Hi Alex
Thanks
The information provided is very useful.
Although ICAP is not used, the log configuration is active.
Let's validate the first leads you've given us
regards
Le 18/03/2025 à 15:07, Alex Rousskov a écrit :
On 2025-03-18 06:25, David Touzeau wrote:
We note that Squid
We note that Squid performs a client DNS PTR query each time client
sends query.
We have taken care to ensure that
* that the log model does not use machine names
* No acls concerning workstation hostnames are added.
We use kerberos authentication with Squid: is
negotiate_kerberos_auth/p
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
___
squid-users mailing list
squid-u
Hello
Is there any way or development plan to include “proxy-protocol” in
cache_peer?
Squid is able to listen for proxy-protocol, but I haven't seen how to
use this protocol when redirecting to Squid parents with proxy-protocol
enabled.
Thank you very much.
Thanks Alex
It Works by adding --without-gnutls !
Le 21/08/2024 à 16:02, Alex Rousskov a écrit :
On 2024-08-21 09:37, David Touzeau wrote:
Configure:
./configure --prefix=/usr --build=x86_64-linux-gnu
--includedir=/include --mandir=/share/man --infodir=/share/info
--localstatedir=/var
erence to
`EVP_MD_type'
How i can fix it ?
--
David Touzeau - Artica Tech France
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
or testing performance but
well-known and very simple.
Alex.
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
--
David Touzeau - Artica Tech France
Development team, level
liezer
___
squid-users mailing list
mailto:squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
___
squid-users mailing list
mailto:squid-users@lists.squid-cache.org
https://lists.sq
Thank Alex
This will fix the issue!
Le 31/01/2024 à 17:43, Alex Rousskov a écrit :
On 2024-01-31 09:23, David Touzeau wrote:
Hi %note is used by our external_acls and for log other tokens
And we use also Group as token.
it can disabled by direcly removing source kerberos code before
to remove these entries from the log ?
I think you should correct logformat directive in your squid
configuration to disable annotations logging (%note):
http://www.squid-cache.org/Doc/config/logformat/
Kind regards,
Ankor.
ср, 31 янв. 2024 г. в 15:51, David Touzeau :
Anyway to rem
in("-", "S", $sid_rev, ($id1<<32)+$id2, @ids);
print "$sid_string\n";
вт, 30 янв. 2024 г. в 18:49, David Touzeau :
Hi when using Kerberos with Squid when in access log a long Group
tags:
I would like to know how to disable Squid to grab groups suring
BIB%0D%0Aaccessrule:%20final_allow%0D%0Afirst:%20ERROR%0D%0Awebfilter:%20pass%0D%0Aexterr:%20invalid_code_431%0D%0A
ua="-" exterr="-|-"|
--
David Touzeau - Artica Tech France
Development team, level 3 support
--
P: +33 6 58 44 69 46
www:https:
d to keep splay tree searching predictable
2023/10/02 20:18:50| WARNING: You should probably remove
'64.34.72.230' from the ACL named 'GlobalWhitelistDSTNet'
2023/10/02 20:18:50| WARNING: (B) '64.34.72.232' is a subnetwork of
(A) '64.34.72.232'
According
0/02 20:18:50| WARNING: You should probably remove '64.34.72.230'
from the ACL named 'GlobalWhitelistDSTNet'
2023/10/02 20:18:50| WARNING: (B) '64.34.72.232' is a subnetwork of (A)
'64.34.72.232'
According to all warning, Squid won't start with this error
*202
re willing to
patch the squid sources.
In that case, just remove the debugs() statement in lines 200-203
of file src/helper/Reply.cc .
On Mon, Aug 28, 2023 at 9:52 PM David Touzeau
wrote:
Thanks You
As these changes affect many things for us ( use
.
regards
On 28/08/2023 22:46, Francesco Chemolli wrote:
Hi David,
you should use
itchart_=PASS
The trailing underscore signals Squid that this is a custom header.
On Mon, Aug 28, 2023 at 3:54 PM David Touzeau
wrote:
Hi
Since 6.2 ( aka migrating from 5.8 )
Squid claim about
e: If this is a custom annotation, rename it to add a trailing
underscore: itchart_
current master transaction: master278
Did the helper instead of "itchart=PASS" must send
"itchart_=PASS"
or
"itchart_PASS"
?
