Re: [squid-users] Bad Amount of File Descriptors
Ok then, I've just test again the Ulimit command with the correct syntax and it's working perfectly. It was my bad, the Debian Distrib need the following syntax: ulimit [Options] Amount of FD BUT in fact the command is ulimit -SH -n 256000 instead of the ulimit -SHn 256000 as we could believe it if we respect the syntax exemple. Many thanks SQUID users and team ;)
[squid-users] squid configuration information
Hi to all, i'm of the squid world. I have some question for you. I explain my problem. I have an application, intalled in one server A, that use openlayer library for load data tiles from a second server B.The second one server have 3 server alias name: a.mydomain.eu b.mydomain.eu c.mydomain.eu i would like to use squid proxy web cache in a third server where i would like to cache the tiles that are just requests. I would like to configure it in acceletion mode, set port 80 in listen for the proxy socket, so fo the client is all trasparent. How i can configure it? the configuration it will seems like that: http://wiki.openstreetmap.org/wiki/Tile_Proxy/squid Thanks for your time Regards Francesco boccacci
Re: [squid-users] Block HTTPS website
On 24/05/11 13:10, Malvin Rito wrote: Thanks, Could you send me a procedure on how to do this via Redhat box firewall. Using iptables to block HTTPS is: iptables -t filter -I PREROUTING 1 -p tcp --deport 443 -j REJECT You will have to contact RedHat or more specific support channels for whichever firewall you use to find out how it implements the above. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.7 and 3.1.12.1
Re: [squid-users] Bad Amount of File Descriptors
On 24/05/11 19:36, gaël therond wrote: Ok then, I've just test again the Ulimit command with the correct syntax and it's working perfectly. It was my bad, the Debian Distrib need the following syntax: ulimit [Options] Amount of FD BUT in fact the command is ulimit -SH -n 256000 instead of the ulimit -SHn 256000 as we could believe it if we respect the syntax exemple. Many thanks SQUID users and team ;) Aha! thank you for this gem! I'm updating the wiki to mention it. Hopefully this will be the end of this annoying FAQ. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.7 and 3.1.12.1
[squid-users] How to clear all the cached files under a folder
Hi All: I use squidclient to clear single file cache. Does anyone know how to clear all the cached files under one folder? Thanks Best Regards! --- Green Wang
Re: [squid-users] How to clear all the cached files under a folder
On 24/05/11 22:31, Wang Shiqiang wrote: Hi All: I use squidclient to clear single file cache. Does anyone know how to clear all the cached files under one folder? Defined folder please. URL path level? cache_dir location? cache_dire sub-directory? Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.7 and 3.1.12.1
Re: [squid-users] Bad Amount of File Descriptors
No problems, it's been my pleasure, you helped me (and John Doe also), I help you. That the way the thinks should work ;) See ya later folks ! - Mail original - De: Amos Jeffries squ...@treenet.co.nz À: squid-users@squid-cache.org Envoyé: Mardi 24 Mai 2011 11:09:05 Objet: Re: [squid-users] Bad Amount of File Descriptors On 24/05/11 19:36, gaël therond wrote: Ok then, I've just test again the Ulimit command with the correct syntax and it's working perfectly. It was my bad, the Debian Distrib need the following syntax: ulimit [Options] Amount of FD BUT in fact the command is ulimit -SH -n 256000 instead of the ulimit -SHn 256000 as we could believe it if we respect the syntax exemple. Many thanks SQUID users and team ;) Aha! thank you for this gem! I'm updating the wiki to mention it. Hopefully this will be the end of this annoying FAQ. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.7 and 3.1.12.1
[squid-users] SslBump and bad cert
Hi, When using sslbump and encounter a bad server cert, the squid can choose to deny or allow such error. Some static ACL can be used to choose the sites that the squid would tolerate a bad cert. However, such acl is like a fixed list in the configure. Every time the user encounter a new problem site, the squid admin has to modify the acl. The squid administrator is also required to frequently clean up this list. Is there a way I can let the user at the browser to overwrite a certificate error message and temporarily proceed to a site with bad cert without involving the squid administrator to modify the acl for sslproxy_cert_error. The following is probably no good for security, but it is no worth than without sslbump involved. I was thinking if it is possible for squid to on-the-fly sign the man-in-the-middle cert as flawed as the bad server certificate instead of deny is out right. E.g. if the server cert has expired, sign an expired squid cert to the browser. At least this will reproduce the same behavior as if the sslbump is not turned on. The browser will warn the certificate problem and the user can proceed at his own risk. The squid administrator can be kept out of the loop in dealing with not so well maintained server certificate. Regards, Ming
