[squid-users] Can I force certain destinations to ipv4?

193.175.73.216 being the IP of my squid's extern a interface. But alas, It doesn't work. Sometimes an ipv4, sometimes an ipv6 address is being used... Using: == # squid --version Squid Cache: Version 6.12-VCS more precisely: squid-6.12-20241031-r3b53538eae -- Ralf Hildebran

Re: [squid-users] [ext] Re: Squid 6.4 assertion errors: FATAL: assertion failed: stmem.cc:98: "lowestOffset () <= target_offset" current master transaction: master655 (backtrace)]

at all), and will also try 7.0/master -- Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 ralf.hildebra...@charite

[squid-users] Squid 6.4 assertion errors: FATAL: assertion failed: stmem.cc:98: "lowestOffset () <= target_offset" current master transaction: master655 (backtrace)]

}, } comm_engine = { = { _vptr.AsyncEngine = 0x55b84c08 }, } time_engine = { _vptr.Engine = 0x55b93ac8 } #25 0x5580603a in SquidMainSafe (argv=0x7fffed48, a

Re: [squid-users] [ext] Re: Security advisories pointing to Squid 6.4, but no download (yer)?

* Francesco Chemolli : > Hi Ralf, >It might be some delay in propagating to the mirrors. I see 6.4 is > available at http://static.squid-cache.org/Versions/v6/ . Yep, working now (not on the v6 mirror, though) -- Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsb

[squid-users] Security advisories pointing to Squid 6.4, but no download (yer)?

Hi! The recent four Security advisories are pointing to Squid 6.4, but I'm not seeing that one for download yet... -- Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 3

[squid-users] Squid Caching Proxy Security Audit: 55 vulnerabilities and 35 0days

This caught my attention: https://github.com/MegaManSec/Squid-Security-Audit -- Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 ralf.hildebra...@charite.de https

Re: [squid-users] [ext] Squid quits while starting?!

; that a partition is not mounted - refusing to start at least makes it > obvious that there's a problem. Yup. I'm always joking: "Professional(n.): User who can read & understand error messages" -- Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsb

Re: [squid-users] [ext] Squid quits while starting?!

e. Squid writes as much information as it can about the problem > to log, stderr, and if possible the system message log. There is nothing > else a process like Squid can do. Squid COULD have initialized the DB itself. That's the criticism I'm willing to allow. If it KNOWS wha

Re: [squid-users] [ext] Squid quits while starting?!

uot;, so simply use ./ssl_crtd -c -s /var/lib/ssl_db instead. -- Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 ralf.hildebra...@charite.de https://www.charite.d

Re: [squid-users] [ext] Squid quits while starting?!

-M 4MB" by hand (as the squid user, I guess) Also read https://squid-users.squid-cache.narkive.com/w0JgcN24/need-assistance-debugging-squid-error-ssl-ctrd-helpers-crashing-too-quickly which seems to imply that you need to initialize the DB first: /usr/libexec/ssl_crtd -c -s /var/lib/ssl_db -- R

Re: [squid-users] [ext] no more cache_object://127.0.0.1/counters URL in 6.3?

. I figured as much, but wasn't able to find the "new style" > The "mgr:foo" shorthand used to expand to cache_object://host/foo > It now expands to http://host/squid-internal-mgr/foo > You are welcome to use the latter explicitly if you prefer. Indeed, I'm now usin

Re: [squid-users] [ext] no more cache_object://127.0.0.1/counters URL in 6.3?