--
David Touzeau - Artica Tech
l
disable all "deny" rules.
I'm wrong ?
On 24/04/2023 11:22, Amos Jeffries wrote:
On 24/04/2023 11:33 am, David Touzeau wrote:
We have a "problem" with ACLs, and I don't know how to address this
situation in Squid 5.8
Let me explain:
We have an Active Director
We have a "problem" with ACLs, and I don't know how to address this
situation in Squid 5.8
Let me explain:
We have an Active Directory group named limited_users that is only
allowed to surf on a very limited list of websites.
These users are therefore forbidden to surf on all sites not listed in
Thanks Amos for this clarification,
We also have the same needs and indeed, we face with the same approach.
It is possible that the structure of Squid could not, in some cases,
recovering this type of information.
Although the concept of a proxy is neither more nor less than a big
browser that
Thanks Amos for this clarification,
We also have the same needs and indeed, we face with the same approach.
It is possible that the structure of Squid could not, in some cases,
recovering this type of information.
Although the concept of a proxy is neither more nor less than a big
browser that
/uisproxy-rop@***.***.CORP
3 11/16/2022 11:30:50 host/uisproxy-rop@***.***.CORP
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
--
David Touzeau - Artica Tech France
Development team
cover a LOT of things. All of which are outside of Squid's domain.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
--
David Touzeau - Artica Tech France
Development t
mote=192.168.1.13:62858 FD 21 flags=1
2022/10/12 22:29:49.477 kid3| 11,2| Stream.cc(280) sendStartOfMessage:
HTTP Client REPLY:
-
HTTP/1.1 502 Bad Gateway
Mime-Version: 1.0
Date: Wed, 12 Oct 2022 20:29:49 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 506470
X-Squid-Error: ERR_READ_ERRO
Hi
We using squid 5.7 after adding ssl-bump we have sometimes several 502
error with extended error ERR_READ_ERROR|WITH_SERVER
1665589818.831 11 192.168.1.13 NONE_NONE/502 192616 OPTIONS
https://www2.deepl.com/jsonrpc?method=LMT_split_text - HIER_NONE/-:-
text/html mac="68:54:5a:94:e7:5
Hi
We have some experience on cluster configuration.
https://wiki.articatech.com/en/proxy-service/hacluster
As using Kubernetes for Squid and for 40K users is a very "risky adventure".
Squid requires a very high disk performance (I/O) which means both a
good hard disk drive and a decent contr
Hi Eric.
We had the same restrictions with the fast or slow ACLs.
Have you thought about creating a squid helper that calculates your needs?
So maybe you can get around this by using the acl "note" acl note xxx
xxx which turns your helper results (slow) into "fast".
Le 05/09/2022 à 14:56, PE
http://lists.squid-cache.org/listinfo/squid-users
--
Technical Support
*David Touzeau*
Orgerus, Yvelines, France
*Artica Tech*
P: +33 6 58 44 69 46
www: wiki.articatech.com <https://wiki.articatech.com>
www: articatech.net <http://articatech.net>
___
Hi Eliezer
if you want to do transparent mode without having to put squid squidboix
in front of your fortinet.
If you want to do transparent mode while your fortinet aggregates
several VLANs, the WCCP mode is necessary
So you can control everything through your fortigate
By the way, fortin
g?
Thanks,
Eliezer
Eliezer Croitoru
NgTech, Tech Support
Mobile: +972-5-28704261
Email: ngtech1...@gmail.com
Web: https://ngtech.co.il/
My-Tube: https://tube.ngtech.co.il/
*From:*squid-users *On
Behalf Of *David Touzeau
*Sent:* Thursday, 23 June 2022 19:12
*To:* squid-users@lists.squid
testing to be done.
Le 23/06/2022 à 14:44, Alex Rousskov a écrit :
On 6/21/22 07:43, David Touzeau wrote:
We trying to using WCCP with Fortigate without success Squid version
5.5 always claim "Ignoring WCCPv2 message: truncated record"
What can be the cause ?
The most likely cause a
Hi
We trying to using WCCP with Fortigate without success Squid version
5.5 always claim "Ignoring WCCPv2 message: truncated record"
What can be the cause ?
