Re: [squid-users] refresh_pattern by type mime
On 21/08/2015 2:56 a.m., Stakres wrote: Hi All, There is an existing case in the bugzilla (http://bugs.squid-cache.org/show_bug.cgi?id=1913) speaking about this request and it seems a good idea: refresh_pattern by type mime It would be very nice and cool to have this feature in squid to define different min/max time per mime. We could define script/html/css/etc... with a short time, images/videos/audio/application/etc... with a long time... Squid team, what is your opinion about that ? Maybe already in the roadmap for the next 3.5.x build or the 4.x ? Being tracked as http://bugs.squid-cache.org/show_bug.cgi?id=1913. But not on the roadmap with any priority AFAIK. My opinion (cant speak for anyone else on this); It has some useful merit, but the bugs making the algorithm non-compliant with RFC7234 have higher priority when I look at that area of the code. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Squid 3.5.7, cache_swap_high, bug or not bug ?
Amos, Uploading the patched squid took time to be agreed by the client, sorry but the server is in production and we cannot take the risk to see if the action will crash or not the squid, i don't want to lose this client... If you fix in the next release the cache_swap_low/high taking care the Percent Used and the Filemap, it would be a good solution at the moment Keep us posted... Bye Fred -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-3-5-7-cache-swap-high-bug-or-not-bug-tp4672750p4672846.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] Cache Permission Errors
Hi, Sorry if this is a duplicate message, I am not sure it went through initially. I am having an issue with my caching drives that I can't seem to pinpoint the problem. I have 4 drives to be used for caching, they are ext3 filesystems mounted like so. I am running CentOS 7. /dev/sde1 on /var/spool/squid4 type ext3 (rw,noatime,seclabel,data=ordered) /dev/sdd1 on /var/spool/squid3 type ext3 (rw,noatime,seclabel,data=ordered) /dev/sdc1 on /var/spool/squid2 type ext3 (rw,noatime,seclabel,data=ordered) /dev/sdb1 on /var/spool/squid1 type ext3 (rw,noatime,seclabel,data=ordered) I set the cache user to be squid in the squid.conf and I reference the drives for caching. cache_dir aufs /var/spool/squid1 460800 32 512 cache_dir aufs /var/spool/squid2 460800 32 512 cache_dir aufs /var/spool/squid3 460800 32 512 cache_dir aufs /var/spool/squid4 460800 32 512 ls -l of the /var/spool shows proper perms, they are propagated. drwxr-x---. 34 squid squid 4096 Aug 21 10:01 squid1 drwxr-x---. 34 squid squid 4096 Aug 21 10:01 squid2 drwxr-x---. 34 squid squid 4096 Aug 21 10:01 squid3 drwxr-x---. 34 squid squid 4096 Aug 21 10:01 squid4 The cache dirs were successfully created using squid -z and all of the subfolders were generated. Squid starts and everything appears to be great. Until I monitor the cache.log, then I see the errors begin. Some like this. 2015/08/16 03:41:55 kid1| /var/spool/squid1/cache/19/8B: (13) Permission denied 2015/08/16 03:42:10 kid1| /var/spool/squid2/cache/19/8B: (13) Permission denied 2015/08/16 03:42:25 kid1| /var/spool/squid3/cache/19/8B: (13) Permission denied 2015/08/16 03:42:40 