On Wed, 2017-02-01 at 23:55 +0300, Vitaly Lavrov wrote:
> Periodically squid begins to linearly increase the use of the CPU.
> Sometimes this process reaches 100%. At random moment of time the CPU
> usage is reduced to 5-15%,
> and in the presence of client requests can again start linearly
> incre
On Fri, 2017-01-27 at 06:15 -0800, joseph wrote:
> hi its not about https scheme its about evrything
Hi,
First of all, I can't brag about my English and writing style, but your
writing style is _very_ offensive to other members. Please, try it
better. First of all, it is very difficult to catch t
On Fri, 2017-01-27 at 17:58 +0600, Yuri wrote:
>
> 27.01.2017 17:54, Garri Djavadyan пишет:
> > On Fri, 2017-01-27 at 15:47 +0600, Yuri wrote:
> > > --2017-01-27 15:29:54-- https://www.microsoft.com/ru-kz/
> > > Connecting to 127.0.0.1:3128... connected.
>
On Fri, 2017-01-27 at 15:47 +0600, Yuri wrote:
> --2017-01-27 15:29:54-- https://www.microsoft.com/ru-kz/
> Connecting to 127.0.0.1:3128... connected.
> Proxy request sent, awaiting response...
> HTTP/1.1 200 OK
> Cache-Control: no-cache, no-store
> Pragma: no-cache
> Content-Type: tex
On Thu, 2017-01-05 at 23:40 +, senor wrote:
> Hello All.
> I'd like clarification of the documentation at
> http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpWithInter
> mediateCA
>
> In section "CA certificate preparation" it is stated that a file
> should
> be created with "interme
On 2016-12-20 21:42, David Touzeau wrote:
Is there any way to disabling Cache digest without need to recompile
squid ?
Hi,
Use "digest_generation off".
http://www.squid-cache.org/Doc/config/digest_generation/
Garri
___
squid-users mailing list
squ
On 2016-12-17 18:39, Odhiambo Washington wrote:
Also whether swap.state for that cache_dir is being correctly and
completely
written out to disk on shutdown or restart. Using an outdated
swap.state
file can also lead to these warnings.
The last paragraph explains your issue. The signal 6 (abort
On 2016-12-17 15:41, Odhiambo Washington wrote:
Hi,
I keep seeing something that I think is odd. Squid has been exiting on
signal 6, and I keep seeing this:
root@gw:/usr/local/openssl # tail -f /opt/squid-3.5/var/logs/cache.log
2016/12/17 13:38:32| DiskThreadsDiskFile::openDone: (2) No such fil
On Fri, 2016-12-16 at 14:38 +0500, Garri Djavadyan wrote:
> On Fri, 2016-12-16 at 06:34 +, k simon wrote:
> > Hi,lists,
> > r14087 is quite stable on FB 11. But r14088 crashed frequently
> > with
> > "2016/12/16 09:00:59 kid1| assertion failed: Me
On Fri, 2016-12-16 at 06:34 +, k simon wrote:
> Hi,lists,
> r14087 is quite stable on FB 11. But r14088 crashed frequently
> with
> "2016/12/16 09:00:59 kid1| assertion failed: MemBuf.cc:216: "0 <=
> tailSize && tailSize <= cSize" ". The config file is almost the
> default
> except listen
On 2016-12-13 22:03, Alex Rousskov wrote:
On 12/13/2016 09:51 AM, Eliezer Croitoru wrote:
I think that the maximum size was 64k
The maximum appears to be 8KB:
v3.5/src/defines.h:#define MAX_URL 8192
v4/src/defines.h:#define MAX_URL 8192
v5/src/defines.h:#define MAX_URL 8192
IIRC, th
On 2016-11-28 17:39, Garri Djavadyan wrote:
On Sat, 2016-11-19 at 01:12 +0500, Garri Djavadyan wrote:
Hello,
I noticed that Squid logs TCP_MISS/200 when it serves previously
cached
object in return to non-matched conditional request with If-None-
Match.
For example:
1. Non-conditional
On Sat, 2016-11-19 at 01:12 +0500, Garri Djavadyan wrote:
> Hello,
>
> I noticed that Squid logs TCP_MISS/200 when it serves previously
> cached
> object in return to non-matched conditional request with If-None-
> Match.