We have added a service ID 80 on fortigate
config system wccp
edit "80"
set router-id 10.10.50.1
set group-address
al Support
*David Touzeau*
Orgerus, Yvelines, France
*Artica Tech*
P: +33 6 58 44 69 46
www: wiki.articatech.com <https://wiki.articatech.com>
www: articatech.net <http://articatech.net>
___
squid-users mailing list
squid-users@list
Hi
added exterr="%err_code|%err_detail" in logging and result return some
request with ERR_PROTOCOL_UNKNOWN|exception=18686e4e
1646498399.887 46 176.12.1.2 NONE_NONE/000 0 CONNECT 62.67.238.138:443 -
HIER_NONE/-:- exterr="ERR_PROTOCOL_UNKNOWN|exception=18686e4e"
What does "exception=18686e
ed to
understand the scenario.
While you assume it’s a chimera I still believe it’s just a three
heads Kerberos which… was proved to exists… in the movies and in the
virtual world.
Eliezer
Eliezer Croitoru
NgTech, Tech Support
Mobile: +972-5-28704261
Email: ngtech1...@gmail.co
nd what
you want and what you can afford to invest in the development process
of each part of setup.
All The Bests,
Eliezer
Eliezer Croitoru
NgTech, Tech Support
Mobile: +972-5-28704261
Email: ngtech1...@gmail.com
*From:*squid-users *On
Behalf Of *David Touzeau
*Sent:* Friday, Februar
.
With kerberos authentication the user don't have to authenticate against
the proxy. The authentication is done in the background.
Mayb this link will help:
https://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos
On Thu, Feb 10, David Touzeau wrote:
Hi
What we are looking for is to ret
atabase.
This is to avoid any connection to an Active Directory
Maybe this is impossible
Le 10/02/2022 à 05:03, Amos Jeffries a écrit :
On 10/02/22 01:43, David Touzeau wrote:
Hi
I would like to sponsor the improvement of ntlm_fake_auth to support
new protocols
ntlm_* helpers are specific to
Hi
I would like to sponsor the improvement of ntlm_fake_auth to support new
protocols or go further produce a new negotiate_kerberos_auth_fake
Who should start the challenge?
regards___
squid-users mailing list
squid-users@lists.squid-cache.org
http
ugh to demonstrate that a simple
threaded helper is much better then any PHP code that was not meant to
be running as a STDIN/OUT daemon/helper software.
All The Bests,
Eliezer
Eliezer Croitoru
NgTech, Tech Support
Mobile: +972-5-28704261
Email: ngtech1...@gmail.com
*From:*David Touzeau
-
Eliezer Croitoru
NgTech, Tech Support
Mobile: +972-5-28704261
Email: ngtech1...@gmail.com
*From:*squid-users *On
Behalf Of *David Touzeau
*Sent:* Friday, February 4, 2022 16:29
*To:* squid-users@lists.squid-cache.org
*Subject:* Re: [squid-users] external helper development
Elizer,
Thanks for all
(stdin_thread)
while(RUNNING):
time.sleep(3)
print("Not RUNNING")
for thread in threads:
thread.join()
print("All threads stopped.")
## END
Eliezer
Eliezer Croitoru
NgTech, Tech Support
Mobile: +972-5-28704261
Email: ngtech1...@gmail.com
*From:*squi
Elizer,
Thanks for all this advice and indeed your arguments are valid between
opening a socket, sending data, receiving data and closing the socket
unlike direct access to a regex or a memory entry even if the
calculation has already been done.
But what surprises me the most is that we have
Hi Elizer
You are right in a way but when squid loads multiple helpers, each
helper will use its own cache.
Using a shared "base" allows helpers to avoid having to compute a query
already found by another helper who already has the answer.
Concerning PHP what we find strange is that with our
Is adapted_http_access supporting url_rewrite_program ? It seems only
supports ecap/icap
Le 31/01/2022 à 03:52, Amos Jeffries a écrit :
On 31/01/22 13:20, David Touzeau wrote:
But it makes 2 connections to the squid for just stopping queries.
It seems not really optimized.
The joys of
Hi
I have built my own squid url_rewrite_program
protocol requires answering with
# OK status=301|302 url=
Or
# OK rewrite-url="http://blablaba";
In my case, especially for trackers/ads i would like to say to browsers:
"Go away !" without need them to redirect.
