Re: [squid-users] regex for normal websites

Hey Amos, And just to be clear: ssl::server_name_regex has the same path as ssl::server_name ? I have not read the code yet but it seems pretty obviates to me. Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com Web: https://ngtech.co.il/ My-Tu

Re: [squid-users] filedescriptors on debian/systemd

Hey Amos, I was under the impression that Systemd does impose a basic limit but I can test it to verify my doubts. >From my point of view and testing until now systemd does impose a basic global >limit. Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1..

Re: [squid-users] filedescriptors on debian/systemd

On 3/08/22 01:54, Matus UHLAR - fantomas wrote: Hello, I have encountered Debian bug 934208: 2022/07/28 16:40:53 kid1| With 1024 file descriptors available 2022/07/29 06:50:18 kid1| WARNING! Your cache is running out of filedescriptors according to the bug report: "Under systemd the default

Re: [squid-users] regex for normal websites

IMO, what you are looking for is actually this ACL definition: acl adobe ssl::server_name .adobe.com or its regex equivalent, acl adobe ssl::server_name_regex (^|\.)adobe\.com$ HTH Amos ___ squid-users mailing list squid-users@lists.squid-cache

Re: [squid-users] regex for normal websites

On 3/08/22 05:01, robert k Wild wrote: Mmm, maybe I should try dstdom_regex Instead of ssl::server_name_regex But when you using ssl bump in your squid.conf, isn't it best to use ssl::server_name_regex Typically yes, or ssl::server_name. FYI, the two ACL types do exactly the same matchi

Re: [squid-users] xcalloc error when installing squid in container on CentOS 9 host

On 8/2/22 04:22, Frank Ansari wrote: Hi, I have found a weird issue with CentOS 9. So far I had squid running on a CentOS 8 system within an Alpine Linux Container and this has worked. Now I installed CentOS 9 and also latest Alpine Linux with squid 5.5. Squid refuses to start and when I ru

Re: [squid-users] regex for normal websites

Mmm, maybe I should try dstdom_regex Instead of ssl::server_name_regex But when you using ssl bump in your squid.conf, isn't it best to use ssl::server_name_regex On Tue, 2 Aug 2022, 17:21 Matus UHLAR - fantomas, wrote: > On 02.08.22 16:41, robert k Wild wrote: > >thats incorrect as > > >

Re: [squid-users] filedescriptors on debian/systemd

On 02.08.22 17:21, ngtech1...@gmail.com wrote: What's the bug exactly? only 1k of fildescriptors by default. Even if hard limit is 1M (at least for login) debian sysvinit script has hack that sets 64k fd limit, systemd unit file doesn't have this hack. The design of systemd is to enforce

Re: [squid-users] regex for normal websites

On 02.08.22 16:41, robert k Wild wrote: thats incorrect as adobe\.com$ works but it works for hackadobe.com too. .adobe\.com$ or \.adobe\.com$ doesnt work so i just want to know why these two don't match adobe.com. the first marched hadobe.com, the seconda matches anything .adobe.com so,

Re: [squid-users] regex for normal websites

no problem Eliezer im just doing few test of my own on this to see why On Tue, 2 Aug 2022 at 16:41, wrote: > Hey Robert, > > > > It’s not a dumb question. > > It’s a really fine question. > > I want to answer to your question but I have couple obligations. > > If you are willing to wait couple

Re: [squid-users] regex for normal websites

thats incorrect as adobe\.com$ works but .adobe\.com$ or \.adobe\.com$ doesnt work so i just want to know why On Tue, 2 Aug 2022 at 16:32, Antony Stone wrote: > On Tuesday 02 August 2022 at 17:23:51, robert k Wild wrote: > > > mmm... so i just want to know and really sorry for the dumb questi

Re: [squid-users] regex for normal websites

On Tuesday 02 August 2022 at 17:23:51, robert k Wild wrote: > mmm... so i just want to know and really sorry for the dumb question, so > > adobe\.com$ > > works but then again if a website was eg > > hackadobe\.com$ > > that would work as well probably, so i want to do something like this > >

Re: [squid-users] regex for normal websites

mmm... so i just want to know and really sorry for the dumb question, so adobe\.com$ works but then again if a website was eg hackadobe\.com$ that would work as well probably, so i want to do something like this \.adobe\.com$ ie put a dot . infront of adobe so www.adobe.com or account.adobe.