Re: [squid-users] SslBump and bad cert
E.g. if the server cert has expired, sign an expired squid cert to the browser. At least this will reproduce the same behavior as if the sslbump is not turned on. The browser will warn the certificate problem and the user can proceed at his own risk. The squid administrator can be kept out of the loop in dealing with not so well maintained server certificate. Regards, Ming Sounds like it could work, but I don't know with openssl if it's even possible to generate a cert that has already expired! Alex
RE: [squid-users] SslBump and bad cert
Hi Alex, One question about sslbump implementation, was the client side cert exchange done before squid start the ssl to the server? If so, it might be too late when squid learns that the server cert is not good. The client side cert was already sent out. If the client side cert was exchanged after the server side, I am willing to experiment with the openssl to see if purposefully sign a flawed cert is possible. Ming -Original Message- From: Alex Crow [mailto:a...@nanogherkin.com] Sent: Tuesday, May 24, 2011 12:25 PM To: Ming Fu Cc: squid-users@squid-cache.org Subject: Re: [squid-users] SslBump and bad cert E.g. if the server cert has expired, sign an expired squid cert to the browser. At least this will reproduce the same behavior as if the sslbump is not turned on. The browser will warn the certificate problem and the user can proceed at his own risk. The squid administrator can be kept out of the loop in dealing with not so well maintained server certificate. Regards, Ming Sounds like it could work, but I don't know with openssl if it's even possible to generate a cert that has already expired! Alex
[squid-users] ..::Best Practice::..
Hi list. We would like to know whats the best practice when we have more than 3000 rules on our squid. Right now squid takes more than 15 minutes to start or restart, we think that's because we have a lot of rules. The question is: If we change all that rules to a text file, squid will start faster? Right now we are not able to add rules or change it, we need to wait until lunch time to apply changes. Any ideas? Thanks in advance. Saludos. Alfonso
[squid-users] https squid reverse proxy to an http web site
Hi Everyone, I have a bit of an issue that I am trying to resolve with Squid, but I cannot quite get the hang of things. I was wondering if someone could help me out or point me in the right direction. I have a simple piece of hardware that uses a web interface. This hardware only uses http though, and I would like to make it a bit more secure. The issue is that all of its internal pages are hard-coded http. Right now, https and http are working perfectly through Squid on another side we have, but on this one, whenever I click an http link, the connection reverts back to an insecure one on port 80. Since there is no https service on the hardware, I don't think I can just rewrite the URL, although it would be great if I could. Is there any way that I can use squid to fix this? So far, most examples and docs I can see either have an https service listening on the other side of squid, or they rewrite the urls. Thanks for your help in advance! Anna
[squid-users] Secure Squid
Hello, I'm having an issue with Squid, Is it possible to add a username and password onto the IP range, so the user is asked to login before using the IP? If so, could you tell me how, please!. Thanks! Andrew.
RE: [squid-users] Secure Squid
Hi Andrew. We usually use radius server for the authentication we don't pay attention to IP's only the usernames and passwords. If you need assistance with the radius server please let me know. Regards. Alfonso. -Mensaje original- De: Andrew Gilfillan [mailto:bluebo...@gmail.com] Enviado el: martes, 24 de mayo de 2011 02:36 p.m. Para: squid-users@squid-cache.org Asunto: [squid-users] Secure Squid Hello, I'm having an issue with Squid, Is it possible to add a username and password onto the IP range, so the user is asked to login before using the IP? If so, could you tell me how, please!. Thanks! Andrew.
Re: [squid-users] Secure Squid
Am 24/05/2011 21:36, schrieb Andrew Gilfillan: Hello, I'm having an issue with Squid, Is it possible to add a username and password onto the IP range, so the user is asked to login before using the IP? If so, could you tell me how, please!. http://wiki.squid-cache.org/Features/Authentication on this page you will also find links to example. More cannot be said without knowing what type of authentication you want. HTH, Jakob Curdes
Re: [squid-users] ..::Best Practice::..
