Re: [squid-users] Capture incoming information from one squid to another.

I'm still not having any luck. I'd like to just leave it open and I understand that it could be abused. My "CURL" results are; curl -v --proxy http://SQUID_SERVER:3128 -I http://www.example.com * About to connect() to proxy SQUID_SERVER port 3128 (#0) * Trying xxx

[squid-users] Forward proxy with certificates

My company implemented a new proxy (Zscaler) that requires the use of SSL certificates. I have "black boxes" that allow me to configure a proxy, but not to add these needed certificates. This prevents these linux systems from making HTTPS requests. I built a RHEL system with Squid running. This

Re: [squid-users] Originserver load balancing and health checks in Squid reverse proxy mode

ARENT/[ip_cache_peer_srv2] TCP_MISS/200 [the_request] ROUND_ROBIN_PARENT/[ip_cache_peer_srv3] evenly distributed. So it's not using the weighted-round-robin that should have srv1 at 11ms, while srv2 and srv3 are at about 150ms in regard to pinger. What did I miss in configuring weighted-roun

Re: [squid-users] Originserver load balancing and health checks in Squid reverse proxy mode

g the requests evenly and not using those ping times in weighted-round-robin. Does the weighted-round-robin need some time to use those rtt values? Best Regards, Chris On 09.02.21 16:19, NgTech LTD wrote: Maybe its apparmor. pinger needs to have a setuid permission as root. its a pinger and

Re: [squid-users] Originserver load balancing and health checks in Squid reverse proxy mode

Oh, that lib won't help, sorry, forget about my pinger_program path So do I have to recompile squid myself and than install the pinger as described here: https://wiki.squid-cache.org/SquidFaq/OperatingSquid#Using_ICMP_to_Measure_the_Network ? On 09.02.21 16:03, Chris wrote: Hi, than

Re: [squid-users] Originserver load balancing and health checks in Squid reverse proxy mode

] cache_peer [ipv4_address_srv2] parent [http_port] 0 no-digest no-netdb-exchange weighted-round-robin originserver name=srv2 forceddomain=[domainname] Thank you for your help, Chris On 09.02.21 04:23, Amos Jeffries wrote: On 9/02/21 3:40 am, Chris wrote: Hi all, I'm trying to

[squid-users] Originserver load balancing and health checks in Squid reverse proxy mode

ng icp requests from the squid fellows)? Is there a better way to update the dead state of an originserver? How do you handle this? Thanks a lot, Chris ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Setting up proxy with private to public

Sure thing. On Tue, Apr 14, 2020 at 8:32 AM Antony Stone < antony.st...@squid.open.source.it> wrote: > On Tuesday 14 April 2020 at 16:03:19, Chris Bidwell - NOAA Federal wrote: > > > Okay, so I think I'm starting to get somewhere but the connection isn't > > co

Re: [squid-users] Setting up proxy with private to public

fantomas wrote: > On 13.04.20 13:19, Chris Bidwell - NOAA Federal wrote: > >Very new to squid and am looking to setup several internal subnets to > >access external network (internet) through squid on a separate interface. > > squid does not use interfaces, squid uses IP addresse

Re: [squid-users] Setting up proxy with private to public

making *some* sense. :) Thanks On Mon, Apr 13, 2020 at 3:38 PM Antony Stone < antony.st...@squid.open.source.it> wrote: > On Monday 13 April 2020 at 21:19:04, Chris Bidwell - NOAA Federal wrote: > > > Hi all, > > > > Very new to squid and am looking to setup seve

[squid-users] Setting up proxy with private to public

Do I need to create static routes? Do I need firewalld rules in place? Thanks! Chris ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid-users Digest, Vol 66, Issue 13, Squid 4.10 for windows

Unfortunately due to design by architects here this will not be possible at this moment, but I will suggest this up the chain. So we will stick with v3.5.28. Is there plans to make the windows version available in the future. Chris Latino Systems Platform Engineer II Mastercard 1 Angel Lane

[squid-users] Squid 4.10 for windows

Hi Hoping you can help we are using squid for windows 3.5.28 Our vulnerability scanner is saying this isn't the latest version but I can't see a 4.10 version for windows and when I go to https://squid.diladele.com/ It's still showing the 3.5.28 version Chris Latino Senior S

