Re: [squid-users] X-Next-Services
On 3/25/21 9:06 AM, Moti Berger wrote: > I want to be able to skip all subsequent ICAP servers defined in squid > based on some logic I have in one of my ICAP servers. > I used the X-Next-Services and it seems to control only the current ICAP > chain. > I also saw it while configuring two ICAP servers to handle requests and > one ICAP server to handle responses. When the header was sent from the > first ICAP on the request chain, the ICAP request didn't arrive at the > second ICAP server handling requests but did get to the ICAP server that > handles responses. I wish to also skip the ICAP which handles the > responses. > Is that possible? Yes, it is. IIRC, the current X-Next-Services implementation at REQMOD vectoring point always proceeds to RESPMOD. Ideally, this algorithm should be enhanced to allow a service to be explicit about its desire to end all adaption (or continue with the default service at the explicitly specified vectoring point). This enhancement should not be very difficult to implement, but it does require non-trivial source code changes. https://wiki.squid-cache.org/SquidFaq/AboutSquid#How_to_add_a_new_Squid_feature.2C_enhance.2C_of_fix_something.3F Meanwhile, you should be able to block RESPMOD adaptation for selected requests using icap_service_access ACLs. As you know, this is possible by adapting the HTTP request. Ideally, it would also be possible by annotating the master transaction using an ICAP response header, but only eCAP services can do that today IIRC. Another missing enhancement for ICAP... However, you should try this approach in combination with the adaptation_masterx_shared_names mentioned below. I hope that when an ICAP response header field has the shared header field name, the "note" ACL will have access to that field. > If not, is it possible for an ICAP server to add an ICAP header during > request handling to be read by the other ICAP servers that come after it > when they handle the same request or the same request's response? Yes, cross-service sharing should be possible by specifying your custom ICAP header field name in adaptation_masterx_shared_names. As you can tell, this will allow you to short-circuit unwanted RESPMOD adaptation if the "note" ACL trick mentioned above does not work. HTH, Alex. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] squid ftp list files problem
Resolved, I put ftp_epsv off and now it's working. Thank for your tips. Mau Con Tiscali Mobile Smart 30 4G hai minuti illimitati, 100 SMS e 30 Giga in 4G a soli 8,99€ al mese. http://tisca.li/smart30 ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] squid ftp list files problem
Hello I have also an installation with squid-4.13 and it's work correctly. These are configurations: 4.14 acl ftp_permit dstdomain .xxx.yy acl ftp_permit_ip dst xxx.xxx.xxx.xxx/32 acl Safe_ports port 21 # ftp acl Safe_ports port 22 # sftp acl FTP proto FTP http_access allow FTP ftp_permit http_access allow FTP ftp_permit_ip xxx.xxx.xxx.xxx/zz http_access deny FTP ftp_port 21 ftp_user proxy@ ftp_passive on ftp_epsv_all off refresh_pattern ^ftp: 1440 20% 10080 always_direct allow FTP 4.13 acl Safe_ports port 21 # ftp acl FTP proto FTP ftp_port 21 ftp_user pr...@xxx.yy ftp_passive on ftp_epsv off refresh_pattern ^ftp: 1440 20% 10080 always_direct allow FTP Here the logs on connection with error: 1616678414.797 0 xxx:43806 NONE/400 NONE error:ftp-must-login-first - HIER_NONE/- - - HTTP/1.1 "-" 0 22 "-" 1616678414.798 0 xxx:43806 NONE/400 NONE error:ftp-must-login-first - HIER_NONE/- - - HTTP/1.1 "-" 0 22 "-" 1616678415.080 280 xxx:43806 TCP_MISS/204 GET ftp://ftp.zzz.it/ - HIER_DIRECT/ftp.zzz.it yyy - HTTP/1.1 "-" 29 21 "-" 1616678429.019 48 xxx:43806 TCP_MISS/204 GET ftp://ftp.zzz.it/ - HIER_DIRECT/ftp.zzz.it yyy - HTTP/1.1 "-" 14 27 "-" 1616678429.072 51 xxx:43806 TCP_MISS/204 GET ftp://ftp.zzz.it/ - HIER_DIRECT/ftp.zzz.it yyy - HTTP/1.1 "-" 6 77 "-" 1616678434.547 50 xxx:43806 TCP_MISS/204 GET ftp://ftp.zzz.it/ - HIER_DIRECT/ftp.zzz.it yyy - HTTP/1.1 "-" 12 70 "-" 1616678437.269 46 xxx:43806 TCP_MISS/204 GET ftp://ftp.zzz.it/ - HIER_DIRECT/ftp.zzz.it yyy - HTTP/1.1 "-" 29 42 "-" Thank you Con Tiscali Mobile Smart 30 4G hai minuti illimitati, 100 SMS e 30 Giga in 4G a soli 8,99€ al mese. http://tisca.li/smart30 ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] compile with ssl support
