Re: [squid-users] Squid performance issues

ut it: > > systemctl daemon-reload > > and then restart squid. > > systemctl restart squid > > > > > > Eliezer > > > > > > > > *From:* NgTech LTD > *Sent:* Tuesday, August 31, 2021 6:11 PM > *To:* Marcio B. > *Cc:* Squid Users

[squid-users] Squid performance issues

Hi, I implemented a Squid server in version 4.6 on Debian and tested it for about 40 days. However I put it into production today and Internet browsing was extremely slow. In /var/log/syslog I'm getting the following messages: Aug 31 11:29:19 srvproxy squid[4041]: WARNING! Your cache is running

[squid-users] Problems with HTTPS on Squid

I have the following problem on my Squid 4.6 on Debian 10. Squid does not redirect the user to the error page when blocking an HTTPS url. On HTTP it works correctly. I don't use transparent proxy. The proxy is manually configured in the web browser. Here is my squid.conf configuration file: htt

Re: [squid-users] Squid not sending input into external_acl_type helper script

ated Completely didn't realize they were preventing Squid from passing input into the script. Thanks Alex! Adrian On Saturday, September 26, 2020, 10:17:53 AM CDT, Alex Rousskov wrote: On 9/25/20 4:28 PM, Ajb B wrote: > So I have a external_acl_type helper script and it's no

Re: [squid-users] How te deal with proxy authentication bypass

-r -s GSS_C_NO_NAME auth_param negotiate children 300 startup=150 idle=10 auth_param negotiate keep_alive on auth_param basic program /opt/squid-503/libexec/basic_ldap_auth -P -R -b "dc=mydomain,dc=com" -D "cn=ldap,cn=Users,dc=mydomain,dc=com" -W /opt/squid-503/etc/lda

[squid-users] Squid not sending input into external_acl_type helper script

So I have a external_acl_type helper script and it's not reading input from Squid. Here it is: redis-cli HSET 'test' data 'SCRIPT DID RUN' >/dev/null while read -s line; do   redis-cli HSET 'test' data 'LOOP STARTED ' >/dev/null  printf '%s\n' 'OK' done And here are my Squid configuration directi

Re: [squid-users] How to select parent proxy based on user password

&rf=link   All The Bests, Eliezer   Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com   From: Ajb B Sent: Friday, September 25, 2020 2:25 AM To: squid-users@lists.squid-cache.org; Eliezer Croitor Subject: Re: [squid-users] How to select pare

Re: [squid-users] How to select parent proxy based on user password

4, 2020 5:38 AM To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] How to select parent proxy based on user password On 24/09/20 4:14 am, Ajb B wrote: > > Hey Anthony, > > I see you're point. It makes sense to have multiple usernames if I want > a user to access

Re: [squid-users] How to select parent proxy based on user password

X9gIf:proxy.packetstream.io:32712 mark251:fq4zEWC1B5A194C1_country-UnitedStates_session-dFgoeQMY:proxy.packetstream.io:32712 So there's definitely a reason to do this. My question is how does PacketStream do this? On Wednesday, September 23, 2020, 9:44:47 PM CDT, Amos Jeffries wrote: On

Re: [squid-users] How to select parent proxy based on user password

erent passwords to access different proxies. Also, I know PacketStream (https://packetstream.io/) does this and I'm pretty sure they use Squid. Thanks,Adrian On Tuesday, September 22, 2020, 3:55:15 PM CDT, Antony Stone wrote: On Tuesday 22 September 2020 at 22:35:36, Ajb B wrot

[squid-users] How to select parent proxy based on user password

I know you can map a username to a parent proxy (i.e. cache_peer) using and acl directive, e.g. ``` acl parent_proxy_testuser_1 proxy_auth testuser1 cache_peer parent 0 proxy-only cache_peer_access parent1 allow parent_proxy_testuser_1 cache_peer_access parent1 deny !parent_proxy_testuser_1 ```

Re: [squid-users] --foreground vs -N

our interest in my question(s); greatly appreciated. On Wed, Sep 18, 2019 at 4:14 PM Alex Rousskov wrote: > > On 9/18/19 3:37 PM, B. Cook wrote: > > > this is /dev/shm with --foreground (no workers) > > > -rw--- 1 proxy proxy8 2019-09-18 10:30 squid-cf__metadata

