Re: [squid-users] https_port not correctly sending ssl cert information?

That looks like it solved the issue! Switching to an openssl build fixed things. Thanks so much for the responses! On Tue, May 11, 2021, at 10:08 PM, Dan Steen wrote: > great! i'll give it a try and report back. thanks so much! > > On Tue, May 11, 2021, at 10:03 PM, squ...

Re: [squid-users] https_port not correctly sending ssl cert information?

ng --with-openssl should > resolve it. > > Amos > Dan Steen ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] https_port not correctly sending ssl cert information?

tain. > > Amos > > > Original message > From: Dan Steen > Date: Wed, 12 May 2021, 10:06 > To: squid-users@lists.squid-cache.org > Subject: [squid-users] https_port not correctly sending ssl cert information? >> Hi!, >> >> I've recently been tryin

[squid-users] https_port not correctly sending ssl cert information?

nable-ssl and -enable-ssl-crtd, and the new version only has --with-gnutls. Would that be the issue? I appreciate the help! Thanks! Dan Steen ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] [squid-announce] Squid 4.2 is available

I'd be all over any Squid 4 RPMs for EL6, for what that's worth. I had downloaded your source RPM for EL7 at one point and tried to build one for EL6. Dealing with the compiler issues was a bit beyond me though, sadly. On Tue, 14 Aug 2018 at 05:46, Eliezer Croitoru wrote: > I need to test it bu

Re: [squid-users] quiet week

Copy, Amos — receiving you loud and clear :) On Mon, 4 Jun 2018 at 15:47, Amos Jeffries wrote: > Hi anyone, > just testing to see if the list server is still operational. Things > have been suspiciously quiet this week. > > Amos > ___ > squid-users ma

[squid-users] Squid 4 EL6 RPMs

7;t get past certain unfamiliar errors. Any advice welcome! Best, Dan ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Rock store size not decreasing

Okay, cool — thanks for clarifying. Guess I'll nuke it myself and reinitialise a blank one. Best, Dan On 19 May 2017 at 23:29, Amos Jeffries wrote: > On 19/05/17 15:47, Dan Charlesworth wrote: > >> Hey all >> >> I'm fairly new to rock caching. With aufs,

[squid-users] Rock store size not decreasing

var/spool/squid/rock 10240 # du --max-depth=1 /var/spool/squid/ -h 137G /var/spool/squid/rock What am I missing? Best, Dan ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Access-Control-* headers missing when going through squid

azure Date: Thu, 20 Apr 2017 01:55:02 GMT X-Cache: MISS from 10.0.1.15 X-Cache-Lookup: MISS from 10.0.1.15:3128 Via: 1.1 10.0.1.15 (squid/3.5.25) Connection: keep-alive Best,Dan On 19 Apr 2017, at 2:41 pm, Amos Jeffries <squ...@treenet.co.nz> wrote:Squid does not touch these headers itself unless yo

[squid-users] Access-Control-* headers missing when going through squid

Hi everyone, This is a super weird one! This Pressreader site (http://sheppartonnews.pressreader.com/shepparton-news) gets a totally different (erroneous) response from the server when accessing it through squid on a particular school's network. It doesn’t happen through any other squid box on

Re: [squid-users] [squid-dev] [RFC] Changes to http_access defaults

Quoting Alex Rousskov : On 04/12/2017 12:16 PM, Amos Jeffries wrote: Changes to http_access defaults Clearly stating what you are trying to accomplish with these changes may help others evaluate your proposal. Your initial email focuses on _how_ you are going to accomplish some implied/vague

Re: [squid-users] Login/Pass from squid to Squid

l have 2500 accounts ... > I have my ACLs based off what group an individual belongs to in a LDAP tree. Perhaps something like that would be helpful in your setup. -Dan ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Introducing delay to HTTP 407 responses

I just want to throw my support behind seeking a solution to this problem. Luke’s clearly considered it in way more detail than anyone so far, myself included. The affects the squids under my purview every day. Best, Dan > On 14 Sep. 2016, at 10:18 am, squid-us...@filter.luko.org wr

Re: [squid-users] Large memory leak with ssl_peek (now partly understood)

Hey Steve, Deployed a 3.5.20 build with both of those patches and have noticed a big improvement in memory consumption of squid processes at a couple of splice-heavy sites. Thank you, sir! Dan > On 12 Aug 2016, at 7:05 PM, Steve Hill wrote: > > >>This sounds very s