* Ralf Hildebrandt : > We're relying on > > /usr/bin/squidclient -h 127.0.0.1 -p 8080 cache_object://127.0.0.1/counters > > for monitoring purposes and 6.3 reports an error when accessing that > resource: > > 2023/09/27 22:42:57| ERROR: Squid BUG:

[squid-users] no more cache_object://127.0.0.1/counters URL in 6.3?

ation: cache_manager.cc(193) ParseUrl current master transaction: master59170 -- Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 ralf.hildebra...@charite.de

[squid-users] Some requests not being passed/processed by squid

== What are TCP_REFRESH_ABORTED/200 and (which looks more dire) NONE_NONE_ABORTED/000? -- Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netzwerk Campus Benjamin Franklin (CBF) Haus I | 1. OG | Raum 105 Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 1

Re: [squid-users] [ext] Re: FATAL: Dying from an exception handling failure; exception: [no active exception]

race shows functions with letters "Ftp" in their names, then you are > probably hitting that bug. That bug has a proposed fix. If you can, please > test it: https://bugs.squid-cache.org/show_bug.cgi?id=5290#c2 -- Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäf

Re: [squid-users] [ext] FATAL: Dying from an exception handling failure; exception: [no active exception]

full generate-core-file quit # snip I hope this helps. -- Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netzwerk Campus Benjamin Franklin (CBF) Haus I | 1. OG | Raum 105 Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570

Re: [squid-users] [ext] Re: ftp related crash in squid-6.0.0-20220905-r9358e99f9

ef = false, dir_slash = false, root_dir = false, no_dotdot = false, binary = false, try_slash_hack = false, put = false, put_mkdir = false, listformat_unknown = false, listing = true, completed_forwarding = true } } -- Ralf Hildebrandt Charité - Universitätsmedizi

[squid-users] ftp related crash in squid-6.0.0-20220905-r9358e99f9

= { _vptr.AsyncEngine = 0x55b6ea10 }, } comm_engine = { = { _vptr.AsyncEngine = 0x55b7e138 }, } time_engine = { _vptr.Engine = 0x55b8dad0 } #21 0x5555557fa0fa in SquidMainSafe (argv=0x7fffed4

Re: [squid-users] [ext] Re: Disable IPV6 for certain destinations only?

be to add a static > 'reject' route to the IPv6 block used by this publisher on the proxy (it > could be kept up-to-date by a dns lookup script). That's less of a > liability than forcing resolution to a particular IP. Also a nice option. -- Ralf Hildebrandt Charité - Uni

Re: [squid-users] [ext] Re: Disable IPV6 for certain destinations only?

o connect using IPv4 only (for this destination)". Exactly! -- Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netzwerk Campus Benjamin Franklin (CBF) Haus I | 1. OG | Raum 105 Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 ralf.hildebra..

Re: [squid-users] [ext] Re: Disable IPV6 for certain destinations only?

blem temporarily, add the IPv4 only > address to the /etc/hosts of the proxy server(s). This will resolve the > address to your override. You can also do this with a local recursive DNS > server (like Bind) too. Will do that, thanks! -- Ralf Hildebrandt Charité - Universitätsmedizin B

[squid-users] Disable IPV6 for certain destinations only?

they don't (yet) know is our ipv6 range. Thus arises the need to "fall back" to ipv4 in the unlikely case some publisher already has ipv6, we connect via ipv6 and suddenly are not allowed to download the publications. Is there an acl for that kind of need? -- Ralf Hildebrandt Charit

Re: [squid-users] [ext] Re: dns_nameservers directive

d nameserver is perfectly healthy > :-(. Yes, that's what I observed here :) -- Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netzwerk Campus Benjamin Franklin (CBF) Haus I | 1. OG | Raum 105 Hindenburgdamm 30 | D-12203 Berli

[squid-users] dns_nameservers directive

" defaults to 30s. Is there any way of making squid mark the first server as "dead" (for e.g. 5 minutes) and use the next server instead? -- Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netzwerk Campus Benjamin Franklin (CBF) Haus I | 1. OG

[squid-users] OT: calamaris log parsing...

o the internet... Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netzwerk Campus Benjamin Franklin (CBF) Haus I | 1. OG | Raum 105 Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 ralf.hildebra...@charite.de https://www.chari

[squid-users] Identify websockets traffic in the log?