Re: [squid-users] --foreground vs -N

Thank you for the response.. Confused what you mean.. this is /dev/shm with --foreground (no workers) root:/dev/shm # ls -al total 12 drwxrwxrwt 2 root root 100 2019-09-18 10:30 . drwxr-xr-x 17 root root 3120 2019-09-17 09:08 .. -rw--- 1 proxy proxy8 2019-09-18 10:30 squid-cf__met

[squid-users] --foreground vs -N

tl;dr: is there any functional difference between the two? Using runit to handle my squid processes. I have Observium graphing system information. My data/traffic is consistent In my run file I changed from squid -N to squid --foreground #!/bin/sh -e exec \ chpst -o 131070 \ chpst -e ./env \

Re: [squid-users] squid transparent proxy forward loop

mp;id=1> (Max 1-mail / month)* Am Mo., 22. Okt. 2018 um 15:12 Uhr schrieb Amos Jeffries < squ...@treenet.co.nz>: > On 23/10/18 1:26 AM, Juan Carvajal B. wrote: > > Dear list, > > > > I hope you can give me some hints for my current task. > > > > I would

[squid-users] squid transparent proxy forward loop

Dear list, I hope you can give me some hints for my current task. I would like to achieve the following: 1. A user comes with the own device, for example phone or table. 2. The user connects to our own WLAN network 4. The user enters the addres of our website 3. The user can only access our webs

[squid-users] TLS Connection Upgrade for Windows

Hi, I've seen several discussions on using Squid proxy to upgrade client TLS connections using ssl_bump. But all of the existing discussions applies to Linux/Unix Systems. Can anyone confirm if this is also applicable or possible for Windows? I am trying to integrate our application (SAP PI) wh

[squid-users] Private root certificate

What are the security vulnerabilities with trusting your own private root certificate? ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid stopped working after cache.log and access.log rotation

If you do "lsof /var/log | grep -i delete" does it show squid writing to a deleted access.log / cache.log? j From: "Chee M Gui" To: squid-users@lists.squid-cache.org Sent: Wednesday, March 22, 2017 10:17:32 AM Subject: [squid-users] Squid stopped working after cache.log and access.log r

Re: [squid-users] URL list from a URL

--- Original Message - From: "Alex Rousskov" To: squid-users@lists.squid-cache.org Cc: "Jason Nance" Sent: Tuesday, March 21, 2017 4:42:33 PM Subject: Re: [squid-users] URL list from a URL On 03/21/2017 02:30 PM, Jason B. Nance wrote: > I should have mentioned that

Re: [squid-users] URL list from a URL

, 2017 1:19:43 PM Subject: Re: [squid-users] URL list from a URL Yes. Functionality you required is: http://wiki.squid-cache.org/Features/StoreID 21.03.2017 21:52, Jason B. Nance пишет: > Hello, > > I'm using Squid 3.5.20 and wonder if it is possible to define an ACL which > r

Re: [squid-users] URL list from a URL

uot;Yuri Voinov" To: squid-users@lists.squid-cache.org Sent: Tuesday, March 21, 2017 1:19:43 PM Subject: Re: [squid-users] URL list from a URL Yes. Functionality you required is: http://wiki.squid-cache.org/Features/StoreID 21.03.2017 21:52, Jason B. Nance пишет: > Hello, > > I'

[squid-users] URL list from a URL

Hello, I'm using Squid 3.5.20 and wonder if it is possible to define an ACL which retrieves the list of URLs from another URL (similar to pointing to a file). In this specific use case it is to allow a Foreman server to sync Yum content from the CentOS mirrors. I tell Foreman to use the follo

Re: [squid-users] HTTPS sites specifics URL

On 2/8/17 1:40 AM, Amos Jeffries wrote: On 8/02/2017 4:04 a.m., Dante F. B. Colò wrote: Hi Leonardo, Thanks for your reply,I tried SSL Bump under client-first and server-first modes both didn't work, Squid version is 3.4.14 running under OpenBSD 5.6 and 5.7 test boxes, i also increased verbos

Re: [squid-users] HTTPS sites specifics URL

the domain part. All the rest of the URL is crypted and visible only to the client (browser) and the server on the other side, the only two parts involved on that crypto session. To enable squid to see the whole URL and be able to do full filtering on HTTPS requests, you're looking for S

[squid-users] HTTPS sites specifics URL

Hello Everyone I have a question , probably a noob one , i 'm trying to allow some https sites with specific URL's (i mean https://domain.tld/blablabla) but https sites are working only with the domain part , what i have to do to make this work ? Regards Dante

Re: [squid-users] Is this proper usage of Squid?

