Re: [squid-users] Huge memory required for squid 3.5

26.04.2017 21:47, Amos Jeffries пишет: > On 27/04/17 03:35, Yuri Voinov wrote: >> Amos, stupid question. >> >> Why sessions can't share CA's data cached in memory? shared_ptr invented >> already. >> >> This is openssl issue or squid's? > &

Re: [squid-users] ssl bump and chrome 58

r-first > all" should work. > > William Lima > > - Original Message - > From: "Flashdown" > To: "Yuri Voinov" > Cc: squid-users@lists.squid-cache.org > Sent: Thursday, April 27, 2017 1:41:48 PM > Subject: Re: [squid-users] ssl bump and

Re: [squid-users] 3.5.25: (71) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

This one? http://i.imgur.com/kI9SxiN.png It's works under bump. 27.04.2017 22:47, David Touzeau пишет: > Hi, > I'm unable to access to https://www.boutique.afnor.org website. > I would like to know if this issue cannot be fixed and must deny bump > website to fix it. > Without Squid the website

Re: [squid-users] 3.5.25: (71) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

Look. It can be intermediate certificates issue. Does Squid have Symantec intermediate certificates? 27.04.2017 22:47, David Touzeau пишет: > Hi, > I'm unable to access to https://www.boutique.afnor.org website. > I would like to know if this issue cannot be fixed and must deny bump > website to

Re: [squid-users] 3.5.25: (71) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

er. This is completely disable ANY security checks for certificates, which leads to giant vulnerability to your users. ssl_proxy_cert_error should be restricted by very specific ACL(s) in your config only for number of sites you trust. 28.04.2017 2:27, David Touzeau пишет: > Hi yuri > >

Re: [squid-users] 3.5.25: (71) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

Be careful with intermediate CA's you grabbed. Check they validity, fingerprints and attributes. Proxying SSL requires much more work with Squid. 28.04.2017 3:12, David Touzeau пишет: > Thanks Yuri > > ! but i have still have the error " Error negotiating SSL on FD 13: >

Re: [squid-users] concurrency with ecap

Alex, is it possible to get comprehensive example? Adapter sample is non-obvious, not complete (non-obvious where to put mutex locking) and contains C-style rudiments (like external call, pthread.h etc.). I think, this will be actual in 2017, with CMT world around. WBR, Yuri. 28.04.2017 3:29

Re: [squid-users] 3.5.25: (71) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

BUT the overall site SSL rating is so bad.. > > Raf > > -Original Message- > From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On > Behalf Of David Touzeau > Sent: Friday, April 28, 2017 10:14 AM > To: 'Yuri Voinov'; squid-users@lists.

Re: [squid-users] squid 4.0.19 bin question

30.04.2017 11:59, snable snable пишет: > hallo, > > I see the the following works for my site > > ssl_bump server-first mysite_acl > > whether > ssl_bump bump mysite_acl > gives me a corrupted site. Details. "Corrupted site" is about nothing. > > any idea? i see that server-first shouldnt be us

Re: [squid-users] squid 4.0.19 error with certificates

Check this. It seems this is the issue: http://bugs.squid-cache.org/show_bug.cgi?id=4711 30.04.2017 12:02, snable snable пишет: > hello > > i am using squid on a external box. > i forward all traffic from my openwrt router to it > htto works fine > https with youtube app doesnt work > i get: > >

Re: [squid-users] URL sometimes reurns empty response

If you add this URL to cache deny rule - problem still exists? 02.05.2017 17:59, Ralf Hildebrandt пишет: > In some cases, our proxies (got 4 of them) return a empty result when > querying "http://www.msftconnecttest.com/ncsi.txt"; (whcih is used by > Microsoft Brwosers to check if they're online)

Re: [squid-users] URL sometimes reurns empty response

Hm. See no issue from my side: root @ khorne /patch # wget -S http://www.msftconnecttest.com/ncsi.txt --2017-05-02 19:16:11-- http://www.msftconnecttest.com/ncsi.txt Connecting to 127.0.0.1:3128... connected. Proxy request sent, awaiting response... HTTP/1.1 200 OK Cache-Control: max-age=