HOla :) consultoria!! We did have the same problem, from 15 mins we reduce up to 30 seconds, Squid 3.0 and 3.1 has a feature, that they stop all traffic until the hole set of ACL are processed, there is not much to dup than acl optimization/reducction in a single-box scenario. LD Le mardi 24 mai 2011 13:20:09, Alfonso Alejandro Reyes Jimenez a écrit : Hi list. We would like to know whats the best practice when we have more than 3000 rules on our squid. Right now squid takes more than 15 minutes to start or restart, we think that's because we have a lot of rules. The question is: If we change all that rules to a text file, squid will start faster? Right now we are not able to add rules or change it, we need to wait until lunch time to apply changes. Any ideas? Thanks in advance. Saludos. Alfonso
Re: [squid-users] https squid reverse proxy to an http web site (solved)
Hey everyone,
I figured out what was going on and have everything working smoothly.
for future references, here's what I did:
1.) configure squid. Here's the relevant chunk of the config:
---
https_port 443 cert=/usr/misc/certs/squid.cert
key=/usr/misc/certs/squid.pem defaultsite=testbench112.cnbc.cmu.edu
http_port 80 defaultsite=testbench112.cnbc.cmu.edu
cache_peer sourceserver112.cnbc.cmu.edu parent 80 0 no-query login=PASS
originserver name=server1
acl our_sites dstdomain localhost 127.0.0.1 sourceserver.cnbc.cmu.edu
testbench112.cnbc.cmu.edu
http_access allow our_sites
cache_peer_access server1 allow our_sites
url_rewrite_program /usr/local/bin/rewritehttps
url_rewrite_children 10
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
---
2.) Rewrite the URLs presented to Squid with a rewrite script as seen
above in /usr/local/bin/rewritehttps:
---
#!/usr/bin/perl
#
# URL rewriter for squid to convert HTTP requests to HTTPS.
$| = 1;
while () {
s/^http:/301:https:/;
print;
}
---
Unless this looks horribly wrong to someone's keen eye, I'm going to
roll with it. Everything seems to be working as planned, and nothing has
caught fire yet :) I'd assume that this would also be useful for going
the opposite way, just change the script's https and http around and
change the cache peer to 443 instead of 80.
Have a great day,
--Anna
On 5/24/11 3:14 PM, Anna K. Hegedus wrote:
Hi Everyone,
I have a bit of an issue that I am trying to resolve with Squid, but I
cannot quite get the hang of things. I was wondering if someone could
help me out or point me in the right direction.
I have a simple piece of hardware that uses a web interface. This
hardware only uses http though, and I would like to make it a bit more
secure. The issue is that all of its internal pages are hard-coded
http. Right now, https and http are working perfectly through Squid on
another side we have, but on this one, whenever I click an http link,
the connection reverts back to an insecure one on port 80. Since there
is no https service on the hardware, I don't think I can just rewrite
the URL, although it would be great if I could.
Is there any way that I can use squid to fix this? So far, most
examples and docs I can see either have an https service listening on
the other side of squid, or they rewrite the urls.
Thanks for your help in advance!
Anna
Re: [squid-users] https squid reverse proxy to an http web site (solved)
On 25/05/11 11:07, Anna K. Hegedus wrote:
Hey everyone,
I figured out what was going on and have everything working smoothly.
for future references, here's what I did:
1.) configure squid. Here's the relevant chunk of the config:
---
https_port 443 cert=/usr/misc/certs/squid.cert
key=/usr/misc/certs/squid.pem defaultsite=testbench112.cnbc.cmu.edu
http_port 80 defaultsite=testbench112.cnbc.cmu.edu
If you want it to be secure I would advise removing defaultsite (used to
cope with legacy broken software, rejecting such brokenness is one
security layer).
Replacing it with accel vhost instead.
cache_peer sourceserver112.cnbc.cmu.edu parent 80 0 no-query login=PASS
originserver name=server1
acl our_sites dstdomain localhost 127.0.0.1 sourceserver.cnbc.cmu.edu
testbench112.cnbc.cmu.edu
NP: defaultsite= option on the http_port lines forces the domain to
always be testbench112.cnbc.cmu.edu. Which prevents alternative
domains matching and disables these domain-based attack protections.
http_access allow our_sites
cache_peer_access server1 allow our_sites
url_rewrite_program /usr/local/bin/rewritehttps
url_rewrite_children 10
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
---
2.) Rewrite the URLs presented to Squid with a rewrite script as seen
above in /usr/local/bin/rewritehttps:
---
#!/usr/bin/perl
#
# URL rewriter for squid to convert HTTP requests to HTTPS.
$| = 1;
while () {
s/^http:/301:https:/;
print;
}
---
Unless this looks horribly wrong to someone's keen eye, I'm going to
roll with it. Everything seems to be working as planned, and nothing has
caught fire yet :) I'd assume that this would also be useful for going
the opposite way, just change the script's https and http around and
change the cache peer to 443 instead of 80.
