Re: [squid-users] [squid-announce] Squid 4.2 is available

I'd be all over any Squid 4 RPMs for EL6, for what that's worth. I had downloaded your source RPM for EL7 at one point and tried to build one for EL6. Dealing with the compiler issues was a bit beyond me though, sadly. On Tue, 14 Aug 2018 at 05:46, Eliezer Croitoru wrote: > I need to test it bu

Re: [squid-users] quiet week

Copy, Amos — receiving you loud and clear :) On Mon, 4 Jun 2018 at 15:47, Amos Jeffries wrote: > Hi anyone, > just testing to see if the list server is still operational. Things > have been suspiciously quiet this week. > > Amos > ___ > squid-users ma

[squid-users] Squid 4 EL6 RPMs

Hello all, I'm wondering if anyone can point to a Squid 4 RPM package for CentOS / RHEL 6. I've had a search around, but it seems people are only packaging it for EL7. I did try compiling an EL6 RPM myself, based on an EL7 source RPM, but I'm not adept in this area and couldn't get past certain

Re: [squid-users] Rock store size not decreasing

Okay, cool — thanks for clarifying. Guess I'll nuke it myself and reinitialise a blank one. Best, Dan On 19 May 2017 at 23:29, Amos Jeffries wrote: > On 19/05/17 15:47, Dan Charlesworth wrote: > >> Hey all >> >> I'm fairly new to rock caching. With aufs,

[squid-users] Rock store size not decreasing

Hey all I'm fairly new to rock caching. With aufs, if you reduce the cache size in the config it'll start slowly reducing it down the new size. I've done that with a ~137GB rock store (reduced it to 10240MB) but it 'aint changing after reloading the config. cache_dir rock /var/spool/squid/rock 1

Re: [squid-users] Access-Control-* headers missing when going through squid

Thanks Amos.As far as I can tell the only device upstream of the proxy is a relatively basic gateway/firewall. I doubt it's capable of messing with HTTP headers (and loading the site directly, as opposed to using the proxy lets it load fine behind the same gateway).I’ve attached the debug output yo

[squid-users] Access-Control-* headers missing when going through squid

Hi everyone, This is a super weird one! This Pressreader site (http://sheppartonnews.pressreader.com/shepparton-news) gets a totally different (erroneous) response from the server when accessing it through squid on a particular school's network. It doesn’t happen through any other squid box on

Re: [squid-users] Introducing delay to HTTP 407 responses

I just want to throw my support behind seeking a solution to this problem. Luke’s clearly considered it in way more detail than anyone so far, myself included. The affects the squids under my purview every day. Best, Dan > On 14 Sep. 2016, at 10:18 am, squid-us...@filter.luko.org wrote: > > H

Re: [squid-users] Large memory leak with ssl_peek (now partly understood)

Hey Steve, Deployed a 3.5.20 build with both of those patches and have noticed a big improvement in memory consumption of squid processes at a couple of splice-heavy sites. Thank you, sir! Dan > On 12 Aug 2016, at 7:05 PM, Steve Hill wrote: > > >>This sounds very similar to Squid b

Re: [squid-users] Large memory leak with ssl_peek (now partly understood)

Pretty sure this is affecting our 3.5.x systems as well — we use a very similar splicing implementation. I'll keep an eye out in hope someone adapts that patch! Dan On 12 August 2016 at 06:22, Alex Rousskov wrote: > On 08/11/2016 10:56 AM, Steve Hill wrote: > > > At ssl_bump step 2 we splice t

[squid-users] Rate limiting bad clients?

Hi all, This is more of a squid-adjacent query. Hopefully relevant enough for someone here to help… I’m sick of all these web apps that take it upon themselves to hammer proxies when they don’t get the response they want, like if they have to authenticate for example. On big networks, behind a

Re: [squid-users] Empty response from website via proxy

e implications of that be? Dan On 5 July 2016 at 15:07, Dan Charlesworth wrote: > That’s a super helpful analysis, thanks Amos. > > Now to see if I track down the site admins 🙃 > > > On 5 Jul 2016, at 3:04 PM, Amos Jeffries wrote: > > > > On 5/07/2016 4:25 p.m.