Peace, as part of self developing, we decided that turning on sslbump + splice is a good idea, so how to install squid with ssl support on tumbleweed? ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] X-Next-Services
Hi I want to be able to skip all subsequent ICAP servers defined in squid based on some logic I have in one of my ICAP servers. I used the X-Next-Services and it seems to control only the current ICAP chain. I also saw it while configuring two ICAP servers to handle requests and one ICAP server to handle responses. When the header was sent from the first ICAP on the request chain, the ICAP request didn't arrive at the second ICAP server handling requests but did get to the ICAP server that handles responses. I wish to also skip the ICAP which handles the responses. Is that possible? If not, is it possible for an ICAP server to add an ICAP header during request handling to be read by the other ICAP servers that come after it when they handle the same request or the same request's response? I'm aware I can add a header to the encapsulated HTTP request, but this is something I want to avoid because I don't want to have a performance hit because I need to copy all HTTP request bodies for this header (I work in zero-bytes preview mode). Thanks, Moti ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] squid ftp list files problem
On Thursday 25 March 2021 at 12:53:09, maurizio wrote: I have a squid 4.14 version installed recently. I have a problem when we use that like ftp proxy(via port 21): when a client use that and try to use the ftp command ls(list) in a directory with a lot files (in my test 250 files) the list command freezing(list partial list files). On 25.03.21 13:01, Antony Stone wrote: Is this passive or active FTP? yes, this can be passive/port FTP issue. It also can be an issue of PASV/EPSV and PORT/EPTR on one proxy I've had this error I configured: acl epsv_fail dst "/etc/squid/epsv-fail-servers" ftp_epsv deny epsv_fail ftp_epsv allow all I have tried with a very old proxy ftp(frox) and the list command doesn't free, it's return the list correctly. Please, is it a bug or misconfiguration? 1. We don't know whether it's a misconfiguration until you show us your configuration. 2. What is displayed in Squid's log files at the time this occurs? Antony. -- What do you call a dinosaur with only one eye? A Doyouthinkesaurus. Please reply to the list; please *don't* CC me. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I don't have lysdexia. The Dog wouldn't allow that. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] squid ftp list files problem
On Thursday 25 March 2021 at 12:53:09, maurizio wrote: > Hello > I have a squid 4.14 version installed recently. I have a problem when we use > that like ftp proxy(via port 21): when a client use that and try to use the > ftp command ls(list) in a directory with a lot files (in my test 250 files) > the list command freezing(list partial list files). Is this passive or active FTP? > I have tried with a very old proxy ftp(frox) and the list command doesn't > free, it's return the list correctly. > Please, is it a bug or misconfiguration? 1. We don't know whether it's a misconfiguration until you show us your configuration. 2. What is displayed in Squid's log files at the time this occurs? Antony. -- What do you call a dinosaur with only one eye? A Doyouthinkesaurus. Please reply to the list; please *don't* CC me. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] squid ftp list files problem
Hello I have a squid 4.14 version installed recently. I have a problem when we use that like ftp proxy(via port 21): when a client use that and try to use the ftp command ls(list) in a directory with a lot files (in my test 250 files) the list command freezing(list partial list files). I have tried with a very old proxy ftp(frox) and the list command doesn't free, it's return the list correctly. Please, is it a bug or misconfiguration? Thank you Mau Con Tiscali Mobile Smart 30 4G hai minuti illimitati, 100 SMS e 30 Giga in 4G a soli 8,99€ al mese. http://tisca.li/smart30 ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users