Re: [squid-users] regex for normal websites

Hey Robert, I will test this with latest squid and my Apps helper and will verify. Thanks, Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com Web: https://ngtech.co.il/ My-Tube: https://tube.ngtech.co.il/ Fro

Re: [squid-users] filedescriptors on debian/systemd

Hey, What's the bug exactly? The design of systemd is to enforce the FD limit. This is coming from the init 0 level of the design and due to this, squid cannot "patch" the kernel at runtime like any other process. The OS and systemd do not give any API to allow a request for"more FD". I assume tha

[squid-users] filedescriptors on debian/systemd

Hello, I have encountered Debian bug 934208: 2022/07/28 16:40:53 kid1| With 1024 file descriptors available 2022/07/29 06:50:18 kid1| WARNING! Your cache is running out of filedescriptors according to the bug report: "Under systemd the default is not to have any limitation at all." which seem

Re: [squid-users] regex for normal websites

Hey Matus, The question is not matching the browser only by what the client asks for but also for.. The request a the lower levels. The ACLS check (as I mentioned in the code snippets) also the certificate "Subject Alternative Name". Due to and based on this, it's relevant for couple use cases.

Re: [squid-users] regex for normal websites

On Tuesday 02 August 2022 at 14:14:58, robert k Wild wrote: > ok i have tested and this works > > adobe\.com$ > > i found it weird this didnt work > > \.adobe\.com > > just curious thats all Please define "works" and "didn't work" - I've pretty much lost track of exactly what you want to mat

Re: [squid-users] regex for normal websites

On 02.08.22 15:05, ngtech1...@gmail.com wrote: I believe it should have been: ^adobe\.com$ ^.*\.adobe\.com$ \.adobe\.com$ does the same and is more efficient ^\*\.adobe\.com$ this is for literal "*.adobe.com" (noboty puts * into web browser), but it's covered by previous variand. -- Mat

Re: [squid-users] xcalloc error when installing squid in container on CentOS 9 host

I will try to publish a CentOS 9 version later on to make sure it will work on a VM. Thanks, Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com Web: https://ngtech.co.il/ My-Tube: https://tube.ngtech.co.il/ Fr

Re: [squid-users] regex for normal websites

ok i have tested and this works adobe\.com$ i found it weird this didnt work \.adobe\.com just curious thats all On Tue, 2 Aug 2022 at 13:05, wrote: > I believe it should have been: > > ^adobe\.com$ > > ^.*\.adobe\.com$ > > ^\*\.adobe\.com$ > > > > But I don’t know the code to this depth. >

Re: [squid-users] regex for normal websites

I believe it should have been: ^adobe\.com$ ^.*\.adobe\.com$ ^\*\.adobe\.com$ But I don’t know the code to this depth. If I would have written the match I think it would have been something a bit different. * A match for SNI * A joker match for SAN ie *.adobe.com SAN should catch bot

Re: [squid-users] regex for normal websites

thanks Eliezer so it should be adobe\.com not .adobe.\com or ^.*adobe.com as the ^.* could include blahadobe.com On Thu, 28 Jul 2022 at 08:14, wrote: > Hey Robert, > > > > The docs at http://www.squid-cache.org/Doc/config/acl/ states: > > > > acl aclname ssl::server_name_regex

Re: [squid-users] xcalloc error when installing squid in container on CentOS 9 host

Hi Frank, could you share what does your configuration look like (minus any confidential bits)? And I assume you're running the version of squid packaged by the distros? On Tue, Aug 2, 2022 at 9:22 AM Frank Ansari wrote: > Hi, > > I have found a weird issue with CentOS 9. > > So far I had squ

[squid-users] xcalloc error when installing squid in container on CentOS 9 host

Hi, I have found a weird issue with CentOS 9. So far I had squid running on a CentOS 8 system within an Alpine Linux Container and this has worked. Now I installed CentOS 9 and also latest Alpine Linux with squid 5.5. Squid refuses to start and when I run "squid -z" I get this error: [root@324