Re: [squid-users] Huge memory required for squid 3.5

You sure? http://wiki.squid-cache.org/SquidFaq/SquidMemory 03.05.2017 21:44, Nil Nik пишет: > > Hi, > > > Its not disk cache, its due to in memory SSL context. > > > Nil > > > *From:* squid-users on > behalf of Yuri > *Sent:* Wednesday, May 3, 2017 1

Re: [squid-users] Squid Cache to Users at Full Bandwidth

http://wiki.squid-cache.org/ 05.05.2017 21:18, christian brendan пишет: > Squid Version 3.5.20 > Cento 7 > Mikrotik RouterBoard v 6.39.1 > Users IP: 192.168.1.0/24 > Squid ip: 192.168.2.1 > > Traffic to squid is routed > > i would like users to have full LAN bandwidth acce

Re: [squid-users] 'Intercept' option on Windows

If this has not been done yet, it is impossible or not necessary. PS. You always can setup VirtualBox (www.virtualbox.org) on your Windows box, set up Linux/*BSD/Solaris inside and make all you want in guest OS. 07.05.2017 3:08, Tobias Tromm пишет: > > Hi Guys, > > > I am using squid on Windows (

Re: [squid-users] 'Intercept' option on Windows

He is talking about NAT *.h files on Windows. This is exactly required. 07.05.2017 22:05, Tobias Tromm пишет: > > I don't know what exactly you need to make it work. > > > I found these APIs > (https://msdn.microsoft.com/pt-br/library/windows/desktop/aa366278.aspx > , > https://msdn.microsoft.com

Re: [squid-users] Rock Store max object size 3.5.14

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Agreed. High-load big enough caches must utilize _an adequate_ hardware configuration with enough capacity to meet you expectations. And, of course, cache software configuration must fit this hardware, to maximize approaches. 24.02.16 1:55, Amos

Re: [squid-users] Squid 3.5.12

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 This is not about compilation options. This about configuration, man. 24.02.16 2:10, Nando Mendonca пишет: > Hi All, > > I had Squid 3.5.12 running with ldap authentication on port 389 great. I now need to run squid on port 636. With my same con

Re: [squid-users] Rock Store max object size 3.5.14

load. Really high load starting with 15-30k users. ;) 24.02.16 2:04, Yuri Voinov пишет: > > Agreed. > > High-load big enough caches must utilize _an adequate_ hardware > configuration with enough capacity to meet you expectations. > > And, of course, cache software configuration m

Re: [squid-users] [squid 3.5.5] security Update Advisory SQUID-2016:2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Squid's upgrade is the best solution. 24.02.16 22:13, Paul Martin пишет: > Hello, > > I have squid 3.5.5, I see Security Update Advisory SQUID-2016:2: > You suggest 2 solutions on http://www.squid-cache.org/Advisories/SQUID-2016_2.txt > -- > 1)_a

Re: [squid-users] Rock Store max object size 3.5.14

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 24.02.16 3:38, Heiler Bemerguy пишет: > > > 23/02/2016 16:40, Yuri Voinov wrote: >> >> When you CPU's/cores waiting for HDD access, they got high-loag. >> > > Are you sure it would show up as "User&q

Re: [squid-users] Clarification of what I should be seeing in the log files.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 This entries is a sign of normal https tunneling phase. You simple don't know how HTTPS works. :) 24.02.16 21:32, Bruce Markey пишет: > I can't seem to find a straight answer for this. > > I'm running squid 3.4.8. Compiled from source. > > I'ts t

Re: [squid-users] Optimizing squid

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 AFAIK, if you solve issue with cache_mem 10 GB and completely disabled disk cache, then you had disk IO bottleneck exactly. You completely disable disk caches. So, all obvious now. But - what you will do after squid restart? :) A deadl

Re: [squid-users] Optimizing squid

actually it's waiting for a I/O.. ? I told you. Use more appropriate tool than top itself to investigate bottleneck. You can't see it directly. > > Best Regards > > -- > Heiler Bemerguy - (91) 98151-4894 > Assessor Técnico - CINBESA (91) 3184-1751 > > Em 24/02/20