That is pretty much how it has to be done for 3.1 and older. 3.2 offer
deny_info redirects to replace the re-writer.
FYI:
The Squid URL re-write interface will do a lot of extra work
duplicating the request whenever it is told that the URL has changed.
*** Even if the URL has not actually been altered! ***
Send an empty () line back to Squid unless you are actually wanting
to change the request.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.12
Beta testers wanted for 3.2.0.7 and 3.1.12.1
[squid-users] Sudden error (1067) when starting squid service W2K3
I've encountered this strange error situation and would appreciate any attempts to shed light on the issue. I've got a squid service running on Windows Server 2003 (this squid service has been running since October 2008) and just the other day (after a power cut) the service will no longer start. The error number when trying to start the service is 1067. The error in squid.exe.log is: 2011/05/25 13:12:28| parseConfigFile: squid.conf:1 unrecognized: '' (There is a tall rectangle character in those quotes). The last successful and the first unsuccessful entries from cache.log are: 2011/05/22 22:00:02| Starting Squid Cache version 2.7.STABLE4 for i686-pc-winnt... 2011/05/22 22:00:02| Running as Squid Windows System Service on Windows Server 2003 2011/05/22 22:00:02| Service command line is: 2011/05/22 22:00:02| Process ID 3004 2011/05/22 22:00:02| With 2048 file descriptors available 2011/05/22 22:00:02| With 2048 CRT stdio descriptors available 2011/05/22 22:00:02| Windows sockets initialized 2011/05/22 22:00:02| Using select for the IO loop 2011/05/22 22:00:02| Performing DNS Tests... 2011/05/22 22:00:02| Successful DNS name lookup tests... 2011/05/22 22:00:02| DNS Socket created at 0.0.0.0, port 52505, FD 5 2011/05/22 22:00:02| Adding nameserver 10.131.208.10 from squid.conf 2011/05/22 22:00:02| Adding nameserver 10.131.208.1 from squid.conf 2011/05/22 22:00:02| Adding nameserver 208.67.222.222 from squid.conf 2011/05/22 22:00:02| Adding nameserver 208.67.220.220 from squid.conf 2011/05/22 22:00:02| User-Agent logging is disabled. 2011/05/22 22:00:02| Referer logging is disabled. 2011/05/22 22:00:02| logfileOpen: opening log c:/squid/var/logs/access.log 2011/05/22 22:00:02| Unlinkd pipe opened on FD 8 2011/05/22 22:00:02| Swap maxSize 262144 + 16384 KB, estimated 0 objects 2011/05/22 22:00:02| Target number of buckets: 1071 2011/05/22 22:00:02| Using 8192 Store buckets 2011/05/22 22:00:02| Max Mem size: 16384 KB 2011/05/22 22:00:02| Max Swap size: 262144 KB 2011/05/22 22:00:02| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2011/05/22 22:00:02| logfileOpen: opening log c:/squid/var/logs/store.log 2011/05/22 22:00:02| Rebuilding storage in d:/cache (CLEAN) 2011/05/22 22:00:02| Using Least Load store dir selection 2011/05/22 22:00:02| chdir: c:/squid/var/cache: (2) No such file or directory 2011/05/22 22:00:02| Current Directory is C:\squid\sbin 2011/05/22 22:00:02| Loaded Icons. 2011/05/22 22:00:02| Accepting proxy HTTP connections at 0.0.0.0, port 3128, FD 14. 2011/05/22 22:00:02| Accepting ICP messages at 0.0.0.0, port 3130, FD 15. 2011/05/22 22:00:02| Accepting HTCP messages on port 4827, FD 16. 2011/05/22 22:00:02| Accepting SNMP messages on port 3401, FD 17. 2011/05/22 22:00:02| Ready to serve requests. 2011/05/22 22:00:03| Store rebuilding is 42.8% complete 2011/05/22 22:00:03| Done reading d:/cache swaplog (9566 entries) 2011/05/22 22:00:03| Finished rebuilding storage from disk. 2011/05/22 22:00:03| 9566 Entries scanned 2011/05/22 22:00:03| 0 Invalid entries. 2011/05/22 22:00:03| 0 With invalid flags. 2011/05/22 22:00:03| 9566 Objects loaded. 2011/05/22 22:00:03| 0 Objects expired. 2011/05/22 22:00:03| 0 Objects cancelled. 