[squid-users] What is the state of V5 branch? Can I try to publish some RPMS?

Hey, Next year I will start publishing RPMs for Squid again. What is the state of V5? What should be verified or tested with V5? Thanks, Eliezer Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: elie...@ngtech.co.il __

Re: [squid-users] Proxy Server closes the connection to http server before transferring all application data to http client

h.co.il> elie...@ngtech.co.il From: Zhang, Lily (USD) Sent: Wednesday, December 16, 2020 9:40 AM To: Eliezer Croitor Cc: squid-users@lists.squid-cache.org Subject: RE: [squid-users] Proxy Server closes the connection to http server before transferring all application data to http clien

Re: [squid-users] Proxy Server closes the connection to http server before transferring all application data to http client

Hey Lily, Is there any specific issue which made you aware of this issue? Thanks, Eliezer Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: elie...@ngtech.co.il From: squid-users On Behalf Of Zhang, Lily (USD) Sent: Tuesday, Decem

Re: [squid-users] Proxy Server closes the connection to http server before transferring all application data to http client

Hey Lily, Is there any specific issue which made you aware of this issue? Thanks, Eliezer Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: elie...@ngtech.co.il From: squid-users On Behalf Of Zhang, Lily (USD) Sent: Tuesday, Decem

Re: [squid-users] sslcrtvalidator_program

ers@lists.squid-cache.org Cc: Eliezer Croitor Subject: Re: [squid-users] sslcrtvalidator_program On 12/14/20 2:15 PM, Eliezer Croitor wrote: > I wrote a simple ruby helper but squid claims it crashes rapidly. > Since probably nobody else is willing to do some pipelining job I > assume it&#x

Re: [squid-users] sslcrtvalidator_program

To: squid-users@lists.squid-cache.org Cc: Eliezer Croitor Subject: Re: [squid-users] sslcrtvalidator_program On 12/14/20 1:55 PM, Eliezer Croitor wrote: > We can use this as an example for a single transaction in the wiki: > https://gist.githubusercontent.com/elico/a0397c879776336eeae5

Re: [squid-users] sslcrtvalidator_program

hanks, Eliezer Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: elie...@ngtech.co.il -Original Message- From: Alex Rousskov Sent: Monday, December 14, 2020 6:42 PM To: squid-users@lists.squid-cache.org Cc: Eliezer Croitor Subject: Re: [squid-users] sslcrtvalidator_progra

Re: [squid-users] dhcp

Hey, I do not know exactly how and on what environment but usually it's done with a Radius server. Maybe with 802.x integration in the switch level to make sure that no one is un-accounted for in the network. Eliezer Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: elie...@ngt

Re: [squid-users] Adding header with destination IP to icap server via adaptation_meta

Have you tried to use this format log in the logfomat? I do not remember by heart but I what I see is the docs is: http://www.squid-cache.org/Versions/v4/cfgman/logformat.html logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %http://www.squid-cache.org/Versions/v4/cfgman/adaptation_meta.htm

Re: [squid-users] sslcrtvalidator_program

: Eliezer Croitor Sent: Monday, December 14, 2020 11:27 AM To: 'Amos Jeffries' Cc: squid-users@lists.squid-cache.org Subject: RE: [squid-users] sslcrtvalidator_program So starts with: 0 cert_validate... line And ends with?: error_name_0=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT error_cert_0=cer

Re: [squid-users] sslcrtvalidator_program

rogram On 14/12/20 9:11 am, Eliezer Croitor wrote: > I am trying to understand the way the sslcrtvalidator_program works. > I am pretty sure I have asked this in the past but didn’t found it for some > reason. > > I want to read line by line so. > /^-BEGIN CERTIFICA

[squid-users] sslcrtvalidator_program

I am trying to understand the way the sslcrtvalidator_program works. I am pretty sure I have asked this in the past but didn’t found it for some reason. I want to read line by line so. /^-BEGIN CERTIFICATE-$/ *** /^-END CERTIFICATE-$/ What else should I look for? I was thinking a

Re: [squid-users] Sqlite3 with Squid

quid-users] Sqlite3 with Squid On 13/12/20 11:01 am, Eliezer Croitor wrote: > Well indeed it's very similar. > I would need to think about it a bit more to grasp it again in my mind. > However in the embedded world ruby/perl/python are not usually available so.. > True. Though for

Re: [squid-users] Squid with more than 128 ports?