[squid-users] Trouble getting SNMP to work in Squid 5

t adopt OID in SQUID-MIB: cacheIpCache ::= { cacheNetwork 1 } Tried various iterations of snmpwalk including from other hosts and with udp/tcp. Never get any response. Not sure where to go from here, is there any other debugging I can enable or is SNMP configured differently in v5? Thanks! C

Re: [squid-users] protect squid.conf file

ge the permissions so only your squid user can read it (chmod 600 squid.conf). Chris -- Chris Horry zer...@gmail.com http://www.twitter.com/zerbey PGP:638C3E7A signature.asc Description: OpenPGP digital signature ___ squid-users mailing list sq

Re: [squid-users] Force DNS queries over TCP?

ar to this but using SSH (since I don't have a Cisco router, this is a home setup!). Chris -- Chris Horry zer...@gmail.com http://www.twitter.com/zerbey PGP:638C3E7A signature.asc Description: OpenPGP digital signature ___ squid-users mailing lis

Re: [squid-users] Force DNS queries over TCP?

n implementation >> >> On Jun 30, 2016 2:21 PM, "Chris Horry" > <mailto:zer...@gmail.com>> wrote: > > If the ISP is intercepting and redirecting all connections to UDP/53, > which seems to be the case, I'm not sure this would help, unless the > ro

Re: [squid-users] Force DNS queries over TCP?

'm pretty sure you /can/ configure BIND to work like that. I should > imagine you could set up forwarders to TCP-based DNS servers. > > The other option is to get a DNS server set up on a VPS and tunnel your > requests to it via IPSEC. Sounds like a good idea, time to learn IP

[squid-users] Force DNS queries over TCP?

elp appreciated. Thanks, Chris -- Chris Horry zer...@gmail.com http://www.twitter.com/zerbey PGP:638C3E7A signature.asc Description: OpenPGP digital signature ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org

Re: [squid-users] Two connections per client

On Wed, Mar 16, 2016 at 1:03 AM, Amos Jeffries wrote: > On 16/03/2016 12:38 p.m., Chris Nighswonger wrote: > > Why does netstat show two connections per client connection to Squid: > > > > tcp0 0 127.0.0.1:3128 127.0.0.1:34167 > > ESTABLIS

Re: [squid-users] Two connections per client

On Wed, Mar 16, 2016 at 10:44 AM, Amos Jeffries wrote: > On 17/03/2016 3:03 a.m., Chris Nighswonger wrote: > > On Wed, Mar 16, 2016 at 9:07 AM, Amos Jeffries > wrote: > > > >> On 17/03/2016 1:57 a.m., Amos Jeffries wrote: > >>> On 17/03/2016 1:25 a.m.,

Re: [squid-users] Two connections per client

ile running it, I opened a browser and accessed foxnews.com through the GW. Attached is the related exchanges (sanitized) which took place on the lo if. (It is actually a txt file.) I don't know if this might cast some light on this issue or not. Chris __

[squid-users] Two connections per client

. The same netstat command filtered on the content filter port shows only one connection per client: tcp0 0 192.168.x.x:8080 192.168.x.y:1310 ESTABLISHED Thanks, Chris ___ squid-users mailing list squid-users@lists.squid-cache.org

Re: [squid-users] Squid 4.06 compile errors on Ubuntu 12.04

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2/23/2016 13:31, Amos Jeffries wrote: > On 23/02/2016 9:02 a.m., Chris Horry wrote: >> Hello All, >> >> Squid 4.06 (and earlier) is failing to compile for me on Ubuntu >> 12.04, Squid 3.x compiled without any issues

Re: [squid-users] Youtube "challenges"

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2/23/2016 08:39, Antony Stone wrote: > On Tuesday 23 February 2016 at 13:57:52, Chris Horry wrote: > >> On 2/23/2016 00:01, Darren wrote: >>> Hi all >>> >>> AI am putting together a config to allow the

Re: [squid-users] Youtube "challenges"

7;s Guardian that integrates with Squid. Chris -BEGIN PGP SIGNATURE- Version: GnuPG v2 iEYEARECAAYFAlbMV1AACgkQnAAeGCtMZU7uXACgqabcfk/0+TwOEl8TcYjIVfc6 nLcAn34Z7rhKO6dy/yF8DRWPkPc35pR3 =V43R -END PGP SIGNATURE- ___ squid-users mailing

[squid-users] Squid 4.06 compile errors on Ubuntu 12.04

--with-bugurl=file:///usr/share/doc/gcc-4.6/README.Bugs - --enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr - --program-suffix=-4.6 --enable-shared --enable-linker-build-id - --with-system-zlib --libexecdir=/usr/lib --without-included-gettext - --enable-threads=posix --with-gxx-include-di