> For example:
>
> 1. Non-conditional reque
On 2016-11-27 19:44, piequiex wrote:
> In cache.log I have found "assertion failed: support.cc:1781: "0""
> Squid Cache: Version 3.5.22
AIUI, your Squid binary was build against buggy openssl library
(1.0.1d or
1.0.1e). How did you get the binary?
I build them with libressl.
The configure
On 2016-11-26 23:42, Ralf Hildebrandt wrote:
* piequiex :
> In cache.log I have found "assertion failed: support.cc:1781: "0""
> Squid Cache: Version 3.5.22
After rebuild:
assertion failed: Read.cc:69: "fd_table[conn->fd].halfClosedReader !=
NULL"
http://lists.squid-cache.org/pipermail/squid-
On 2016-11-26 22:28, piequiex wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
In cache.log I have found "assertion failed: support.cc:1781: "0""
Squid Cache: Version 3.5.22
AIUI, your Squid binary was build against buggy openssl library (1.0.1d
or 1.0.1e). How did you get the binary?
__
On 2016-11-23 23:20, Walter H. wrote:
Hello,
can someone tell me, especially the maintainer of the binary packages
for CentOS
what this message
2016/11/23 19:08:58 kid1| Error negotiating SSL on FD 39:
error::lib(0):func(0):reason(0) (5/0/0)
should say to me ...
Hi,
It was alread
On Wed, 2016-11-23 at 07:17 +0100, ludek_coufal wrote:
> Hello Garri,
> client FTP - Total Commander (I test WinSCP, FileZilla with same
> result - after 15 min connection interrupted) with proxy server -
> proxy server HTTP with FTP support:
> part of squid.conf:
>
On 2016-11-22 22:24, Garri Djavadyan wrote:
On 2016-11-22 17:05, ludek_coufal wrote:
Hello,
Squid Cache ver. 3.3.8 on CentOs Linux 7.2.1511
FTP connection from local net over linux server CentOs firewall with
Squid proxy to internet FTP server is interrupted every 15 min (900
sec).
Large file
On 2016-11-22 17:05, ludek_coufal wrote:
Hello,
Squid Cache ver. 3.3.8 on CentOs Linux 7.2.1511
FTP connection from local net over linux server CentOs firewall with
Squid proxy to internet FTP server is interrupted every 15 min (900
sec).
Large file upload is interrupted.
Direct connection witho
On 2016-11-22 21:07, Jiann-Ming Su wrote:
Is there a way to set the timeout on a bad connection?
Yes, you can use 'connect_timeout' [1] directive.
When watching
tcpdump on the two IPs, I did not see my squid instance try the other
IP automatically. I had to refresh my web browser connection
On Tue, 2016-11-22 at 03:59 +, Jiann-Ming Su wrote:
> If a website has two (or more) IP addresses, and the TCP connection
> to one of them fails, can squid3 be configured to try the other IP
> address(es)?
Hi,
The behavior you described is default for Squid. For example, you can
set 'debug_op
On 2016-11-20 03:18, Yuri Voinov wrote:
That's why I said that the development of the Indian - fake.
Yuri, first of all, your comment is outright _lie_ without
justifications. Second, the developer has a name - Kulbir, and I
believe, nationality of the developer is not relevant. Kulbir Saini,
Hello,
I noticed that Squid logs TCP_MISS/200 when it serves previously cached
object in return to non-matched conditional request with If-None-Match.
For example:
1. Non-conditional request to the previously cached object.
$ curl -v -x http://127.0.0.1:3128
http://mirror.comnet.uz/centos/7
On 2016-11-17 22:01, Alex Rousskov wrote:
On 11/17/2016 12:15 AM, senor wrote:
I discovered that 'squid -k rotate' toggles cache.log output into full
debug mode as if I had done 'squid -k debug'. Execute a second rotate
and it toggles debug off. This only happens when I have an ecap
adapter
c
On 2016-11-15 22:31, AUBERT Thibaud wrote:
Hi Guys,
Ok, QoS might help to control traffic on the internet access side, but
it won't help between the source, client on a small remote
office/output, and the proxy.
