Re: [squid-users] SSL handshake

Hi, I don't know if my situation is like Nishant's, but today my issues have gone away without intervention on my behalf. I'm guessing the cause was on the remote server's side or some in-between SSL inspection... Thanks, Vieri ___

[squid-users] SSL handshake

t might be because of change in the remote web service. It might be that my openssl version is already too old (1.1.1g), and that the web site forces the use of an unsupported cypher? Regards, Vieri ___ squid-users mailing list squid-users@lists.squid

Re: [squid-users] kswapd0 and memory usage

out to happen. It runs something like timeout 30 squidclient mgr:info and if it actually times out then it restarts both squid and c-icap. So I'm afraid I might not get anything out of "squidclient mgr:mem", but I will run top -b -n 1 and ps waux. Thanks, Vieri __

[squid-users] kswapd0 and memory usage

,1 in my squid config file, and sifting through cache.log doesn't give me any clues. If this were to happen again (not sure when or if) what should I try to search for? Regards, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org

[squid-users] Why some traffic is TCP_DENIED

BTW this might be irrelevant but these messages seem to come up when accessing office 365 sites. Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] c-icap, clamav and squid

heck regarding this? Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid 5 service stops after assertion failure

On Sunday, January 24, 2021, 11:08:49 PM GMT+1, Alex Rousskov wrote: > Filing a bug report with Squid Bugzilla may increase chances of this problem > getting fixed. Done here: https://bugs.squid-cache.org/show_bug.cgi?id=5100 Thanks,

Re: [squid-users] Squid 5 service stops after assertion failure

neral crash. On the other hand a general failure forces me to look into this issue with greater celerity. ;-) Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Squid 5 service stops after assertion failure

ly exits. A manual restart works, but I don't know for how long. The external script "bllookup" is probably responsible for bad output, but maybe Squid could handle it without crashing. Regards, Vieri ___ squid-users mailing list squid-

Re: [squid-users] websockets through Squid

On Wednesday, November 4, 2020, 3:27:25 AM GMT+1, Alex Rousskov wrote: >   https://bugs.squid-cache.org/show_bug.cgi?id=5084 Hi, I added a comment to that bug report. I cannot reproduce the problem anymore, at least not with the latest version of Squid 5. Thanks, Vi

[squid-users] squid restart

iptors: 63959     Reserved number of file descriptors:   100     Store Disk files open:       0 I'm not sure why, but it works. Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid restart

squid restart) from > crontab, that ulimit is not honored. I guess that's the root cause of my > issue because I am asking cron to restart Squid once daily. I'll try not to, > but I was hoping to see if there was a reliable way to fully restart the > Squid process. >

[squid-users] squid restart

n to restart Squid once daily. I'll try not to, but I was hoping to see if there was a reliable way to fully restart the Squid process. Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] sslbump https intercepted or tproxy

use tproxy with https traffic? I'm asking because I don't see any issues with tproxy, with the added advantage of being able to route on the gateway per source IP addr. (in intercepted mode, the source is always Squid). Are there any reasons for which one would not use TPROX

Re: [squid-users] websockets through Squid

stination server is not the same one as in the packet trace, but that's what the client gets each time (it keeps showing '101 Switching Protocols' over and over). Please let me know if I should add something to the bug report, or if you see anything

Re: [squid-users] websockets through Squid

drive.google.com/file/d/1OrB42Cvom2PNmV-dnfLVrnMY5IhJkcpS/view?usp=sharing I see a lot of '101 Switching Protocols' and references to upgrade to websockets, but I'm not sure where it is actually failing. I don't know how to narrow this down further, but if someo

[squid-users] websockets through Squid

change the way "local" is assigned an address. Is there a way to keep "local" always the same? Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] websockets through Squid

force connections out one interface only for the Squid cache or tell Squid to only bind to one interface. It's only a wild guess though. Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] websockets through Squid

=binary&rand=1602830016480&uuidtag=5659FGE6-DF29-47A7-859A-G4D5FDC937A2&gatewayip=PUB_IPv4_ADDR_2 was interrupted while the page was loading. Thanks for all the help you can give me. Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] websockets through Squid