Sure i can use these methods
Hi
We used Squid 5.2 and we see that security_file_certgen consume I/O
Is there any way to put the ssldb in memory without need to mount a tmpfs ?
regards
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/list
Hi
Working like a charm !!!
Many thanks!!
Le 26/11/2021 à 17:43, Alex Rousskov a écrit :
On 11/25/21 4:46 PM, David Touzeau wrote:
We need to add %note added from external helper using a deny_info and
specific squid error page.
tried with %o or %m without success
Is there a token to build
Hi,
We need to add %note added from external helper using a deny_info and
specific squid error page.
tried with %o or %m without success
Is there a token to build an error page with an external acl helper output ?
Regards___
squid-users mailing li
Hi
According to your documentation,
cache dir rock : objects larger than 32,000 bytes cannot be cached
if aufs cannot be implemented in SMP configuration how can we handle
larger files in cache ?
Le 23/11/2021 à 11:01, David Touzeau a écrit :
Ok thanks, we will investigate in this way
Le 22
Hi community,
tlu.dl.delivery.mp.microsoft.com is from the app store and it encounters
an issue with high bandwidth usage.
We think that it was caused because Squid filtering the HTTP Range
header from the HTTP requests.
This caused the app store download everything in an endless loop
We know
Ok thanks, we will investigate in this way
Le 22/11/2021 à 19:33, Alex Rousskov a écrit :
On 11/22/21 12:48 PM, David Touzeau wrote:
Here our SMP configuration:
workers 2
cache_dir rock /home/squid/cache/rock 0 min-size=0 max-size=131072
slot-size=32000
if ${process_number} = 1
256
min-size=131072 max-size=3221225472
endif
if ${process_number} = 2
memory_cache_mode always
cpu_affinity_map process_numbers=${process_number} cores=2
endif
where is the false settings ?
Missing cache_dir ?
Le 22/11/2021 à 18:18, Alex Rousskov a écrit :
On 11/22/21 11:55 AM, David Touzeau
Hi, community
What does mean this error :
2021/11/21 17:23:06 kid1| assertion failed: Controller.cc:930:
"!transients || e.hasTransients()"
current master transaction: master69
We are unable to start the service it always crashes.
How can we can fix it ( purge cache , reboot )... ?__
Hi,
For us it is Squid v4.17
Le 16/11/2021 à 17:40, Graminsta a écrit :
Hey folks ;)
What is the most stable squid version for production on Ubuntu 18 or 20?
Marcelo
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squ
Any tips,
Is someone using Fake NTLM with modern browsers ?
Le 11/11/2021 à 13:16, David Touzeau a écrit :
Thanks Amos it will help understand something
I think modern browser sending NTLMv2 as the ntlm_fake_auth
understanding only NTLMv1 ( perhaps )
Using curl with --proxy-ntlm option is
ies needed to see if the memory leak is
gone or not.
I run multiple Squid 5.2 servers on Debian 11 in production and do not
have any issues.
---
Best regards,
Enrico Heine
Am 2021-11-11 20:08, schrieb David Touzeau:
Hi
Just for information and i hope it will help.
We have installed Squid 5.1
Hi
Just for information and i hope it will help.
We have installed Squid 5.1 and Squid 5.2 in production mode.
It seems that after several days, the Squid become very unstable.
We mention that when switching to 4.x we did not encounter these errors
with the same configuration, same users, same
00 00 00 00 00 3A 00 57 4F 52 4B 47 52 4F 55 WORKGROU
Le 11/11/2021 à 08:40, Amos Jeffries a écrit :
On 11/11/21 14:12, David Touzeau wrote:
Hi,
i would like to use ntlm_fake_auth but it seems Squid refuse to
switch to authenticated user and return a 407 to the browser a
Hi,
i would like to use ntlm_fake_auth but it seems Squid refuse to switch
to authenticated user and return a 407 to the browser and squid never
accept credentials.
What i missing ?
Configuration seems simple:
auth_param ntlm program /lib/squid3/ntlm_fake_auth -v
auth_param ntlm children 20
request.