: +972-5-28704261 Email: ngtech1...@gmail.com <mailto:ngtech1...@gmail.com> From: roee klinger Sent: Friday, December 11, 2020 1:23 PM To: Eliezer Croitor ; squid-users@lists.squid-cache.org Subject: Re: [squid-users] Squid with more than 128 ports? Hey Eliezer, Thanks, but ac

Re: [squid-users] Sqlite3 with Squid

ssage- From: squid-users On Behalf Of Amos Jeffries Sent: Saturday, December 12, 2020 11:56 AM To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] Sqlite3 with Squid On 11/12/20 12:03 pm, Eliezer Croitor wrote: > Amos or Alex might remember or know how to trigger external_acl help

Re: [squid-users] Sqlite3 with Squid

, December 10, 2020 1:55 PM To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] Sqlite3 with Squid On Thursday 10 December 2020 at 12:49:48, Eliezer Croitor wrote: > Hey, > > I am wondering what can I use Sqlite3 with squid? > > I was thinking about holding some of the

Re: [squid-users] Squid with more than 128 ports?

You should use Haproxy in a Fail-over setup. Squid is great but it’s possible that Haproxy does this much better theses days then Squid. You can leave the authentication on the Squid servers and use the Haproxy as TCP Load balancer. If you need the clients Original IP address you can use the P

[squid-users] Sqlite3 with Squid

Hey, I am wondering what can I use Sqlite3 with squid? I was thinking about holding some of the config dynamic parts inside sqlite db (in a specific setup) And then generate the config file from sqlite. What do you think? Thanks, Eliezer Eliezer Croitoru Tech Support Mobi

Re: [squid-users] Debugging a slow Squid?

I must add that to verify any browsing speed issue there are couple very specific tests which should be tested: - DNS response speed, response content ie A//CNAME etc.. - Basic traceroute tests - periodic Ping tests - CPU load(top, htop, others..) - curl/wget/other specific pages speed downloa

Re: [squid-users] Gather POST request on HTTPS traffic?

Hey Roee, From what I remember the best solution would be to use an eCAP module in the long term. You can use the debug_options and it will work good. The main issue with this is the DISK IO. If you do have beefy hardware and SSD+RAM on the machine then the debug_options might be good enough for

Re: [squid-users] issues with sslbump and "Host header forgery detected" warnings

Hey Leonardo, I assume The best solution for you is a simple SNI proxy. Squid does also that and you can try to debug this issue to make sure you understand what is wrong. It clearly states that Squid doesn't see this specific address: local=216.58.222.106:443 As the domain: chromesyncpasswords-

Re: [squid-users] Best practice for adding or removing ACLs dynamically ?

g tunnels and/or BGP feeds. If anyone wants to ask about this setup I will be more than happy to receive emails about it here in the list. All The Bests, Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com -----Original Message- From: Eliezer Croitor Sen

Re: [squid-users] squid kerberos auth, acl note group

restartet to take effekt. Regards Klaus Am Mittwoch, den 04.11.2020, 15:13 +0200 schrieb Eliezer Croitor: > Hey Klaus, > > I tried to follow the thread and understand what went wrong and how > it was fixed, > and I didn't manage to understand. (Maybe I am missing some emails in &g

Re: [squid-users] squid kerberos auth, acl note group

Hey Klaus, I tried to follow the thread and understand what went wrong and how it was fixed, and I didn't manage to understand. (Maybe I am missing some emails in the thread) Can you please clear out what was done to resolve this issue? Thanks, Eliezer Eliezer Croitoru Tech Support Mobil