Re: [squid-users] Empty response from website via proxy

That’s a super helpful analysis, thanks Amos. Now to see if I track down the site admins 🙃 > On 5 Jul 2016, at 3:04 PM, Amos Jeffries wrote: > > On 5/07/2016 4:25 p.m., Dan Charlesworth wrote: >> This website seems not send back a proper web page if the request comes via >

[squid-users] Empty response from website via proxy

This website seems not send back a proper web page if the request comes via a (squid?) proxy. http://passporttosafety.com.au/ Can anyone tell what might be going wrong here? Best, Dan ___ squid-users mailing list squid-users@lists.squid-cache.org http

Re: [squid-users] How to analyse squid memory usage

No worries—thanks for following up on it! That’s very interesting, about the concurrent requests, because the “normal” report does around 80% more requests per day than the “leaky” one — a few hundred thousand vs a couple of million. Does this CLOSE_WAIT sockets issue have a bug being tracked o

Re: [squid-users] How to analyse squid memory usage

AM, Dan Charlesworth wrote: > > I’ve now got mgr:mem output from a leaky box for comparison but I’m having a > hard time spotting where the problem might be. > > Would anyone more experienced mind taking at these and seeing if anything > jumps out as a source of the high memo

Re: [squid-users] How to analyse squid memory usage

1KB Strings 0 0 4KB Strings 0 1 16KB Strings 0 5 Other Strings0 0 Large buffers: 0 (0 KB) Thanks! > On 11 May 2016, at 2:37 PM, Dan Charlesworth wrote: > > Thanks Amos - > > Not sure how self-explanatory the output is, though. > > I’v

Re: [squid-users] How to analyse squid memory usage

0 0 Large buffers: 0 (0 KB) > On 10 May 2016, at 6:02 PM, Amos Jeffries wrote: > > On 10/05/2016 2:35 p.m., Dan Charlesworth wrote: >> A small percentage of deployments of our squid-based product are using >> oodles of memory—there doesn’t seem to be a limit to it. >

[squid-users] How to analyse squid memory usage

A small percentage of deployments of our squid-based product are using oodles of memory—there doesn’t seem to be a limit to it. I’m wondering what the best way might be to analyse what squid is reserving it all for in the latest 3.5 release? The output of squidclient mgr:cache_mem is completely

[squid-users] Any problems with %ssl::>sni in 3.5.16?

We have an External ACL Type with %ssl::>sni and %URI We get access log lines that record the %ssl::>sni just fine, but the corresponding line sent to our external ACL is missing it. For example, from the same request; Log: 12/Apr/2016-15:42:47608 10.0.1.60 TAG_NONE 200 0 CONNECT 23.111.9.

Re: [squid-users] Bizarrely slow, timing out DNS only via Squid :D

Eliezer > > On 07/03/2016 06:50, Dan Charlesworth wrote: >> Alright, we’re getting somewhere. >> >> A plain curl is about as slow as a default squid config curl: >> >> P.S. I sent you a Skype request >> >> --- >> >> # time curl http:/

Re: [squid-users] Bizarrely slow, timing out DNS only via Squid :D

Alright, we’re getting somewhere. A plain curl is about as slow as a default squid config curl: P.S. I sent you a Skype request --- # time curl http://httpbin.org/ip { "origin": "59.167.202.249" } real0m5.513s user0m0.002s sys 0m0.001s # time curl http://httpbin.org/ip --proxy h

Re: [squid-users] Bizarrely slow, timing out DNS only via Squid :D

For what it's worth, I've now tried disabling IPv6 via sysctl and it didn't make any difference. Appreciate the advice so far. More from me tomorrow. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squ

Re: [squid-users] Bizarrely slow, timing out DNS only via Squid :D

y time: 32 msec ;; SERVER: 192.231.203.3#53(192.231.203.3) ;; WHEN: Fri Mar 4 15:23:07 2016 ;; MSG SIZE rcvd: 101 > On 4 Mar 2016, at 3:15 PM, Amos Jeffries wrote: > > On 4/03/2016 11:42 a.m., Dan Charlesworth wrote: >> Thanks for your input Eliezer. >> >> I'

Re: [squid-users] Bizarrely slow, timing out DNS only via Squid :D

er one to try is: > http://www.squid-cache.org/Doc/config/dns_v4_first/ > > try adding to the end of squid.conf > dns_v4_first on > > All The Bests, > Eliezer > > On 04/03/2016 00:42, Dan Charlesworth wrote: >> Thanks for your input Eliezer. >> >> I&

Re: [squid-users] Bizarrely slow, timing out DNS only via Squid :D

e are cases which couple dns services just stops > responding to dns queries which looks like what you see if it worked before. > > Eliezer > > On 03/03/2016 09:08, Dan Charlesworth wrote: > >> On 03/03/2016 07:39, Dan Charlesworth wrote: >>>>> >>>>