kid1| /var/spool/squid4/cache/19/8B: (13) Permission denied 2015/08/16 03:42:55 kid1| /var/spool/squid1/cache/1A/8B: (13) Permission denied 2015/08/16 03:43:10 kid1| /var/spool/squid2/cache/1A/8B: (13) Permission denied 2015/08/16 03:43:25 kid1| /var/spool/squid3/cache/1A/8B: (13) Permission denied 2015/08/16 03:43:40 kid1| /var/spool/squid4/cache/1A/8B: (13) Permission denied 2015/08/16 03:43:55 kid1| /var/spool/squid1/cache/1B/8B: (13) Permission denied Some like this. 2015/08/21 10:02:13 kid1| /var/spool/squid2/17/1FF: (13) Permission denied 2015/08/21 10:02:13 kid1| DiskThreadsDiskFile::openDone: (13) Permission denied 2015/08/21 10:02:13 kid1| /var/spool/squid4/00/00/ 2015/08/21 10:02:28 kid1| /var/spool/squid3/17/1FF: (13) Permission denied 2015/08/21 10:02:32 kid1| DiskThreadsDiskFile::openDone: (13) Permission denied 2015/08/21 10:02:32 kid1| /var/spool/squid4/00/00/0001 2015/08/21 10:02:33 kid1| DiskThreadsDiskFile::openDone: (13) Permission denied 2015/08/21 10:02:33 kid1| /var/spool/squid4/00/00/0002 2015/08/21 10:02:33 kid1| DiskThreadsDiskFile::openDone: (13) Permission denied 2015/08/21 10:02:33 kid1| /var/spool/squid4/00/00/0003 2015/08/21 10:02:33 kid1| DiskThreadsDiskFile::openDone: (13) Permission denied 2015/08/21 10:02:33 kid1| /var/spool/squid4/00/00/0004 2015/08/21 10:02:33 kid1| DiskThreadsDiskFile::openDone: (13) Permission denied 2015/08/21 10:02:33 kid1| /var/spool/squid4/00/00/0005 2015/08/21 10:02:33 kid1| DiskThreadsDiskFile::openDone: (13) Permission denied 2015/08/21 10:02:33 kid1| /var/spool/squid4/00/00/0006 2015/08/21 10:02:33 kid1| DiskThreadsDiskFile::openDone: (13) Permission denied 2015/08/21 10:02:33 kid1| /var/spool/squid4/00/00/0007 The folders remain empty of course, so no caching is taking place. I am truly stumped as to what I may be doing wrong since squid has enough perms to create the dirs but not enough to save to them. Any help would be great. Thanks! Zim ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] external_acl_type not working on Squid Cache: Version 3.5.5
Two things:
- take a look at this helper to see something that works:
http://bazaar.launchpad.net/~squid/squid/trunk/view/head:/helpers/storeid_rewrite/file/storeid_file_rewrite.pl.in
- newlines are important in the communication between squid and the
helper.
perl's print is not sending a new line character even if needed, you
need to put it there.
Since squid 3.5.X there is a string %un which sends the authenticated
user name to the helper without triggering a authentication if not needed.
All The Bests,
Eliezer
On 24/08/2015 03:17, hs tan wrote:
I have been trying to test squid but it doesn't seems to be working. The
closest example I studied are:
http://etutorials.org/Server+Administration/Squid.+The+definitive+guide/Chapter+12.+Authentication+Helpers/12.5+External+ACLs/
http://www.stress-free.co.nz/transparent_squid_authentication_to_edirectory
but none of it works.
From the simple test, I did on the following:
The print ERR supposed to have an out put at the cache.log, but I din't
see anything appearing
Neither I change the ERR nor OK, there is no effect on the access.
I just want a simple test, if set to print ERR then stop user to proceed,
if OK then proceed.