E/000 0 CONNECT 62.109.225.174:443 - ORIGINAL_DST/62.109.225.174 - What does NONE_NONE/000 mean? Where can I go from here? What can I try to debug this further? Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] websockets through Squid

ystem to "patch" cfgaux so I guess "econf" automatically detects something in the squid tarball that makes it patch the config.* files. Thanks for your time. Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] websockets through Squid

ade36 all's well: https://drive.google.com/file/d/1y-3wlDT_OrwSp7epvDq63xpkYv8gu9Pq/view?usp=sharing So now I'm just going to have to spot the difference. Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org htt

Re: [squid-users] websockets through Squid

Just a quick test and question. If I manually create the tests subdirs and run make then I get an error such as: /bin/sh ../../libtool  --tag=CXX   --mode=link x86_64-pc-linux-gnu-g++ -Wall -Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Woverloaded-virtual -pipe -D_REENTRANT -O2 -pipe  -

[squid-users] websockets through Squid

I'm also getting this other file that can't be copied: cp ../../src/tests/stub_debug.cc tests/stub_debug.cc cp: cannot create regular file 'tests/stub_debug.cc': No such file or directory make[3]: *** [Makefile:1490: tests/stub_debug.cc] Error 1 Tried "make" and "make -j1", but the error message

Re: [squid-users] websockets through Squid

../src/tests/stub_fd.cc tests/stub_fd.cc cp: cannot create regular file 'tests/stub_fd.cc': No such file or directory Would you like to review the full build log? Regards, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] websockets through Squid

> As a workaround, try sequential build ("make" instead of "make -j...") I removed -j, but I'm still getting a similar error: cp ../../src/tests/stub_fd.cc tests/stub_fd.cc cp: cannot create regular file 'tests/stub_fd.cc': No such file or directory make[3]: *** [Makefile:1402: tests/stub_fd.cc]

[squid-users] websockets through Squid

OK, so I'm now trying to compile Squid 5 instead of backporting to V 4, but I'm getting this silly error: cp ../../src/tests/stub_fd.cc tests/stub_fd.cc cp: cannot create regular file 'tests/stub_fd.cc': No such file or directory make[3]: *** [Makefile:1452: tests/stub_fd.cc] Error 1 I guess it

[squid-users] websockets through Squid

llow direct_dst_domains Thanks Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] websockets through Squid

Hi, Using Google Chrome instead of Firefox gives me the same result: Error during WebSocket handshake: Unexpected response code: 200 I'm not sure what to look for in cache.log. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists

[squid-users] websockets through Squid

I also tried: on_unsupported_protocol tunnel all on Squid v. 4.13. I don't see any denials in the access log. The only thing I see regarding the URL I mentioned earlier is: TCP_MISS/200 673 GET https://ed1lncb62202.webex.com/direct? - ORIGINAL_DST/62.109.225.31 text/html It is easy to reprodu

[squid-users] websockets through Squid

orted_protocol tunnel serverTalksFirstProtocol on_unsupported_protocol respond all I am obviously not using on_unsupported_protocol properly. Any suggestions? Regards, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cac

[squid-users] ACL matches when it shouldn't

lead to searching only 2 files: topdir/w/domains topdir/w/urls An example for a client requesting https://01.whatever.com/x would also lead to searching only 2 files: topdir/0/domains topdir/0/urls An example for a client requesting https://8.8.8.8/xyz would also lead to searching only 2 files: topdir/8/domains topdir/8/urls Any ideas or links to scripts that already prepare lists for this? Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] ACL matches when it shouldn't

Thank you very much. I will try to set up an external ACL so I don't have to worry about regular expressions. Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] ACL matches when it shouldn't

MG162xHfYRV9vx_47kWuXs/view?usp=sharing Squid doesn't complain about syntax errors so I'm assuming the ACL is as expected. Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] ACL matches when it shouldn't

gging  to see which record in this ACL is actually triggering the denial? I'm trying with: debug_options rotate=1 ALL,1 85,2 88,2 Then I grep the log for bad_dst_urls and DENIED, but I can't seem to find a clear match. Regards, Vieri ___ squid-