Re: [squid-users] Bizarrely slow, timing out DNS only via Squid 😖

18:07:21 2016 ;; MSG SIZE rcvd: 93 real0m0.037s user0m0.003s sys 0m0.001s > On 3 Mar 2016, at 5:44 PM, Eliezer Croitoru wrote: > > can you try the next command: > dig -x 10.100.128.1 > > Eliezer > > On 03/03/2016 08:04, Dan Charlesworth wrote

Re: [squid-users] Bizarrely slow, timing out DNS only via Squid 😖

; Hey Dan, > > What dig+nslookup queries did you tested for? > > Eliezer > > On 03/03/2016 07:39, Dan Charlesworth wrote: >> Right now we have 1 squid box (out of a lot), running 3.5.13, which does >> something like this for every request, taking about 10 seconds: >

[squid-users] Bizarrely slow, timing out DNS only via Squid 😖

Right now we have 1 squid box (out of a lot), running 3.5.13, which does something like this for every request, taking about 10 seconds: 2016/03/03 16:30:48.883 kid1| 78,3| dns_internal.cc(1794) idnsPTRLookup: idnsPTRLookup: buf is 43 bytes for 10.100.128.1, id = 0x733a 2016/03/03 16:30:48.883 k

Re: [squid-users] any way to get squid-4 compiled on CentOS-6?

I don’t; at least not this week. I predict a rather long list of SNIs which get spliced instead :-] > On 25 Feb 2016, at 10:27 AM, Amos Jeffries wrote: > > On 25/02/2016 12:17 p.m., Dan Charlesworth wrote: >> Thanks for the hint. >> >> I tried this, base

Re: [squid-users] any way to get squid-4 compiled on CentOS-6?

mos Jeffries wrote: > > On 24/02/2016 1:25 p.m., Dan Charlesworth wrote: >> That’s the version I’m on actually (RPM compiled by me): >> >> squid-3.5.13-1.el6.x86_64 >> openssl-1.0.1e-42.el6_7.2.x86_64 >> >> I’m not setting sslproxy_cipher in my config, so I gu

Re: [squid-users] SSL bump memory leak

I’m just catching up with this one, but we’ve observed some memory leaks on a small percentage of our boxes, which we migrated to Peek & Splice late last year. We’re on 3.5.13, about to move to 3.5.15. What’s the least disruptive way to keep this under control, if there is one? Is there anyth

Re: [squid-users] any way to get squid-4 compiled on CentOS-6?

On 24/02/2016 12:24 p.m., Dan Charlesworth wrote: >> Thanks Amos, good to know. I didn’t see your original reply for some reason; >> sorry about that. >> >> I thought I had read that these sort of errors could be avoided in Squid-4: >> Error negotiating SSL

Re: [squid-users] any way to get squid-4 compiled on CentOS-6?

now I can’t even a source for that … I need to spend some quality time with Google I think. > On 24 Feb 2016, at 5:50 AM, Amos Jeffries wrote: > > On 23/02/2016 1:05 p.m., Dan Charlesworth wrote: >> I'm bumping this question back up, because I also would like to know. >>

Re: [squid-users] any way to get squid-4 compiled on CentOS-6?

I'm bumping this question back up, because I also would like to know. We'd rather not need users of our squid-based software to need to deploy new CentOS 7 servers to run it. On 12 February 2016 at 19:59, Jason Haar wrote: > Hi there > > Given the real work on ssl-bump seems to be in squid-4,

Re: [squid-users] Delay Pools and HTTPS on Squid 3.x

It's been a while since I've looked at this—because the software we use to generate our squid.conf just works around now—but we found that Squid 3 would only enforce exactly half the configured rate on HTTP requests but enforce the full rate on HTTPS requests. So we now make two delay pools for ev

Re: [squid-users] host header forgery false positives

Did a bug end getting filed for this? I can probably provide some ALL,9 logs but I don’t understand the problem well enough to write up a decent report I don’t think. > On 12 Jan 2016, at 12:40 PM, Jason Haar wrote: > > Hi there > > I am finding squid-3.5.13 is false positive-ing on ssl-bump

Re: [squid-users] using splice just to improve TLS SNI logging

It’s been a far superior client experience to bumping on the deployments I’ve seen. Obviously MITM-ing a connection is always going to be a less amenable situation for clients; technically and ethically. The only problem I’ve had with splicing is this Host Header Forgery error squid has when it