Le 02/11/2021 à 16:17, Alex Rousskov a écrit :
On 11/2/21 10:40 AM, David Touzeau wrote:
2021/11/01 16:50:48.787 kid1| 93,3| Http::Tunneler::handleReadyRead(conn9812727
local=127.0.0.1:23408 remote=127.0.0.1:2320 FIRSTUP_PARENT)
2021/11/01 16:50:48.787 kid1| 74,5| parse: status
Hi,
Take time to enable the debug log an parsing the 10GB of logs
Here the piece of code:
2021/11/01 16:50:48.786 kid1| 33,5| AsyncCall.cc(30) AsyncCall: The
AsyncCall Server::clientWriteDone constructed, this=0x55849cb132b0
[call252226641]
2021/11/01 16:50:48.786 kid1| 5,5| Write.cc(37) Writ
Hello Community,
We use child Squid proxies that connect to boxes that act as parents.
In version 4.x this configuration does not pose any problem.
In version 5.2, since, we have a lot of errors like :
01h 47mn kid1| TCP connection to 10.32.0.18/3150 failed
01h 47mn kid1| TCP connection to 10.32
Hi
Just to mention, we discover high memory usage too without ICAP and SSL bump
after several days, need to restart the service.
Le 08/10/2021 à 10:56, Steve Hill a écrit :
I'm seeing high memory usage on Squid 5.1. Caching is disabled, so
I'd expect memory usage to be fairly low (and it was
Thanks amos !!
I think auth_schemes can be a workaround.
I will try it !
Le 21/09/2021 à 02:49, Amos Jeffries a écrit :
On 21/09/21 11:49 am, David Touzeau wrote:
When edge, chrome and IE try to establish a session, Squid claim
2021/09/21 01:17:27 kid1| ERROR: Negotiate Authentication
n im setting
It up, i'll document it and make and howto of it.
Greetz,
Louis
Van: squid-users [mailto:squid-users-boun...@lists.squid-cache.org]
Namens David Touzeau
Verzonden: dinsdag 21 september 2021 1:49
Aan: squid-users@l
Hi all
i have setup Kerberos authentication with Windows 2019 domain using
Squid 5.1 ( The Squid version did not fix the issue - Tested 4.x and 5.x)
In some cases, some computers are not joined to the domain and ween need
to allow authenticate on Squid
To allow this, Basic Authentication is
Thanks, i will try in this way
Le 16/09/2021 à 21:03, Alex Rousskov a écrit :
On 9/16/21 2:52 PM, David Touzeau wrote:
It is true that it would be possible to use an external_acl in the
http_reply_access.
Do you think that adding it in this position I would be able to use
squid's resol
that adding it in this position I would be able to use
squid's resolution results ?
Le 16/09/2021 à 19:43, Alex Rousskov a écrit :
On 9/16/21 1:30 PM, David Touzeau wrote:
I'm turning to create a DNS resolution dev and I'm giving up looking
retreive this information through Squi
Amos,
Thank you for your response and kindness,
I'm turning to create a DNS resolution dev and I'm giving up looking
retreive this information through Squid.
Le 16/09/2021 à 19:13, Amos Jeffries a écrit :
On 17/09/21 2:42 am, David Touzeau wrote:
Thanks Amos for quick answer.
Ca
:
On 16/09/21 10:09 pm, David Touzeau wrote:
Hi comunity, Squid fans
I would like to use an external acl process for Geoip processing
i have tried to setup squid to send the remote peer address using %code but it always reply with a "-"
external_acl_type MyGeopip ttl=3600 negativ
Hi comunity, Squid fans
I would like to use an external acl process for Geoip processing
i have tried to setup squid to send the remote peer address using %code but it always reply with a "-"
external_acl_type MyGeopip ttl=3600 negative_ttl=3600 children-startup=2
children-idle=2 children-max
0922
Tel (Intl) : +44 1305 898033
https://www.lubefinder.com
*From:* squid-users on
behalf of David Touzeau
*Sent:* Wednesday, September 15, 2021 11:40:04 AM
*To:* squid-users@lists.squid-cache.org
*Subject:* [squid
On Debian 10 64bits with squid 5.1 we have thousand warning as this:
2021/09/15 08:00:18 kid1| WARNING: no_suid: setuid(0): (1) Operation not
permitted
2021/09/15 08:00:18 kid2| WARNING: no_suid: setuid(0): (1) Operation not
permitted
2021/09/15 08:00:18 kid1| WARNING: no_suid: setuid(0): (1)
Basically syslogd can do what you want : send via TCP, HTTP, UDP
So the deal is to use
logformat my_metrics [statsd] %icap::tt %
Hi
Is there a way to configure Squid to output the logs to statsd rather
than a file?
