >> What is correct syntax for -M option? > The correct syntax is, roughly, > > -M [bytes|KB|MB|GB] Exactly with space between integer and units? > > with "bytes" as the default unit. > > However, you found a bug in t

Re: [squid-users] Squid SSL db on ramdisk

On 02/10/2018 10:03 AM, Yuri wrote: > What is correct syntax for -M option? The correct syntax is, roughly, -M [bytes|KB|MB|GB] with "bytes" as the default unit. However, you found a bug in the parsing code: The helper mishandles values exceeding 2147483647 bytes (on most platforms) due to a

Re: [squid-users] How to set up a reverse proxy using squid for a simplified scenario?

On 11/02/18 06:33, Peng Yu wrote: > Hi, > > I see the following blog about setting up a reverse proxy using squid. > > http://derpturkey.com/squid-as-a-reverse-proxy/ > > But there seem to be more configurations than what I need. > > For example, for the following line, I don't need to restrict

[squid-users] How to set up a reverse proxy using squid for a simplified scenario?

Hi, I see the following blog about setting up a reverse proxy using squid. http://derpturkey.com/squid-as-a-reverse-proxy/ But there seem to be more configurations than what I need. For example, for the following line, I don't need to restrict the access to a specific domain. http_port 80 accel

Re: [squid-users] Can reverse_proxy be set as a rotating proxy?

On 11/02/18 05:18, Peng Yu wrote: > Hi, > > I am not sure what the policy of reverse proxy is in squid. Using the > notation in this figure, can squid on "proxy" be set to use "web > servers" one after another for each request (i.e., rotating)? Thanks. > see

Re: [squid-users] Squid SSL db on ramdisk

One more question. What is correct syntax for -M option? I'm just in doubt. Helper eats -M 5MB, but not -M 1024MB, however eats -M 1 GB. root @ lemanruss /patch/tmp # /usr/local/squid/libexec/security_file_certgen -s /ramdisk1/ssl_db -M 2GB /usr/local/squid/libexec/security_file_certgen: Error wh

Re: [squid-users] Squid SSL db on ramdisk

10.02.2018 22:36, Alex Rousskov пишет: > On 02/10/2018 09:23 AM, Yuri wrote: > >> I can set -M in according FS size, using for store SSL DB, correct? > Yes, -M limits the sum of sizes of all (serialized) certificates stored > in the helper database. The helper tries to account for the filesystem

Re: [squid-users] Squid SSL db on ramdisk

On 02/10/2018 09:23 AM, Yuri wrote: > I can set -M in according FS size, using for store SSL DB, correct? Yes, -M limits the sum of sizes of all (serialized) certificates stored in the helper database. The helper tries to account for the filesystem block size, but I doubt its calculations are ver

Re: [squid-users] Squid SSL db on ramdisk

10.02.2018 22:18, Alex Rousskov пишет: > On 02/10/2018 06:43 AM, Yuri wrote: > >> security_file_certgen uses memory cache to buffer slow >> disk IO for certificates DB. > It does not. Ahhaaa, I just misunderstanding options > > >> If we're put cert DB onto ramdisk (in fact, >> in RAM)

Re: [squid-users] How to hide client info?

How Cache-Control related to hide client info? 10.02.2018 21:49, Peng Yu пишет: > If I don't use the proxy, I will have the following. > > The proxied result has '"Cache-Control": "max-age=259200"'. To disable > it, should I use ignore-cc. Could you show me how to configure squid > to not send '"C

[squid-users] Can reverse_proxy be set as a rotating proxy?

Hi, I am not sure what the policy of reverse proxy is in squid. Using the notation in this figure, can squid on "proxy" be set to use "web servers" one after another for each request (i.e., rotating)? Thanks. https://upload.wikimedia.org/wikipedia/commons/6/67/Reverse_proxy_h2g2bob.svg -- Regar

Re: [squid-users] Squid SSL db on ramdisk

On 02/10/2018 06:43 AM, Yuri wrote: > security_file_certgen uses memory cache to buffer slow > disk IO for certificates DB. It does not. > If we're put cert DB onto ramdisk (in fact, > in RAM), so we're can easy reduce helper -M value. security_file_certgen -M is the helper database size, not

Re: [squid-users] How to hide client info?

If I don't use the proxy, I will have the following. The proxied result has '"Cache-Control": "max-age=259200"'. To disable it, should I use ignore-cc. Could you show me how to configure squid to not send '"Cache-Control": "max-age=259200"'? Thanks. $ wget -qO- http://httpbin.org/get { "args":

Re: [squid-users] How to hide client info?

Opening squid.conf.documented: #  TAG: forwarded_for    on|off|transparent|truncate|delete #    If set to "on", Squid will append your client's IP address #    in the HTTP requests it forwards. By default it looks like: # #        X-Forwarded-For: 192.1.2.3 # #    If set to "off", it will appear a

[squid-users] How to hide client info?

Hi, I use squid to set a proxy. But the following output shows my local ip address besides the squid proxy ip. Is there a way to let httpbin.org only be aware of the squid_proxy but not my local ip? $ http_proxy=squid_proxy:3128 wget -qO- http://httpbin.org/get { "args": {}, "headers": {

Re: [squid-users] Squid SSL db on ramdisk

10.02.2018 13:30, Amos Jeffries пишет: > On 10/02/18 12:55, Yuri wrote: >> Amos, >> >> how do you think - if I'll put SSL db (usually places in >> /var/lib/ssl_db) on ramdisk, does this give some gain for bump performance? >> > I expect so, but do not use bumping myself so cannot say for certain.