Re: [squid-users] allow certian user ips to access only 2 domains and disallow everything

Hey Simon, I have seen these websites and it seems that some content which is used in them is from CDNs or other domains. It’s very important to include specific domains like in the url: https://code.jquery.com/jquery-3.3.1.min.js For these sites to work properly. You can try to run

Re: [squid-users] squid restart

Hey Vieri, FD and other limits are a tricky thing in gentoo and couple other systems. In ubuntu for example to apply a ulimit for squid what they did is add a ulimit command at the beginning of the init script. Ie 'ulimit -hn 65535;ulimit -sn 65535' In other init or startup systems like systemd

Re: [squid-users] Best practice for adding or removing ACLs dynamically ?

Hey Roee, I am trying to understand what part of squid.conf you want to be able to change without a reconfigure/reload? If you have many users, ie above 50 you should probably not use a simple ncsa_auth although it's possible and in more then one case is preferable. You could probably write you

Re: [squid-users] Reverse proxying Exchange OWA wembail with SSL offloading

Hey Scott, In many frontends there is a basic way to signal about the existence of a Frontend and the relevant details about the client and other factors of the connection. Specifically with haproxy these settings are used: http-request set-header X-Forwarded-Host %[req.hdr(Host)] http-r

Re: [squid-users] Reverse proxying Exchange OWA wembail with SSL offloading - not working on IE/Chrome

Hey Scott, Can you attach any example cookie with and without the secure value? (replace sensitive data) Thanks, Eliezer Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com -Original Message- From: squid-users On Behalf Of Scott Sent: Tuesday, October

Re: [squid-users] SSL issue on Squid version 4 after blacklisting

https://bugs.squid-cache.org/createaccount.cgi Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com <mailto:ngtech1...@gmail.com> From: DIXIT Ankit Sent: Tuesday, October 20, 2020 8:02 PM To: Eliezer Croitor Cc: 'Squid Users'

Re: [squid-users] SSL issue on Squid version 4 after blacklisting

ch1...@gmail.com> From: DIXIT Ankit Sent: Monday, October 19, 2020 3:11 PM To: Eliezer Croitor Cc: 'Squid Users' Subject: RE: SSL issue on Squid version 4 after blacklisting Elizer, 1. I am not able to identify from below like what exactly needs to be done a

Re: [squid-users] SSL issue on Squid version 4 after blacklisting

-28704261 Email: ngtech1...@gmail.com <mailto:ngtech1...@gmail.com> From: DIXIT Ankit Sent: Friday, September 25, 2020 4:22 PM To: Eliezer Croitor ; 'Squid Users' Subject: RE: SSL issue on Squid version 4 after blacklisting Elizer/Team, Any help would be apprecia

Re: [squid-users] sslproxy_options on squid 3.5.20

Hey Nisa, Just wondering, if it’s only a whitelist filtering proxy for TLS/SSL/443 Wouldn’t it be better to use a basic SNI proxy with a whitelist? Eliezer Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com From:

Re: [squid-users] I want to know the concerns of load testing

Hey Amos, Just wondering if someone is willing to host RPM's? These can be built using: https://github.com/elico/squid-docker-build-nodes I can build the RPMs however I cannot host them. Eliezer * In any case 4 GB of RAM for 45k Clients on a single proxy would probably result high SWAPPING at

Re: [squid-users] SSL issue on Squid version 4 after blacklisting

Sent: Friday, September 25, 2020 4:22 PM To: Eliezer Croitor ; 'Squid Users' Subject: RE: SSL issue on Squid version 4 after blacklisting Elizer/Team, Any help would be appreciated. Regards, Ankit Dixit|IS Cloud Team Eurostar International Ltd Times House | Bravington

Re: [squid-users] How to select parent proxy based on user password

, September 25, 2020 2:25 AM To: squid-users@lists.squid-cache.org; Eliezer Croitor Subject: Re: [squid-users] How to select parent proxy based on user password Hey Eliezer, Squid contains some very advanced features that would take several weeks to rewrite I'm sure. But you're

Re: [squid-users] How to select parent proxy based on user password

Just to add a side note: Squid is not the most advanced proxy in the Programming world. It's possible that many use Squid as their proxy servers software however, in the programming world there are far more simple and efficient ways to write a proxy that will serve a service such as PacketStream.