The error message in cache.log
2015/07/28 11:45:56 kid1| helperHandleRead: unexpected reply on channel 0
from mysql_log #Hlpr17 ''
squid.conf is:
auth_param basic program /usr/lib64/squid/basic_ldap_auth -v 3 -b
dc=xxx,dc=edu.xx -D cn=Manager,dc=xxx,dc=edu.xx -w passwd -f uid=%s
ldap.xxx.edu.xx:389
acl ldap-auth proxy_auth REQUIRED
auth_param basic children 5
auth_param basic realm Web Proxy Server
auth_param basic credentialsttl 1 minute
external_acl_type mysql_log %SRC %LOGIN %{Host} /home/squid/quota_helper.pl
acl ex_log external mysql_log
http_access allow ex_log
http_access allow ldap-auth
http_access allow localnet
http_access allow localhost
http_access deny all
quota_helper.pl is:
#!/usr/bin/perl -wl
$|=1;
while(STDIN){
print ERR;
}
[root@localhost ~]# squid -v shows:
Squid Cache: Version 3.5.5
Service Name: squid
configure options: '--build=x86_64-redhat-linux-gnu'
'--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr'
'--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin'
'--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include'
'--libdir=/usr/lib64' '--libexecdir=/usr/libexec'
'--sharedstatedir=/var/lib' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--exec_prefix=/usr'
'--libexecdir=/usr/lib64/squid' '--localstatedir=/var'
'--datadir=/usr/share/squid' '--sysconfdir=/etc/squid'
'--with-logdir=$(localstatedir)/log/squid'
'--with-pidfile=$(localstatedir)/run/squid.pid'
'--disable-dependency-tracking' '--enable-follow-x-forwarded-for'
'--enable-auth'
'--enable-auth-basic=DB,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB,getpwnam'
'--enable-auth-ntlm=smb_lm,fake' '--enable-auth-digest=file,LDAP'
'--enable-auth-negotiate=kerberos,wrapper'
'--enable-external-acl-helpers=wbinfo_group,kerberos_ldap_group'
'--enable-cache-digests' '--enable-cachemgr-hostname=localhost'
'--enable-delay-pools' '--enable-epoll' '--enable-icap-client'
'--enable-ident-lookups' '--enable-linux-netfilter'
'--enable-removal-policies=heap,lru' '--enable-snmp'
'--enable-storeio=aufs,diskd,ufs,rock' '--enable-wccpv2' '--enable-esi'
'--enable-ssl-crtd' '--enable-icmp' '--with-aio'
'--with-default-user=squid' '--with-filedescriptors=16384' '--with-dl'
'--with-openssl' '--with-pthreads' '--with-included-ltdl'
'--disable-arch-native' '--without-nettle'
'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu'
'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches
-m64 -mtune=generic' 'LDFLAGS=-Wl,-z,relro ' 'CXXFLAGS=-O2 -g -pipe -Wall
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong
--param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic
-fPIC'
'PKG_CONFIG_PATH=%{_PKG_CONFIG_PATH}:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
--enable-ltdl-convenience
[root@localhost ~]#
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] refresh_pattern by type mime
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Join to the wish. It would be very cool functionality. 24.08.15 18:29, Amos Jeffries пишет: On 21/08/2015 2:56 a.m., Stakres wrote: Hi All, There is an existing case in the bugzilla (http://bugs.squid-cache.org/show_bug.cgi?id=1913) speaking about this request and it seems a good idea: refresh_pattern by type mime It would be very nice and cool to have this feature in squid to define different min/max time per mime. We could define script/html/css/etc... with a short time, images/videos/audio/application/etc... with a long time... Squid team, what is your opinion about that ? Maybe already in the roadmap for the next 3.5.x build or the 4.x ? Being tracked as http://bugs.squid-cache.org/show_bug.cgi?id=1913. But not on the roadmap with any priority AFAIK. My opinion (cant speak for anyone else on this); It has some useful merit, but the bugs making the algorithm non-compliant with RFC7234 have higher priority when I look at that area of the code. