[squid-users] Squid File descriptors warning

Hi all, I observed the following warning at squid cache logs: WARNING! Your cache is running out of filedescriptors Googling around I tried to increase the default file descriptors of the system (I am runnign Debian9 x64 bit), by setting at /etc/sysctl.conf: fs.file-max=802762 Restarted system

Re: [squid-users] Squid File descriptors warning

On 07/08/18 19:45, Alex K wrote: > Hi all, > > I observed the following warning at squid cache logs: > > WARNING! Your cache is running out of filedescriptors > > Googling around I tried to increase the default file descriptors of the > system (I am runnign Debian9 x64 bit), by setting at /etc/s

Re: [squid-users] Squid File descriptors warning

I do know there is/was a bug the systemd isnt picking up the filedescriptors with systemd, you might have hit it. Im suspecting your start script is a sysv script invoked by systemd.   Try to set the limits within the start script (sysv) so the correct users ( running squid ) gets the filedescr

Re: [squid-users] Squid File descriptors warning

On 07/08/18 20:44, L.P.H. van Belle wrote: > I do know there is/was a bug the systemd isnt picking up the > filedescriptors with systemd, you might have hit it. > Im suspecting your start script is a sysv script invoked by systemd. >   squid-3.5 builds are using sysV init.d scripts. Amos

Re: [squid-users] Squid File descriptors warning

On Tue, Aug 7, 2018 at 11:26 AM, Amos Jeffries wrote: > On 07/08/18 19:45, Alex K wrote: > > Hi all, > > > > I observed the following warning at squid cache logs: > > > > WARNING! Your cache is running out of filedescriptors > > > > Googling around I tried to increase the default file descriptors

Re: [squid-users] Squid File descriptors warning

Hai Amos, Yes, true, but if systemd-sysv is installed, and it probley is, you might hit this bug. Systemd is calling the sysv script. I tried to find it, the bug report but ive to much things here trown at my head atm, sorry. My production squid = 3.5.27 and no problems. ( also rebuilded f

[squid-users] Squid returns NONE_ABORTED/000 and high response time but the internet access itself looks okay

Hi, I am WCCPv2 for redirecting traffic to Squid. Intermittently I see these messages in access.log and the internet for clients goes away. 1533612202.312 79102 NONE_ABORTED/000 0 CONNECT 198.22.156.64:443 - HIER_NONE/- - 1533612202.312 82632 NONE_ABORTED/000 0 CONNECT 173.194.142.186:443 -

Re: [squid-users] Squid returns NONE_ABORTED/000 and high response time but the internet access itself looks okay

On 07/08/18 21:55, Ahmad, Sarfaraz wrote: > Hi, > >   > > I am WCCPv2 for redirecting traffic to Squid. > Squid version? > Intermittently I see these messages in access.log and the internet for > clients goes away. > >   > > 1533612202.312  79102 NONE_ABORTED/000 0 CONNECT 198.22.156.64:443

[squid-users] Reverse proxy and TUNNEL to same cache peer

Hi, We have our company proxy and this is how the topology is expected to look like for the deployment: Client ---squid-host.com---company-proxyInternet Now I need to allow reverse proxy(3128) for some request from the client and tunnel (3129)

Re: [squid-users] 4.1 exception PageStack.cc(106)

On 07/08/18 04:53, Heiler Bemerguy wrote: > Em 06/08/2018 13:39, Amos Jeffries escreveu: >> >>> workers 5 >>> cache_mem 5500 MB >>> cache_dir rock /cache2 13 min-size=1 max-size=196608 >>> cache_dir rock /cache3 13 min-size=196609 max-size=624288 >>> cache_dir rock /cache4 13 min-size=6

Re: [squid-users] Squid returns NONE_ABORTED/000 and high response time but the internet access itself looks okay

I cannot reproduce this. This is intermittent. In Chrome's dev tools, it appeared to take over 20 secs to setup the TCP connection. I am SSL bumping all TLS connections unless they match certain ACLs. So it is safe to assume that the vast majority of the traffic was bumped. I don't see any TLS

Re: [squid-users] Squid returns NONE_ABORTED/000 and high response time but the internet access itself looks okay