It might also be difficult to split this traffic between what is
intended to intern
On Tue, 2016-11-15 at 22:48 +1300, Amos Jeffries wrote:
> Then you integrate Squid with those system QoS controls by using the
> tcp_outgoing_tos directive with ACLs to send the appropriate TOS
> label for the client IP.
Hi Amos,
AFAIK, the directive 'tcp_outgoing_tos' is applied only for traffic
On Mon, 2016-11-14 at 16:12 +, piequiex wrote:
> What mean this error and how to fix it?
> Error negotiating SSL on FD 29:
> error::lib(0):func(0):reason(0) (5/-1/104)
> Error negotiating SSL on FD 30:
> error::lib(0):func(0):reason(0) (5/-1/104)
Hi,
Please provide more inform
On 2016-11-13 23:09, jarrett+squid-us...@jarrettgraham.com wrote:
My problem is solved.
The solution may be useful for other users also. Please, post the
solution, if possible. Thanks!
Garri
___
squid-users mailing list
squid-users@lists.squid-cach
On 2016-11-12 07:55, Amos Jeffries wrote:
On 12/11/2016 7:44 a.m., Garri Djavadyan wrote:
2. I added second http_port, ACL for the second http_port and the rule
to use second IP address if connection is for second http_port.
# diff -u etc/squid.conf.default etc/squid.conf
--- etc
Hi Amos,
Thanks for the comments!
On 2016-11-12 07:48, Amos Jeffries wrote:
I can't reproduce the problem using Squid 3.5.22. I used following
method to verify the case:
Unfortunately your test uses the 'openssl' tool below instead of
htpasswd to create the password file. There are some big d
On 2016-11-11 22:28, Antony Stone wrote:
On Friday 11 November 2016 at 17:51:04,
jarrett+squid-us...@jarrettgraham.com
wrote:
I'm trying to use ACLs to direct incoming traffic on assigned ports to
assigned outgoing addresses. But, squid uses the first IP address
assigned to the interface not
On 2016-11-11 21:51, jarrett+squid-us...@jarrettgraham.com wrote:
Can anyone point out what I'm doing wrong in my config?
Squid config:
https://bpaste.net/show/796dda70860d
I'm trying to use ACLs to direct incoming traffic on assigned ports to
assigned outgoing addresses. But, squid uses the f
On 2016-11-11 21:05, --Ahmad-- wrote:
hi squid users .
i have problem when i use basic_ncsa auth
the auth work when i have few passwords in the file of auth .
as example
auth_param basic program /lib/squid/basic_ncsa_auth
/etc/squid/squid_user
acl ncsa_users proxy_auth REQUIRED
auth_param ba
On 2016-11-07 20:11, Juan C. Crespo R. wrote:
Hi, Thanks for your response and help
1. Cache: Version 3.5.19
Service Name: squid
configure options: '--prefix=/usr/local/squid'
'--enable-storeio=rock,diskd,ufs,aufs'
'--enable-removal-policies=lru,heap' '--disable-pf-transparent'
'--enable-ipfw-
On Mon, 2016-11-07 at 06:25 -0400, Juan C. Crespo R. wrote:
> Good Morning Guys
>
>
> I've been trying to make a few ACL to catch and then improve the
> BW
> of the HITS sent from my Squid Box to my CMTS and I can't find any
> way
> to doit
>
>
> Squid.conf: qos_flows tos local-hit=0x30
On 2016-11-05 23:10, konradka wrote:
Hi Garri,
Thanks for your responses mate !
I did not realize that the squid was compiled with proxy user. Well
spotted
!
It looks like permission's issue but squid error message is not giving
away
any more details.
I will configure debug_options to see
On 2016-11-05 22:09, Garri Djavadyan wrote:
1. Does your certificate signed by StartSSL CA
(/home/kk/ssl/cert-mail/mail.contoso.com.pem) corresponds to your
private key (/home/kk/ssl/cert-mail/mail.contoso.com.key)?