Re: [squid-users] Optimizing squid

essor Técnico - CINBESA (91) 3184-1751 > > Em 24/02/2016 17:13, Yuri Voinov escreveu: > AFAIK, if you solve issue with cache_mem 10 GB and completely disabled > disk cache, then you had disk IO bottleneck exactly. You completely > disable disk caches. So, all obvious now. > >

Re: [squid-users] Optimizing squid

I didn't receive any of these errors... > Maybe the non-rounded "4097" value is causing an issue? > > Best Regards, > > -- > Heiler Bemerguy - (91) 98151-4894 > Assessor Técnico - CINBESA (91) 3184-1751 > > > Em 25/02/2016 14:18, Amos Jeffries escreveu

Re: [squid-users] Optimizing squid

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hm. What array does itself this time? 26.02.16 0:44, Heiler Bemerguy пишет: > > Since it started with both cache_dirs... > > > Em 25/02/2016 15:32, Yuri Voinov escreveu: >> > Don't think so. > > This messages

Re: [squid-users] Optimizing squid

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Eh. Looks like bug. 26.02.16 2:19, Heiler Bemerguy пишет: > > > Em 25/02/2016 16:29, Alex Rousskov escreveu: >>> Then: >>> /2016/02/25 13:42:19 kid1| WARNING: swapfile header inconsistent with >>> available data >> I do not know what causes these

Re: [squid-users] Squid as simple web cache manager

You simple enough use wget -r to this purpose. Squid is not web-mirroring tool. 26.02.16 16:34, Pol пишет: I would like to install squid in my opensuse 42.1 running on my laptop, just to be able to browse web pages when offline. Should i start a squid server? Any plain imstruction? thank you

Re: [squid-users] Is jesred still compatible with squid 4.x?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 http://wiki.squid-cache.org/Features/Redirectors 26.02.16 21:20, Karl-Philipp Richter пишет: > Hi, > I noticed that `jesred` when used as `url_rewrite_program` program of > `squid` 4.0.4 with `jesred.rules` > > regex ^http://(de.archive.ubuntu

Re: [squid-users] Is jesred still compatible with squid 4.x?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 # TAG: url_rewrite_program #Specify the location of the executable URL rewriter to use. #Since they can perform almost any function there isn't one included. # #For each requested URL, the rewriter will receive on line with the format

Re: [squid-users] Ignore "pragma:no-cache /cache-control:no-cache" header in HTTP request< config help>

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 request_header_accesss cache-control deny all and acl specified_clients src 192.168.100.1 192.168.100.2 request_header_accesss cache-control deny specified_clients and, finally, http://wiki.squid-cache.org/ feel free to read fine manuals first

Re: [squid-users] Squid ssl bump with upstream proxy

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 You need just to install into your downstream proxy CA's from your upstream proxy. :) 28.02.16 1:20, Baselsayeh пишет: > Hello > Im trying to get ssl bump to work with an upstream proxy > The problem is that the upstram proxy only supports CONNECT

Re: [squid-users] A squid current version status JSON feed.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Wow, this is only for major releases? Does this can work with nightly build? And, of course, generate download URL to make systems auto-updates via cron, for example? ;) 28.02.16 1:58, Eliezer Croitoru пишет: > I have built a JSON feed that disp

Re: [squid-users] A squid current version status JSON feed.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I have an automated build script for squid (written in shell ;)), it accepts URL/archive name (squid*.tar.gz) to build squid on my platform, re-build SSL db, set it up, set correct permissions and re-start SMF service ;) Just need download URL ;)

Re: [squid-users] A squid current version status JSON feed.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 You come in the morning - and Freshly squid dirtied dumps the system partition and lying in maintenanse :) 28.02.16 1:58, Eliezer Croitoru пишет: > I have built a JSON feed that displays the latest squid version per branch > from old to new at th

Re: [squid-users] Squid ssl bump with upstream proxy

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Aha, I'm stupid. Squid can't re-crypted peer connections. You need to splice peered URL's before tunnel it into your peer. 28.02.16 2:07, Baselsayeh пишет: > No > What I need i need is > Get ssl info from browser - squid - upstream proxy - inter

Re: [squid-users] A squid current version status JSON feed.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Eliezer, you don't believe ; Korn and sometimes perl :) This was a joke, there is simple thing to parse release page and extract fresh nightly build ;) 28.02.16 2:41, Eliezer Croitoru пишет: > Hey Yuri, > >

Re: [squid-users] A squid current version status JSON feed.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 28.02.16 3:39, Amos Jeffries пишет: > On 28/02/2016 9:00 a.m., Yuri Voinov wrote: >> >> Wow, this is only for major releases? >> > > Yes. > >> Does this can work with nightly build? >> > > No.