Hi, most times we encountered this error message it had something to do with IPv4 DNS queries being answered too slowly or not at all (as in: only -records in the reply). If this occurring with some sites only, that could be the case. You could verify this by sniffing your DNS queries from

Re: [squid-users] Delay pools in squid4 not working with https

Hi, Yesterday i have compiled squid 4.2. When site is spliced delay_pools still does not working. Any news? > -Mensaje original- > De: squid-users En nombre de > Eliezer Croitoru > Enviado el: miércoles, 18 de julio de 2018 13:47 > Para: squid-users@lists.squid-cache.org > Asunto: Re:

Re: [squid-users] Squid returns NONE_ABORTED/000 and high response time but the internet access itself looks okay

On 08/08/18 02:14, Ahmad, Sarfaraz wrote: > I cannot reproduce this. This is intermittent. In Chrome's dev > tools, it appeared to take over 20 secs to setup the TCP connection. > I am SSL bumping all TLS connections unless they match certain ACLs. > So it is safe to assume that the vast majority

Re: [squid-users] Reverse proxy and TUNNEL to same cache peer

On 08/08/18 01:04, Hariharan Sethuraman wrote: > Hi, > > We have our company proxy and this is how the topology is expected to > look like for the deployment: > > Client > ---squid-host.com---company-proxyInternet > > Now I need to allow revers

Re: [squid-users] Reverse proxy and TUNNEL to same cache peer

Thanks Amos: yes agree that I should have told forward proxy. When I remove the originserver option from cache_peer, the forward proxy is working so which means the rewriter is not precluding from happening. Does that give any clue to us? Moreover the reverse proxy is in next hop to the client an

Re: [squid-users] Delay pools in squid4 not working with https

On 08/07/2018 09:20 AM, Julian Perconti wrote: > Yesterday i have compiled squid 4.2. > > When site is spliced delay_pools still does not working. > > Any news? The latest information and suggestions I have is at http://lists.squid-cache.org/pipermail/squid-users/2018-July/018636.html Alex.

Re: [squid-users] Reverse proxy and TUNNEL to same cache peer

On 08/08/18 04:01, Hariharan Sethuraman wrote: > Thanks Amos: yes agree that I should have told forward proxy. > > When I remove the originserver option from cache_peer, the forward proxy > is working so which means the rewriter is not precluding from happening. > Does that give any clue to us?  >

Re: [squid-users] 4.1 exception PageStack.cc(106)

On 08/07/2018 08:01 AM, Amos Jeffries wrote: > On 07/08/18 04:53, Heiler Bemerguy wrote: >> Em 06/08/2018 13:39, Amos Jeffries escreveu: cache_mem 5500 MB cache_dir rock /cache2 13 min-size=1 max-size=196608 cache_dir rock /cache3 13 min-size=196609 max-size=624288 cache

[squid-users] Squid and ICMP

Hi all, I have a box with fairly restrictive firewall. I see that the box blocks connections of squid to the requested sites when squid tries to reach/send ICMP to them: 2018/08/07 16:51:57| Error sending to ICMP packet to 213.133.127.247. ERR: (1) Operation not permitted 2018/08/07 16:51:59| Err

[squid-users] ntml auth

#Hello community, I am trying to connect my squid to my AD using ntml (i can't use Kerberos). The problem is that I have not found a way to make the groups I have in the AD look in the squid. #this is my current config using ldap using basic auth auth_param basic program / usr / lib / squid /

Re: [squid-users] 4.1 exception PageStack.cc(106)

On 08/08/18 04:30, Alex Rousskov wrote: > On 08/07/2018 08:01 AM, Amos Jeffries wrote: >> On 07/08/18 04:53, Heiler Bemerguy wrote: >>> Em 06/08/2018 13:39, Amos Jeffries escreveu: > cache_mem 5500 MB > cache_dir rock /cache2 13 min-size=1 max-size=196608 > cache_dir rock /cache3 13

Re: [squid-users] Squid returns NONE_ABORTED/000 and high response time but the internet access itself looks okay

>> Your guess is wrong. The TCP level setup is only between Squid and the >> client. It has to have completed before the TLS stuff can begin. So when does Squid start setting up the TCP connection with the origin server ? After setting up a TCP connection with client and identifying it to be TLS

