Re: [squid-users] Squid 3.5.21 - High CPU (100%)

On Wed, 2016-09-21 at 08:34 -0600, Alex Rousskov wrote: On 09/21/2016 07:53 AM, Jasper Van Der Westhuizen wrote: I have been having some problems with Squid using 100% CPU at times which impacts my users browsing experience. Sustained 100% CPU load at ~100/s rates with regular traffic on re

[squid-users] Clarification on icap

Hey all, So I'm going to try and get some visibility into tls traffic.  Not concerned with the sslbumping of the traffic, but what I DON'T know what to do is what to do with the traffic once it's decrypted.  This squid machine runs IDS software as well, so my hope was to have the IDS software list

Re: [squid-users] Clarification on icap

On 27/09/2016 12:41 a.m., James Lay wrote: > Hey all, > > So I'm going to try and get some visibility into tls traffic. Not > concerned with the sslbumping of the traffic, but what I DON'T know > what to do is what to do with the traffic once it's decrypted. This > squid machine runs IDS softwar

[squid-users] How to log url_rewrite_program results

Hello, I have a custom logformat and I would like to log the results of my url rewriter (urlfilterdb). I can't seem to get this to work. Can someone tell me the basics? Michael -- *Disclaimer: *Under Florida law, e-mail addresses are public records. If you do not want your e-mail address re

[squid-users] problem reload configuration with workers

Hello I'm using squid 3.5.21-20160908-r14081 and for the first time I'm using workers configuration. I have a problem: when I reload configuration (via init script) suid -k reconfigure -f /et/squid/squid. conf the system kill squid-coord and squid-disk So I have to remove pd file and lock files

Re: [squid-users] Squid 3.5.21 - High CPU (100%)

On 09/26/2016 12:59 AM, Jasper Van Der Westhuizen wrote: > On Wed, 2016-09-21 at 08:34 -0600, Alex Rousskov wrote: >> On 09/21/2016 07:53 AM, Jasper Van Der Westhuizen wrote: >>> I have been having some problems with Squid using 100% CPU at times >>> which impacts my users browsing experience. >>

Re: [squid-users] problem reload configuration with workers

On 09/26/2016 08:02 AM, ama...@tin.it wrote: > I'm using squid 3.5.21-20160908-r14081 and for the first time I'm > using workers configuration. I have a problem: > when I reload configuration (via init script) > suid -k reconfigure -f /et/squid/squid.conf I assume that by "suid" you meant "squid

Re: [squid-users] Clarification on icap

On 2016-09-26 06:50, Amos Jeffries wrote: On 27/09/2016 12:41 a.m., James Lay wrote: Hey all, So I'm going to try and get some visibility into tls traffic. Not concerned with the sslbumping of the traffic, but what I DON'T know what to do is what to do with the traffic once it's decrypted. Th

Re: [squid-users] Squid 3.5.21 - High CPU (100%)

Is there anything that you guys can suggest I do around the cache? Should I try a different store type? A different filesystem type perhaps? If your store has a configuration knob that effectively limits disk writing rate, then use it to limit that rate to avoid overflowing the queue. You can

Re: [squid-users] Clarification on icap

On 09/26/2016 05:41 AM, James Lay wrote: > So I'm going to try and get some visibility into tls traffic. Not > concerned with the sslbumping of the traffic, but what I DON'T know what > to do is what to do with the traffic once it's decrypted. This squid > machine runs IDS software as well, so my

Re: [squid-users] Squid 3.5.21 - High CPU (100%)

On 09/26/2016 08:22 AM, Jasper Van Der Westhuizen wrote: > I am > currently testing with 4 cache dirs. All aufs currently. After adding > these cache dirs, Squid started crashing every 20mins or so.. > FATAL: Received Segment Violation...dying. This is probably a Squid bug. Get a stack trace and

Re: [squid-users] Clarification on icap

On 2016-09-26 08:30, Alex Rousskov wrote: On 09/26/2016 05:41 AM, James Lay wrote: So I'm going to try and get some visibility into tls traffic. Not concerned with the sslbumping of the traffic, but what I DON'T know what to do is what to do with the traffic once it's decrypted. This squid m