Re: [squid-users] Host header forgery detected after upgrade from 3.5.8 to 3.5.9

They’re probably matching about 40% of the time on twitter.com, though 😒 > On 25 Nov 2015, at 11:40 AM, Dan Charlesworth wrote: > > Alright, thanks for the hint. > > My proxy and clients definitely have the same DNS server (I removed the > secondary and tertiary ones to

Re: [squid-users] Host header forgery detected after upgrade from 3.5.8 to 3.5.9

2015 12:20 p.m., Dan Charlesworth wrote: >> Thanks for the perspective on this, folks. >> >> Going back to the technical stuff—and this isn’t really a squid thing—but is >> there any way I can minimise this using my DNS server? >> >> Can I force my local DN

Re: [squid-users] Host header forgery detected after upgrade from 3.5.8 to 3.5.9

Thanks for the perspective on this, folks. Going back to the technical stuff—and this isn’t really a squid thing—but is there any way I can minimise this using my DNS server? Can I force my local DNS to only ever return 1 address from the pool on a hostname I’m having trouble with? > On 30 Oc

Re: [squid-users] Host header forgery detected after upgrade from 3.5.8 to 3.5.9

of IPs apparently at random. > On 29 Oct 2015, at 3:46 PM, Amos Jeffries wrote: > > On 29/10/2015 1:16 p.m., Dan Charlesworth wrote: >> It looks like there’s certain hosts that are designed to load balance (or >> something) between a few IPs, regardless of geograph

Re: [squid-users] Host header forgery detected after upgrade from 3.5.8 to 3.5.9

the client and the proxy are going to get the same IPs at the same time. What is one to do about that? > On 22 Oct 2015, at 10:00 PM, Yuri Voinov wrote: > > > > 22.10.15 15:58, Amos Jeffries пишет: >> On 21/10/2015 4:53 p.m., Dan Charlesworth wrote: >>> I’m get

Re: [squid-users] Host header forgery detected after upgrade from 3.5.8 to 3.5.9

PM, Amos Jeffries wrote: > > On 21/10/2015 4:53 p.m., Dan Charlesworth wrote: >> I’m getting these very frequently for api.github.com and github.com >> >> I’m using the same DNS servers as my intercepting squid 3.5.10 proxy and >> they only return the one IP when I do

Re: [squid-users] Host header forgery detected after upgrade from 3.5.8 to 3.5.9

I’m getting these very frequently for api.github.com and github.com I’m using the same DNS servers as my intercepting squid 3.5.10 proxy and they only return the one IP when I do an nslookup as well … Any updates from your end, Roel? > On 8 Oct 2015, at 8:29 PM, Eliezer Croitoru wrote: > > Si

Re: [squid-users] Safari 9 vs. SSL Bump

Amos - I’m going to assume that request was directed at Alex, as I don’t have editor access to the wiki. Let me know if not. > On 16 Oct 2015, at 4:22 PM, Amos Jeffries wrote: > > Can you please add to the Troubleshooting section at the end of >

Re: [squid-users] Safari 9 vs. SSL Bump

Jason for your help on this. 🍻 🙇 💚 > On 16 Oct 2015, at 11:55 AM, Dan Charlesworth wrote: > > Great, thanks. Don’t know why I didn’t think of it before but I’ll try > elevating it from Login -> System keychain and see what happens. > >> On 16 Oct 2015, at 11:51 AM, Jaso

Re: [squid-users] Safari 9 vs. SSL Bump

Great, thanks. Don’t know why I didn’t think of it before but I’ll try elevating it from Login -> System keychain and see what happens. > On 16 Oct 2015, at 11:51 AM, Jason Haar wrote: > > On 16/10/15 13:34, Dan Charlesworth wrote: >> Thanks! >> >> So ignori

Re: [squid-users] Safari 9 vs. SSL Bump

On 16/10/15 13:08, Dan Charlesworth wrote: >> ORLY >> >> I seem to recall this happening on 10.10 as well, but it could be an El >> Capitan thing. Do you mind reminding me of your squid config Jason? > > With my config I trying to "aggressively" figure ou

Re: [squid-users] Safari 9 vs. SSL Bump

th Elliptic Curves or pinning > > Jason > > On 15/10/15 12:19, Alex Rousskov wrote: >> On 10/14/2015 05:00 PM, Dan Charlesworth wrote: >> >>> I feel like if server-first is working there must be *some* >>> combination of peek/stare/bump that’ll work too

