[squid-users] Frequent ANY_OLD_PARENT in access log

Hi, We have frequent ANY_OLD_PARENT in Squid 3.5.25 access log (reverse proxy mode). Most of them succeed with TCP_MISS/200, some fail with 504 or other errors, no dead parent detected in cache log. What does ANY_OLD_PARENT mean? -- Veiko ___ squid-us

Re: [squid-users] Cache digest vs ICP

Alex, thank you for your response! 2017-09-27 18:06 GMT+03:00 Alex Rousskov : > On 09/27/2017 03:46 AM, Veiko Kukk wrote: > > > Siblings are configured with no-proxy keyword to achieve that they don't > > cache what other siblings already have in their cache. > > I

[squid-users] Cache digest vs ICP

Hi, We have cluster of squids in reverse proxy mode. Each one of those is sibling to others and they all have same originservers as parents. Siblings are configured with no-proxy keyword to achieve that they don't cache what other siblings already have in their cache. This is to minimize data usag

Re: [squid-users] Never expire any object Squid configuration

On 20/04/16 13:07, Amos Jeffries wrote: On 20/04/2016 7:24 p.m., Veiko Kukk wrote: Hi, We have a Squid between our server application and openstack swift backend in accel/reverse mode with store-id configuraton (to strip temporary authentication URL-s). We want that any object that has been

[squid-users] Never expire any object Squid configuration

Hi, We have a Squid between our server application and openstack swift backend in accel/reverse mode with store-id configuraton (to strip temporary authentication URL-s). We want that any object that has been stored in squid cache is never again fetched from source and never again checked if

[squid-users] Squid 3.5.13 -k rotate does not honor store_id_children

Hi, I have squid 3.5.13 using configuration like this: # logfiles access_log /var/log/squid/${service_name}_access.log cache_log /var/log/squid/${service_name}_cache.log # do not rotate logs, let logrotate do that logfile_rotate 0 store_id_program /usr/lib64/squid/storeid_file_rewrite /var/spoo

[squid-users] Squid reverse proxy cache_peer failover

Hi, I did read documentation and googled for that, but did not find anything really useful. I'm using Squid 3.5.13 and trying to achieve that with multiple cache_peer parents, only one is used if it is available. Only when it's not available, secondary is used. Something like this in configu

[squid-users] Accessing cache_peer siblings with ssl for reverse proxy

Hi everyone, I have successfully set up reverse proxy and ICP communication between siblings. I'd like to encrypt cache sharing between siblings, but cannot figure out the optimal solution for this. I have not found from documentation, how to do ssl encryption between cache_peer hosts so that

[squid-users] Accessing cache_peer siblings with ssl for reverse proxy

Hi everyone, I have successfully set up reverse proxy and ICP communication between siblings. I'd like to encrypt cache sharing between siblings, but cannot figure out the optimal solution for this. I have not found from documentation, how to do ssl encryption between cache_peer hosts so that

Re: [squid-users] Squid 3.5.9 RPM are available

On 30/09/15 18:27, Veiko Kukk wrote: I'm sorry, should have provided operating system version with my first post. It is CentOS 6.7 with latest updates. Sure, when changing selinux to permissive mode, it works. I have not had time meanwhile to find out what are the required minimal se

Re: [squid-users] Squid 3.5.9 RPM are available

On 29/09/15 16:59, Eliezer Croitoru wrote: I am not a SELINUX expert but something might be wrong on your system settings or permissions. What OS exactly are you using? What version of CentOS? I'm sorry, should have provided operating system version with my first post. It is CentOS 6.7 with la

Re: [squid-users] Squid 3.5.9 RPM are available

On 24/09/15 03:00, Eliezer Croitoru wrote: Since it's a security release I will not write an article this time. But I am happy to release the new RPMs for squid cache 3.5.9. Since there are no new rpm-s in 3.4 branch after 3.4.10, I decided to try/upgrade to 3.5.9. Squid does not start, fails

[squid-users] Squid reverse proxy in http > https mode

Hi I'm trying to get most optimized solution for caching objects of cloud storage. The data flow I'd like to achieve is: http client squid reverse mode cache remote https storage server Common scenarios/examples of accel mode http(s) port include opposite direction of traffic encryption/

Re: [squid-users] Squid 3.4.10 and sslcrtd

On 20/05/15 14:06, Amos Jeffries wrote: Ouch, sorry. Maybe this will work: sslcrtd_children 1 startup=0 Otherwise you are left with re-building Squid. --disable-ssl-crtd would do if you never want to use the helper. Or the patch now applied on Squid-4 (

Re: [squid-users] Squid 3.4.10 and sslcrtd

On 18/05/15 15:28, Amos Jeffries wrote: Having a directive commented out means the default value for it is used. There is a default helper built by --enable-ssl-crtd that gets used unless you specify otherwise. Currently Squid is not detecting that the helper is unused, so checks for its existen

[squid-users] Squid 3.4.10 and sslcrtd

Hi I'd like to know if I understand Squid documentation properly. I have following http_port and sslbump configuration: http_port 127.0.0.1:3128 ssl-bump generate-host-certificates=off cert=/var/spool/squid/ssl_cert/squid_ca.pem ssl_bump server-first all From documentation: generate-host-cert

Re: [squid-users] Different replacement policy for different filenames

On 07/05/15 15:16, Amos Jeffries wrote: On 7/05/2015 11:16 p.m., Veiko Kukk wrote: Is it possible to sort into cache_dir's based on filename (some regex will do)? The result I'm trying to achieve is that certain files which names are known, but size varies (and overlaps with other

[squid-users] Different replacement policy for different filenames

Hi I'd like to apply different replacement policy for different filenames. I have searched through the documentation and found that replacement policy can be defined only per cache_dir[s] and squid can sort into different cache_dir's based on file size, but not based on file name. Maybe I hav

[squid-users] Determining unique clients in Squid

Hi, I have been trying to understand, how does Squid determine different clients, but it is not clear from the documentation. I guess this does not depend entirely on IP address, right? Otherwise all clients behind NAT would be considered as single client. Reason behind this is that I'd like