Re: [squid-users] Large memory leak with ssl_peek (now partly understood)

Pretty sure this is affecting our 3.5.x systems as well — we use a very similar splicing implementation. I'll keep an eye out in hope someone adapts that patch! Dan On 12 August 2016 at 06:22, Alex Rousskov wrote: > On 08/11/2016 10:56 AM, Steve Hill wrote: > > > At ssl_bump

[squid-users] Rate limiting bad clients?

appropriate? Any advice welcome. Thanks! Dan ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Empty response from website via proxy

It looks like I'm probably going to get fobbed off by this site's administrators. "It's our load balancer" — "Simply set up a bypass" etc. Is there any straightforward way to disable the X-Forwarded-For header just for requests to this one website? What would b

Re: [squid-users] Empty response from website via proxy

That’s a super helpful analysis, thanks Amos. Now to see if I track down the site admins 🙃 > On 5 Jul 2016, at 3:04 PM, Amos Jeffries wrote: > > On 5/07/2016 4:25 p.m., Dan Charlesworth wrote: >> This website seems not send back a proper web page if the request comes via >

[squid-users] Empty response from website via proxy

This website seems not send back a proper web page if the request comes via a (squid?) proxy. http://passporttosafety.com.au/ Can anyone tell what might be going wrong here? Best, Dan ___ squid-users mailing list squid-users@lists.squid-cache.org

Re: [squid-users] How to analyse squid memory usage

or anything like that? I’ve probably overlooked the discussion on the list. > On 1 Jun 2016, at 10:26 PM, Amos Jeffries wrote: > > Hi Dan, > sorry RL getting in the way these weeks. > > Two things stand out for me. > > Its a bit odd that exteral ACL entries sho

Re: [squid-users] How to analyse squid memory usage

AM, Dan Charlesworth wrote: > > I’ve now got mgr:mem output from a leaky box for comparison but I’m having a > hard time spotting where the problem might be. > > Would anyone more experienced mind taking at these and seeing if anything > jumps out as a source of the high memo

Re: [squid-users] How to analyse squid memory usage

1KB Strings 0 0 4KB Strings 0 1 16KB Strings 0 5 Other Strings0 0 Large buffers: 0 (0 KB) Thanks! > On 11 May 2016, at 2:37 PM, Dan Charlesworth wrote: > > Thanks Amos - > > Not sure how self-explanatory the output is, though. > > I’v

Re: [squid-users] How to analyse squid memory usage

0 0 Large buffers: 0 (0 KB) > On 10 May 2016, at 6:02 PM, Amos Jeffries wrote: > > On 10/05/2016 2:35 p.m., Dan Charlesworth wrote: >> A small percentage of deployments of our squid-based product are using >> oodles of memory—there doesn’t seem to be a limit to it. >

[squid-users] How to analyse squid memory usage

A small percentage of deployments of our squid-based product are using oodles of memory—there doesn’t seem to be a limit to it. I’m wondering what the best way might be to analyse what squid is reserving it all for in the latest 3.5 release? The output of squidclient mgr:cache_mem is completely

[squid-users] Any problems with %ssl::>sni in 3.5.16?

We have an External ACL Type with %ssl::>sni and %URI We get access log lines that record the %ssl::>sni just fine, but the corresponding line sent to our external ACL is missing it. For example, from the same request; Log: 12/Apr/2016-15:42:47608 10.0.1.60 TAG_NONE 200 0 CONNECT 23.111.9.

Re: [squid-users] Bizarrely slow, timing out DNS only via Squid :D

Eliezer > > On 07/03/2016 06:50, Dan Charlesworth wrote: >> Alright, we’re getting somewhere. >> >> A plain curl is about as slow as a default squid config curl: >> >> P.S. I sent you a Skype request >> >> --- >> >> # time curl http:/

Re: [squid-users] Bizarrely slow, timing out DNS only via Squid :D

Alright, we’re getting somewhere. A plain curl is about as slow as a default squid config curl: P.S. I sent you a Skype request --- # time curl http://httpbin.org/ip { "origin": "59.167.202.249" } real0m5.513s user0m0.002s sys 0m0.001s # time curl http://httpbin.org/ip --proxy h