Re: [squid-users] Safari 9 vs. SSL Bump

use server-first if they decide to employ bumping, so if any of you smart people have any other suggestions, please send them through. Thanks > On 15 Oct 2015, at 1:34 AM, Alex Rousskov > wrote: > > On 10/13/2015 09:08 PM, Dan Charlesworth wrote: > >> But in realit

Re: [squid-users] Safari 9 vs. SSL Bump

t 2:39 PM, Dan Charlesworth wrote: > > ¯\_(ツ)_/¯ > > All I really have to go on is those errors com.apple.WebKit.Networking is > logging which apparently points to a specific thing it’s missing called > “forward transport security”. Only the peek@step1 seems to make it as far

Re: [squid-users] Safari 9 vs. SSL Bump

aar wrote: > > On 14/10/15 16:08, Dan Charlesworth wrote: >> I thought that fixed it for a second … >> >> But in reality ssl_bump peek step1 & ssl_bump bump step3 is actually >> splicing everything, it seems. >> >> Any other advice? :-) > Could thi

Re: [squid-users] Safari 9 vs. SSL Bump

I thought that fixed it for a second … But in reality ssl_bump peek step1 & ssl_bump bump step3 is actually splicing everything, it seems. Any other advice? :-) > On 14 Oct 2015, at 1:51 PM, Amos Jeffries wrote: > > On 14/10/2015 1:13 p.m., Dan Charlesworth wrote: >> T

[squid-users] Safari 9 vs. SSL Bump

Throwing this out to the list in case anyone else might be trying to get SSL Bump to work with the latest version of Safari. Every other browser on OS X (and iOS) is happy with bumping for pretty much all HTTPS sites, so long as the proxy’s CA is trusted. However Safari throws generic “secure

Re: [squid-users] Host header forgery detected after upgrade from 3.5.8 to 3.5.9

Same here—I've been meaning to ask the list about this too. I’m still on 3.5.9, by the way. > On 6 Oct 2015, at 10:55 PM, Roel van Meer wrote: > > Hi everyone, > > I have a Squid setup on a linux box with transparent interception of both > http and https traffic. Everything worked fine with S

[squid-users] External ACL format tag for origin IP?

It seems there’s no way to get the equivalent of the `dst` internal ACL into an external ACL. %DST returns the hostname from DNS not the origin IP. Am I missing something? Perhaps there's a more creative way to pass the IP to an external ACL regardless of what the hostname is? Thanks!

Re: [squid-users] 3.5.8 — SSL Bump questions

Thanks for all the info here, people. This is probably because of some other dumb thing I’m doing in my ssl_bump config, but if I change ssl_bump peek step1 to ssl_bump peek all, I get this assertion failure: PeerConnector.cc:747: "!callback" > On 9 Sep 2015, at 6:59 pm, Amos Jeffries wrote:

Re: [squid-users] 3.5.8 — SSL Bump questions

10.0.1.7 TCP_TUNNEL 200 13741 CONNECT 192.30.252.126:443 api.github.com - splice - ORIGINAL_DST/192.30.252.126 - > On 8 Sep 2015, at 5:39 pm, Dan Charlesworth wrote: > > Thanks Amos. > > To clarify about the user agents: I’m talking about anything with a (logged) > SSL bump mode

Re: [squid-users] 3.5.8 — SSL Bump questions

#x27;t log a UA when an explicit CONNECT does. > On 8 Sep 2015, at 5:17 pm, Amos Jeffries wrote: > > On 8/09/2015 5:36 p.m., Dan Charlesworth wrote: >> Hello all >> >> I’ve been testing out an SSL bumping config using 3.5.8 for the last week or >> so and am

[squid-users] 3.5.8 — SSL Bump questions

Hello all I’ve been testing out an SSL bumping config using 3.5.8 for the last week or so and am scratching my head over a couple of things. First, here’s my config (shout out to James Lay): acl tcp_level at_step SslBump1 acl client_hello_peeked at_step SslBump2 acl bump_bypass_domains ssl::ser

[squid-users] Any plan for an SSL bump mode ACL?

I’m trying to figure out if there’s a way to avoid those 0 byte “peeked” requests being processed by the rest of our external ACLs etc. by allowing them early on in the transaction. Unfortunately there doesn’t seem to be a way to target just those ones with http_access—the TAG_NONE isn’t an act

Re: [squid-users] Why is overlapping dstdomains a FATAL error now?

fired or at the very least, slapped in the back of the head. >> >> On 8/6/2015 6:44 PM, Dan Charlesworth wrote: >>> This used to just cause a WARNING right? Is this really a good enough >>> reason to stop Squid from starting up? >>> >>> 2015/08/07 09:25:43|

[squid-users] Why is overlapping dstdomains a FATAL error now?

