Am 05.11.2018 um 20:23 schrieb squid-users-requ...@lists.squid-cache.org:
Re: [squid-users] [EXTERNAL]Re: URL Regex ACLs Don't Evaluate
After Bumping
change
acl CONNECT method CONNECT
on
acl abcde method CONNECT
this word reserved
___
squid
It's all pretty clear to me now after I read RFC and found relationship
between that and refresh_pattern usage.
Thank you.
On Fri, Sep 1, 2017 at 4:46 PM, Amos Jeffries wrote:
> On 02/09/17 00:18, Alexander Lazarev wrote:
>
>> Well. looks like squid using heuristics after all:
9:12.296 kid2| 22,3| refresh.cc(470) refreshCheck: returning
FRESH_LMFACTOR_RULE
It's a shame there's no warning header, like "
https://tools.ietf.org/html/rfc7234#section-5.5.4"; suggests.
Guess, I need to set refresh_pattern's max option to minimal value.
On Thu, Aug 31,
aybe squid applying heuristic freshness, but i didn't see
any warnings in headers.
Maybe some sort of a bug?
On Fri, Aug 25, 2017 at 6:18 PM, Amos Jeffries wrote:
> On 26/08/17 00:37, Alexander Lazarev wrote:
>
>> Hello guys!
>> I'm using squid as a reverse-p
erving from cache?
Thanks!
Alexander
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Hello everyone!
I have two almost identical cache servers, both FreeBSD 10.3, both
running latest squid-3.2.25 from ports in transparent mode, one runs OK
and another is throwing this error:
2017/06/04 10:19:08 kid1| storeLateRelease: released 0 objects
2017/06/04 10:19:19 kid1| assertion fai
Well, actually these rules are just a kind of proof of concept and there is
something to think about later. The redirection rule should be more precise
and include destination address. Also, 'NEW' state should probably be
excluded from the list.
--
View this message in context:
http://squid-web
It seems that I have solved the issue by using nf_conntrack_ftp and
redirecting "NEW,RELATED" traffic to squid:
ftp_port 2121 intercept
modprobe nf_conntrack_ftp ports=2121
iptables -t nat -A PREROUTING -p tcp --dport 21 -j REDIRECT --to-port 2121
iptables -t nat -A PREROUTING -p tcp -m state --
2017-01-23 21:41 GMT+03:00 Alex Rousskov :
>
> Needless to say, your specific needs may differ from that general
> principle. It is possible that Squid needs a knob to handle your use
> case differently. However, I am pretty sure that somebody does want
> Squid to do what it does know so we should
Actually, a PASV-handling logic looks a bit strange to me. In
Ftp::Server::handlePasvReply() there is a comment:
"In interception setups, we combine remote server address with a local port
number and hope that traffic will be redirected to us."
How is it supposed to work? A client receives server
Just tried it out with REDIRECT rule. Still no luck, but now Filezilla client
reports ECONNREFUSED error. I do not see any critical errors in squid's
output, however the following thing is suspicious:
2017/01/20 19:10:11.604| 33,3| FtpServer.cc(1655) checkDataConnPost: missing
client data conn:
2
As far as I remember, I have tried both options, REDIRECT and TPROXY, but
TPROXY is the preferred one for us. I will try one more time on Monday.
However, I suppose that something else prevents squid from working properly.
Maybe on of sysctls, like net.ipv4.ip_nonlocal_bind, will do the trick.
-
Hello, I have a question regarding a native FTP relay (squid's version is
3.5.23).
I've tried to test this feature like this:
[Filezilla Client, 1.1.1.2] <-> [ Router: iptables + squid ]
<-> [vsftpd server, 5.5.5.10]
The router is CentOS 6.5 machine. Firewall settings are:
ip route flus
Hello, I have a question regarding a native FTP relay.
I have tried to test this feature like this:
[Filezilla Client, 1.1.1.2] <-> [ Router: iptables + squid ]
<-> [vsftpd server, 5.5.5.10]
Firewall settings on the router are:
ip route flush table 100
ip rule add fwmark 1 lookup 100
ip
Greetings - I’m trying to install squid on an Ubuntu workstation in a VM. I install squid but unable to initialize caches. I get the following error:Initializing the Squid cache with the command squid3 -f /etc/squid/squid.conf -z ..FATAL: Bungled /etc/squid/squid.conf line 3467: cache_dir rock /s
://vk.com/widget_community.php? IGM\\mtiunov HIER_DIRECT/192.168.1.254
text/html
how I can get
DOM\user
instead
DOM\\user
--
С уважением,
Alexander mailto:t...@irk.ru
___
squid-users mailing list
squid-users@lists.squid-cache.org
Dear squid users,
we have a website that uses a persistent wss-connection to provide large amounts of data to our cutomers. The company of one of our cutomers uses squid in their network. Is there any way that our customers can use our website over their squid proxy?