Re: [squid-users] Bizarrely slow, timing out DNS only via Squid :D

For what it's worth, I've now tried disabling IPv6 via sysctl and it didn't make any difference. Appreciate the advice so far. More from me tomorrow. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squ

Re: [squid-users] Bizarrely slow, timing out DNS only via Squid :D

y time: 32 msec ;; SERVER: 192.231.203.3#53(192.231.203.3) ;; WHEN: Fri Mar 4 15:23:07 2016 ;; MSG SIZE rcvd: 101 > On 4 Mar 2016, at 3:15 PM, Amos Jeffries wrote: > > On 4/03/2016 11:42 a.m., Dan Charlesworth wrote: >> Thanks for your input Eliezer. >> >> I'

Re: [squid-users] Bizarrely slow, timing out DNS only via Squid :D

er one to try is: > http://www.squid-cache.org/Doc/config/dns_v4_first/ > > try adding to the end of squid.conf > dns_v4_first on > > All The Bests, > Eliezer > > On 04/03/2016 00:42, Dan Charlesworth wrote: >> Thanks for your input Eliezer. >> >> I&

Re: [squid-users] Bizarrely slow, timing out DNS only via Squid :D

gt; ipv4 address). > > If after all the above something is weird I would suggest you for a second > to run the squid with default squid.conf(if you are using debian then you > will need to remove couple "#" for the localnet acls). > > You should know that ther

Re: [squid-users] Bizarrely slow, timing out DNS only via Squid 😖

18:07:21 2016 ;; MSG SIZE rcvd: 93 real0m0.037s user0m0.003s sys 0m0.001s > On 3 Mar 2016, at 5:44 PM, Eliezer Croitoru wrote: > > can you try the next command: > dig -x 10.100.128.1 > > Eliezer > > On 03/03/2016 08:04, Dan Charlesworth wrote

Re: [squid-users] Bizarrely slow, timing out DNS only via Squid 😖

56.awsdns-27.co.uk. 11489 IN A 205.251.198.220 ;; Query time: 21 msec ;; SERVER: 192.231.203.3#53(192.231.203.3) ;; WHEN: Thu Mar 3 17:03:04 2016 ;; MSG SIZE rcvd: 246 real0m0.026s user0m0.004s sys 0m0.001s > On 3 Mar 2016, at 4:55 PM, Eliezer Croitoru wrote: > >

[squid-users] Bizarrely slow, timing out DNS only via Squid 😖

Right now we have 1 squid box (out of a lot), running 3.5.13, which does something like this for every request, taking about 10 seconds: 2016/03/03 16:30:48.883 kid1| 78,3| dns_internal.cc(1794) idnsPTRLookup: idnsPTRLookup: buf is 43 bytes for 10.100.128.1, id = 0x733a 2016/03/03 16:30:48.883 k

Re: [squid-users] any way to get squid-4 compiled on CentOS-6?

I don’t; at least not this week. I predict a rather long list of SNIs which get spliced instead :-] > On 25 Feb 2016, at 10:27 AM, Amos Jeffries wrote: > > On 25/02/2016 12:17 p.m., Dan Charlesworth wrote: >> Thanks for the hint. >> >> I tried this, base

Re: [squid-users] any way to get squid-4 compiled on CentOS-6?

mos Jeffries wrote: > > On 24/02/2016 1:25 p.m., Dan Charlesworth wrote: >> That’s the version I’m on actually (RPM compiled by me): >> >> squid-3.5.13-1.el6.x86_64 >> openssl-1.0.1e-42.el6_7.2.x86_64 >> >> I’m not setting sslproxy_cipher in my config, so I gu

Re: [squid-users] SSL bump memory leak

I’m just catching up with this one, but we’ve observed some memory leaks on a small percentage of our boxes, which we migrated to Peek & Splice late last year. We’re on 3.5.13, about to move to 3.5.15. What’s the least disruptive way to keep this under control, if there is one? Is there anyth

Re: [squid-users] any way to get squid-4 compiled on CentOS-6?