Re: [squid-users] How to select parent proxy based on user password

Hey, You can use a customized password helper. I am not sure if it is possible but you might be able to add “note” with your helper which will do just that. With the username alone you cannot do what you want. You might be able to use the same username but with a different realm but I am not sur

Re: [squid-users] compilation error

I will try to test 5.0.4 build on couple local OS's. It seems that at-least CentOS 8 is showing the same issue. Eliezer Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com -Original Message- From: squid-users On Behalf Of L.P.H. van Belle Sent: Tuesda

Re: [squid-users] Squid ICAP DNS lookup failure fixed?

Hey Andy, What have you tried in your debug? What OS are you using Squid ontop? It's possible that this issue is not related 100% to squid and it might be a different issue then in the post by Aashima. Have you tried debugging DNS resolution with tcpdump or dnstap or Squid debug? If so p

Re: [squid-users] IPVS/LVS load balancing Squid servers, anyone did it?

D Proxy > virtual_server 10.10.10.10 3128 { > > delay_loop 5 > lb_algo wrr > lb_kind DR > protocol TCP > > real_server 10.10.10.11 3128 { # proxy01.example.com > <http://proxy01.example.com> > weight 1 > inhibit_on_failure 1 > TCP_C

Re: [squid-users] IPVS/LVS load balancing Squid servers, anyone did it?

Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com <mailto:ngtech1...@gmail.com> From: Bruce Rosenberg Sent: Thursday, August 27, 2020 7:35 AM To: Eliezer Croitor Cc: squid-users@lists.squid-cache.org Subject: Re: [squid-users] IPVS/LVS load balancing Squid servers, anyone

Re: [squid-users] Need squid latest version 4.13 RPM packaged files for centos7 and x86_64 architecture

y each package. I suggest anyone happy to help collaborate with him. Amos > On Tue, 25 Aug 2020 at 00:45, Eliezer Croitor wrote: > > Trying to understand something in the list. > > __ __ > > Anyone interested funding the build of these RPM’s? > &

Re: [squid-users] GENEVE?

Hey Jonas, What would you expect from Squid to be able to support GENEVE? Squid works with any tunnel the OS support: * GRE * IPIP/IP6IP * VXLAN * Others( https://developers.redhat.com/blog/2019/05/17/an-introduction-to-linux-virtual-interfaces-tunnels/) >From Squid

[squid-users] IPVS/LVS load balancing Squid servers, anyone did it?

Hey All, I am reading about LB and tried to find an up-to-date example or tutorial specific to squid with no luck. I have seen: http://kb.linuxvirtualserver.org/wiki/Building_Web_Cache_Cluster_using_LVS Which makes sense and also is similar or kind of identical to WCCP with gre. Anyone

Re: [squid-users] I would like to know performance sizing aspects.