Is it possible to identify websockets traffic in the log (using squid-6 here)? Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netzwerk Campus Benjamin Franklin (CBF) Haus I | 1. OG | Raum 105 Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155

[squid-users] auto-generated release on http://www.squid-cache.org/Versions/v6/ somewhat stale?

Are the auto-generated releases on http://www.squid-cache.org/Versions/v6/ simply broken or is there another reason for a recent tarball since 07.02.2022? Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netzwerk Campus Benjamin Franklin (CBF) Haus I | 1. OG

Re: [squid-users] [ext] Re: Absolute upper limit for filedescriptors in squid-6?

* Eliezer Croitoru : > What OS are you using exactly? Ubuntu 20.04 on amd64 Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netzwerk Campus Benjamin Franklin (CBF) Haus I | 1. OG | Raum 105 Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570

Re: [squid-users] [ext] Re: Absolute upper limit for filedescriptors in squid-6?

* NgTech LTD : > Hey Ralph, > > Did you tried to configure the squid proxy systemd service and squid conf > with the mentioned max fd? I'm not using systemd to start squid (using runit here) Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung

Re: [squid-users] [ext] Re: Absolute upper limit for filedescriptors in squid-6?

ng just fine with --with-filedescriptors=262144 -- that is up to now :) Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netzwerk Campus Benjamin Franklin (CBF) Haus I | 1. OG | Raum 105 Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 ralf.hildebra..

Re: [squid-users] [ext] Re: Absolute upper limit for filedescriptors in squid-6?

768 configure: Default number of filedescriptors: 131072 ... Yes, I set "ulimit -n 131072" before running configure -- Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netzwerk Campus Benjamin Franklin (CBF) Haus I | 1. OG | Raum 105 Hindenburgdamm

[squid-users] Absolute upper limit for filedescriptors in squid-6?

What is the absolute upper limit for filedescriptor in squid-6? Am I limited to 64k dues to use of select(), or are larger numbers possible? -- Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netzwerk Campus Benjamin Franklin (CBF) Haus I | 1. OG | Raum 105

Re: [squid-users] [ext] Re: Significant memory leak with version 5.x (not with 4.17)

ut what exactly is hitting you. Update (checked this morning): memory consumption (squid 5.3) seems to be stable. I'll upgrade to 6.0 with the proposed fix, since bug 5055 becomes the more pressing issue after the memleak is gone. Ralf Hildebrandt Charité - Universitätsmedizin Berlin Gesc

Re: [squid-users] [SPAM] Re: [SPAM] [ext] Squid 5.1 memory usage

* Steve Hill : > On 12/10/2021 09:34, Ralf Hildebrandt wrote: > > > > Quite sure, since I've been testing Squid-5-HEAD before it became 5.2 > > > But to be sure, I'm deplyoing it right now. > > > > Yep, squid-5.2 is also leaking. > > :( >

Re: [squid-users] [SPAM] [ext] Squid 5.1 memory usage

* Ralf Hildebrandt : > > There's squid-5.2. Does it also have this problem? > > Quite sure, since I've been testing Squid-5-HEAD before it became 5.2 > But to be sure, I'm deplyoing it right now. Yep, squid-5.2 is also leaking. Ralf Hildebrandt Charit

Re: [squid-users] [SPAM] [ext] Squid 5.1 memory usage

d SSL bump. > > > > https://bugs.squid-cache.org/show_bug.cgi?id=5132 > > is somewhat related > > > > There's squid-5.2. Does it also have this problem? Quite sure, since I've been testing Squid-5-HEAD before it became 5.2 But to be sure, I'm deply

Re: [squid-users] [SPAM] [ext] Squid 5.1 memory usage

bug.cgi?id=5132 is somewhat related Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netzwerk Campus Benjamin Franklin (CBF) Haus I | 1. OG | Raum 105 Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 ralf.hildebra...@charit