Re: [squid-users] Squid proxy return gzip responses when I don't include Accept-Encoding

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 This: http://wiki.squid-cache.org/ConfigExamples/ContentAdaptation/eCAP#Using_eCAP_for_GZip_support_with_Squid_3.x.2F4.x can't help you? 29.02.16 21:25, Bermejo Gil, Alberto (EXT - ES) пишет: > There are something that can I do in the server sid

Re: [squid-users] Survey on assertions: When the impossible happens

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 29.02.16 23:22, Marcus Kool пишет: > >> * Choices. >> >> Overall, there are three options for handling an impossible situation: >> >> 1. Quit Squid process. This is what Squid does today in most cases. >> When the impossible happens, you get

Re: [squid-users] Survey on assertions: When the impossible happens

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 01.03.16 23:37, Alex Rousskov пишет: > On 03/01/2016 03:55 AM, Eray Aslan wrote: >> On Mon, Feb 29, 2016 at 09:43:09AM -0700, Alex Rousskov wrote: >>> Q2: Your Squid is asserting every 5 minutes. There is no [working] Squid >>> version you can sw

Re: [squid-users] Redirector stops https working

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Details. Squid's version. Config. Redirector you using. It's config. Thelepaty on vacations. 02.03.16 0:10, Spencer French пишет: > Hi, > > I've been working on a redirector written in go that queries a database then either returns a block messa

Re: [squid-users] Redirector stops https working

tible redirector, co-working with squid. If I understand you task correctly. 02.03.16 0:39, Spencer French пишет: > Sure, > > squid version 3.5.13 > squid.conf: http://pastebin.com/48eLeWvS > redirector: http://pastebin.com/RCDji3d0 > > On 1 March 2016 at 18:26, Yuri Voino

Re: [squid-users] Youtube wont work on squid

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Show your logs. And more details. 02.03.16 1:19, Baselsayeh пишет: > Hello, > for some reason youtube app in android wont work > here is my config: > > even if > > ssl_bump stare all > #ssl_bump peek all > ssl_bump bump all > #ssl_bump allow all >

Re: [squid-users] Youtube wont work on squid

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Yes. Also squid.conf without comments and blank lines and details about your setup. Where? 02.03.16 1:26, Baselsayeh пишет: > Yuri Voinov wrote > Show your logs. And more details. > > 02.03.16 1:19, Baselsayeh пишет: > >>&g

Re: [squid-users] Youtube wont work on squid

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Man. You give no useful info. Telepathy on vacation. 1. access.log fragment with YT URL's 2. cache.log fragment with the same time 3. squid.conf 4. Details about your setup. Without this info there is nothing to discuss. 02.03.16 1:33, Baselsa

Re: [squid-users] Youtube wont work on squid

173.194.112.73:443 - ORIGINAL_DST/173.194.112.73 - means that bump is not occur due to your squid misconfiguration. 02.03.16 1:44, Baselsayeh пишет: > Yuri Voinov wrote > Man. > > You give no useful info. > > Telepathy on vacation. > > 1. access.log fragment with

Re: [squid-users] Youtube wont work on squid

? 02.03.16 1:44, Baselsayeh пишет: > Yuri Voinov wrote > Man. > > You give no useful info. > > Telepathy on vacation. > > 1. access.log fragment with YT URL's > 2. cache.log fragment with the same time > 3. squid.conf > 4. Details about your setup. > > W