Regards
Alexander
By default, all headers are allowed
reply_header_access Content-Type allow all
change it's
On 04.08.2015 14:00, squid-users-requ...@lists.squid-cache.org wrote:
Send squid-users mailing list submissions to
squid-users@lists.squid-cache.org
To subscribe or unsubscribe via the World Wide
rated squid and squid helpers into two different
> packages in order to allow an admin to install squid core on a
> "vanilla" CentOS with no EPEL repositories installed.
>
> Eliezer
>
> On 12/24/2014 12:32 AM, Alexander Samad wrote:
>> Hi
>>
>&
CentOS version and libs.
> Downsides? If someone has a 6.5 or older 6 branch system without
> enough updates to work with the RPMs.
>
> Eliezer
>
> On 12/23/2014 05:54 AM, Alexander Samad wrote:
>> Hi
>>
>> Just found this repo from the wiki
>> http://www1.ngtech.
Hi
Just found this repo from the wiki
http://www1.ngtech.co.il/rpm/centos/6/$basearch
Wondering what if any downsides there are to using the lastest on 6.x ?
Alex
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.o
It works on sqiud 3.5.0.2!!!
adaptation_meta X-Client-Port %>p
Exactly as you said. Many thanks to you Amos!
I am not sure about 3.4 version but it does not matter for me.
--
/BR, Alexander
Wed, 17 Dec 2014 15:52:00 +0300 от Alexander Bubnov :
>
>
>
>--
>/BR, Alexander
>
--
/BR, Alexander
Wed, 17 Dec 2014 01:42:37 +1300 от Amos Jeffries :
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA1
>
>On 16/12/2014 9:49 p.m., Alexander Bubnov wrote:
>>
>> Hello Amos! Glad to get your answer!
>>
>>
>> 1. I have tried to use %
up?
2. About mapping port transparently. How does it help to get (at least) mapped
port number in ICAP?
3. I would like to track any software. Especially software which use "User
Agent" field not legitimately or event does not fill it at all.
--
/BR, Alexander
Mon, 15 Dec 2014 17:32:
does that need to be https_port ?
this is what I have used
https_port 2.7.3.1:443 accel cert=/etc/httpd/conf.d/a,b,c.crt
key=/etc/httpd/conf.d/a.b.c.key defaultsite=a.b.c
options=NO_SSLv2,NO_SSLv3
The only thing I haven't got working is PFS.
I test with https://www.ssllabs.com/
Alex
On 22 No
Hello!
Could you please help me?
There is a possibility to get IP address of squid client through extended ICAP
X-Client-IP field. And is there a way to get port of that client who owns IP
placed in X-Client-IP field?
I would like to know which application of a desktop computer establish
connec
Why haproxy instead of a pacemaker. I have 2 dmz boxes I setup in a
cluster. so I have 2 vips for the squid proxies. and dns setup to
round robin to the vip's.
I see sort of even distribution but I don't have a single point of
failure. if 1 node failes the vip moves over to the other node..
O
PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 20/10/2014 2:28 p.m., Alexander Samad wrote:
>> Hi
>>
>> Thanks for clearing that up. so when i do a openssl ciphers and
>> select the ciphers i want including the PFS enables oned, i take
>> the list and try and use it in c
17 October 2014 18:20, Amos Jeffries wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 17/10/2014 7:24 p.m., Alexander Samad wrote:
>> Hi
>>
>> I am trying to reconfig the ssl setup on a reverse proxy set
>>
>> https_port 2.7.3.1:443 accel
>
Hi
I am trying to reconfig the ssl setup on a reverse proxy set
https_port 2.7.3.1:443 accel cert=/etc/httpd/conf.d/office.xyz.com.crt
key=/etc/httpd/conf.d/office.xyz.com.key
dhparams=/etc/httpd/conf.d/office.xyz.com.dhparam
defaultsite=office.yieldbroker.com options=NO_SSLv2,NO_SSLv3
cipher=AL
30 matches
Mail list logo