[squid-users] Squid vs. Telegram

67.92 alike. I know Telegram has a huge influx of new users, probably due to the recent changes in WhatsApp. But is what I'm seeing normal? --- Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netzwerk Campus Benjamin Franklin (CBF) Haus I | 1. OG

Re: [squid-users] [ext] Re: What is the state of V5 branch? Can I try to publish some RPMS?

ttps://bugs.squid-cache.org/show_bug.cgi?id=4832> > <https://bugs.squid-cache.org/show_bug.cgi?id=4872> And of course http://bugs.squid-cache.org/show_bug.cgi?id=5055 which is affecting v5 and v6. Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netzwerk Ca

Re: [squid-users] [ext] Re: I want to know the concerns of load testing

t; If not, what are you using as an alternative? I had a look at dante https://www.inet.no/dante/ FYI: for a company with about 15.000 machines we're using a cluster of 4 proxies. Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netzwerk Campus Benjamin F

Re: [squid-users] [ext] ERR_TUNNEL_CONNECTION_FAILED

57 iris.charite.de charite.science-it.ch. # dig +short @141.42.5.157 charite.science-it.ch iris.science-it.ch. 35.180.69.77 Huh? No valid address records? Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netzwerk Campus Benjamin Franklin (CBF) Haus I | 1. OG | Raum

Re: [squid-users] [ext] ERR_TUNNEL_CONNECTION_FAILED

* Ralf Hildebrandt : > I'm getting "ERR_TUNNEL_CONNECTION_FAILED" errors in Chrome when > connecting to https://securefiles.laborberlin.com/ And Firefox! > # dig +short @141.42.5.156 607748248.dracoon.cloud > 213.95.134.242 https://607748248.dracoon.cloud/ ist wo

[squid-users] ERR_TUNNEL_CONNECTION_FAILED

laborberlin.com 607748248.dracoon.cloud. # dig +short @141.42.5.157 607748248.dracoon.cloud 213.95.134.242 So what is the reason for the NONE_NONE/500 error? Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netzwerk Campus Benjamin Franklin (CBF) Haus I | 1

[squid-users] Odd log entries

/- text/html accessRule=notsslports - 1601383160.341435 10.47.52.135 TCP_DENIED/403 4057 CONNECT:5001 - HIER_NONE/- text/html accessRule=notsslports - CONNECT, yes, but why is the host missing? Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netzwerk Campus

Re: [squid-users] [ext] Re: Change of server hardware (?) resulted in massive increase of crashes

nnections for testing (in contrast to the usual 25%) 5.0.2 (running on the other 3 nodes) gives us about 21.7h average uptime with a median uptime of 28.6h -- Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netzwerk Campus Benjamin Franklin (CBF) Haus I | 1.

Re: [squid-users] [ext] Re: Change of server hardware (?) resulted in massive increase of crashes

similar minor/innocent changes that result in slightly > different Squid state and more exceptions. I would not spend time trying > to pinpoint the exact trigger. > > I updated bug #5055 with a patch that covers the tunneling case: > https://bugs.squid-cache.org/show_bug.cgi?id=5055#c5

Re: [squid-users] Change of server hardware (?) resulted in massive increase of crashes

* Ralf Hildebrandt : > 2020/09/22 09:34:07| FATAL: check failed: opening() > exception location: tunnel.cc(1305) noteDestinationsEnd > current master transaction: master359979 I had to go back as far as 5.0.2 to exclude master commit 25b0ce4, now it's stable (running for a

[squid-users] Change of server hardware (?) resulted in massive increase of crashes

nationsEnd current master transaction: master359979 My infrastructure generates backtraces upon crash, but in the case I'm not getting any. Which is odd, given I start squid in gdb with "/usr/sbin/squid -sYNC" -- Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschä

[squid-users] New log message: "Bad header encountered from..."