Re: [squid-users] Youtube wont work on squid

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Seems to some else misconfiguration in peek-n-splice section. Where is your at_step peek definition? 02.03.16 2:08, Baselsayeh пишет: > Yuri Voinov wrote >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA256 >> >> Aha

Re: [squid-users] Youtube wont work on squid

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Did you read http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit this first? Look once more to examples. 02.03.16 2:15, Baselsayeh пишет: > Yuri Voinov wrote > Seems to some else misconfiguration in peek-n-splice s

Re: [squid-users] Youtube wont work on squid

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Also I don't see your squid's CA bundle/directory settings. Squid can not see your openssl CA bundle. 02.03.16 2:15, Baselsayeh пишет: > Yuri Voinov wrote > Seems to some else misconfiguration in peek-n-splice section. > >

Re: [squid-users] Youtube wont work on squid

02.03.16 2:34, Baselsayeh пишет: Yuri Voinov wrote -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Did you read http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit this first? Look once more to examples. 02.03.16 2:15, Baselsayeh пишет: Yuri Voinov wrote Seems to

Re: [squid-users] squid with sslbump blocking Netflix

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Nobody can fight SSL pinning in proprietary apps. The only way I see is to put Netflex under splice ACL and do not do SSL bump for all Netflex CDN. 02.03.16 22:29, bma пишет: > I have installed squid 3.15 on ubuntu 15.10 server. squid was setup w

Re: [squid-users] squid with sslbump blocking Netflix

; Eliezer > > On 02/03/2016 21:09, Yuri Voinov wrote: >> Nobody can fight SSL pinning in proprietary apps. >> >> The only way I see is to put Netflex under splice ACL and do not do SSL >> bump for all Netflex CDN. > > ___

Re: [squid-users] squid with sslbump blocking Netflix

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 and, excluding pinning, all of this is not technical problems.. :) 03.03.16 1:51, Matus UHLAR - fantomas пишет: >> On 02/03/2016 21:09, Yuri Voinov wrote: >>> Nobody can fight SSL pinning in proprietary apps. >>>

Re: [squid-users] squid with sslbump blocking Netflix

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 With peek and splice feature. http://wiki.squid-cache.org/Features/SslPeekAndSplice 03.03.16 2:45, Bmahak2005 пишет: > Thanks for the hint. How can I do that ? > > > Sent from my iPhone > >> On Mar 2, 2016, at 11:09 A

Re: [squid-users] squid with sslbump blocking Netflix

t how can I setup my config file to just tell squid do not bump netflix traffic and i am not interested in caching it or guarding against it > How can I use splice for that? > > Sent from my iPhone > > On Mar 2, 2016, at 12:48 PM, Yuri Voinov mailto:yvoi...@gmail.com>> wrote: &g

Re: [squid-users] Squid 3.5.x install problem

I see -mt library when Solaris native thread specified, this is correct, but -lpthreads is POSIX, not Solaris wrapper. Solaris wrapper named -lthread and -lpthread. libtool: link: ( cd ".libs" && rm -f "libunbound.la" && ln -s "../libunbound.la" "libunbound.la" ) ./libtool --tag=CC --mode=link

Re: [squid-users] squid 4

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 http://wiki.squid-cache.org/ 04.03.16 22:54, bma пишет: > Hi folks, > > I want to start evaluating squid 4 beta version. > Is there a tutorial or a step by step document I can use to setup a proxy > that would do the following: > - intercept traff

Re: [squid-users] external_acl_type wont work

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I suggest better to ask this on any php forum 07.03.16 1:59, Baselsayeh пишет: > Php wont get stdin for some reason > Squid wont pass any parameter > > > Baselsayeh wrote >> im using php just for testing. >> my script after editing: >> http:

Re: [squid-users] Question about shared memory in Squid 3.5

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Is there is any problems with this files? 07.03.16 17:49, Silamael пишет: > Hi there, > > We're updating to Squid 3.5 under OpenBSD and have some issues with the > apparently new shared memory behavior: > 1. Squid always creates three shared memor

Re: [squid-users] how works store-id ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Adobe updates don't use CDN in general. So, store ID is unusable for it. It's enough to write correct refresh_pattern. If you want to use store ID against, static URL regex is no problem. Just go to https://regex101.com and write correct expres

