Re: [squid-users] Squid stopped logging to access.log

Figured out the problem (I had another squid on the network that was intercepting my requests)...sorry about that! Luis On Sun, Feb 15, 2015 at 11:26 PM, Luis Miguel Silva < luismiguelferreirasi...@gmail.com> wrote: > Dear all, > > As I was playing around with Squid and e-ca

[squid-users] Squid stopped logging to access.log

Dear all, As I was playing around with Squid and e-cap, I decided to shutdown squid, clear the cache and the log files. Now, when I start it, it seems to create both the access.log and cache.log files, but it only writes to the cache.log file: root@appliance:/var/log/squid3# ls -al total 16 drwxr

Re: [squid-users] A little help with squid and e-cap

Thanks Amos! I understand it loads a library (probably only once) but, what about the actual ecap service object? Does it load once per page request? Or does it pre-load it every time? The reason why I'm asking this is that I would like to create a ecap modifier service that reads a big list from

Re: [squid-users] Squid 3.5.1 intercept / Forwarding loop detected for

I bumped into this same "forwarding loop" problem yesterday! In my case, it was because I had two transparent proxies in the same network and was basically redirecting traffic twice: [internet] <-> [appliance 1] <-> [appliance 2] <-> [client computer] I mistakenly added iptables redirect rules in

[squid-users] A little help with squid and e-cap

Dear all, This might not be the ideal place to ask questions about e-cap but, since e-cap's mailing list is not working, I decided to ask my question here. So, here goes: - *My ecap service only seems to work on some pages*... -- I've added the following configuration to my squid.conf: loadable_m

[squid-users] Redirecting to DIRECT_CONNECT failed ssl-bump connections

Dear all, I'm seeing several error messages in my cache.log, complaining that the destination certificate is invalid: 2015/02/08 19:27:28 kid1| fwdNegotiateSSL: Error negotiating SSL connection on FD 22: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (1/-1/0) 201

Re: [squid-users] Calculate time spent on website (per ip address)

I'm trying to export this information and create pretty reports detailing how much time each device spent online / on each site. I understand I'll probably need to create this myself, I'm just trying to figure out what the state of the art is so I don't waste time on problems that have already bee

Re: [squid-users] Marking outgoing packets

That's GREAT Amos, Where can I learn more about it? Can you point me to some documentation? I was able to find this here: http://www.eu.squid-cache.org/Doc/config/note/ It does seem that I could use this to note to tag things to an ACL but it isn't clear to me how to use it (especially leveraging

Re: [squid-users] Calculate time spent on website (per ip address)

0, 2015 at 2:52 PM, Yuri Voinov wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hmmm Access.log? sqTop? > > 11.02.15 3:50, Luis Miguel Silva пишет: > > Dear all, > > > > I was wondering if there is a built in feature in Squid to > > c

Re: [squid-users] Marking outgoing packets

customization. > > I'm right, Amos? > > 11.02.15 3:52, Luis Miguel Silva пишет: > > Dear all, > > > > I just found this REALLY cool feature that allows you to mark > > packets for Netfilter to then intercept and handle: > > http://www.squid-cache.org/Doc/c

[squid-users] Marking outgoing packets

Dear all, I just found this REALLY cool feature that allows you to mark packets for Netfilter to then intercept and handle: http://www.squid-cache.org/Doc/config/tcp_outgoing_mark/ What I was wondering was, is there a way for us to mark based on a ICAP filter or redirect_program output? The obje

[squid-users] Calculate time spent on website (per ip address)

Dear all, I was wondering if there is a built in feature in Squid to calculate the time spent on a website, per ip address (e.g. 32 minutes between 12pm and 1pm, 5 minutes between 1pm and 2pm)? And, if not, how would you do it? I immediately thought about using the log files for this BUT, because

Re: [squid-users] light weight ICAP server that isn't dead :o)

wrote: > On 02/10/2015 01:00 AM, Luis Miguel Silva wrote: > >> >> The most interesting one seems to be C-ICAP but I don't like that it >> hasn't even reached a 1.0 version... >> > > If you believe that it is interesting then at least test it to see

Re: [squid-users] light weight ICAP server that isn't dead :o)

erl server that > tries to implement ICAP. YMMV (attached) > > On Mon, Feb 09, 2015 at 05:18:36PM -0700, Luis Miguel Silva wrote: > > Thanks Amos. > > > > Well, that's exactly what I'm going to need to develop too (the plugin > > part), I just found it w

Re: [squid-users] light weight ICAP server that isn't dead :o)

would you recommend if you wanted to easily create (lightweight) custom filtering capabilities? I'm very inclined to adopt c-icap. Thoughts? Thanks, Luis On Mon, Feb 9, 2015 at 4:40 PM, Amos Jeffries wrote: > On 10/02/2015 12:00 p.m., Luis Miguel Silva wrote: > > Dear all, > &g

[squid-users] light weight ICAP server that isn't dead :o)

Dear all, I'm looking for a light weight (opensource) ICAP server project that isn't dead. I need to create some custom content filters but, I'm having a hard time finding an ICAP server that is being actively worked on... In the squid wiki

[squid-users] fwdNegotiateSSL: Error negotiating SSL connection on FD 110

Hello, Has anybody else ever seen this error in squid's cache.log? root@appliance:~# tail /var/log/squid3/cache.log 2015/02/09 06:51:51 kid1| fwdNegotiateSSL: Error negotiating SSL connection on FD 117: error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert already in hash table (1/-1

Re: [squid-users] Blocking Chrome and QUIC

-p tcp -m tcp --dport 443 -m state --state RELATED,ESTABLISHED -j DROP Hope this will be helpful to someone else! Luis On Sat, Feb 7, 2015 at 8:28 PM, Luis Miguel Silva < luismiguelferreirasi...@gmail.com> wrote: > Ok, I'm using 3.4.9, so I've added that config option to my s

Re: [squid-users] Blocking Chrome and QUIC

Ok, I'm using 3.4.9, so I've added that config option to my setup :o) Thanks for the tip! Luis On Sat, Feb 7, 2015 at 6:11 PM, Amos Jeffries wrote: > On 8/02/2015 5:34 a.m., Luis Miguel Silva wrote: > > I did when you sent it but it seemed to me you were saying I

Re: [squid-users] Blocking Chrome and QUIC

aying. So are you saying I must upgrade to Squid 3.5.x to fix this? Why would that header fix it, seeing that my problem is that Chrome is bypassing the proxy altogether? Thank you, Luis On Sat, Feb 7, 2015 at 1:17 AM, Amos Jeffries wrote: > On 7/02/2015 5:41 p.m., Luis Miguel Silva

Re: [squid-users] Blocking Chrome and QUIC

Antony, *Comments inline!* Thanks, Luis On Fri, Feb 6, 2015 at 3:58 PM, Antony Stone < antony.st...@squid.open.source.it> wrote: > On Friday 06 February 2015 at 22:54:54 (EU time), Luis Miguel Silva wrote: > > > As I started playing around with transparent ssl proxyi

[squid-users] Blocking Chrome and QUIC

Dear all, This isn't entirely a squid question but more like a "transparent proxying" question (which I'm hoping you guys will be able to help me with)... As I started playing around with transparent ssl proxying, I learned that Chrome uses an alternate communication (UDP based) protocol called Q

[squid-users] SSL-bump certificate issues (mostly on Chrome, when accessing Google websites)

Dear all, I recently compiled squid-3.4.9 with ssl-bump support and, although it is working for the most part, I'm having some issues accessing some websites. The behavior is REALLY weird so I'm going to try and describe it the best I can: - If i access https://www.google.com/ in Chrome, I could