r.md5 current master transaction: master46663356 quite often. What is the bad header here: HTTP/1.0 200 OK Server: ID DIACOS App-Server Date: Tue Sep 01 09:50:41 CEST 2020 Content-Length: 74 Last Modified: Thu Feb 13 13:06:30 CET 2020 Ralf Hildebrandt Charité - Universitätsmedizin B

Re: [squid-users] [ext] Squid + ClamAV

APHICS STREAM DOCUMENT (as you see in my example above, Shockwave Flash is grouped under GRAPHICS) They probably fall into the TEXT category. Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netzwerk Campus Benjamin Franklin (CBF) Haus I | 1. OG | Raum 105 Hin

Re: [squid-users] [ext] Squid + ClamAV

* Andrea Venturoli : > On 2020-03-06 16:24, Ralf Hildebrandt wrote: > > * Andrea Venturoli : > > > Hello. > > > > > > Is this the right place to discuss Squid + C-ICAP + SquidClamAV + ClamAV? > > > > What do you need SquidClamAV for? > > In

Re: [squid-users] [ext] Squid + ClamAV

* Andrea Venturoli : > Hello. > > Is this the right place to discuss Squid + C-ICAP + SquidClamAV + ClamAV? What do you need SquidClamAV for? I'm running Squid + C-ICAP + ClamAV only. Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netzwerk C

Re: [squid-users] [ext] Re: Squid and DoH

* Ralf Hildebrandt : > * Andrea Venturoli : > > On 2020-02-29 14:17, Matus UHLAR - fantomas wrote: > > > > > I guess DoH means dns over https and thus needs sslbump enabled.  the easy > > > but limited way would be to disable connections to publicly available D

Re: [squid-users] [ext] Re: Squid and DoH

s someone maintaining such a list? There's one in the wikipedia entry. Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netzwerk Campus Benjamin Franklin (CBF) Haus I | 1. OG | Raum 105 Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570

Re: [squid-users] [ext] Re: Development goals in Squid-6?

* Amos Jeffries : > On 17/02/20 9:48 pm, Ralf Hildebrandt wrote: > > What are the main development goals for Squid-6? > > I wonder if I should already start tracking HEAD with at least one > > machine. > > We do not have a goal for v6 yet. It is just accumulating code

[squid-users] Development goals in Squid-6?

What are the main development goals for Squid-6? I wonder if I should already start tracking HEAD with at least one machine. Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netzwerk Campus Benjamin Franklin (CBF) Haus I | 1. OG | Raum 105 Hindenburgdamm 30

[squid-users] Squid-5.0.1 affected by the recent advisories?

Yesterdays advisories didn't list squid-5.x, but is squid-5.x really not affected? Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netzwerk Campus Benjamin Franklin (CBF) Haus I | 1. OG | Raum 105 Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 57

Re: [squid-users] [ext] Re: Log resolved IP somehow?

* Ralf Hildebrandt : > I'll go for the query log. Jun 18 16:29:08 proxy-cvk-1 unbound[42287]: [1560868148] unbound[42287:1] info: response for ih.adscale.de. A IN Jun 18 16:29:08 proxy-cvk-1 unbound[42287]: [1560868148] unbound[42287:1] info: reply from 193.108.91.117#53 ... Jun 18

Re: [squid-users] [ext] Re: Log resolved IP somehow?

; > Other than that, your best bet would be the debug trace of what ACLs are > matching. "debug_options 28,4" should do it. Well, I do know which ACL is matching, just not which line. I'll go for the query log. -- Ralf Hildebrandt Charite Universitätsmedizin Berlin

[squid-users] Log resolved IP somehow?

p -c 95.100.198 /etc/squid5/manual-ensilo-ipblocklist.acl 0 # fgrep -c 95.100 /etc/squid5/manual-ensilo-ipblocklist.acl 0 So, I guss the IP must have change between to time "trx.adscale.de" was blocked and now. How can I log the IP "trx.adscale.de" resolved to when the reject