2011/05/22 22:00:03| 0 Duplicate URLs purged. 2011/05/22 22:00:03| 0 Swapfile clashes avoided. 2011/05/22 22:00:03| Took 0.5 seconds (18015.1 objects/sec). 2011/05/22 22:00:03| Beginning Validation Procedure 2011/05/22 22:00:03| Completed Validation Procedure 2011/05/22 22:00:03| Validated 9566 Entries 2011/05/22 22:00:03| store_swap_size = 235728k 2011/05/22 22:00:03| storeLateRelease: released 0 objects 2011/05/23 10:45:33| ipcacheParse: No Address records in response to 'www.google.com' 2011/05/23 10:50:52| ipcacheParse: No Address records in response to 'www.update.microsoft.com' 2011/05/23 11:00:03| ipcacheParse: No Address records in response to 'www.update.microsoft.com' 2011/05/24 08:27:15| Starting Squid Cache version 2.7.STABLE4 for i686-pc-winnt... 2011/05/24 08:27:15| Running as Squid Windows System Service on Windows Server 2003 2011/05/24 08:27:15| Service command line is: 2011/05/24 08:27:15| Process ID 2364 2011/05/24 08:27:15| With 2048 file descriptors available 2011/05/24 08:27:15| With 2048 CRT stdio descriptors available 2011/05/24 08:27:15| Windows sockets initialized 2011/05/24 08:27:15| Using select for the IO loop 2011/05/24 08:27:15| Performing DNS Tests... 2011/05/24 08:27:15| Successful DNS name lookup tests... 2011/05/24 08:27:15| DNS Socket created at 0.0.0.0, port 1096, FD 5 2011/05/24 08:27:15| Adding nameserver 10.131.208.10 from squid.conf 2011/05/24 08:27:15| Adding nameserver 10.131.208.1 from squid.conf 2011/05/24 08:27:15| Adding nameserver 208.67.222.222 from squid.conf 2011/05/24 08:27:15| Adding nameserver 208.67.220.220 from squid.conf 2011/05/24 08:27:15| User-Agent logging is disabled. 2011/05/24 08:27:15| Referer logging is disabled. 2011/05/24
Re: [squid-users] How to clear all the cached files under a folder
-邮件原件- 发件人: Amos Jeffries [mailto:squ...@treenet.co.nz] 发送时间: 2011年5月24日 18:37 收件人: squid-users@squid-cache.org 主题: Re: [squid-users] How to clear all the cached files under a folder On 24/05/11 22:31, Wang Shiqiang wrote: Hi All: I use squidclient to clear single file cache. Does anyone know how to clear all the cached files under one folder? Defined folder please. URL path level? cache_dir location? cache_dire sub-directory? Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.7 and 3.1.12.1 We have more than one squid server, now I ran the squidclient on a standalone server, I can clear one file every time. But when I need to clear a folder, just like http://cache.server.com/abc/, I don’t know how to finish this job 致 礼 Best Regards! --- 王士强
[squid-users] Re: Sudden error (1067) when starting squid service W2K3
I've tried an absolutely fresh install of squid and still get a 1067 error when starting the service. There is now nothing written to squid.exe.log but cache.log includes the text below: 2011/05/25 13:54:39| Starting Squid Cache version 2.7.STABLE8 for i686-pc-winnt... 2011/05/25 13:54:39| Running as Squid Windows System Service on Windows Server 2003 2011/05/25 13:54:39| Service command line is: 2011/05/25 13:54:39| Process ID 3796 2011/05/25 13:54:39| With 2048 file descriptors available 2011/05/25 13:54:39| With 2048 CRT stdio descriptors available 2011/05/25 13:54:39| Windows sockets initialized 2011/05/25 13:54:39| Using select for the IO loop 2011/05/25 13:54:39| Performing DNS Tests... 2011/05/25 13:54:39| Successful DNS name lookup tests... 2011/05/25 13:54:39| DNS Socket created at 0.0.0.0, port 22166, FD 5 2011/05/25 13:54:39| Adding nameserver 10.131.208.10 from squid.conf 2011/05/25 13:54:39| Adding nameserver 10.131.208.1 from squid.conf 2011/05/25 13:54:39| Adding nameserver 208.67.222.222 from squid.conf 2011/05/25 13:54:39| Adding nameserver 208.67.220.220 from squid.conf 2011/05/25 13:54:39| User-Agent logging is disabled. 