Hello,
I have a query about how --with-filedescriptors and ulimit.
Every 2-3 days I keep getting WARNING that system is running out of descriptors.
I compiled squid using --with-filedescriptors=16384.
So do I still need to set ulimit before starting squid?
Or does squid automatically set
On 2/14/2013 11:12 AM, Amm wrote:
ulimit -H -n gives 4096
ulimit -n gives 1024
These are standard Fedora settings, I have not made any changes.
So back to my question:
If I am compiling squid with --with-filedescriptors=16384
do I need to set ulimit before starting squid?
Or does squid
On 14/02/2013 10:12 p.m., Amm wrote:
Hello,
I have a query about how --with-filedescriptors and ulimit.
Every 2-3 days I keep getting WARNING that system is running out of descriptors.
I compiled squid using --with-filedescriptors=16384.
So do I still need to set ulimit before starting
Umm your reply confused me further! :)
Please see below inline.
- Original Message -
From: Amos Jeffries squ...@treenet.co.nz
To: squid-users@squid-cache.org
On 14/02/2013 10:12 p.m., Amm wrote:
I compiled squid using --with-filedescriptors=16384.
So do I still need to
Hi,
I am using squid version 3.1.16 on a red hat linux OS.
From the release notes, I do find that there is ipv6 support from 3.1.1
release.
What I need to know is:
1. the option to specify dns_nameservers : can this directive hold ipv6
address and ipv4 address at the same time - that is if I
Thanks Amos,
I found something strange with nonce, the nonce seems never change
nonce_max_count
auth_param digest nonce_max_count 10
auth_param digest check_nonce_count yes
auth_param digest nonce_strictness on
http://www.squid-cache.org/Doc/config/auth_param/
With wireshark I'm seeing my
Ok I am answering my own question just incase someone also faces the same issue.
Compile time option -with-filedescriptors is just a suggestion to squid. (as
clarified by Amos)
Earlier I was assuming that, it is enough and there is no need to set ulimit.
But after few commands and Amos's
On 14/02/2013 11:47 p.m., anita wrote:
Hi,
I am using squid version 3.1.16 on a red hat linux OS.
From the release notes, I do find that there is ipv6 support from 3.1.1
release.
What I need to know is:
1. the option to specify dns_nameservers : can this directive hold ipv6
address and ipv4
Hi,
I have been trying to set up squid which can intercept https
traffic without client (read it as browser proxy) changes. I am using
the latest squid 3.3.1. When I actually open a https site I still see
the certificate with the parameters I provided (for myCA.pem) and I
dont see any of the
Hi everybody
I have been running squid3 on my Debian squeeze on/off for a few weeks now.
And there is a few things Im not sure of
1. How can I be sure that Im running it securely? I really only want squid3 to
server my local clients (192.168.0.0/32).
2. Can I bind squid3 to only listen to any
Hi Andreas,
take a look:
1.
acl LAN 192.168.0.0/32
..
..
http_access allow LAN
http_access deny ALL
2. http_port SQUID-IP:3128
3. Example:
squid.conf:
cache_peer localhost parent 8899 0 no-query no-digest
havp.conf:
#Port
PORT 8899
--
Marcel
-Ursprüngliche Nachricht-
Von:
When you use havp and squid on the same server, you don't need iptables.
With
cache_peer localhost parent 8899 0 no-query no-digest
squid uses a parent proxy (havp). http://www.server-side.de/ideas.htm
Take a look here:
http://www.christianschenk.org/blog/using-a-parent-proxy-with-squid/
I think, 2 corrections:
Instead
squid.conf:
cache_peer localhost parent 8899 0 no-query no-digest
squid.conf:
cache_peer avp-host parent 8899 0 no-query no-digest
never_direct allow all
Otherwise, uncachable requests will not go thru parent proxy, but direct.
Which will result in some
Sorry, I have been replying directly to users email.
To clear things up, here is a image of the setup:
http://bildr.no/image/1389674.jpeg
havp is running on 192.168.0.24:3127
squid3 is running on 192.168.0.1:3128
-Andras
On Feb 14, 2013, at 16:45 , babajaga augustus_me...@yahoo.de wrote:
heh, try this one
http://bildr.no/view/1389674
On Feb 14, 2013, at 16:49 , Andreas Westvik andr...@spbk.no wrote:
Sorry, I have been replying directly to users email.
To clear things up, here is a image of the setup:
http://bildr.no/image/1389674.jpeg
havp is running on
Then its more a question how to setup iptables, the clients and HAVP.
However, why HAV first ?
This has the danger of squid caching infected files. And HAV will scan
cached files over and over again.
Then squid will be an upstream proxy of HAV. IF HAV supports parent proxies,
then squid should
havp supports parent setup, and as far as I have seen, it should be setup
before squid.
Now, I can always switch this around, and move the squid3 setup to 192.168.0.24
and setup
havp on 192.168.0.1 of course.
But 192.168.0.1 is running debian production and Debian does not
support havp on a
So i actually got it working!
Client - gateway - havp - squid - internets
I actually had blocked my self totally from squid3, so that was quite the head
scratch. It turned out that http access deny all has to be
at the bottom of the config file. ;)
So then I pasted this into squid.conf
So, at least you will need something like
iptables -t nat -A PREROUTING -i eth3 -p tcp --dport 80 -j DNAT --to
192.168.0.24:80
on the squid-box (default gateway).
But then the question arises: Does HAVP support transparent proxying, like
squid does ?
If it does, then
iptables -t nat -A
Hi all,
A friend of mine has a company outside
the U.S, and
wants to provide Netflix to his customers.
Since I can setup a proxy here
for him and have his
clients use my proxy to access netflix, is there any
other solution that can optimize it even
On 15/02/2013 2:23 a.m., Prasanna Venkateswaran wrote:
Hi,
I have been trying to set up squid which can intercept https
traffic without client (read it as browser proxy) changes. I am using
the latest squid 3.3.1. When I actually open a https site I still see
the certificate with the
On 15/02/2013 1:24 p.m., mb...@whywire.com wrote:
Hi all,
A friend of mine has a company outside
the U.S, and
wants to provide Netflix to his customers.
Since I can setup a proxy here
for him and have his
clients use my proxy to access netflix, is
On 15/02/2013 10:18 a.m., Andreas Westvik wrote:
So i actually got it working!
Client - gateway - havp - squid - internets
I actually had blocked my self totally from squid3, so that was quite the head
scratch. It turned out that http access deny all has to be
at the bottom of the config
23 matches
Mail list logo