Re: [squid-users] Squid returns NONE_ABORTED/000 and high response time but the internet access itself looks okay

On 08/08/18 05:15, Ahmad, Sarfaraz wrote: >>> Your guess is wrong. The TCP level setup is only between Squid and the >>> client. It has to have completed before the TLS stuff can begin. > So when does Squid start setting up the TCP connection with the origin server > ? After setting up a TCP conn

Re: [squid-users] 4.1 exception PageStack.cc(106)

Em 07/08/2018 11:01, Amos Jeffries escreveu: On 07/08/18 04:53, Heiler Bemerguy wrote: Em 06/08/2018 13:39, Amos Jeffries escreveu: workers 5 cache_mem 5500 MB cache_dir rock /cache2 13 min-size=1 max-size=196608 cache_dir rock /cache3 13 min-size=196609 max-size=624288 cache_dir rock /

Re: [squid-users] 4.1 exception PageStack.cc(106)

On 08/07/2018 11:04 AM, Amos Jeffries wrote: > Do you have any idea then why the cunt of used slots should be over > 2^32? I suspect this is a Squid bug. We have seen the same symptoms while working on not-directly-related bug 4823. I do not know whether OP suffers from the same underlying proble

Re: [squid-users] want to ask about DNS resolution in firefox as an example

You probably also want to check for WebRTC leak: https://www.expressvpn.com/webrtc-leak-test -- Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html ___ squid-users ma

Re: [squid-users] ntml auth

On 08/08/18 04:59, Alex Gutiérrez Martínez wrote: > #Hello community, I am trying to connect my squid to my AD using ntml (i > can't use Kerberos). Why not? > The problem is that I have not found a way to make > the groups I have in the AD look in the squid. > > #this is my current config using

Re: [squid-users] 4.1 exception PageStack.cc(106)

Em 07/08/2018 14:55, Alex Rousskov escreveu: On 08/07/2018 11:04 AM, Amos Jeffries wrote: Do you have any idea then why the cunt of used slots should be over 2^32? I suspect this is a Squid bug. We have seen the same symptoms while working on no

Re: [squid-users] Squid and ICMP

On 08/08/18 04:56, Alex K wrote: > Hi all, > > I have a box with fairly restrictive firewall. > I see that the box blocks connections of squid to the requested sites > when squid tries to reach/send ICMP to them: > > 2018/08/07 16:51:57| Error sending to ICMP packet to 213.133.127.247. > ERR: (1)

Re: [squid-users] Squid and ICMP

Thanx Amos, It is clear. Alex On Tue, Aug 7, 2018 at 9:20 PM, Amos Jeffries wrote: > On 08/08/18 04:56, Alex K wrote: > > Hi all, > > > > I have a box with fairly restrictive firewall. > > I see that the box blocks connections of squid to the requested sites > > when squid tries to reach/send

Re: [squid-users] Reverse proxy and TUNNEL to same cache peer

Yes correct, the parent Proxy is a forward, but the squid will have to do both from client aspect. Can I run two instances of squid - forward and reverse separately considering my configuration is good enough? On Tue, 7 Aug 2018, 22:00 Amos Jeffries, wrote: > On 08/08/18 04:01, Hariharan Sethur

Re: [squid-users] want to ask about DNS resolution in firefox as an example

On 06/08/18 21:39, Antony Stone wrote: On Monday 06 August 2018 at 13:32:32, --Ahmad-- wrote: what could be the reason ? Cookies on your computer, javascript in web pages, browser language preferences, locally cached content... I'm sure I haven't thought of everything. Some sites check for the

Re: [squid-users] Reverse proxy and TUNNEL to same cache peer

> The traffic types have different syntax. It is possible to have a parent > proxy which receives both, but that has to be different ports and > different cache_peer links between them. As I said in same cache_peer (without changing the parent proxy port), both forward (removed originserver option

Re: [squid-users] Reverse proxy and TUNNEL to same cache peer

I think giving name helped to fwd/reverse to same parent proxy port: cache_peer parent-proxy.domain.com parent 80 0 no-query no-digest login=PASS originserver name=reverseproxy cache_peer parent-proxy.domain.com parent 80 0 no-query no-digest login=PASS name=forwardproxy On Wed, Aug