Re: [squid-users] Question about shared memory in Squid 3.5

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 2. As we're running multiple complete different configuration on the same machine on different ports, the shared memory files collide and Squid does not start up properly For what? > > > As we don't need shared memory, is there a simple way to d

Re: [squid-users] Sudden but sustained high bandwidth usage

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Are you uses aufs? 07.03.16 20:29, Heiler Bemerguy пишет: > > Hi guys > > We're still getting all these SWAPFAIL and our link is skyrocketing.. please help! I think it didn't happen on older versions (.14 and below) > > /1457358929.643953

Re: [squid-users] Sudden but sustained high bandwidth usage

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 store_dir_select_algorithm round-robin ??? With two dirs only?? 07.03.16 21:01, Heiler Bemerguy пишет: > store_dir_select_algorithm round-robin -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJW3ZxeAAoJENNXIZxhPexG948IAMf6axAq

Re: [squid-users] Sudden but sustained high bandwidth usage

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 07.03.16 21:54, Heiler Bemerguy пишет: > > Hi Yuri, > > I see this recommended anywhere, as the cache_dirs have different min-sizes... so it will try one, then another till one fit... is it wrong? It's stupid. See below. > T

Re: [squid-users] Sudden but sustained high bandwidth usage

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 90 Gb first, 300 Gb second. 08.03.16 1:07, Eliezer Croitoru пишет: > Sorry about the confusion\misunderstanding.. my brains cache is kind of > tiny\short and I am not sure but was it you that asked about the big NETAPP cache a question not long a

Re: [squid-users] Sudden but sustained high bandwidth usage

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 BTW, _all_ Windows updates is much more than ~400 Gb. AFAIK :) 08.03.16 1:07, Eliezer Croitoru пишет: > Sorry about the confusion\misunderstanding.. my brains cache is kind of > tiny\short and I am not sure but was it you that asked about the bi

Re: [squid-users] Sudden but sustained high bandwidth usage

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 08.03.16 0:38, Heiler Bemerguy пишет: > skyrocketing = using our maximum link download bandwidth. > This machine is only proxying. Not being a firewall, not a router, nor a gateway. It has access to the internet through our gateway/firewall (pfse

Re: [squid-users] clientProcessHit

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 https://varvy.com/mobile/vary-user-agent.html 09.03.16 23:48, joe пишет: > you ar talking about Vary: Accept-Encoding > on both Firefox and chrome right ?? > > > Amos Jeffries wrote >> On 10/03/2016 2:50 a.m., joe wrote: >>> what im trying to ex

Re: [squid-users] clientProcessHit

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 http://mark.koli.ch/understanding-the-http-vary-header-and-caching-proxies-squid-etc 09.03.16 23:48, joe пишет: > you ar talking about Vary: Accept-Encoding > on both Firefox and chrome right ?? > > > Amos Jeffries wrote >> On 10/03/2016 2:50 a.

Re: [squid-users] clientProcessHit

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 10.03.16 0:25, joe пишет: > tks Yuri Voinov > lol i do understand how Vary work but what im trying to understand is > 1 = firefox has matching vary as chrome Chrome and Firefox can't give the same Vary. User-Agent is different.

Re: [squid-users] clientProcessHit

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 You Vary header does not contain User-Agent. Why? 10.03.16 0:40, joe пишет: > Vary: Accept-Encoding -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJW4HWdAAoJENNXIZxhPexGStwH/2AbBxtR/vJ/7XRmsAeb2zW9 izEnnYvXk5jFte9SUY9H/pDe5pWV0D

Re: [squid-users] clientProcessHit

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 http://i.imgur.com/aQDFt6U.png http://i.imgur.com/655E8KM.png As you can see, Chrome and Edge gives different User-Agent. 10.03.16 0:57, joe пишет: > duno probably i use pc windows xp ?? > try on ur pcuse diferent browser and see the header

Re: [squid-users] clientProcessHit

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 But I suggests we are not about client User-Agent. We are about _server_ reply Vary, which does not contain User-Agent for unknown reason. 10.03.16 0:57, joe пишет: > duno probably i use pc windows xp ?? > try on ur pcuse diferent browser a