On 24/02/2016 12:24 p.m., Dan Charlesworth wrote: >> Thanks Amos, good to know. I didn’t see your original reply for some reason; >> sorry about that. >> >> I thought I had read that these sort of errors could be avoided in Squid-4: >> Error negotiating SSL

Re: [squid-users] any way to get squid-4 compiled on CentOS-6?

now I can’t even a source for that … I need to spend some quality time with Google I think. > On 24 Feb 2016, at 5:50 AM, Amos Jeffries wrote: > > On 23/02/2016 1:05 p.m., Dan Charlesworth wrote: >> I'm bumping this question back up, because I also would like to know. >>

Re: [squid-users] any way to get squid-4 compiled on CentOS-6?

I'm bumping this question back up, because I also would like to know. We'd rather not need users of our squid-based software to need to deploy new CentOS 7 servers to run it. On 12 February 2016 at 19:59, Jason Haar wrote: > Hi there > > Given the real work on ssl-bump seems to be in squid-4,

Re: [squid-users] Delay Pools and HTTPS on Squid 3.x

It's been a while since I've looked at this—because the software we use to generate our squid.conf just works around now—but we found that Squid 3 would only enforce exactly half the configured rate on HTTP requests but enforce the full rate on HTTPS requests. So we now make two delay pools for ev

Re: [squid-users] host header forgery false positives

Did a bug end getting filed for this? I can probably provide some ALL,9 logs but I don’t understand the problem well enough to write up a decent report I don’t think. > On 12 Jan 2016, at 12:40 PM, Jason Haar wrote: > > Hi there > > I am finding squid-3.5.13 is false positive-ing on ssl-bump

Re: [squid-users] using splice just to improve TLS SNI logging

It’s been a far superior client experience to bumping on the deployments I’ve seen. Obviously MITM-ing a connection is always going to be a less amenable situation for clients; technically and ethically. The only problem I’ve had with splicing is this Host Header Forgery error squid has when it

Re: [squid-users] Host header forgery detected after upgrade from 3.5.8 to 3.5.9

They’re probably matching about 40% of the time on twitter.com, though 😒 > On 25 Nov 2015, at 11:40 AM, Dan Charlesworth wrote: > > Alright, thanks for the hint. > > My proxy and clients definitely have the same DNS server (I removed the > secondary and tertiary ones to

Re: [squid-users] Host header forgery detected after upgrade from 3.5.8 to 3.5.9

2015 12:20 p.m., Dan Charlesworth wrote: >> Thanks for the perspective on this, folks. >> >> Going back to the technical stuff—and this isn’t really a squid thing—but is >> there any way I can minimise this using my DNS server? >> >> Can I force my local DN

Re: [squid-users] Host header forgery detected after upgrade from 3.5.8 to 3.5.9

Thanks for the perspective on this, folks. Going back to the technical stuff—and this isn’t really a squid thing—but is there any way I can minimise this using my DNS server? Can I force my local DNS to only ever return 1 address from the pool on a hostname I’m having trouble with? > On 30 Oc

Re: [squid-users] Host header forgery detected after upgrade from 3.5.8 to 3.5.9

of IPs apparently at random. > On 29 Oct 2015, at 3:46 PM, Amos Jeffries wrote: > > On 29/10/2015 1:16 p.m., Dan Charlesworth wrote: >> It looks like there’s certain hosts that are designed to load balance (or >> something) between a few IPs, regardless of geograph

Re: [squid-users] Host header forgery detected after upgrade from 3.5.8 to 3.5.9

the client and the proxy are going to get the same IPs at the same time. What is one to do about that? > On 22 Oct 2015, at 10:00 PM, Yuri Voinov wrote: > > > > 22.10.15 15:58, Amos Jeffries пишет: >> On 21/10/2015 4:53 p.m., Dan Charlesworth wrote: >>> I’m get

Re: [squid-users] Host header forgery detected after upgrade from 3.5.8 to 3.5.9

PM, Amos Jeffries wrote: > > On 21/10/2015 4:53 p.m., Dan Charlesworth wrote: >> I’m getting these very frequently for api.github.com and github.com >> >> I’m using the same DNS servers as my intercepting squid 3.5.10 proxy and >> they only return the one IP when I do

Re: [squid-users] Host header forgery detected after upgrade from 3.5.8 to 3.5.9

I’m getting these very frequently for api.github.com and github.com I’m using the same DNS servers as my intercepting squid 3.5.10 proxy and they only return the one IP when I do an nslookup as well … Any updates from your end, Roel? > On 8 Oct 2015, at 8:29 PM, Eliezer Croitoru wrote: > > Si