[squid-users] acl for urls without regex

\{\} Regards, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Cannot access web servers with a specific browser

an confirm that fixed the issue. Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Cannot access web servers with a specific browser

On Monday, September 14, 2020, 6:01:43 PM GMT+2, Alex Rousskov wrote: >> I get this when trying to access a web page with a specific browser (Google >> Chrome). > > What is your Squid version? Does it have a fix for GREASE support as > detailed in https://github.com/squid-cache/squid/pull/66

Re: [squid-users] Cannot access web servers with a specific browser

x27;? If I let the clients by-pass the Squid proxy and connect directly to the servers the web pages are properly accessed -- no issues. Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Cannot access web servers with a specific browser

hrome? Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid 4 and on_unsupported_protocol

On Tuesday, June 30, 2020, 1:41:57 PM GMT+2, Eliezer Croitor wrote: > ^(w[0-9]+|[a-z]+\.)?web\.whatsapp\.com$ Yes, it does. I should have seen that... Thanks for your help! Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org h

Re: [squid-users] Squid 4 and on_unsupported_protocol

x.domain.org/proxy-error/?a=%a&B=%B&e=%e&E=%E&H=%H&i=%i&M=%M&o=%o&R=%R&T=%T&U=%U&u=%u&w=%w&x=%x&acl=bad_mimetypes bad_requested_mimetypes deny_info http://fwprox.domain.org/proxy-error/?a=%a&B=%B&e=%e&E=%E&H=%H&i=%i&M=%M&

Re: [squid-users] Squid 4 and on_unsupported_protocol

not being able to connect to wss://web.whatsapp.com/ws. Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Squid 4 and on_unsupported_protocol

espond all How can I change this to allow websockets through Squid, but preferably only for a specific SRC IP addr. acl? Regards, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] reverse proxy Squid 4

):func(0):reason(0) (5/-1/0) > A packet trace of what is being attempted will be useful then. Will try to save one. Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] reverse proxy Squid 4

This is what the squid cache log reports: 2020/06/25 00:29:05.467 kid1| 83,5| NegotiationHistory.cc(81) retrieveNegotiatedInfo: SSL connection info on FD 15 SSL version NONE/0.0 negotiated cipher 2020/06/25 00:29:05.467 kid1| ERROR: negotiating TLS on FD 15: error::lib(0):func(0):reason

[squid-users] reverse proxy Squid 4

-https=on name=MyServer The NO_TLSv* options are because the backend server is an old Windows 2003 (which hasn't changed either). How can I debug this? Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cach

[squid-users] explicit proxy and iptables

e on the "first node" with the explicit Squid proxy. I presume that in this case there is NO WAY I can somehow inform the gateway on node 2 of the "real" clent IP addresses? I can imagine the answer to this silly question, but nonetheless I prefer to as

Re: [squid-users] tproxy sslbump and user authentication

che.org/SquidFaq/InterceptionProxy#Why_can.27t_I_use_authentication_together_with_interception_proxying.3F> >>> >>> Why bother with the second proxy at all? The explicit proxy has access >>> to all the details the interception one does (and more - such as >>> credentials). It should be able to do all filt

Re: [squid-users] tproxy sslbump and user authentication

do. If you have > ability to use explicit-proxy, do so. Unfortunately, some programs don't support proxies, or we simply don't care and want to force-filter traffic anyway. Vieri ___ squid-users mailing list squid-users@lists.squid-cache.o

[squid-users] tproxy sslbump and user authentication

through a tproxy ssl-bump host (Squid #2) which would basically analyze/filter traffic via ICAP. Has anyone already dealt with this problem, and how? Regards, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid

[squid-users] dynamic ACLs

eload Squid, a bit like ipsets with iptables/nftables without the need to reload rules? Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] debug a failure connection

would be more useful? Regards, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] external helper