Re: [squid-users] Clarification on icap

On 09/26/2016 08:43 AM, James Lay wrote: > So, from what I've read, it appears that > squid sends the data to a listening ICAP/eCAP service, which in turn the > IDS can access, depending on the IDS...is that about right? Not exactly. Yes, Squid sends the message to the adaptation service ("listen

Re: [squid-users] Clarification on icap

On 2016-09-26 08:52, Alex Rousskov wrote: On 09/26/2016 08:43 AM, James Lay wrote: So, from what I've read, it appears that squid sends the data to a listening ICAP/eCAP service, which in turn the IDS can access, depending on the IDS...is that about right? Not exactly. Yes, Squid sends the

Re: [squid-users] Squid 3.5.21 - High CPU (100%)

>FATAL: Received Segment Violation...dying. 2016/09/26 15:54:54 kid1| Closing HTTP port 0.0.0.0:8080 2016/09/26 15:54:54 kid1| storeDirWriteCleanLogs: Starting... 2016/09/26 15:54:54 kid1| 65536 entries written so far.<<<- short Int ? Makes me a bit suspicious regarding possibl

[squid-users] Question: Is it possible adaptation_service_chain from services with different access lists?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi gents. I appeal to the experts in the adaptation. For example, I have to adaptation service A, which has the access list "All". And B adaptation service that has access list, for example, "only text types". I want to chain both services in

Re: [squid-users] Squid 3.5.21 - High CPU (100%)

-- Kind Regards Jasper On 09/26/2016 08:22 AM, Jasper Van Der Westhuizen wrote: I am currently testing with 4 cache dirs. All aufs currently. After adding these cache dirs, Squid started crashing every 20mins or so.. FATAL: Received Segment Violation...dying. This is probably a Squid

Re: [squid-users] Question: Is it possible adaptation_service_chain from services with different access lists?

On 09/26/2016 09:44 AM, Yuri Voinov wrote: > I have to adaptation service A, which has the access list "All". > > And B adaptation service that has access list "only text types". > I want to chain both services in adaptation_service_chain with next logic: > In this scheme, service A must adapt

Re: [squid-users] Clarification on icap

On 09/26/2016 08:55 AM, James Lay wrote: > any recommended open source ICAP/eCAP services that squid works well with? You do not need an ICAP/eCAP service that Squid works well with. You need an ICAP/eCAP service that integrates with your IDS. All production ICAP/eCAP services are doing some speci

Re: [squid-users] Question: Is it possible adaptation_service_chain from services with different access lists?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 26.09.2016 22:25, Alex Rousskov пишет: > On 09/26/2016 09:44 AM, Yuri Voinov wrote: > >> I have to adaptation service A, which has the access list "All". >> >> And B adaptation service that has access list "only text types". > >> I want to chain

Re: [squid-users] Question: Is it possible adaptation_service_chain from services with different access lists?

On 09/26/2016 10:42 AM, Yuri Voinov wrote: > 26.09.2016 22:25, Alex Rousskov пишет: >> I assume you meant that Squid should >> not send service B non-text messages at all. > And how to do it? I gave a specific example. > To adapt the chain is only one access control list. You are approaching t

Re: [squid-users] Question: Is it possible adaptation_service_chain from services with different access lists?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 26.09.2016 23:16, Alex Rousskov пишет: > On 09/26/2016 10:42 AM, Yuri Voinov wrote: >> 26.09.2016 22:25, Alex Rousskov пишет: >>> I assume you meant that Squid should >>> not send service B non-text messages at all. > >> And how to do it? > > I g

[squid-users] New error on version 3.5.19

Hi squid community, I'm seeing a new error in my squid logs. These are iphones configured for a squid proxy. They are running IOS 10.0.2 and siri is now failing. You can see the request is allowed through, but is preceded with the error lines then siri fails. Any idea of what these errors in

Re: [squid-users] Question: Is it possible adaptation_service_chain from services with different access lists?