Re: [squid-users] [ext] Re: Current downloads on http://www.squid-cache.org/Versions/v5/

Happy to wait then :) -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin https://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon:

[squid-users] Current downloads on http://www.squid-cache.org/Versions/v5/

The most recent download is squid-5.0.0-20190331-rf5e179474 while changesets lists a few more changes. Is the autogeneration of the tarballs broken? -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin https

[squid-users] Squid-5 vs. FTP:// URLs

mputer.com/news/google/chrome-and-firefox-developers-aim-to-remove-support-for-ftp/ The URL scheme is ftp://, the data returned by the proxy is text/html, and since that's the case, the data is being downloaded instead of being displayed directly. Is there any way around this? -- R

Re: [squid-users] [ext] Re: squid hanging in 100% steal

> > What does "100% steal" mean? http://blog.scoutapp.com/articles/2013/07/25/understanding-cpu-steal-time-when-should-you-be-worried -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin https://ww

Re: [squid-users] [ext] Netdb. state too big

tup (users are behind 4 proxies which connect them to the Internet), does use of Netdb make sense? -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin https://www.charite.de Hindenburgdamm 30, 12203 Berl

Re: [squid-users] [ext] Netdb. state too big

www.squid-cache.org/mail-archive/squid-users/27/0384.html seems to imply that it's only useful in a parent-child setup (or cache hierarchy). -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Fr

Re: [squid-users] [ext] Netdb. state too big

* Ralf Hildebrandt : > * Antonino Sanacori : > >  Hello. > > > > My log/squid/netdb.state is 534MB, how can i reduce his size? > > > > On my Debian 9 can I use logrotate to rotate the file? > > You could disable it: > http://www.squid-cache.org/Doc/con

Re: [squid-users] [ext] Netdb. state too big

* Antonino Sanacori : >  Hello. > > My log/squid/netdb.state is 534MB, how can i reduce his size? > > On my Debian 9 can I use logrotate to rotate the file? You could disable it: http://www.squid-cache.org/Doc/config/netdb_filename/ -- Ralf Hildebrandt

[squid-users] Very basic peek & splice

I recompiled my squid-5 with openssl and added ssl_bump peek all ssl_bump splice all to my squid.conf. What logging should I expect to verify it's actually working? -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Ben

[squid-users] A logging only ACL?

haus markURLhaus --- nsip --- How? Underlying problem: https://urlhaus.abuse.ch/ is offering a plain-text URL list here https://urlhaus.abuse.ch/downloads/text/ But in squid I must used "url_regex" - meaning I'll have to escape the likes of .^$*+?()[{\| -- Ralf Hildebrandt

Re: [squid-users] [ext] new ecap gzip + deflat adapter

* joseph : > https://github.com/yvoinov/squid-ecap-gzip URL returns 404! -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin https://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich

Re: [squid-users] [ext] when will squid 4 be production ready?

* Gordon Hsiao : > squid4 has been released for quite a while, when will it be production > ready or any rough timeline on the horizon? I'm using annotate_transaction extensively. Is that available in Squid-4? -- Ralf Hildebrandt Charite Universitätsmed

Re: [squid-users] [ext] Re: cacheHttpAllSvcTime quite high

* Amos Jeffries : > On 14/06/18 23:04, Ralf Hildebrandt wrote: > > We're using squid 5.0.0-20180202-r51e09c0 and I recently realized that > > the values for "cacheHttpAllSvcTime" are quite high > > > > cacheHttpAllSvcTime.5 = 288 > > cacheHtt

[squid-users] cacheHttpAllSvcTime quite high

rySvcTime.5 = 0 cacheIcpReplySvcTime.5 = 0 cacheDnsSvcTime.5 = 30 Why is cacheHttpAllSvcTime so much higher than cacheHttpMissSvcTime.5 ? The proxy doesn't appear to be slow or sluggish. -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Ben

Re: [squid-users] Bypass a ICAP error in Squid?