2011/05/25 13:54:39| Referer logging is disabled. 2011/05/25 13:54:39| logfileOpen: opening log c:/squid/var/logs/access.log 2011/05/25 13:54:39| Unlinkd pipe opened on FD 8 2011/05/25 13:54:39| Swap maxSize 262144 + 8192 KB, estimated 20795 objects 2011/05/25 13:54:39| Target number of buckets: 1039 2011/05/25 13:54:39| Using 8192 Store buckets 2011/05/25 13:54:39| Max Mem size: 8192 KB 2011/05/25 13:54:39| Max Swap size: 262144 KB 2011/05/25 13:54:39| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2011/05/25 13:54:39| logfileOpen: opening log c:/squid/var/logs/store.log 2011/05/25 13:54:39| Rebuilding storage in d:/cache (DIRTY) 2011/05/25 13:54:39| Using Least Load store dir selection 2011/05/25 13:54:39| Set Current Directory to d:/cache 2011/05/25 13:54:39| Loaded Icons. 2011/05/25 13:54:39| Accepting proxy HTTP connections at 0.0.0.0, port 3128, FD 13. 2011/05/25 13:54:39| Accepting ICP messages at 0.0.0.0, port 3130, FD 14. 2011/05/25 13:54:39| commBind: Cannot bind socket FD 15 to *:4827: (10013) WSAEACCES, Permission denied. FATAL: Cannot open HTCP Socket Squid Cache (Version 2.7.STABLE8): Terminated abnormally. On 25 May 2011 13:22, Rhys Evans rhys.ev...@gmail.com wrote: I've encountered this strange error situation and would appreciate any attempts to shed light on the issue. I've got a squid service running on Windows Server 2003 (this squid service has been running since October 2008) and just the other day (after a power cut) the service will no longer start. The error number when trying to start the service is 1067. The error in squid.exe.log is: 2011/05/25 13:12:28| parseConfigFile: squid.conf:1 unrecognized: '' (There is a tall rectangle character in those quotes). The last successful and the first unsuccessful entries from cache.log are: 2011/05/22 22:00:02| Starting Squid Cache version 2.7.STABLE4 for i686-pc-winnt... 2011/05/22 22:00:02| Running as Squid Windows System Service on Windows Server 2003 2011/05/22 22:00:02| Service command line is: 2011/05/22 22:00:02| Process ID 3004 2011/05/22 22:00:02| With 2048 file descriptors available 2011/05/22 22:00:02| With 2048 CRT stdio descriptors available 2011/05/22 22:00:02| Windows sockets initialized 2011/05/22 22:00:02| Using select for the IO loop 2011/05/22 22:00:02| Performing DNS Tests... 2011/05/22 22:00:02| Successful DNS name lookup tests... 2011/05/22 22:00:02| DNS Socket created at 0.0.0.0, port 52505, FD 5 2011/05/22 22:00:02| Adding nameserver 10.131.208.10 from squid.conf 2011/05/22 22:00:02| Adding nameserver 10.131.208.1 from squid.conf 2011/05/22 22:00:02| Adding nameserver 208.67.222.222 from squid.conf 2011/05/22 22:00:02| Adding nameserver 208.67.220.220 from squid.conf 2011/05/22 22:00:02| User-Agent logging is disabled. 2011/05/22 22:00:02| Referer logging is disabled. 2011/05/22 22:00:02| logfileOpen: opening log c:/squid/var/logs/access.log 2011/05/22 22:00:02| Unlinkd pipe opened on FD 8 2011/05/22 22:00:02| Swap maxSize 262144 + 16384 KB, estimated 0 objects 2011/05/22 22:00:02| Target number of buckets: 1071 2011/05/22 22:00:02| Using 8192 Store buckets 2011/05/22 22:00:02| Max Mem size: 16384 KB 2011/05/22 22:00:02| Max Swap size: 262144 KB 2011/05/22 22:00:02| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2011/05/22 22:00:02| logfileOpen: opening log c:/squid/var/logs/store.log 2011/05/22 22:00:02| Rebuilding storage in d:/cache (CLEAN) 2011/05/22 22:00:02| Using Least Load store dir selection 2011/05/22 22:00:02| chdir: c:/squid/var/cache: (2) No such file or directory 2011/05/22 22:00:02| Current Directory is C:\squid\sbin 2011/05/22 22:00:02| Loaded Icons. 2011/05/22 22:00:02| Accepting proxy HTTP connections at 0.0.0.0, port 3128, FD 14. 2011/05/22 22:00:02| Accepting ICP messages
Re: [squid-users] ..::Best Practice::..