. serve the our modified player/resources from and pointing to these CNAMES . then route thru squid all the request and response traffic running eCAP on both headers and body, both ways ? Thanks again --- On 2017-01-08 10:59, Eddie B wrote: > > Can we acco

[squid-users] Is this proper usage of Squid?

We have embedded Vimeo videos on a site accessible only to logged in users. Because of different firewalls, using different types of blocks, the videos sometimes do not work for the client. Aside from cases where the firewall blocks any video streaming, we want to serve video to clients that ha

Re: [squid-users] Crash: every 1-2 hour: kernel: Out of memory: Kill process (squid)

What does squidclient show? Get a trace going.. On Dec 14, 2016 11:52 PM, "Amos Jeffries" wrote: On 15/12/2016 6:24 a.m., n...@forceline.net wrote: > Eliezer, thanks for your reply. Guides: > http://wiki.squid-cache.org/Features/SslBump > http://wiki.squid-cache.org/Features/SslPeekAndSplice >

Re: [squid-users] acl maxconn and max_user_ip config help please

_MC My ignorance is great, I really must not shoot myself in the feet with errors like this. Thanks for your clear and complete explanations. -- B.H. Registerd Linux User 521886 Amos Jeffries wrote: Mon, Jul 18, 2016 at 07:15:48PM +1200 > On 18/07/2016 6:23 p.m., B. Henry wrote:

Re: [squid-users] dns children setting breaks my squid.conf

The > > #dns_nameser 208.67.222.2224.2.2.4 was a typo that was corrected in my working squid.conf, > #dns_nameservers 208.67.222.222 4.2.2.4 If I understood the documentation on this there is no punctuation needed, and nicely squid avoids that kind of syntax confusion. I found out a couple thi

Re: [squid-users] acl maxconn and max_user_ip config help please

ande the request snip Good, that's what made sense to me, but one statement in the documentation, don't remember exactly where, had me doubting myself. Regards, -- B.H. Registerd Linux User 521886 Amos Jeffries wrote: Mon, Jul 18, 2016 at 05:14:57PM +1200 > On

[squid-users] dns children setting breaks my squid.conf

Here's is what I have in my working squid.conf related to dns. Note that the dns children entry is commented out as when I try and use any value this breaks things and I can't use the server at all. positive_dns_ttl 3 hours negative_dns_ttl 30 seconds #minimum_expiry_time 30 seconds #dns_chil

[squid-users] acl maxconn and max_user_ip config help please

I want to limit max simultanious connections for any user in group foo, and also limit how may different IPs they can have devices logged in from at any one time. I've had squid3 working well with a very simple policy for years just allowing access from two different ip ranges, but now want to

Re: [squid-users] dead gateway, not dead peer..

se try the request again.​ On Wed, Jun 22, 2016 at 10:45 AM, Amos Jeffries wrote: > On 23/06/2016 2:00 a.m., B. Cook wrote: > > ... > > > > What can I do about it? > > > > (thank you for working through understanding the problem..) > >

Re: [squid-users] dead gateway, not dead peer..

... What can I do about it? (thank you for working through understanding the problem..) On Wed, Jun 22, 2016 at 9:55 AM, Amos Jeffries wrote: > On 23/06/2016 1:25 a.m., B. Cook wrote: > > ​when the one of the proxies loses its internet connection.. the default > > route is

Re: [squid-users] dead gateway, not dead peer..

outside is dead and gone. That is what I am trying to fix.. When a cache_peer has a connectivity problem.. On Wed, Jun 22, 2016 at 12:46 AM, Amos Jeffries wrote: > On 22/06/2016 7:12 a.m., B. Cook wrote: > > On Tue, Jun 21, 2016 at 3:18 AM, Amos Jeffries > wrote: > > > >&

Re: [squid-users] dead gateway, not dead peer..

On Tue, Jun 21, 2016 at 3:18 AM, Amos Jeffries wrote: > > So you're trolling. The FAQ it is then: > > > > ​Thank you the response.. squid.conf (3.5.19 debian host 192.168.10.115) cache_peer

Re: [squid-users] dead gateway, not dead peer..

On Mon, Jun 20, 2016 at 4:04 PM, Antony Stone < antony.st...@squid.open.source.it> wrote: > > > Please answer the following questions: > > 1. How many squid servers do you have (in this setup)? > ​ I have three squid servers ​ > > 2. What are their IP addresses? > ​172.16.0.30/20 - Oasis, 172.16

[squid-users] dead gateway, not dead peer..