On Thursday, March 5, 2020, 11:37:28 AM GMT+1, Amos Jeffries wrote: > > It means the 'acl' line in squid.conf did not contain any value to pass as > extra parameter(s) to that helper lookup. > > See > Thanks! _

[squid-users] external helper

this message: external_acl.cc(1085) Start: externalAclLookup: will wait for the result of 'http www.fltk.org 80 / -' in 'bllookup' (ch=0x5633eaab2118). Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] c-icap documentation getting stuck

On Sat, Dec 21, 2019 at 7:42 PM robert k Wild wrote: > > WARNING Bad configuration keyword: enable_libarchive 0 > WARNING Bad configuration keyword: banmaxsize 2M You're probably running an outdated squidclamav. ___ squid-users mailing list squid-users@

[squid-users] deny_info redirect with URL placeholder

ing protocol://" I still get the wrong result in the client browser which is literally trying to connect to https://%note{location-rewrite} (no variable expansion). Any thoughts? Vieri ___ squid-users mailing list squid-users@lists.squid-cache.or

Re: [squid-users] deny_info redirect with URL placeholder

ing like this: chomp; my $string = $_; $string =~ m/^([0-9]+)\s(\S+)$/; my ($cid, $uri_location) = ($1, $2); [...] $status = $cid." OK message=\"".$uri_location."\""; print $status."\n"; Any ideas? Vieri ___

Re: [squid-users] deny_info redirect with URL placeholder

ude line 60: deny_info 302:%note{location-rewrite} bad_Location 2019/12/09 10:17:43| Squid Cache (Version 4.9): Terminated abnormally. This is the offending configuration line: deny_info 302:%note{location-rewrite} bad_Location Is the syntax OK? Vieri ___

[squid-users] deny_info redirect with URL placeholder

Hi, Is there a way to add a URL variable name to a deny_info 302 configuration directive? Suppose I have the following: external_acl_type location_rewriter ttl=86400 negative_ttl=86400 children-max=80 children-startup=10 children-idle=3 concurrency=8 %http://lists.squid-cache.org/listinfo/squid-

Re: [squid-users] reverse proxy and HTTP redirects

ust read something about %note here: http://www.squid-cache.org/Doc/config/logformat/ However, Squid 3.x doesn't seem to accept %note{location-rewrite} as a URL placeholder for deny_info. Vieri ___ squid-users mailing list squid-users@lists.squid-cache

Re: [squid-users] reverse proxy and HTTP redirects

orry to bother you again with this, but what does "%note{location-rewrite}" mean? I'm getting this error message: FATAL: status 302 requires a URL on '302:%note{location-rewrite}' Thanks, Vieri ___ squid-users mailing list squid-use

Re: [squid-users] reverse proxy and HTTP redirects

By the way, if I were to upgrade to Squid 4, would the following do the trick? reply_header_add Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" all ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid

Re: [squid-users] reverse proxy and HTTP redirects

arting point would be: https://wiki.squid-cache.org/ConfigExamples/ContentAdaptation/eCAP http://www.e-cap.org/downloads/ If you have any more hints/suggestions/quickstarts for this particular problem with eCAP, please let me know. Thanks, Vieri ___ squid-u

Re: [squid-users] reverse proxy and HTTP redirects

I could try to use a redirector with location_rewrite_program, but this directive is not available anymore. I presume I need to use url_rewrite_program instead. I wonder if it will rewrite the "Location" header the origin server is sending to the client brows

Re: [squid-users] reverse proxy and HTTP redirects

; > Location: http://whatever.org:50443/whatever/security/afterLogin > > That is a very good sign. The server is using the Squid listening port > in its generated URLs. Yes, the port is fine. It's the protocol that's http instead of https. Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] reverse proxy and HTTP redirects

n Content-Length: 0 Date: Tue, 03 Dec 2019 13:52:25 GMT X-Cache: MISS from inf-fw2 X-Cache-Lookup: MISS from inf-fw2:50443 Via: 1.1 rev_aida (squid) Connection: keep-alive -- Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid

Re: [squid-users] reverse proxy and HTTP redirects

rewrite the redirection to something like: https://squidserver.local:50443/whatever (without vport=) Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] reverse proxy and HTTP redirects

browsing experience (connection reset). If I can't modify the server code at 10.215.248.40, is there a workaround for this? Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] (no subject)

7;s not a big deal because they are static addresses. Thanks again, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] (no subject)

On Tue, Oct 22, 2019 at 1:48 PM Amos Jeffries wrote: > > I do not see any DIVERT rule at all in your firewall config dump. That > is at least part of the problem. I opened the previous dump and saw the divert rules here below: Chain PREROUTING (policy ACCEPT 573K packets, 462M bytes) pkts bytes

Re: [squid-users] (no subject)

On Tue, Oct 22, 2019 at 1:48 PM Amos Jeffries wrote: > > On 22/10/19 11:22 pm, Vieri Di Paola wrote: > > > > I use Shorewall on this system. This program configures iptables and > > routing. > > I dumped all the network information while trying to access po

Re: [squid-users] (no subject)

ght and the issues is somewhere > between the TCP SYN send and SYN ACK returning. I suspect there must be something wrong with my routing or marking (please see dump). Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http

[squid-users] external_acl_type and ipv6

Hi, What is the advantage of using ipv6 instead of ipv4 by default for external_acl_type? http://www.squid-cache.org/Doc/config/external_acl_type/ Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid

Re: [squid-users] (no subject)

ction timeout even though I can connect without any issues with an HTTP client from the Squid machine itself. If it were a packet routing issue, wouldn't the connection time out also with this HTTP client on the server itself? Do you see anything fishy in the squid log I've pasted below? ht

[squid-users] (no subject)

e, eg. 'links http://www.linuxheadquarters.com' works fine. What should I be looking for? Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] daily releases

7;s download page are hand-picked because they are known to solve bugs, and are considered to be somewhat "stable". For instance, if I were to rsync today would I get the same code as that of the above mentioned tarball? Another simple solution would be to be able to list the fi

[squid-users] daily releases

daily". Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] installing Squid: /run dir creation

I can add the following info to my previous e-mail. Here's the configure command (the pid file name is always the same -- other options may vary according to user preferences or system deps): $ ./configure --prefix=/usr --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --mandir=/usr/share/

Re: [squid-users] installing Squid: /run dir creation

lation is trying to write to /run, or if there are other parts of the installation code that might do so too. I'll make a few tests first, but correct me if I'm wrog when I say that if one *always* passes the same PID file path to the configure script then that mkin

[squid-users] installing Squid: /run dir creation

e /run dir. Is it necessary to keep this in the Makefile? Shouldn't the /run/* files be created at runtime anyway? The /run dir is also created by the OS. Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.

Re: [squid-users] ICAP 500 is not bypassed

Alex, thanks for your time. Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] TCP out of memory

An error occured in end-of-data handler !return code : -1, req->allow204=1, req->allow206=0 Here's Squid's log: https://drive.google.com/file/d/18HmM8pOuDQmE4W_vwmSncXEeJSvgDjDo/view?usp=sharing I was hoping I could relate this to the original topic, but I'm afraid they ar

Re: [squid-users] TCP out of memory

E page. Is this expected? Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] TCP out of memory

, at least at first. I must say that it seems to be growing faster now. I had 4k two days ago, now I have: Largest file desc currently in use: 6664 Number of file desc currently in use: 6270 So it seesm that the more days go by, the faster the FD numbers rise. Vieri

Re: [squid-users] TCP out of memory

get the same partial improvement as the one I've witnessed this week. Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] TCP out of memory

ust be a c-icap service flaw). Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] TCP out of memory

n there's plenty of traffic, but I think I should see a substantial drop of open sockets when traffic is low (eg. at night). However, I don't see it. What could I try? Thank you very much for your time. Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] TCP out of memory

/drive.google.com/file/d/1I8R5sCsIGhYa69QmGrOoHVITuom4uW0k/view?usp=sharing squidclient's filedescriptors: https://drive.google.com/file/d/1o6zn-o0atqeqFGSMRhPA9r1AAFJpnpBZ/view?usp=sharing The info page: https://drive.google.com/file/d/11iWqjgdt2KK1yWPMsr5o-IyWGyKS7joc/view?usp=sharing