* Alex Rousskov : > On 01/30/2018 06:27 AM, Ralf Hildebrandt wrote: > > How can I bypass an ICAP error in Squid (currently squid5)? > > See the bypass option of the icap_service directive but keep in mind > http://lists.squid-cache.org/pipermail/squid-users/2018-January/017484.h

[squid-users] Bypass a ICAP error in Squid?

How can I bypass an ICAP error in Squid (currently squid5)? Background: We're using Squid with C-icap, and recently had (like anybody else) huge issues with clamd not working properly. -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@chari

[squid-users] Logging/stats for Delay Pools Under Squid?

I do know how to set-up delay pools, but how can I verify that they're working? Are there any logs or statictics? -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin https://www.charite.de Hindenbur

[squid-users] Lots of "BUG 3279: HTTP reply without Date:" after update to squid-5.0.0-20171117-r4d27d0a

DATED 2017/11/22 11:16:03| StoreEntry->swap_dirn: -1 2017/11/22 11:16:03| StoreEntry->swap_filen: -1 2017/11/22 11:16:03| StoreEntry->lock_count: 3 2017/11/22 11:16:03| StoreEntry->mem_status: 0 2017/11/22 11:16:03| StoreEntry->ping_status: 2 2017/11/22 11:16:03| StoreEntr

Re: [squid-users] Lots of "error:transaction-end-before-headers" in my log

* Alex Rousskov : > On 08/09/2017 02:21 AM, Ralf Hildebrandt wrote: > > > I found that some portion is caused by "ldirectord" probing if the > > proxy service on port 8080 is still active & working. > > "active" -- maybe, but "working"

Re: [squid-users] Lots of "error:transaction-end-before-headers" in my log

eries", > but if you want to learn more about them and/or to check Squid's > classification, consider collecting a packet capture (and access-log > client ports so that it is easier to find the matching packets in the > capture). I found that some portion is caused by &q

Re: [squid-users] Upper limit on the number of regular expressions in url_regex?

e regular expressions for a list of 1+ _fixed_ URLs ? What is the alternative? -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin https://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsb

Re: [squid-users] Upper limit on the number of regular expressions in url_regex?

* Ralf Hildebrandt : > But why is it failing? I reordered the file sort -r /etc/squid5/generated-rw_urlbl.acl > /etc/squid5/generated-rw_urlbl.acl.new mv /etc/squid5/generated-rw_urlbl.acl.new /etc/squid5/generated-rw_urlbl.acl and reconfigured squid: 2017/08/08 16:27:50.463

[squid-users] Upper limit on the number of regular expressions in url_regex?

8 15:56:45.431| 28,2| RegexData.cc(125) compileRE: compiled 'http://027tzx.com/lscpv' with flags 9 ... But why is it failing? Background: === Running squid with > 1 regular expressions causes all kinds of strange behaviour - that'S why I noticed the problem in th

[squid-users] Lots of "error:transaction-end-before-headers" in my log

579 1931714 1.9% access.log-20170807 303962 7472408 4% I'm using squid-5.0.0-20170709-r15238. Is there any way of finding out what kind of queries cause this? -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin ht

Re: [squid-users] Squid-5 ETA?

* Amos Jeffries : > On 19/07/17 21:52, Ralf Hildebrandt wrote: > > Is there any ETA for squid5? > > > > If I'm optimistic and assume that development gets back into the old rythmn > we had going for most of 3.x, then sometime late 2018 or early 2019. > > Or di

[squid-users] Squid-5 ETA?