This used to just cause a WARNING right? Is this really a good enough reason to stop Squid from starting up? 2015/08/07 09:25:43| ERROR: '.ssl.gstatic.com ' is a subdomain of '.gstatic.com ' 2015/08/07 09:25:43| ERROR: You need to remove '.ssl.gstati

Re: [squid-users] Detecting clients flooding squid with failed request

one > wrote: > > On Monday 03 August 2015 at 08:06:35 (EU time), Dan Charlesworth wrote: > >> Probably a lot of forward proxy users here have encountered applications >> which, if they can’t get their web requests through the proxy (because of >> 407 Proxy Auth

[squid-users] Detecting clients flooding squid with failed request

Probably a lot of forward proxy users here have encountered applications which, if they can’t get their web requests through the proxy (because of 407 Proxy Auth Required or whatever), just start aggressively, endlessly spamming requests. A recent example would be AVG’s “cloud” features generat

[squid-users] Squid 3.4.14

Hey folks Is 3.4.14 going to be a thing or should we be moving to v3.5 if we want new bug fixes? ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] tos miss-mask not working at all squid 3.5.5

It's also worth pointing out that your messages are getting flagged as Spam by Gmail, which probably isn't helping visibility. On 23 June 2015 at 06:11, mohammad wrote: > why is no-one answering this ?!! > > BTW, i tried the kernel patch 2.6.35 from ZPH, it worked intermittently, > and > stopped

Re: [squid-users] Individual delay pools and youtube

Thanks Amos. We're using the CONNECT ACL and everything is working as expected. On 29 April 2015 at 20:28, Amos Jeffries wrote: > On 29/04/2015 5:44 p.m., dan wrote: > > I mentioned last time that we had to x2 all our delay_parameter’s > > bytes because of a weird bug where squid would apply it

Re: [squid-users] Config audit for 3.5.3

This was pretty interesting and informative —despite the egregious typos 😁 — thanks Amos! On Sat, Apr 25, 2015 at 12:25 PM, Amos Jeffries wrote: > On 25/04/2015 12:50 a.m., James Lay wrote: >> Hey all. >> >> Topic says itI'm running squid-3.5.3-20150420-r13802 and wanted to >> see if there

Re: [squid-users] assertion failed: ../src/ipc/AtomicWord.h:88: "Enabled()"

lt-user=squid' '--with-filedescriptors=16384' '--with-maxfd=65535' '--with-dl' '--with-pthreads' '--with-included-ltdl' '--disable-arch-native' '--without-nettle' '--disable-optimizations' 'build_alias=x86

Re: [squid-users] assertion failed: ../src/ipc/AtomicWord.h:88: "Enabled()"

Bumping this because I think it might have gone into the black hole the other night. > On 23 Mar 2015, at 5:44 pm, Dan Charlesworth wrote: > > Turns out it’s also shitting the bed whenever I go to an SSL site now that > I’ve added --enable-storeio=rock: > > 2015/0

Re: [squid-users] assertion failed: client_side.cc:1515: "connIsUsable(http->getConn())

upload them to the bug. Thanks folks. On 25 March 2015 at 09:28, Dan Charlesworth wrote: > Resending this after the last attempt went into the mail server black hole: > > Hey Amos > > I decided I’m not confident enough in 3.5.HEAD, after last time, to go > back into production wi

Re: [squid-users] assertion failed: client_side.cc:1515: "connIsUsable(http->getConn())

optimisations disabled and it seems to be doing fine performance and stability-wise. I only managed to capture one crash with optimisations disabled, so far, but it seemed to have some memory-related corruption, unfortunately. Updates to come over the next few days. On 23 March 2015 at 16:59, Dan

Re: [squid-users] WARNING: 1 swapin MD5 mismatches and BUG 3279: HTTP reply without Date:

seen this issue frequently when I reduced my cache size, > from 70 GB to 30 GB now. > > Regards > > On 3/19/15, Dan Charlesworth wrote: >> Hey Eliezer >> >> I don't actually use SMP. I could be wrong about the aufs thing; I haven't >> personally

Re: [squid-users] assertion failed: client_side.cc:1515: "connIsUsable(http->getConn())

gt;> Just cannot win. Is it possible these two issues are due to the patch for >> #4206? >> >> >> >> >>> On 16 Mar 2015, at 6:18 pm, Amos Jeffries >> <mailto:squ...@treenet.co.nz>> wrote: >>> >>> On 16/03/2015 7:16 p.m