For the 'corresponds' I mean, does CSR for StartSSL was gener
On 2016-11-05 21:24, Konrad Kaluszynski wrote:
Hi All,
My goal is to configure a reverse proxy for Outlook Anywhere clients
using squid.
http://wiki.squid-cache.org/ConfigExamples/Reverse/ExchangeRpc
This will replace existing TMG that my client is currently using.
However, when I run squid I
On 2016-11-02 06:43, Amos Jeffries wrote:
On 2/11/2016 8:31 a.m., Garri Djavadyan wrote:
According to the announce [1], Squid 4.0.16 and later should be signed
by the new key B06884EDB779C89B044E64E3CD6DBF8EF3B17D3E, but it is
still
signed by the old Squid 3 key
On 2016-11-05 09:22, Amos Jeffries wrote:
On 5/11/2016 6:56 a.m., Garri Djavadyan wrote:
On 2016-11-04 19:42, Amos Jeffries wrote:
On 5/11/2016 1:43 a.m., Garri Djavadyan wrote:
The configuration for splice at step 3:
# diff etc/squid.conf.default etc/squid.conf
73a74,78
https_port 3129
On 2016-11-05 01:15, Alex Rousskov wrote:
On 11/04/2016 08:06 AM, Garri Djavadyan wrote:
On Fri, 2016-11-04 at 17:43 +0500, Garri Djavadyan wrote:
I noticed that Squid doesn't use gathered domain name information for
%ru in access.log when splice action is performed at step 3 for
interc
On 2016-11-04 19:42, Amos Jeffries wrote:
On 5/11/2016 1:43 a.m., Garri Djavadyan wrote:
The configuration for splice at step 3:
# diff etc/squid.conf.default etc/squid.conf
73a74,78
https_port 3129 intercept ssl-bump cert=etc/ssl_cert/myCA.pem
generate-host-certificates
acl StepSplice
On Fri, 2016-11-04 at 17:43 +0500, Garri Djavadyan wrote:
> I noticed that Squid doesn't use gathered domain name information for
> %ru in access.log when splice action is performed at step 3 for
> intercepted traffic. The format code ssl::>sni is available at both
> steps. Bel
I noticed that Squid doesn't use gathered domain name information for
%ru in access.log when splice action is performed at step 3 for
intercepted traffic. The format code ssl::>sni is available at both
steps. Below are examples used to verify the behavior using Squid
3.5.22, but the results are sam
According to the announce [1], Squid 4.0.16 and later should be signed
by the new key B06884EDB779C89B044E64E3CD6DBF8EF3B17D3E, but it is still
signed by the old Squid 3 key EA31CC5E9488E5168D2DCC5EB268E706FF5CF463:
$ gpg2 --verify squid-4.0.16.tar.xz.asc squid-4.0.16.tar.xz
gpg: Signature made
>Can you test if the details at bug 4253:
>
>http://bugs.squid-cache.org/show_bug.cgi?id=4253#c13
>
>Helps you to resolve the issue?
>
>Eliezer
The above bug is not related to the issue.
The issue is actually on origin servers side. Details can be found
here:
http://bugs.squid-cache.org/show_bug
On 2016-10-29 20:40, paul.greene...@verizon.net wrote:
I've inherited a squid proxy at work; I'm new to squid, so this is
still on the learning curve. Unfortunately no one else in the office
is very good with squid either, so I'm attempting to be the resident
guru.
Our network is all in private
On 2016-10-28 18:39, Yuri Voinov wrote:
It seems bug.
On 2016-10-28 19:53, Alex Rousskov wrote:
Is it a bug, documentation error or I simply missed something?
It is a bug IMO. The documented intent sounds worth supporting to me.
Thanks. I've opened the report [1].
[1] http://bugs.squid-
Hello list,
The last sentence for generate-host-certificates[=] option
paragraph states:
This option is enabled by default when ssl-bump is used. See the
ssl-bump option above for more information.
But a client can't negotiate secure connection and times out when the
option is not specified
Sorry, Amos, it seems my latest reply was ambiguous. I tried to inform,
that while debugging the issue I have found the cause. It was default
value for 'minimum_expire_time'.