Re: [squid-users] Safari 9 vs. SSL Bump

Amos - I’m going to assume that request was directed at Alex, as I don’t have editor access to the wiki. Let me know if not. > On 16 Oct 2015, at 4:22 PM, Amos Jeffries wrote: > > Can you please add to the Troubleshooting section at the end of >

Re: [squid-users] Safari 9 vs. SSL Bump

Jason for your help on this. 🍻 🙇 💚 > On 16 Oct 2015, at 11:55 AM, Dan Charlesworth wrote: > > Great, thanks. Don’t know why I didn’t think of it before but I’ll try > elevating it from Login -> System keychain and see what happens. > >> On 16 Oct 2015, at 11:51 AM, Jaso

Re: [squid-users] Safari 9 vs. SSL Bump

Great, thanks. Don’t know why I didn’t think of it before but I’ll try elevating it from Login -> System keychain and see what happens. > On 16 Oct 2015, at 11:51 AM, Jason Haar wrote: > > On 16/10/15 13:34, Dan Charlesworth wrote: >> Thanks! >> >> So ignori

Re: [squid-users] Safari 9 vs. SSL Bump

On 16/10/15 13:08, Dan Charlesworth wrote: >> ORLY >> >> I seem to recall this happening on 10.10 as well, but it could be an El >> Capitan thing. Do you mind reminding me of your squid config Jason? > > With my config I trying to "aggressively" figure ou

Re: [squid-users] Safari 9 vs. SSL Bump

th Elliptic Curves or pinning > > Jason > > On 15/10/15 12:19, Alex Rousskov wrote: >> On 10/14/2015 05:00 PM, Dan Charlesworth wrote: >> >>> I feel like if server-first is working there must be *some* >>> combination of peek/stare/bump that’ll work too

Re: [squid-users] Safari 9 vs. SSL Bump

use server-first if they decide to employ bumping, so if any of you smart people have any other suggestions, please send them through. Thanks > On 15 Oct 2015, at 1:34 AM, Alex Rousskov > wrote: > > On 10/13/2015 09:08 PM, Dan Charlesworth wrote: > >> But in realit

Re: [squid-users] Safari 9 vs. SSL Bump

t 2:39 PM, Dan Charlesworth wrote: > > ¯\_(ツ)_/¯ > > All I really have to go on is those errors com.apple.WebKit.Networking is > logging which apparently points to a specific thing it’s missing called > “forward transport security”. Only the peek@step1 seems to make it as far

Re: [squid-users] Safari 9 vs. SSL Bump

aar wrote: > > On 14/10/15 16:08, Dan Charlesworth wrote: >> I thought that fixed it for a second … >> >> But in reality ssl_bump peek step1 & ssl_bump bump step3 is actually >> splicing everything, it seems. >> >> Any other advice? :-) > Could thi

Re: [squid-users] Safari 9 vs. SSL Bump

I thought that fixed it for a second … But in reality ssl_bump peek step1 & ssl_bump bump step3 is actually splicing everything, it seems. Any other advice? :-) > On 14 Oct 2015, at 1:51 PM, Amos Jeffries wrote: > > On 14/10/2015 1:13 p.m., Dan Charlesworth wrote: >> T

[squid-users] Safari 9 vs. SSL Bump

Throwing this out to the list in case anyone else might be trying to get SSL Bump to work with the latest version of Safari. Every other browser on OS X (and iOS) is happy with bumping for pretty much all HTTPS sites, so long as the proxy’s CA is trusted. However Safari throws generic “secure

Re: [squid-users] Host header forgery detected after upgrade from 3.5.8 to 3.5.9

Same here—I've been meaning to ask the list about this too. I’m still on 3.5.9, by the way. > On 6 Oct 2015, at 10:55 PM, Roel van Meer wrote: > > Hi everyone, > > I have a Squid setup on a linux box with transparent interception of both > http and https traffic. Everything worked fine with S

[squid-users] External ACL format tag for origin IP?

It seems there’s no way to get the equivalent of the `dst` internal ACL into an external ACL. %DST returns the hostname from DNS not the origin IP. Am I missing something? Perhaps there's a more creative way to pass the IP to an external ACL regardless of what the hostname is? Thanks!