Is there any ETA for squid5? -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin https://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155

Re: [squid-users] FATAL error while using dstdomain directive

gle.com' is a subdomain of 'google.com' > 2017/06/20 15:37:37| ERROR: You need to remove '.google.com' from the ACL > named 'ban_list' It SAYS what you need to do... > erickom@proxy:/etc/squid3$ cat ban_list > google.com Remove .google.com > yout

[squid-users] Reverse DNS Lookup for client IPs

mber of reverse lookups dropped considerably. -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin https://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49

[squid-users] Tagged ACLs?

agging" rejects or logging the ACL that caused the rejection? (Using squid-5 HEAD here) -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin https://www.charite.de Hindenburgdamm 30, 12203 Berlin Ges

Re: [squid-users] URL sometimes reurns empty response

E2DB26E51E59C50B50A Ref B: AMS04EDGE0506 Ref C: Sat Apr 29 05:30:12 2017 PST Date: Tue, 02 May 2017 13:27:27 GMT Age: 1 X-Cache: HIT from proxy-cbf-1 Via: 1.1 proxy-cbf-1 (squid/5.0.0-20170429-r15127) Connection: keep-alive Länge: 0 [text/plain] -- Ralf Hildebrandt

Re: [squid-users] URL sometimes reurns empty response

* Ralf Hildebrandt : > It seems that squid is returning an incorrect Content-Lenght: header > while the revalidation is still fresh/ongoing. > > I haven't yet tried tcpdumping the response to check if the 14 bytes > do indeed contain the correct string. And voila - here w

Re: [squid-users] URL sometimes reurns empty response

n a non pipelined read: excess = 14 url = /ncsi.txt > > (zero-length body) It seems that squid is returning an incorrect Content-Lenght: header while the revalidation is still fresh/ongoing. I haven't yet tried tcpdumping the response to check if the 14 bytes do indeed contain the corr

Re: [squid-users] URL sometimes reurns empty response

* Yuri Voinov : > If you add this URL to cache deny rule - problem still exists? Using this: # START acl nocaching url_regex "^http://www\.(msftconnecttest|msftncsi)\.com" cache deny nocaching # ENDE And yes, problem still exists... -- Ralf Hildebrandt

[squid-users] URL sometimes reurns empty response

length of "Microsoft NCSI"). < Cache-Control: max-age=30,must-revalidate Immediatly after revalidating, the problem occurs. I tried this with 5.0.0-20170421-r15126 as well as 4.0.19 - same result. -- Ralf Hildebrandt Charite Universitätsmedizin Berl

Re: [squid-users] Squid 4.0.x = SNI Support

* sebastien.boulia...@cpu.ca : > Hi all, > > Anyone can confirm me if Squid 4.0.x support SNI ? SNI when doing what? ssl bump? -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin https://www.c

Re: [squid-users] squid restarts too often.

halfClosedReader != NULL" http://lists.squid-cache.org/pipermail/squid-users/2015-June/003977.html But hey, 3.5.22 is the most recent 3.5.x version. -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin http:/

Re: [squid-users] compression in Squid

* Ralf Hildebrandt : > I don't understand this feature. Why is the compressed data not simply > passed on to the client? > > > The primary use-case is for Squid installations where two proxies are > > used to reduce bandwidth over a slow or expensive link (ie satellite

Re: [squid-users] compression in Squid

or expensive link (ie satellite). So the proxies are compressing everything (between them? between proxy and internet? between client and proxy?) -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin http://www.charite

[squid-users] Ignoring DNS Lookup errors in ACLs?

og. 2016/09/19 13:00:14| storeDirWriteCleanLogs: Operation aborted. FATAL: Bungled /etc/squid3/squid.conf line 1694: acl teamviewer-allow src "/etc/squid3/teamviewer.acl" -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.de

[squid-users] TCP_TUNNEL_ABORTED/200?

HIER_DIRECT/193.9.9.153 - 41228 Wed Aug 31 10:02:22 2016 154296 10.39.80.171 TCP_TUNNEL/200 4963 CONNECT remoteapps.eortc.be:443 - HIER_DIRECT/193.9.9.153 - 41200 -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benj

  1   2   >