Re: [squid-users] TCP out of memory

#x27;t too bad in my case. Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] TCP out of memory

long"? Is there such a timeout? Is it configurable in squid.conf (only for the c-icap connection)? Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] browser acl

Hi, Which one of the two examples below is syntactically correct? acl UA browser Firefox/ acl UA browser Firefox\/ Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] TCP out of memory

number of file descriptors: 100 Store Disk files open: 0 Internal Data Structures: 1895 StoreEntries 1732 StoreEntries with MemObjects 1687 Hot Object Cache Items 1617 on-disk objects Clients are now browsing, and squid/c-icap are apparently commun

Re: [squid-users] TCP out of memory

From: Amos Jeffries > > What is your ICAP configuration in squid.conf? icap_enable on icap_send_client_ip on icap_send_client_username on icap_client_username_encode off icap_client_username_header X-Authenticated-User icap_preview_enable on icap_preview_size 10

[squid-users] TCP out of memory

but unfortunately I don't see anything (or I don't know how to interpret them correctly). Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] url_rewrite_program and ACLs

s are probably not finishing > completely. I'll have to look into this asap. Quick question: if I restart c-icap shouldn't I see a drop in open FD numbers if it were c-icap's "fault"? I restarted c-icap (stop+start), but the open FDs are the same. Thanks, Vieri ___

Re: [squid-users] block user agent

r instead of UA strings. Custom headers can easily be added in Firefox, and other browsers such as Edge also seem to support that. Anyway, I had a great time fiddling with Squid. Thank you for your assistance. Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] block user agent

&E=%5BNo%20Error%5D&H=89.16.167.134&i=10.215.144.48&M=CONNECT&o=&R=/&T=Tue,%2021%20Nov%202017%2009%3A07%3A01%20GMT&U=https%3A%2F%2F89.16.167.134%2F*&u=89.16.167.134%3A443&w=IT%40mydomain.org&x=&acl=bad_useragents X-Squid-Error: 403 Access Denied X-Cache: MISS from proxy-server1 X-Cache-Lookup: NONE from proxy-server1:3227 Connection: close -- 2017/11/21 10:07:01.090 kid1| 33,2| client_side.cc(832) swanSong: local=89.16.167.134:443 remote=10.215.144.48 flags=17 2017/11/21 10:07:01.090 kid1| 20,2| store.cc(996) checkCachable: StoreEntry::checkCachable: NO: not cachable 2017/11/21 10:07:01.090 kid1| 20,2| store.cc(996) checkCachable: StoreEntry::checkCachable: NO: not cachable Isn't the message "The request CONNECT 89.16.167.134:443 is DENIED" what I should be concentrating on? Isn't that the root cause? In another message, you mentioned that I should notice that Squid reports another ACL name (in this case, after the name change, it's "bad_replied_mimetypes"). In any case, the message "The reply for GET https://www.gentoo.org/ is ALLOWED" means that Squid should ALLOW, right? However, why do I get a 307 redirect to a deny_info page (where incidentally the URL refers to bad_useragents, not bad_replied_mimetypes)? I can't seem to clear this out and make it work without adding "http_access allow CONNECT SSL_ports" right before checking for the useragent. Help greatly appreciated. Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] url_rewrite_program and ACLs

ervice_failure_limit -1 The number of connections to this port fluctuates over time (it also decreases), but overall it clearly increases day by day. I could have an issue with either c-icap itself or one of its modules. I'll keep an eye on it. Thanks, Vieri __

Re: [squid-users] block user agent

p;R=%R&T=%T&U=%U&u=%u&w=%w&x=%x&acl=denied_extra1_domains denied_extra1_domains http_access deny denied_filetypes !allowed_domains_filetypes http_reply_access deny denied_filetypes !allowed_domains_filetypes deny_info http://proxy-server1/proxy-error/?a=%a&B=

  1   2   3   >