Hey Kitamura, Technically speaking Openstack admin can create a flavor which has 1 vCPU and 16GB RAM however, it’s recommended to have 1 vCPU per 4 GB of RAM. Openstack default vCPU ratio is 16 vCPUs per 1 physical Core. So for a proxy which use SSL-Bump it’s recommended to have more then 1

Re: [squid-users] Need squid latest version 4.13 RPM packaged files for centos7 and x86_64 architecture

Trying to understand something in the list. Anyone interested funding the build of these RPM’s? To power up some CPU, RAM etc requires food and other bills.. If for some reason many think that these RPM’s can pop up from /dev/null I believe they are wrong. Let Me Know. Eliezer --

Re: [squid-users] WebServer-SRG or Application SRG for Squid?

ust 11, 2020 10:11 AM To: Eliezer Croitor Cc: squid-users@lists.squid-cache.org Subject: Re: RE: [squid-users] WebServer-SRG or Application SRG for Squid? STIG stands for Secure Technical Implementation Guide. It’s the standard by which the DoD and other government entities measure whether a

Re: [squid-users] WebServer-SRG or Application SRG for Squid?

Hey Leonard, Can you clarify what do you mean by STIGing and SRG etc.. What are you trying to achieve? Plain text might make more sense to these who doesn't understand these terms. Thanks, Eliezer Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email:

Re: [squid-users] High memory usage under load with caching disabled, memory is not being freed even with no load

It's 700+ connections per client... assuming it's only half ie 400+- It's a lot.. for a ssl-bump proxy. A simple tcp proxy can take it without stressing too much but TLS bump is another story. Can you verify if there are sessions which are open more then 1 hour? The basic suggestion for many prox

Re: [squid-users] I would like to know performance sizing aspects.

<mailto:ngtech1...@gmail.com> From: m k Sent: Thursday, August 6, 2020 8:29 AM To: Eliezer Croitor Cc: squid-users@lists.squid-cache.org Subject: Re: [squid-users] I would like to know performance sizing aspects. Eliezer, Squid's default setting is 1 core CPU, 16GB mem. How many URL

Re: [squid-users] I would like to know performance sizing aspects.

Kitamura, About the tens of thousands of URLs, Have you considered using a Blacklisting utility, it might lower the memory footprint. Eliezer Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com From: squid-users

Re: [squid-users] ERROR: helper

If you need to build a squid binary you can try to use these docker containers: * https://github.com/elico/squid-docker-build-nodes Hope It Helps Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com -Original Message- From: squid-users On Behalf Of Mat

Re: [squid-users] I would like to know performance sizing aspects.

Hey Amos, I got to CentOS 8... RedHat claimed they will keep the module up-to-date and I would be able to stop building them. From what you describe I understand their speed is the same as it was before. I can build the RPMs but cannot host them 24/7. For now if and when 8.2 RPMs will be built t

Re: [squid-users] youtube-dl

Technically speaking it might be possible. However if you need a specific function you will need to be more specific about what you want to achive. Eliezer Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com From

Re: [squid-users] Bandwidth Trottle

Hey Simon, I think that if possible you should perform qos on the network level rather in the application. Eliezer Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com From: squid-users [mailto:squid-users-boun...

Re: [squid-users] [squid-announce] [ADVISORY] SQUID-2020:7 Cache Poisoning Issue in HTTP Request processing

If someone need I can try to compile a Debian Buster compatible binary as a drop in replacement. Eliezer Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com -Original Message- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Beha

Re: [squid-users] Squid memory consumption problem

Hey, What happen with this issue? I am waiting for any input about this issue to understand with what I can try to help. Eliezer Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com From: DIXIT Ankit [mailto:ankit.di...@eurostar.com] Sent: Tu

Re: [squid-users] Squid 4 and on_unsupported_protocol

Hey Vieri, I have tested the wiki pages again to make sure it's not misleading and.. I have used the next regex: ## START OF FILE # Web.whatsapp.com ^(w[0-9]+|[a-z]+\.)?web\.whatsapp\.com$ # Whatsapp CDN issue .whatsapp\.net$ ## EOF Which seems a bit more accurate then what's in the wiki. If i

Re: [squid-users] Squid memory consumption problem

Hey Dixit is it your first name?, I want to help you but you are jumping between subjects and issues over and over again. Try to open a single thread for a subject and follow it. You are missing details on the clients. Clients can vary from PC to MOBILE etc.. To clear out any doubts abo