On Wed, 2016-10-26 at 23:58 +1300, Amos Jeffries wrote:
> On 26/10/2016 7:21 p.m., Garri Djavadyan wrote:
&g
On Wed, 2016-08-24 at 19:09 +0500, Garri Djavadyan wrote:
> On Mon, 2016-08-22 at 16:46 +0500, Garri Djavadyan wrote:
> >
> > Hello Squid users,
> >
> > Can anyone explain, why Squid doesn't cache the objects with max-
> > age
> > values below 60
On Mon, 2016-10-24 at 21:05 +0500, Garri Djavadyan wrote:
> On 2016-10-24 19:40, Garri Djavadyan wrote:
> >
> > So, the big G sends 304 only to HEAD requests, although it is a
> > violation [1], AIUI:
> >
> > curl --head -H 'If-Modified-Since: Thu, 20 Oct
On 2016-10-24 19:40, Garri Djavadyan wrote:
So, the big G sends 304 only to HEAD requests, although it is a
violation [1], AIUI:
curl --head -H 'If-Modified-Since: Thu, 20 Oct 2016 08:29:09 GMT' -H
'If-None-Match: "101395"' http://dl.google.com/linux/direct/googl
On Tue, 2016-10-25 at 01:22 +1300, Amos Jeffries wrote:
> On 25/10/2016 12:32 a.m., Garri Djavadyan wrote:
> >
> > On Mon, 2016-10-24 at 23:51 +1300, Amos Jeffries wrote:
> > >
> > > On 24/10/2016 9:59 p.m., Garri Djavadyan wrote:
> > > >
> &g
On Mon, 2016-10-24 at 23:51 +1300, Amos Jeffries wrote:
> On 24/10/2016 9:59 p.m., Garri Djavadyan wrote:
> > Nevertheless, the topic surfaced new details regarding the Vary and
> > I
> > tried conditional requests on same URL (Google Chrome) from
> > different
>
On Mon, 2016-10-24 at 19:03 +1300, Amos Jeffries wrote:
> On 24/10/2016 6:28 a.m., gar...@comnet.uz wrote:
> >
> > On 2016-10-23 18:31, Amos Jeffries wrote:
> > >
> > > On 23/10/2016 2:32 a.m., garryd wrote:
> > > >
> > > > Since I started use Squid, it's configuration always RFC
> > > > complia
On Fri, 2016-10-21 at 08:27 +, Gael Ancelin wrote:
> WAN_IP---[FW]---localIP1-[SQUID]-localIP2localIP3-
> [FTP_Server]
>
> I was expecting something like "227 Entering Passive Mode
> (54,xx,xx,xx,213,249)."
> with public ip.
> What I want is a response like (WAN_IP,port), but
On Thu, 2016-10-20 at 14:07 +, Gael Ancelin wrote:
> Hello,
>
> I have searched in maillist archives but have not seen so far someone
> with the
> same problem.
>
> My Squid's objective is to foward FTP & HTTP requests to a distant
> server.
>
> Squid is running on CentOS 7.2.
> uname -r
On Thu, 2016-10-20 at 13:07 +0200, Anton Kornexl wrote:
> Hello,
>
> i also had many of these messages in cache.log
>
> we do filtering with squidguard (redirect http://www..xx )
>
> It is possible that the same url is redirected for one user but not
> for another (different filter ru
On Wed, 2016-10-19 at 16:17 +0530, Sekar Duraisamy wrote:
> Hello Friends,
>
> I am getting the following message when i start the squid
>
> FATAL: Ipc::Mem::Segment::create failed to shm_open(/squid-
> cf__queues.shm):
> (17) File exists
Hi,
It seems the squid-cf__queues.shm file already exist
On Tue, 2016-10-18 at 06:37 -0700, erdosain9 wrote:
> Hi.