Re: [squid-users] 3.5.9 for Debian

On 09/25/2015 06:09 PM, Amos Jeffries wrote: > On 26/09/2015 2:26 a.m., Dan Purgert wrote: >> Quoting TarotApprentice: >> >>> Is there a chance we can get 3.5.9 into Debian please. >>> >> >> Think this is more a question for the Debian maintainers,

Re: [squid-users] 3.5.9 for Debian

Quoting TarotApprentice : Is there a chance we can get 3.5.9 into Debian please. Think this is more a question for the Debian maintainers, than the squid ones. I ended up building 3.5.8 from source because of it. TBH though, the built-from-source 3.5.8 seems to be a lot lighter running

Re: [squid-users] 3.5.8 — SSL Bump questions

Thanks for all the info here, people. This is probably because of some other dumb thing I’m doing in my ssl_bump config, but if I change ssl_bump peek step1 to ssl_bump peek all, I get this assertion failure: PeerConnector.cc:747: "!callback" > On 9 Sep 2015, at 6:59 pm, Amos Jeffries wrote:

Re: [squid-users] 3.5.8 — SSL Bump questions

10.0.1.7 TCP_TUNNEL 200 13741 CONNECT 192.30.252.126:443 api.github.com - splice - ORIGINAL_DST/192.30.252.126 - > On 8 Sep 2015, at 5:39 pm, Dan Charlesworth wrote: > > Thanks Amos. > > To clarify about the user agents: I’m talking about anything with a (logged) > SSL bump mode

Re: [squid-users] 3.5.8 — SSL Bump questions

#x27;t log a UA when an explicit CONNECT does. > On 8 Sep 2015, at 5:17 pm, Amos Jeffries wrote: > > On 8/09/2015 5:36 p.m., Dan Charlesworth wrote: >> Hello all >> >> I’ve been testing out an SSL bumping config using 3.5.8 for the last week or >> so and am

[squid-users] 3.5.8 — SSL Bump questions

Hello all I’ve been testing out an SSL bumping config using 3.5.8 for the last week or so and am scratching my head over a couple of things. First, here’s my config (shout out to James Lay): acl tcp_level at_step SslBump1 acl client_hello_peeked at_step SslBump2 acl bump_bypass_domains ssl::ser

[squid-users] Any plan for an SSL bump mode ACL?

I’m trying to figure out if there’s a way to avoid those 0 byte “peeked” requests being processed by the rest of our external ACLs etc. by allowing them early on in the transaction. Unfortunately there doesn’t seem to be a way to target just those ones with http_access—the TAG_NONE isn’t an act

Re: [squid-users] Presenting an internal virtual host externally as domain root folder

http://somesite.com' isn't just for your blog), you'll probably do better to create a subdomain (blog.somesite.com) so that you don't make a mess of things ;) Regards, Dan smime.p7s Description: S/MIME Signature ___ squid-us

Re: [squid-users] a lot of TCP_SWAPFAIL_MISS/200

it deduce[sic] a lot of hit ratio" Here's the same phrase worded the way I think that HaxkXBack /meant/ -- "Yeah Joe, I don't know why people don't give the bug higher priority as it is significantly reducing the hit ratio"

Re: [squid-users] Why is overlapping dstdomains a FATAL error now?

fired or at the very least, slapped in the back of the head. >> >> On 8/6/2015 6:44 PM, Dan Charlesworth wrote: >>> This used to just cause a WARNING right? Is this really a good enough >>> reason to stop Squid from starting up? >>> >>> 2015/08/07 09:25:43|

[squid-users] Why is overlapping dstdomains a FATAL error now?

This used to just cause a WARNING right? Is this really a good enough reason to stop Squid from starting up? 2015/08/07 09:25:43| ERROR: '.ssl.gstatic.com ' is a subdomain of '.gstatic.com ' 2015/08/07 09:25:43| ERROR: You need to remove '.ssl.gstati

Re: [squid-users] Detecting clients flooding squid with failed request

one > wrote: > > On Monday 03 August 2015 at 08:06:35 (EU time), Dan Charlesworth wrote: > >> Probably a lot of forward proxy users here have encountered applications >> which, if they can’t get their web requests through the proxy (because of >> 407 Proxy Auth

[squid-users] Detecting clients flooding squid with failed request

somehow parse some squidclient manager output and/or the access logs and “raise the alarm” in some way. Would love to hear anyone’s ideas about how the logic would work for something like this. Cheers Dan ___ squid-users mailing list squid-users

Re: [squid-users] LDAP related question.