it depends on the machine... to make sure that the 3000 rules loading is the problem you can run the squid server on a verbose mode to see how long it takes to load the rules. from what i have seen the stop process depends less on the amount of rules but on the amount of connections used on this server. Regards Eliezer On 24/05/2011 21:20, Alfonso Alejandro Reyes Jimenez wrote: Hi list. We would like to know whats the best practice when we have more than 3000 rules on our squid. Right now squid takes more than 15 minutes to start or restart, we think that's because we have a lot of rules. The question is: If we change all that rules to a text file, squid will start faster? Right now we are not able to add rules or change it, we need to wait until lunch time to apply changes. Any ideas? Thanks in advance. Saludos. Alfonso
[squid-users] Re: Sudden error (1067) when starting squid service W2K3
Seeing as I don't have any neighbour caches, I set htcp_port 0 and things seem to be OK. It still seems odd that this issue came up, I'm wondering if maybe some Windows update altered some behaviour in regard to allowing the binding required? On 25 May 2011 13:58, Rhys Evans rhys.ev...@gmail.com wrote: I've tried an absolutely fresh install of squid and still get a 1067 error when starting the service. There is now nothing written to squid.exe.log but cache.log includes the text below: 2011/05/25 13:54:39| Starting Squid Cache version 2.7.STABLE8 for i686-pc-winnt... 2011/05/25 13:54:39| Running as Squid Windows System Service on Windows Server 2003 2011/05/25 13:54:39| Service command line is: 2011/05/25 13:54:39| Process ID 3796 2011/05/25 13:54:39| With 2048 file descriptors available 2011/05/25 13:54:39| With 2048 CRT stdio descriptors available 2011/05/25 13:54:39| Windows sockets initialized 2011/05/25 13:54:39| Using select for the IO loop 2011/05/25 13:54:39| Performing DNS Tests... 2011/05/25 13:54:39| Successful DNS name lookup tests... 2011/05/25 13:54:39| DNS Socket created at 0.0.0.0, port 22166, FD 5 2011/05/25 13:54:39| Adding nameserver 10.131.208.10 from squid.conf 2011/05/25 13:54:39| Adding nameserver 10.131.208.1 from squid.conf 2011/05/25 13:54:39| Adding nameserver 208.67.222.222 from squid.conf 2011/05/25 13:54:39| Adding nameserver 208.67.220.220 from squid.conf 2011/05/25 13:54:39| User-Agent logging is disabled. 2011/05/25 13:54:39| Referer logging is disabled. 2011/05/25 13:54:39| logfileOpen: opening log c:/squid/var/logs/access.log 2011/05/25 13:54:39| Unlinkd pipe opened on FD 8 2011/05/25 13:54:39| Swap maxSize 262144 + 8192 KB, estimated 20795 objects 2011/05/25 13:54:39| Target number of buckets: 1039 2011/05/25 13:54:39| Using 8192 Store buckets 2011/05/25 13:54:39| Max Mem size: 8192 KB 2011/05/25 13:54:39| Max Swap size: 262144 KB 2011/05/25 13:54:39| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2011/05/25 13:54:39| logfileOpen: opening log c:/squid/var/logs/store.log 2011/05/25 13:54:39| Rebuilding storage in d:/cache (DIRTY) 2011/05/25 13:54:39| Using Least Load store dir selection 2011/05/25 13:54:39| Set Current Directory to d:/cache 2011/05/25 13:54:39| Loaded Icons. 2011/05/25 13:54:39| Accepting proxy HTTP connections at 0.0.0.0, port 3128, FD 13. 2011/05/25 13:54:39| Accepting ICP messages at 0.0.0.0, port 3130, FD 14. 2011/05/25 13:54:39| commBind: Cannot bind socket FD 15 to *:4827: (10013) WSAEACCES, Permission denied. FATAL: Cannot open HTCP Socket Squid Cache (Version 2.7.STABLE8): Terminated abnormally. On 25 May 2011 13:22, Rhys Evans rhys.ev...@gmail.com wrote: I've encountered this strange error situation and would appreciate any attempts to shed light on the issue. I've got a squid service running on Windows Server 2003 (this squid service has been running since October 2008) and just the other day (after a power cut) the service will no longer start. The error number when trying to start the service is 1067. The error in squid.exe.log is: 2011/05/25 13:12:28| parseConfigFile: squid.conf:1 unrecognized: '' (There is a tall rectangle character in those quotes). The last successful and the first unsuccessful entries from cache.log are: 2011/05/22 22:00:02| Starting Squid Cache version 2.7.STABLE4 for i686-pc-winnt... 