> squid 3.5.20
>
> Im having a lot of these in cache.log
>
> 2016/10/18 10:36:11 kid1| DiskThreadsDiskFile::openDone: (2) No such
> file or
> directory
> 2016/10/18 10:36:11 kid1| /var/spool/squid/00/92/92E9
> 2016/10/18 10:36:14
On Tue, 2016-10-18 at 14:56 +0200, Walter H. wrote:
> with the 3.1.x there is no problem with
>
> url_rewrite_program /etc/squid/url-rewrite-program.pl
> url_rewrite_children 8
> url_rewrite_host_header on
> url_rewrite_access allow all
>
> but with the 3.5.x there is access denied (shown in
> /v
On Tue, 2016-10-18 at 13:02 +0200, Walter H. wrote:
> Hello,
>
> just in case anybody wants to run Squid 3.5.x on CentOS
> with SELinux enforcing,
>
> here is the semodule
>
>
> module squid_update 1.0;
>
> require {
> type squid_conf_t;
> type squid_t;
> type var_t;
>
On Mon, 2016-08-22 at 16:46 +0500, Garri Djavadyan wrote:
> Hello Squid users,
>
> Can anyone explain, why Squid doesn't cache the objects with max-age
> values below 60 seconds? For example:
>
> $ http_proxy="127.0.0.1:3128" curl --head "http://sandbo
Hello Squid users,
Can anyone explain, why Squid doesn't cache the objects with max-age
values below 60 seconds? For example:
$ http_proxy="127.0.0.1:3128" curl --head "http://sandbox.comnet.local/
cgi-bin/hello.cgi" && date
HTTP/1.1 200 OK
Date: Mon, 22 Aug 2016 11:31:16 GMT
Server: Apache
Cache
On Thu, 2016-05-19 at 05:27 +1200, Amos Jeffries wrote:
> On 19/05/2016 2:21 a.m., Garri Djavadyan wrote:
> >
> > On Thu, 2016-05-19 at 00:39 +1200, Amos Jeffries wrote:
> > >
> > > Using ignore-private and ignore-must-revalidate on the same
> > > refr
On Thu, 2016-05-19 at 00:39 +1200, Amos Jeffries wrote:
> Using ignore-private and ignore-must-revalidate on the same
> refresh_pattern is *extremely* dangerous. Just asking to get your
> cache pwned.
I'm also using the both options on the same refresh_pattern for several
years. Can you explain th
ugs.squid-cache.org/show_bug.cgi?id=4520
So, I want to ask community to share ideas, best practice to cope with
the problem. Many thank in advance!
--
Garri Djavadyan
Comnet ISP
___
squid-users mailing list
squid-users@lists.squid-cac
On Sat, 2016-05-14 at 01:52 +1200, Amos Jeffries wrote:
> The default action should be to fetch each range request separately
> and
> in parallel. Not caching the results.
>
> When admin has set only the range offset & quick-abort to force full
> object retrieval the behaviour Heiler mentions happ
On Fri, 2016-05-13 at 08:36 +1200, Amos Jeffries wrote:
> Have you given collapsed_forwarding a try? Its supposed to prevent
> all
> the duplicate requests making all those extra upstream connections
> unti
> at least the first one has finished getting the object.
Amos, I believe that the above qu
On Thu, 2016-05-12 at 14:02 -0300, Heiler Bemerguy wrote:
>
> Hi Garri,
> That bug report is mine.. lol
Hi Heiler,
Yes, I know it. I just tried to answer to the following question.
> > > Is there a smart way to allow squid to download it from the
> > > beginning
> > > to the end (to actually cac
On Wed, 2016-05-11 at 21:37 -0300, Heiler Bemerguy wrote:
>
> Hey guys,
> First take a look at the log:
> root@proxy:/var/log/squid# tail -f access.log |grep http://download.c
> dn.mozilla.net/pub/firefox/releases/45.0.1/update/win32/pt-
> BR/firefox-45.0.1.complete.mar
> 1463011781.572 8776 10.
>On 2015-12-31 00:01, Garri Djavadyan wrote:
>> Hello Squid members and developers!
>>
>> First of all, I wish you a Happy New Year 2016!
>>
>> The current Host header forgery policy effectively prevents a cache
>> poisoning. But also, I noticed, it delete
different records. As I emphasized SP environment, it is not possible
to control DNS settings on subscriber systems.
Thank you for attention!
--
Garri Djavadyan
iPlus LLC, TM Comnet, Technical Department
Phone: +99871 235 (ext. 27)
http://comnet.uz
75 matches
Mail list logo