Quoting Eliezer Croitoru : I managed to make it work! I am using ubuntu 14.04.2 with openLDAP and phpldapadmin. I have changed my server to look like yours and it still didn't work. So what I did was this: I changed the command to: /usr/lib/squid3/ext_ldap_group_acl -d -b "dc=ngtech,dc=local" -D

Re: [squid-users] LDAP related question.

Quoting Eliezer Croitoru : I wanted to test the ext_ldap_group_acl so I created a ldap domain. The command I am testing is: /usr/lib/squid3/ext_ldap_group_acl -b "DC=ngtech,DC=local" -D "CN=admin,DC=ngtech,DC=local" -w "password" -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=CN=%a,D

[squid-users] Squid 3.4.14

Hey folks Is 3.4.14 going to be a thing or should we be moving to v3.5 if we want new bug fixes? ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid youtube caching

Not to go off-topic here, but you folks are all SSL Bumping youtube.com / googlevideo.com in order to do this caching, right? Want to make sure I’m not missing some secret way to make YouTube use plain HTTP. On Fri, Jul 24, 2015 at 8:24 AM, Eliezer Croitoru wrote: > Hey Joe, > I understand

Re: [squid-users] issue with multiple outgoing addresses for same source address

On Sun, 12 Jul 2015 11:13:02 -0700, Jason Enzer wrote: > [...] > Looks like this: > > [snip] > http_access allow tasty3171 ip1 > http_access deny ip1 tasty3171 > > [snip] > http_access allow inc3172 ip2 > http_access deny *inc3172 ip2* > > [snip] > http_access allow inc3173 ip3 > http_access de

[squid-users] [SOLVED] Force LDAP groups to de-authenticate?

On Fri, 03 Jul 2015 18:08:49 +, Dan Purgert wrote: > I'm setting up a squid proxy with LDAP user/group authentication, and so > far have been able to sort out the problems I've run into with a little > help from google and caches of the various squid mailing lists. >

Re: [squid-users] Force LDAP groups to de-authenticate?

On July 4, 2015 2:57:20 AM EDT, Amos Jeffries wrote: >On 4/07/2015 6:08 a.m., Dan Purgert wrote: >> I'm setting up a squid proxy with LDAP user/group authentication, and >so >> far have been able to sort out the problems I've run into with a >little >> help

[squid-users] Force LDAP groups to de-authenticate?

I'm setting up a squid proxy with LDAP user/group authentication, and so far have been able to sort out the problems I've run into with a little help from google and caches of the various squid mailing lists. Currently, it's in a mostly working state for nearly everything (i.e. user authentica

Re: [squid-users] tos miss-mask not working at all squid 3.5.5

It's also worth pointing out that your messages are getting flagged as Spam by Gmail, which probably isn't helping visibility. On 23 June 2015 at 06:11, mohammad wrote: > why is no-one answering this ?!! > > BTW, i tried the kernel patch 2.6.35 from ZPH, it worked intermittently, > and > stopped

Re: [squid-users] Squid cache youtube and other websites

Firstly, I think the biggest roadblocks you’re going to hit with caching YouTube are: 1) It’s all encrypted now (thanks Google). Squid can’t cache what it can’t see inside an SSL tunnel. 2) They have a pretty intense CDN which you’ll need a StoreID helper to deal with. There are peop

Re: [squid-users] Individual delay pools and youtube

Thanks Amos. We're using the CONNECT ACL and everything is working as expected. On 29 April 2015 at 20:28, Amos Jeffries wrote: > On 29/04/2015 5:44 p.m., dan wrote: > > I mentioned last time that we had to x2 all our delay_parameter’s > > bytes because of a weird bug where

Re: [squid-users] Individual delay pools and youtube

I mentioned last time that we had to x2 all our delay_parameter’s bytes because of a weird bug where squid would apply it at half speed for no reason. It just occurred to me that (obviously) this is why HTTPS downloads are going too fast; because this bug must only affect HTTP traffic. So

Re: [squid-users] squid 3.5.3: squid -z => FATAL: memory_cache_shared is on, but no support for atomic operations detected