Re: [squid-users] WARNING: 1 swapin MD5 mismatches and BUG 3279: HTTP reply without Date:

> Also if indeed it's with aufs\ufs only with SMP then it means that the > issue is related to the way SMP can make a ufs\aufs cache_dir dirty and > there for the answer would be pretty simple to the issue in hands. > > Eliezer > > On 20/03/2015 00:32, Dan Charlesworth wrote:

Re: [squid-users] assertion failed: client_side.cc:1515: "connIsUsable(http->getConn())

4135 in ?? () No symbol table info available. #14 0x0020 in ?? () No symbol table info available. #15 0x in ?? () No symbol table info available. On 16 Mar 2015, at 6:18 pm, Amos Jeffries <squ...@treenet.co.nz> wrote:On 16/03/2015 7:16 p.m., Dan Charlesw

Re: [squid-users] WARNING: 1 swapin MD5 mismatches and BUG 3279: HTTP reply without Date:

Hi John This bug has been affecting me on an off for a while as well. I believe it only affects aufs and, unfortunately, has been around for years. See: http://bugs.squid-cache.org/show_bug.cgi?id=3279 And see: http://bugs.squid-cache.org/show_bug.cgi?id=3483 On 19 March 2015 at 22:37, johnzeng

Re: [squid-users] Server-first SSL bump in Squid 3.5.x

f the config I posted before? Kind regards Dan > On 19 Mar 2015, at 5:18 pm, Amos Jeffries wrote: > > On 19/03/2015 6:36 p.m., Dan Charlesworth wrote: >> Hey y’all >> >> Finally got 3.5.2 running. I was under the impression that using >> server-first SSL bump

[squid-users] Server-first SSL bump in Squid 3.5.x

Hey y’all Finally got 3.5.2 running. I was under the impression that using server-first SSL bump would still be compatible, despite all the Peek & Splice changes, but apparently not. Hopefully someone can explain what might be going wrong here ... Using the same SSL Bump config that we used for

Re: [squid-users] v3.5.x RPM for CentOS 6

; > eliezer already made binary for centos 6.x, you just missed perl modules and > pinger need to have correct permission. > > > > On Wed, Mar 18, 2015 at 11:54 AM, Dan Charlesworth <mailto:d...@getbusi.com>> wrote: > *Tory — sorry. > >> On 18

Re: [squid-users] Random SSL bump DB corruption

Bumpity bump Had this go down exactly the same way this past Monday at Deployment #1. > On 10 Mar 2015, at 4:51 pm, Dan Charlesworth wrote: > > Hey folks > > After having many of our systems running Squid 3.4.12 for a couple of weeks > now we had two different deployments

Re: [squid-users] v3.5.x RPM for CentOS 6

*Tory — sorry. > On 18 Mar 2015, at 3:49 pm, Dan Charlesworth wrote: > > Hi Tony > > Yeah, I wouldn’t mind taking a peek at your SRPM or spec file if you can > share—thanks! > >> On 18 Mar 2015, at 3:15 pm, Tory M Blue > <mailto:tmb...@gmail.com>> wro

Re: [squid-users] v3.5.x RPM for CentOS 6

ng special . > > Tory > > Sent via the wild blue yonder > > > On Mar 17, 2015, at 20:16, Dan Charlesworth <mailto:d...@getbusi.com>> wrote: > >> Hey Eliezer >> >> Do you have any plans to maintain a Squid 3.5.x rpm for CentOS 6? >> >&

[squid-users] v3.5.x RPM for CentOS 6

Hey Eliezer Do you have any plans to maintain a Squid 3.5.x rpm for CentOS 6? I can see you’ve published one for CentOS 7. In fact I tried to use your spec file from the EL7 version to build an EL6 rpm, but ran into errors when updating from 3.4.12: 1. Installing the separate squid-helpers pa

[squid-users] Random SSL bump DB corruption

Hey folks After having many of our systems running Squid 3.4.12 for a couple of weeks now we had two different deployments fail today due to SSL DB corruption. Never seen this in almost 9 months of SSL bump being in production and there were no problems in either cache log until the “wrong numb

Re: [squid-users] assertion failed: client_side.cc:1515: "connIsUsable(http->getConn())

> > On 27/02/2015 12:25 p.m., Dan Charlesworth wrote: >> Alright I got abrtd on board, finally. >> >> Here’s a a backtrace from this morning (bt and bt full versions included >> separately): >> > > Wonderful. > > Can you get a print from