Looking for a second opinion.. I think this is beyond the scope of squid, but I figured I would ask anyway.. VZW FiOS link in one building (primary) and VZW FIOS link in a second building (secondary). the gateway for the primary link is sometimes unavailable.. squid is fine on both ends.. 0.30

[squid-users] Squid ubuntu build error

Hi I have struck a small issue in building squid from source (Ubuntu 14.04 current source packages) cp: cannot stat ‘/home/darren/squid3-3.3.8/debian/tmp/usr/share/squid3/icons’: No such file or directory dh_install: cp -a /home/darren/squid3-3.3.8/debian/tmp/usr/share/squid3/icons debian/

[squid-users] Squid ubuntu build error

Hi I have struck a small issue in building squid from source (Ubuntu 14.04 current source packages) cp: cannot stat ‘/home/darren/squid3-3.3.8/debian/tmp/usr/share/squid3/icons’: No such file or directory dh_install: cp -a /home/darren/squid3-3.3.8/debian/tmp/usr/share/squid3/icons debian/

Re: [squid-users] squid-users Digest, Vol 7, Issue 70

Thank you all, I have set 'logfile_rotate 30'. Lets see how it works Regards, Mr. Brijesh B. Mehta Research Scholar, Computer Engineering Department, S. V. National Institute of Technology, Surat - 395007 Gujarat, India http://brijeshbmehta.wordpress.com/ Tips: If you forward this ema

[squid-users] How can i keep log files for longer periods?

configuration file? I already read about rotate a log file but it confused me so i haven't tried it yet. Kindly provide me some solution Thanks Regards, Mr. Brijesh B. Mehta Research Scholar, Computer Engineering Department, S. V. National Institute of Technology, Surat - 395007 Gujarat, India

Re: [squid-users] Splash page issues

=100 %SRC /usr/lib/squid3/ext_session_acl -t 7200 -b /mnt/ksn/squid/session/session.db happy days. thanks Darren B On 31/01/2015 9:26 AM, Amos Jeffries wrote: On 31/01/2015 2:00 p.m., Darren B. wrote: Hi I am trying to set up a router that is inline between the clients and the internet

Re: [squid-users] Splash page issues

=100 %SRC /usr/lib/squid3/ext_session_acl -t 7200 -b /mnt/ksn/squid/session/session.db happy days. thanks Darren B On 31/01/2015 9:26 AM, Amos Jeffries wrote: On 31/01/2015 2:00 p.m., Darren B. wrote: Hi I am trying to set up a router that is inline between the clients and the internet

[squid-users] Splash page issues

guidance on this would be greatly appreciated. thanks in advance Darren B. the relevant bits of the config are as follows. acl localnet1 src 172.25.101.0/24 # RFC1918 possible internal network acl localnet2 src 172.25.102.0/24

[squid-users] Splash page issues

guidance on this would be greatly appreciated. thanks in advance Darren B. the relevant bits of the config are as follows. acl localnet1 src 172.25.101.0/24 # RFC1918 possible internal network acl localnet2 src 172.25.102.0/24

Re: [squid-users] Squid website malware?

Can't reproduce it. They should direct you to ask page and flag it with a norton logo. -B On 10/14/2014 5:11 AM, Ambrose LI wrote: What does the "detailed report" actually say? Virus scanners (if I remember correctly it was actually Norton) have been known to lack a basic unde

Re: [squid-users] SSL/SSH/SFTP/FTPS to alternate ports

, but with the domain feature only. -B On 10/12/2014 7:48 AM, Timothy Spear wrote: Hello, Here is the issue: I can proxy through Squid just fine to HTTP and HTTPS. I can also run SSH via Corkscrew to a SSH server running on port 443 and it works fine. What I cannot do, is access HTTPS or SSH on

[squid-users] Transparent proxy with squid and Dansguardian

loop back on itself. All the various versions are current to ubuntu 14.04 although the dansguardian is a little old in this distro. Any pointers would be greatly appreciated. Darren B. Currently the processes running and listening are root@dnsmasq:~# netstat -ntlp | grep LISTEN tcp

[squid-users] Transparent proxy with squid and Dansguardian

loop back on itself. All the various versions are current to ubuntu 14.04 although the dansguardian is a little old in this distro. Any pointers would be greatly appreciated. Darren B. Currently the processes running and listening are root@dnsmasq:~# netstat -ntlp | grep LISTEN tcp