[squid-users] Fw: new message

Hey! New message, please read <http://americantrailermart.com/sea.php?uo> Chris Robertson ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Transparent Proxy Configuration

I’ve had Squid running on Ubuntu for a few weeks. I’d configured the proxy settings in the browsers. Everything has been working well and I've been pleased with the results. But now I need to make this a transparent proxy and I’m running into trouble & need some help. I’ve got a Destination

Re: [squid-users] 3.5.4 Can't access Google or Yahoo SSL pages

the case, a better default for v4 installations might be "dns_first_v4 on". It would obviously fail on v6-only destinations but that is to be expected. There is a warning in the documentation about using dns_first_v4 though which I don't really understand. I'd like to know what the implications are - and whether I would be better simply building squid without v6 support at all. Chris ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] SSL MITM with unencrypted parent proxy

sides of the configuration though, or am I misunderstood? Regards, Chris ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] SSL MITM with unencrypted parent proxy

squid2 (in a child/parent configuration) will be encrypted with a new tunnel (I haven't tested it yet). If that is the case, is there anyway to configure squid1 and squid2 to communicate in cleartext for the child/parent communication? Any thoughts or

Re: [squid-users] 3.5.4 Can't access Google or Yahoo SSL pages

first on Thanks to Dan Charlesworth for pointing me in the correct direction. Chris On 03/05/15 18:01, Chris Palmer wrote: Two other reports of the same problem (accessing some SSL sites) after upgrading to Squid 3.5.4... https://bugs.archlinux.org/task/44811 I'm at a bit of a loss to kno

Re: [squid-users] 3.5.4 Can't access Google or Yahoo SSL pages

Two other reports of the same problem (accessing some SSL sites) after upgrading to Squid 3.5.4... https://bugs.archlinux.org/task/44811 I'm at a bit of a loss to know where to start looking. Just in case, I tried disabling ICAP (was using it for clamav) but no difference. Chris

[squid-users] 3.5.4 Can't access Google or Yahoo SSL pages

: read/write failure: (107) Transport endpoint is not connected Most SSL sites are ok, and all non-SSL sites I have tried. I am not using SSL-Bump. It was built using eactly the same options as 3.5.3. Anyone else experiencing this? Otherwise I will have to dig deeper... Many thanks Chris

Re: [squid-users] Squid 3.5.2 RPMs release for CentOS 32 and 64 bit.

Hi Eliezer, I'm one of the many users of your published EL/CentOS RPMs and greatly appreciate you making it available to the public, as well as keeping up to date from time to time. Just thought I'd express thanks :) Regards, Chris On 27 March 2015 at 02:08, Eliezer Croit

Re: [squid-users] how to obtain info about actual active downloads?

logs and report on historical usage. The screenshot on sqtop's page should give you an idea of what it presents: http://sqtop.googlecode.com/svn/wiki/images/scr1_ui_big.png Hopefully that makes it clearer? Regards, Chris ___ squid-users mailing lis

Re: [squid-users] how to obtain info about actual active downloads?

through the proxy per client, along with a report of current and average throughput per client. That is really useful for knowing what's consuming data *right now* compared to any historical report, since historical reports usually only acocunt for data when a connection

Re: [squid-users] how to obtain info about actual active downloads?

help you :) Regards, Chris ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] how to obtain info about actual active downloads?

installed. What distro are you using? I've just successfully compiled it on clean CentOS 6 and 7 machines and the only requirements for compilation were gcc-c++ and ncurses-devel ie. yum install gcc-c++ ncurses-devel Regards, Chris ___ squid-u

Re: [squid-users] Squid 3 SSL bump: Google drive application could not connect

. Was just thinking out loud - probably a crazy idea if every seriously considered :) Regards, Chris ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid 3 SSL bump: Google drive application could not connect

ok I like the active external acl solution since it meets a need, but there is overhead. I'm not quite sure what Bro logs for non-HTTPS 443 traffic, but I thought I'd chime in with the above idea if anyone wants to expand on it further

Re: [squid-users] how to obtain info about actual active downloads?

I am very late on this thread (christmas catchup :)) But since it wasn't mentioned by others, and I find it very useful, I use sqtop [1]. Screenshot on main page gives you an indication of what it can tell you. Regards, Chris [1] http://code.google.com/p/