Re: [squid-users] assertion failed: client_side.cc:1515: "connIsUsable(http->getConn())

Alright I got abrtd on board, finally.Here’s a a backtrace from this morning (bt and bt full versions included separately):#0 0x00397e232625 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x00397e233e05 in abort () at abort.c:92 #2 0x005656ef in xassert (msg=0

Re: [squid-users] Curious about: ipcacheParse: No Address records

Oh … Duly noted. > On 26 Feb 2015, at 4:20 pm, Amos Jeffries wrote: > > On 26/02/2015 6:08 p.m., d...@getbusi.com wrote: >> Thanks Amos! >> >> >> I reckon that dns_packet_max directive might be playing into it. Most of the >> problematic hostnames seem to return large pools of IPs. >> > >

[squid-users] Curious about: ipcacheParse: No Address records

Hey y’all I don’t remember this being covered before… I see this error (warning?) pretty frequently for hostnames which I can always resolve fine if I try them on the same server with dig or nslookup. What’s the deal? And what does the client experience in the browser when one of these occurs?

Re: [squid-users] assertion failed: client_side.cc:1515: "connIsUsable(http->getConn())

Thanks Amos - So then it more than likely is related to our external ACLs that deal with the HTTP response? > On 20 Feb 2015, at 5:06 pm, Amos Jeffries wrote: > > On 20/02/2015 5:46 p.m., Eliezer Croitoru wrote: >> Hey Dan, >> >> The basic rule of thumb in programming lands is script vs compi

Re: [squid-users] assertion failed: client_side.cc:1515: "connIsUsable(http->getConn())

st since the above list can become very long > and which will prove that humans can look at the same picture and see many > different things. > > Eliezer > > * I am almost sure that you may use a "fake" acl that will match all requests > instead of using an external_a

Re: [squid-users] assertion failed: client_side.cc:1515: "connIsUsable(http->getConn())

its impact? Thanks Dan On 12 February 2015 at 09:51, Dan Charlesworth wrote: > Hey Eliezer > > With the response_size_100 ACL definition: > - 100 tells the external ACL the limit in MB > - 192.168.0.10 tells the external ACL the squid IP > > I think one or both of these is

Re: [squid-users] assertion failed: client_side.cc:1515: "connIsUsable(http->getConn())

ould have only one rule for the > reply body max size, what are the others for exactly? > > Eliezer > > * I might missing some concepts some sorry in advance. > > On 11/02/2015 00:30, Dan Charlesworth wrote: >> Hi Eliezer >> >> Took a while to get this

Re: [squid-users] assertion failed: client_side.cc:1515: "connIsUsable(http->getConn())

here’s any other info I can provide that might point towards the cause of this crash. And thanks again for taking a look. > On 3 Feb 2015, at 2:49 pm, Dan Charlesworth wrote: > > Hi Eliezer > > Thanks for paying attention, as always. I’m working on getting an > (appropriately

Re: [squid-users] assertion failed: client_side.cc:1515: "connIsUsable(http->getConn())

onfidential data) > > Thanks, > Eliezer > > On 02/02/2015 01:14, Dan Charlesworth wrote: >> Bumping this one for the new year 'cause I still don't understand squid >> traces and because it's still happening with v3.4.11. >> >> I would specul

Re: [squid-users] assertion failed: client_side.cc:1515: "connIsUsable(http->getConn())

e earlier in the thread) would help. On 2 February 2015 at 10:14, Dan Charlesworth wrote: > Bumping this one for the new year 'cause I still don't understand squid > traces and because it's still happening with v3.4.11. > > I would speculate that's it's something

Re: [squid-users] HTTPS intercept, simple configuration to avoid bank bumping

Wasn't somebody saying that you'd need write an External ACL to evaluate the SNI host because dstdomain isn't hooked into that code (yet? ever?)? On 27 January 2015 at 08:33, Jason Haar wrote: > > Well the documentation says > > # SslBump1: After getting TCP-level and HTTP CONNECT info. > #

Re: [squid-users] [squid-announce] Squid 3.5.1 is available

Yeah. I definitely don't have my head around the new peek and splice directives and would appreciate some examples. On Sun, Jan 18, 2015 at 12:59 PM, Jason Haar wrote: > On 17/01/15 21:11, Amos Jeffries wrote: >> The Squid HTTP Proxy team is very pleased to announce the availability >> of the S

  1   2   >