Today I have this:
+logformat my_metrics %icap::tt %However I would
ists/squid/msg93659.html
Many users says there is no impact on helpers and performance as it is
just a warning...
Did you confirm it ?
Le 28/02/2021 à 01:58, Alex Rousskov a écrit :
On 2/27/21 7:22 PM, David Touzeau wrote:
Hi, regulary i have this error :
2021/02/28 01:18:43 k
Hi, regulary i have this error :
2021/02/28 01:18:43 kid1| helperOpenServers: Starting 5/32
'security_file_certgen' processes
2021/02/28 01:18:43 kid1| WARNING: no_suid: setuid(0): (1) Operation not
permitted
i have set the setuid permission
chown root:squid security_file_certgen
chmod 0475
-enable-epoll'
'--enable-async-io=128' '--enable-zph-qos' '--enable-delay-pools'
'--enable-http-violations' '--enable-url-maps' '--enable-ecap'
'--enable-ssl' '--with-openssl' '--enable-ssl-crtd'
'--enable
Hi
This error is generated every 15 minutes when using any authenticator
helper (ntlm, kerberos...)
Is there a way to investigate on this issue ?
kidxx| WARNING: no_suid: setuid(0): (1) Operation not permitted
Sometimes, after rebooting the system, issue is fixed for an
undetermined period
Support
Mobile: +972-5-28704261
Email: ngtech1...@gmail.com <mailto:ngtech1...@gmail.com>
Zoom: Coming soon
*From:*David Touzeau
*Sent:* Monday, January 4, 2021 3:25 PM
*To:* ngtech1...@gmail.com; squid-users@lists.squid-cache.org
*Subject:* Re: [squid-users] PCI Certification compliance
Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: ngtech1...@gmail.com <mailto:ngtech1...@gmail.com>
Zoom: Coming soon
*From:*squid-users *On
Behalf Of *David Touzeau
*Sent:* Monday, January 4, 2021 10:23 AM
*To:* squid-users@lists.squid-cache.org
*Subject:* Re: [squid-user
Hi Eiezer,
I can help you by giving a list but
Just by using "main domains":
* Banking/transcations : 27 646 websites.
* AV sofwtare and updates sites (fw, routers...) : 133 295 websites
I can give it to you the lists , they are incomplete and it should
decrease squid performance by loadin
Thanks Amos
You means using "login=PASS" in peer settings and in Proxy parent B and
C use the "basic_fake_auth" helper to "simulate" the requested auth ?
Le 17/11/2020 à 11:43, Amos Jeffries a écrit :
On 17/11/20 9:27 pm, David Touzeau wrote:
Hi,
W
Hi,
We a first Squid using Kerberos + Active Directory authentication.
This first squid is used to limit access using ACls and Active Directory
groups.
This first squid using parents as peer in order to access to internet in
this way:
| > SQUID B --
When having several *_access http_access,reply_access...
In a stressed environment, it is difficult to hunt an issue or a wrong rule.
The debug mode is impossible because the proxy in production mode write too
many logs..
But if we can identify the rule and add pointer to the log, it is possibl
Thanks for the answer details
How to be a sponsor ? ( cost ) of such feature
Could you think it can be planned for 5.x ?
I think it should be a "future" "standard" in the same way of DNS over SSL
Le 19/05/2020 à 16:46, Alex Rousskov a écrit :
On 18/05/20 10:15 am, David T
TestFinger
ssl_bump stare ssl_step2 all
ssl_bump bump all
But no luck, website still decrypted.
Le 13/05/2020 à 21:33, Alex Rousskov a écrit :
On 5/12/20 7:42 AM, David Touzeau wrote:
ssl_bump peek ssl_step1
ssl_bump splice TestFinger
ssl_bump stare ssl_step2 all
ssl_bump bump all
Seems TestFinger
Hi we want to use squid as * * * Secure Proxy * * * using https_port
We have tested major browsers and it seems working good.