Hi Paul See Michael’s reply to my thread about the same problem, not long ago: http://squid-web-proxy-cache.1019090.n4.nabble.com/Re-assertion-failed-src-ipc-AtomicWord-h-88-Enabled-tp4670597p4670793.html On Tue, Apr 28, 2015 at 8:50 PM, Paul Martin wrote: > Hello, > I am testing squid 3.5

Re: [squid-users] Config audit for 3.5.3

This was pretty interesting and informative —despite the egregious typos 😁 — thanks Amos! On Sat, Apr 25, 2015 at 12:25 PM, Amos Jeffries wrote: > On 25/04/2015 12:50 a.m., James Lay wrote: >> Hey all. >> >> Topic says itI'm running squid-3.5.3-20150420-r13802 and wanted to >> see if there

[squid-users] Tracking user connection times

were connected to a specific site. Is this possible? Dan Berry Data Network Engineer ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Individual delay pools and youtube

Thanks Amos Sorry if that wasn’t clear, but yeah, 7 KB/s was the desired speed in that test.  I was testing against an ISO in an S3 bucket of ours. I would start the download using http:// and get 7 KB/s (great). Then cancel it and edit the URL to https:// and get ~90 KB/s. Oh, and I

Re: [squid-users] assertion failed: ../src/ipc/AtomicWord.h:88: "Enabled()"

lt-user=squid' '--with-filedescriptors=16384' '--with-maxfd=65535' '--with-dl' '--with-pthreads' '--with-included-ltdl' '--disable-arch-native' '--without-nettle' '--disable-optimizations' 'build_alias=x86

Re: [squid-users] assertion failed: ../src/ipc/AtomicWord.h:88: "Enabled()"

Bumping this because I think it might have gone into the black hole the other night. > On 23 Mar 2015, at 5:44 pm, Dan Charlesworth wrote: > > Turns out it’s also shitting the bed whenever I go to an SSL site now that > I’ve added --enable-storeio=rock: > > 2015/0

Re: [squid-users] assertion failed: client_side.cc:1515: "connIsUsable(http->getConn())

upload them to the bug. Thanks folks. On 25 March 2015 at 09:28, Dan Charlesworth wrote: > Resending this after the last attempt went into the mail server black hole: > > Hey Amos > > I decided I’m not confident enough in 3.5.HEAD, after last time, to go > back into production wi

Re: [squid-users] assertion failed: client_side.cc:1515: "connIsUsable(http->getConn())

optimisations disabled and it seems to be doing fine performance and stability-wise. I only managed to capture one crash with optimisations disabled, so far, but it seemed to have some memory-related corruption, unfortunately. Updates to come over the next few days. On 23 March 2015 at 16:59, Dan

Re: [squid-users] WARNING: 1 swapin MD5 mismatches and BUG 3279: HTTP reply without Date:

seen this issue frequently when I reduced my cache size, > from 70 GB to 30 GB now. > > Regards > > On 3/19/15, Dan Charlesworth wrote: >> Hey Eliezer >> >> I don't actually use SMP. I could be wrong about the aufs thing; I haven't >> personally

Re: [squid-users] assertion failed: client_side.cc:1515: "connIsUsable(http->getConn())

John - For us the 3.4 series is definitely the stablest. I was hoping 3.5.2 + plus a patch would avoid the error in this thread’s subject—and it might have done—but it introduced two other major problems (for us). > On 20 Mar 2015, at 2:29 pm, johnzeng wrote: > > &g

Re: [squid-users] WARNING: 1 swapin MD5 mismatches and BUG 3279: HTTP reply without Date:

Hey Eliezer I don't actually use SMP. I could be wrong about the aufs thing; I haven't personally tested—and don't currently plan to test—any other cache types. I just gleaned that from the comments in the bug reports. Kind regards Dan On 20 March 2015 at 13:45, Eliezer Croitoru

Re: [squid-users] WARNING: 1 swapin MD5 mismatches and BUG 3279: HTTP reply without Date:

logs I stop squid, remove swap.state file and run > squid3 -z, after that start squid again and the issue its gone. > Regards > On 3/19/15, Dan Charlesworth wrote: >> Hi John >> >> This bug has been affecting me on an off for a while as well. I believe it >> only af

  1   2   >