2011/05/22 22:00:02| Running as Squid Windows System Service on Windows Server 2003 2011/05/22 22:00:02| Service command line is: 2011/05/22 22:00:02| Process ID 3004 2011/05/22 22:00:02| With 2048 file descriptors available 2011/05/22 22:00:02| With 2048 CRT stdio descriptors available 2011/05/22 22:00:02| Windows sockets initialized 2011/05/22 22:00:02| Using select for the IO loop 2011/05/22 22:00:02| Performing DNS Tests... 2011/05/22 22:00:02| Successful DNS name lookup tests... 2011/05/22 22:00:02| DNS Socket created at 0.0.0.0, port 52505, FD 5 2011/05/22 22:00:02| Adding nameserver 10.131.208.10 from squid.conf 2011/05/22 22:00:02| Adding nameserver 10.131.208.1 from squid.conf 2011/05/22 22:00:02| Adding nameserver 208.67.222.222 from squid.conf 2011/05/22 22:00:02| Adding nameserver 208.67.220.220 from squid.conf 2011/05/22 22:00:02| User-Agent logging is disabled. 2011/05/22 22:00:02| Referer logging is disabled. 2011/05/22 22:00:02| logfileOpen: opening log c:/squid/var/logs/access.log 2011/05/22 22:00:02| Unlinkd pipe opened on FD 8 2011/05/22 22:00:02| Swap maxSize 262144 + 16384 KB, estimated 0 objects 2011/05/22 22:00:02| Target number of buckets: 1071 2011/05/22 22:00:02| Using 8192 Store buckets 2011/05/22 22:00:02| Max Mem size: 16384 KB 2011/05/22 22:00:02| Max Swap size: 262144 KB 2011/05/22 22:00:02| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2011/05/22 22:00:02| logfileOpen: opening log c:/squid/var/logs/store.log 2011/05/22 22:00:02| Rebuilding storage in d:/cache (CLEAN) 2011/05/22
Re: [squid-users] Squid 3.1.12 slow on a site
well i just used wget to download http://www.bandiweb.it/Left.asp and it's got stuck after couple of seconds without squid or cache(in my zone) almost must be a site problem. cause it's only http://www.bandiweb.it/Left.asp and not other parts of the site. On 20/05/2011 18:36, Brian Tuley wrote: I'm running squid proxy 2.7 and that site is almost unresponsive to me as well. Works fine when I bypass squid however. I've been trying to trouble shoot that same problem on another site and have not been successful. -BT -Original Message- From: Roberto Galluzzi [mailto:roberto.gallu...@zucchetti.it] Sent: Friday, May 20, 2011 10:28 AM To: squid-users@squid-cache.org Subject: [squid-users] Squid 3.1.12 slow on a site Hi, we have a Squid 3.1.12 in our production environment and we cannot browse immediately this url http://www.bandiweb.it/ We detect slowness particularly on this frame http://www.bandiweb.it/Left.asp (Duration like 900596 ms) We also have problem downloading pdf from this site. In a test environment with Squid 2.7 we haven't this problem. How can I solve this issue? Thanks Roberto Note: This e-mail and any attachments may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of this e-mail and any attachments is strictly prohibited. If you have received this e-mail in error, please notify us immediately by returning it to the sender and deleting it from your computer system. Thank you for your cooperation.
Re: [squid-users] Squid 3.1.12 slow on a site... sorry
every asp part of the site.. http://www.bandiweb.it/RegistrazioneProva.asp also... the same contact the site manager. On 20/05/2011 18:36, Brian Tuley wrote: I'm running squid proxy 2.7 and that site is almost unresponsive to me as well. Works fine when I bypass squid however. I've been trying to trouble shoot that same problem on another site and have not been successful. -BT -Original Message- From: Roberto Galluzzi [mailto:roberto.gallu...@zucchetti.it] Sent: Friday, May 20, 2011 10:28 AM To: squid-users@squid-cache.org Subject: [squid-users] Squid 3.1.12 slow on a site Hi, we have a Squid 3.1.12 in our production environment and we cannot browse immediately this url http://www.bandiweb.it/ We detect slowness particularly on this frame http://www.bandiweb.it/Left.asp (Duration like 900596 ms) We also have problem downloading pdf from this site. In a test environment with Squid 2.7 we haven't this problem. How can I solve this issue? Thanks Roberto Note: This e-mail and any attachments may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of this e-mail and any attachments is strictly prohibited. If you have received this e-mail in error, please notify us immediately by returning it to the sender and deleting it from your computer system. Thank you for your cooperation.