Re: [squid-users] clientProcessHit

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Man, from that we had to start. It will almost certainly strip User-Agent from Vary to increase its own cache hits. 10.03.16 1:22, joe пишет: > bluecoat where is my bandwidth > coming from -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEc

Re: [squid-users] squid crash on restart

Sounds known :))) I faced this behaviour with 3.5 all time, which is forced me to jump to 4.x. 3.5 dies on my platform every shutdown, so this made it completely unusable in production. But 4.x has the similar issue: http://bugs.squid-cache.org/show_bug.cgi?id=4438 10.03.16 16:16, Amos

Re: [squid-users] HTTPS interception and filtering?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 http://wiki.squid-cache.org/ConfigExamples/Intercept http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit http://wiki.squid-cache.org/SquidFaq/SquidAcl 12.03.16 19:09, Tim Bates пишет: > Is it possible to do this: > > * Intercept H

Re: [squid-users] Squid Windows Installer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 It's not a big deal to change path during installation, yes? ;) 13.03.16 22:32, Rafael Akchurin пишет: > > Hi Patrick, > > > > Yes, this is the default behavior of Wix/InstallShield that the disk with the most space is picked up for installation.

Re: [squid-users] squid eat bandwidth

Show your range_offset_limit and quick_abort settings in squid.conf. 14.03.16 16:52, HackXBack пишет: hello, always in traffic more than out traffic, also when i stop redirection traffic to squid squid keep eating bandwidth for few minutes, so what may be the problem is ? -- View this messa

Re: [squid-users] squid eat bandwidth

How big this problem? It continue get terabytes? As far as I know, even a moving car can not be stopped immediately. 14.03.16 17:03, HackXBack пишет: no range_offset_limit , i remove all of them also quick_abort min and max i put to 0 KB squid keep eating bandwidth and in access.log show TCP_H

Re: [squid-users] Squid not allowing SSL handshake

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I see one problem in your squid's config: acl allowed_https_sites ssl::server_name .twilio.com Try to use ssl::server_name_regex \.twilio\.com instead of ssl::server_name. I've opened bug about it: ssl::server_name does not work. 17.03.16 22:2

Re: [squid-users] TCP_REFRESH_UNMODIFIED_ABORTED

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 It depends from your whole squid config. 18.03.16 0:45, Heiler Bemerguy пишет: > > Shouldn't this be something like HIT_ABORTED? There's no header asking if it's modified or to refresh/reload.. (but I really aborted it) > > Tested a zillion times.

Re: [squid-users] Squid not allowing SSL handshake

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 root @ cthulhu / # openssl s_client -connect api.twilio.com:443 CONNECTED(0003) depth=3 C = ZA, ST = Western Cape, L = Cape Town, O = Thawte Consulting cc, OU = Certification Services Division, CN = Thawte Premium Server CA, emailAddress = prem

Re: [squid-users] Does reload_into_ims not effective for HTTPS?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Well, but what is preventing caching the HTTPS dublicate of URL exactly? 18.03.16 22:35, Amos Jeffries пишет: > On 19/03/2016 3:13 a.m., Yuri Voinov wrote: >> 18.03.16 19:42, Amos Jeffries пишет: >> >>> What headers

Re: [squid-users] Does reload_into_ims not effective for HTTPS?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 18.03.16 19:42, Amos Jeffries пишет: > On 18/03/2016 11:49 p.m., Yuri Voinov wrote: >> Hi gents, >> >> I see strange behaviour for many URL's. >> >> Im my setups reload_into_ims is on globally. >> >

Re: [squid-users] Squid not allowing SSL handshake

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I've just tested on two squid's setup: http://i.imgur.com/lL3c5XY.png It works like sharm. 17.03.16 22:23, Nick Walke пишет: > We have a squid.conf like this: > https://gist.github.com/nwalke/55fea584352016149180 > > And we configure squid like

Re: [squid-users] Does reload_into_ims not effective for HTTPS?

