I have a question about caching URLs with an auth token embedded in the URL
parameter. For example:
https://www.example.com/path/page?token=xxx135ynjy93tqi
The page can be uniquely identified without the URL parameters. It appears
squid is using the full URL, including the URL parameters, as th
Hi,
Is there anyway I can configure squid such that it will dump all incoming
POST requests to some files while having proxying the requests to the
origin servers at the same time? I have configured squid to run as a
reverse proxy, and it's version 3.4.14.
Thanks,
Hector
my next viable option is to see if I
> can bridge the SNI gap with something like STUNNEL.
>
>
>
> Anyone else have any thoughts?
>
>
>
> *From:* Hector Chan [mailto:hectorc...@gmail.com]
> *Sent:* June 22, 2016 1:09 AM
> *To:* Kristopher Lalletti
> *Cc:* squ
Have you looked at the options forceddomain and ssldomain under the
cache_peer directive? Those may be just what you need.
On Tue, Jun 21, 2016 at 8:14 PM, Kristopher Lalletti wrote:
> Hi All,
>
> I'm replacing an Apache setup as a reverse-proxy with Squid v3.5, and I've
> hit a small snag.
>
Hi,
I am running the squid 3.4.x line. I am looking into hardening our squid
server. One of the things I am looking at is the SSL cipher list. Does
anyone know how do I find out what SSL cipher list squid support? I read
from another post that squid doesn't support the ECDHE ciphers, but I am
inte
Not sure if this will help you, but I saw 503s on my squid when the origin
server has an invalid SSL certificate -- expired cert, self-signed cert,
etc.
On Tue, Jun 23, 2015 at 7:25 PM, HackXBack wrote:
> The requested URL could not be retrieved
>
>
>
> --
> View this message in context:
> http:
Hi all,
If I configure a new delay pool in the config file or reconfigure an
existing delay pool, do I have to restart squid? Can I send a SIGHUP to it
to re-read the config file instead ? If I send a SIGHUP, what would happen
to downloads that are in progress ?
Thanks,
Hector
_
Hi all,
How does squid behave when it is downloading a 5+GB file with a slow
client? I see my client (curl) exited with error code 18 (
CURLE_PARTIAL_FILE) when downloading a 5+GB file from squid. It was a
cache miss, so the file was actually being fetched from the origin server.
When it is cach
Hi all,
Is there anyway I can apply the delay pool to only cache miss ? I wanted
to let the client download as fast as possible if the request resulted in a
cache hit, but not on cache miss.
Thanks,
Hector
___
squid-users mailing list
squid-users@lists
Forgot to add. The actual cert is world readable.
[admin@dsg214 ~]# ll
/data/cacerts/../certs/a4a521af41327a4ab3ff1feb16a1a76888a0c2ea.crt
-rw-r--r-- 1 admin root 1108 Feb 18 00:21
/data/cacerts/../certs/a4a521af41327a4ab3ff1feb16a1a76888a0c2ea.crt
On Tue, Feb 17, 2015 at 5:18 PM, Hector Chan
Hi All,
I have a question about using sslcapath in cache_peer. My
server.example.com has a self-signed cert, which I imported into my squid
box under /data/certs. The following cache_peer line actually worked.
However, if I remove the sslcafile, squid won't verify the self-signed cert.
cache_pe
Yuri and Amos, thanks for the replies! There is an openssl command that
tells where OpenSSL will search for CA certs.
$ openssl version -d
OPENSSLDIR: "/etc/pki/tls"
On Sat, Feb 7, 2015 at 5:19 PM, Amos Jeffries wrote:
> On 8/02/2015 9:28 a.m., Hector Chan wrote:
> > Hi al
Hi all,
I have a question about the CA file for SSL certificates. If I don't
specify anything for CA, what is default CA certs that squid will use for
the cache_peer ?
Here is a snippet of my config file.
https_port 127.0.0.1:4443 accel \
cert=/etc/certs/certificate \
key=/etc/certs/key
15 PM, Hector Chan wrote:
> Hi Amos,
>
> For the following cache_peer:
>
> > cache_peer forward-proxy.example.com parent 3128 0 name=C
>
> Would squid do the proper HTTP CONNECT before forwarding the request there
> ?
>
> Thanks,
> Hector
>
> On Thu, N
> Hash: SHA1
>
> On 14/11/2014 6:22 p.m., Hector Chan wrote:
> > Hi Amos,
> >
> >> those lines you specify above go in (C). *if* they are needed at
> >> all.
> >
> > But I don't have control over (C). It's off limits.
>
> Then you ha
rigin-z
and I have a couple of cache_peer_access acls (urlpath regex) to send them
to origin-x, origin-y, and origin-z. How would the above dstdomain acl
work with these rules?
On Thu, Nov 13, 2014 at 7:38 PM, Amos Jeffries wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 14/11/2
Ah, I think I have a typo in my question. Originally, I mentioned the
following:
> the logic of figuring out where to go to lies in (C).
What I actually meant is "the logic that figuring out where to go lies in
(B)" (not C).
On Thu, Nov 13, 2014 at 5:14 PM, Hector Chan wrot
PM, Amos Jeffries wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 14/11/2014 10:36 a.m., Hector Chan wrote:
> > Basically, what I am looking for is whether it's possible to set up
> > the following:
> >
> > Client (A) --> Squid as Re
not have
access or control of (A) and (C).
Thanks again,
Hector
On Thu, Nov 13, 2014 at 2:49 PM, Antony Stone <
antony.st...@squid.open.source.it> wrote:
> On Thursday 13 November 2014 at 19:50:36 (EU time), Hector Chan wrote:
>
> > Hi,
> >
> > Does anyone have any
Hi,
Does anyone have any idea how to setup squid (reverse proxy) behind a
forward proxy ?
Thanks,
Hector
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
20 matches
Mail list logo