On 09/26/2016 11:32 AM, Yuri Voinov wrote: > 26.09.2016 23:16, Alex Rousskov пишет: >> On 09/26/2016 10:42 AM, Yuri Voinov wrote: >>> How can I make a chain of adaptation with >>> different acl's for different chained services? >> By configuring several chains and then writing adaptation_access ru

Re: [squid-users] Question: Is it possible adaptation_service_chain from services with different access lists?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 27.09.2016 0:08, Alex Rousskov пишет: > On 09/26/2016 11:32 AM, Yuri Voinov wrote: >> 26.09.2016 23:16, Alex Rousskov пишет: >>> On 09/26/2016 10:42 AM, Yuri Voinov wrote: How can I make a chain of adaptation with different acl's for dif

Re: [squid-users] Clarification on icap

On 2016-09-26 10:40, Alex Rousskov wrote: On 09/26/2016 08:55 AM, James Lay wrote: any recommended open source ICAP/eCAP services that squid works well with? You do not need an ICAP/eCAP service that Squid works well with. You need an ICAP/eCAP service that integrates with your IDS. All produc

Re: [squid-users] How to log url_rewrite_program results

On 27/09/2016 2:50 a.m., Michael Pelletier wrote: > Hello, > > I have a custom logformat and I would like to log the results of my url > rewriter (urlfilterdb). I can't seem to get this to work. Can someone tell > me the basics? The helper potocol is outlined at

Re: [squid-users] New error on version 3.5.19

On 27/09/2016 7:01 a.m., Berkes, David wrote: > Hi squid community, I'm seeing a new error in my squid logs. These > are iphones configured for a squid proxy. They are running IOS > 10.0.2 and siri is now failing. You can see the request is allowed > through, but is preceded with the error lines

Re: [squid-users] Squid 3.5.21 - High CPU (100%)

On 27/09/2016 4:23 a.m., reinerotto wrote: >> FATAL: Received Segment Violation...dying. > 2016/09/26 15:54:54 kid1| Closing HTTP port 0.0.0.0:8080 > 2016/09/26 15:54:54 kid1| storeDirWriteCleanLogs: Starting... > 2016/09/26 15:54:54 kid1| 65536 entries written so far.<<<- > short Int ?

Re: [squid-users] Squid 3.5.21 - High CPU (100%)

On 27/09/2016 3:22 a.m., Jasper Van Der Westhuizen wrote: > > Is there anything that you guys can suggest I do around the cache? > Should I try a different store type? A different filesystem type > perhaps? > > > > If your store has a configuration knob that effectively limits disk > writing

[squid-users] --enable-openssl-crtd -- not building openssl-crtd? (3.5.21)

In squid 3.5.21, I'm setting the --enable-openssl-crtd option, but it is not building ./src/sll/ssl_crtd.cc into an executable (and none is installed in /usr/lib64/squid, where everything else seems to get installed. I also note, though that the --enable-openssl-crtd option is not listed in 'conf

Re: [squid-users] How to log url_rewrite_program results

OK. I will try this. Really, All I am trying to log is the ACL that was matched and the result. Is the default in *url_rewrite_extras good enough?* On Mon, Sep 26, 2016 at 5:04 PM, Amos Jeffries wrote: > On 27/09/2016 2:50 a.m., Michael Pelletier wrote: > > Hello, > > > > I have a custom logform

Re: [squid-users] --enable-openssl-crtd -- not building openssl-crtd? (3.5.21)

On 27/09/2016 3:04 p.m., Linda A. Walsh wrote: > In squid 3.5.21, I'm setting the --enable-openssl-crtd option, but it is > not building ./src/sll/ssl_crtd.cc into an executable (and none is > installed in /usr/lib64/squid, where everything else seems to get > installed. > > I also note, though th

Re: [squid-users] How to log url_rewrite_program results

I tried %{message}note %{status}note -- and -- %note{message}note %note{status} But I do not get results... On Mon, Sep 26, 2016 at 10:59 PM, Michael Pelletier < michael.pellet...@palmbeachschools.org> wrote: > OK. I will try this. Really, All I am trying to log is the ACL that was > matched and

Re: [squid-users] --enable-openssl-crtd -- not building openssl-crtd? (3.5.21)

Amos Jeffries wrote: There is no such option. Never has been. ## ./configure --help | grep ssl --enable-ssl-crtd ... --with-openssl=PATH Compile with the OpenSSL libraries. ... Oops... Conflated the two... back to configuring... tnx, -l _

Re: [squid-users] Squid 3.5.21 - High CPU (100%)

> Is there anything that you guys can suggest I do around the cache? > Should I try a different store type? A different filesystem type > perhaps? > > > > If your store has a configuration knob that effectively limits disk > writing rate, then use it to limit that rate to avoid overflowing the >