1.1 200 OK Server: nginx Date: Sat, 19 Mar 2016 10:46:30 GMT Content-Type: image/jpeg Content-Length: 5308 Last-Modified: Thu, 17 Mar 2016 06:12:22 GMT Connection: keep-alive ETag: "56ea4ac6-14bc" Cache-Control: max-age=604800 Accept-Ranges: bytes 19.03.16 12:21, Amos Jeffries пишет:

Re: [squid-users] Does reload_into_ims not effective for HTTPS?

At the end - why server reply is different? And finally - why wget directly from server shows the same behaviour? 18.03.16 22:35, Amos Jeffries пишет: > On 19/03/2016 3:13 a.m., Yuri Voinov wrote: >> 18.03.16 19:42, Amos Jeffries пишет: >> >>> What headers are on the two req

[squid-users] Does reload_into_ims not effective for HTTPS?

ching either http or https versions of URL. Squid is 4, latest snapshot. WBR, Yuri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid with 802.11x accounting

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 22.03.16 19:20, Amos Jeffries пишет: > On 23/03/2016 1:51 a.m., Hugh Richards wrote: >> Hey, >> >> I want to implement a proxy that requires authentication but it seems silly >> for byod users to sign in and then sign in again to use the net. My

Re: [squid-users] Squid with 802.11x accounting

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 22.03.16 19:20, Amos Jeffries пишет: > On 23/03/2016 1:51 a.m., Hugh Richards wrote: >> Hey, >> >> I want to implement a proxy that requires authentication but it seems silly >> for byod users to sign in and then sign in again to use the net. My

Re: [squid-users] Squid with 802.11x accounting

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 22.03.16 19:20, Amos Jeffries пишет: > On 23/03/2016 1:51 a.m., Hugh Richards wrote: >> Hey, >> >> I want to implement a proxy that requires authentication but it seems silly >> for byod users to sign in and then sign in again to use the net. My

Re: [squid-users] Does reload_into_ims not effective for HTTPS?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 23.03.16 19:34, Amos Jeffries пишет: > On 19/03/2016 11:50 p.m., Yuri Voinov wrote: >> >> Well, here is it: >> > >> >> GET >> http://icdn.lenta.ru/images/2016/03/17/09/20160317091221731/tabloid_8a08b3

Re: [squid-users] Does reload_into_ims not effective for HTTPS?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 i.e., for example, request_header_access Cache-Control deny all request_header_access Cache-Control: max-age=0 will raise cache hit ratio in conjunction with reload_into_ims on, right? 23.03.16 19:34, Amos Jeffries пишет: > Cache-Control: max-a

Re: [squid-users] "ACCESS DENIED" page by ssl_bump terminate

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 # TAG: deny_info #Usage: deny_info err_page_name acl #or deny_info http://... acl #or deny_info TCP_RESET acl # #This can be used to return a ERR_ page for requests which #do not pass the 'http_access' rules. Squ

Re: [squid-users] Squid log HTTP requests made to URL’s which are having non-standard HTTP

Amos, if squid in interception mode and non-standard ports not divert to squid, this is possible. 26.03.16 16:01, Amos Jeffries пишет: On 26/03/2016 7:01 p.m., Prasad Desai wrote: Hi, How can I have Squid log HTTP requests made to URL’s which are having non-standard HTTP port ? i.e For e

[squid-users] How to suppress SQUID_X509_V_ERR_DOMAIN_MISMATCH error for known domains?

Look at this, gents. http://i.imgur.com/kxrOEVd.png How to suppress this? It stops WU right now. This: acl BrokenButTrustedServers dstdomain "/usr/local/squid/etc/dstdom.broken" sslproxy_cert_error allow BrokenButTrustedServers sslproxy_cert_error deny all don't h

Re: [squid-users] How to suppress SQUID_X509_V_ERR_DOMAIN_MISMATCH error for known domains?

Well, this is obvious explanation. How to solve this issue? 26.03.16 17:21, Amos Jeffries пишет: On 26/03/2016 11:53 p.m., Yuri Voinov wrote: Look at this, gents. http://i.imgur.com/kxrOEVd.png How to suppress this? It stops WU right now. That is TLS doing its job correctly. The entire

<    1   2   3   4   5   6   7   8   9   10   >