To make it work, we need to deploy the proxy certificate on all browsers
to make the secure connection running.
In this case, squid forward requests without decryptin
Hi, i'm trying to play with acl "server_cert_fingerprint" for splicing
websites.
First, get the fingerprint :
openssl s_client -host www.clubic.com -port 443 2> /dev/null | openssl
x509 -fingerprint -noout
# Build the acl
acl TestFinger server_cert_fingerprint
77:F6:8D:C1:0A:DF:94:8B:43
Hi
Is Squid handle TCP Fast open on modern kernel ?
Has anyone tried to implement this directive and noticed a performance
improvement ?
Best regards.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listin
Le 15/04/2019 à 22:41, Alex Rousskov a écrit :
On 4/15/19 8:01 AM, David Touzeau wrote:
Is it possible, sometimes to better understand a bunch of ACLs to log
the last matches or a set of matched acls objects:
192.168.1.235 - - [15/Apr/2019:15:59:30 +0200] "GET
http://www.msftncsi.com/ncs
Le 02/04/2019 à 10:39, Amos Jeffries a écrit :
On 2/04/19 8:53 pm, L.P.H. van Belle wrote:
I suggest start compairing the logs you posted, the builds are really different.
Differences in
- kernel
- needed packages
- build paramaters due to missing or different packages.
Etc.
Just diff you log
Hi
Is it possible, sometimes to better understand a bunch of ACLs to log
the last matches or a set of matched acls objects:
example
192.168.1.235 - - [15/Apr/2019:15:59:30 +0200] "GET
http://www.msftncsi.com/ncsi.txt HTTP/1.1" 200 211 "-" "curl/7.52.1"
TCP_MISS:HIER_DIRECT text/plain obje
Le 02/04/2019 à 18:06, Alex Rousskov a écrit :
On 4/2/19 1:23 AM, David Touzeau wrote:
Le 01/04/2019 à 23:22, Alex Rousskov a écrit :
Do your Squids use shared memory for the memory cache? See
memory_cache_shared (even if you do not set it explicitly).
http://www.squid-cache.org/Doc/config
Le 02/04/2019 à 07:43, L A Walsh a écrit :
On 4/1/2019 2:17 AM, David Touzeau wrote:
We have recompiled same squid version on 2 systems
https://github.com/dtouzeau/1.6.x/blob/Tempfiles/centos7-config.log?raw=true
---
Result was CentOS 44
Le 01/04/2019 à 23:22, Alex Rousskov a écrit :
On 4/1/19 3:17 AM, David Touzeau wrote:
On 30.03.19 10:22, David Touzeau wrote:
* Debian 9 net install + Squid compiled
* CentOS 7 minimal + Squid compiled
Same version, same compilation parameters, same Squid settings.
It seems that Squid on
Le 01/04/2019 à 00:23, David Touzeau a écrit :
Le 31/03/2019 à 05:50, Amos Jeffries a écrit :
On 31/03/19 3:41 am, David Touzeau wrote:
On 30.03.19 10:22, David Touzeau wrote:
Did you have perform squid stress on Debian against CentOS ?
I have installed:
* Debian 9 net install + Squid
Le 31/03/2019 à 05:50, Amos Jeffries a écrit :
On 31/03/19 3:41 am, David Touzeau wrote:
On 30.03.19 10:22, David Touzeau wrote:
Did you have perform squid stress on Debian against CentOS ?
I have installed:
* Debian 9 net install + Squid compiled
* CentOS 7 minimal + Squid compiled
Same
On 30.03.19 10:22, David Touzeau wrote:
Did you have perform squid stress on Debian against CentOS ?
I have installed:
* Debian 9 net install + Squid compiled
* CentOS 7 minimal + Squid compiled
Same version, same compilation parameters, same Squid settings.
It seems that Squid on CentOS
Hi all,
Did you have perform squid stress on Debian against CentOS ?
I have installed:
* Debian 9 net install + Squid compiled
* CentOS 7 minimal + Squid compiled
Same version, same compilation parameters, same Squid settings.
It seems that Squid on CentOS is 10 times faster than squid on
1 - 100 of 182 matches
Mail list logo