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJV2zxGAAoJENNXIZxhPexGyEYH/38HM2YATTE962q07+XIKSCG 66nTA1vK+Jv7S/obzMuZ0N9GBzjGtoszQ7jGXczHPLnd6y75a/aDJfXEAgQJ35rd KuRbCde8zcmstuJGluzBh9ySXBWPUV2fmrJO33tqP9ZikFwj2F/emTYtdbwSxDfS oQXfqF4JyWFubOinha3pI3ZXilpl7Q9KO7ZahqCCqNA4CMmdRDJl6VSaIhg64rkk +iZkqpfXzdG4tY4iFudaEPykqtvzTqmX5nCRlA8BbCAAv3N8IaWEbB047USMyq3L o+ps/zXYwukL1ij+vKqI6DJcxZG/JeOyok0484XHbZUtdiZg8XOol31jIL9P+Bo= =16EM -END PGP SIGNATURE- ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Cache Permission Errors
Are you terribly certain the owner:group of the generated log files is the same as those of the cache dirs?. That is a way to check for sure what user it is running under. I was just compiling the latest 3.5.x when it would complain, and I had forgotten to compile it with --with-default-user=squid. On 08/24/2015 04:05 PM, JL wrote: Hi, Sorry if this is a duplicate message, I am not sure it went through initially. I am having an issue with my caching drives that I can't seem to pinpoint the problem. I have 4 drives to be used for caching, they are ext3 filesystems mounted like so. I am running CentOS 7. /dev/sde1 on /var/spool/squid4 type ext3 (rw,noatime,seclabel,data=ordered) /dev/sdd1 on /var/spool/squid3 type ext3 (rw,noatime,seclabel,data=ordered) /dev/sdc1 on /var/spool/squid2 type ext3 (rw,noatime,seclabel,data=ordered) /dev/sdb1 on /var/spool/squid1 type ext3 (rw,noatime,seclabel,data=ordered) I set the cache user to be squid in the squid.conf and I reference the drives for caching. cache_dir aufs /var/spool/squid1 460800 32 512 cache_dir aufs /var/spool/squid2 460800 32 512 cache_dir aufs /var/spool/squid3 460800 32 512 cache_dir aufs /var/spool/squid4 460800 32 512 ls -l of the /var/spool shows proper perms, they are propagated. drwxr-x---. 34 squid squid 4096 Aug 21 10:01 squid1 drwxr-x---. 34 squid squid 4096 Aug 21 10:01 squid2 drwxr-x---. 34 squid squid 4096 Aug 21 10:01 squid3 drwxr-x---. 34 squid squid 4096 Aug 21 10:01 squid4 The cache dirs were successfully created using squid -z and all of the subfolders were generated. Squid starts and everything appears to be great. Until I monitor the cache.log, then I see the errors begin. Some like this. 2015/08/16 03:41:55 kid1| /var/spool/squid1/cache/19/8B: (13) Permission denied 2015/08/16 03:42:10 kid1| /var/spool/squid2/cache/19/8B: (13) Permission denied 2015/08/16 03:42:25 kid1| /var/spool/squid3/cache/19/8B: (13) Permission denied 2015/08/16 03:42:40 kid1| /var/spool/squid4/cache/19/8B: (13) Permission denied 2015/08/16 03:42:55 kid1| /var/spool/squid1/cache/1A/8B: (13) Permission denied 2015/08/16 03:43:10 kid1| /var/spool/squid2/cache/1A/8B: (13) Permission denied 2015/08/16 03:43:25 kid1| /var/spool/squid3/cache/1A/8B: (13) Permission denied 2015/08/16 03:43:40 kid1| /var/spool/squid4/cache/1A/8B: (13) Permission denied 2015/08/16 03:43:55 kid1| /var/spool/squid1/cache/1B/8B: (13) Permission denied Some like this. 2015/08/21 10:02:13 kid1| /var/spool/squid2/17/1FF: (13) Permission denied 2015/08/21 10:02:13 kid1| DiskThreadsDiskFile::openDone: (13) Permission denied 2015/08/21 10:02:13 kid1| /var/spool/squid4/00/00/ 2015/08/21 10:02:28 kid1| /var/spool/squid3/17/1FF: (13) Permission denied 2015/08/21 10:02:32 kid1| DiskThreadsDiskFile::openDone: (13) Permission denied 2015/08/21 10:02:32 kid1| /var/spool/squid4/00/00/0001 2015/08/21 10:02:33 kid1| DiskThreadsDiskFile::openDone: (13) Permission denied 2015/08/21 10:02:33 kid1| /var/spool/squid4/00/00/0002 2015/08/21 10:02:33 kid1| DiskThreadsDiskFile::openDone: (13) Permission denied 2015/08/21 10:02:33 kid1| /var/spool/squid4/00/00/0003 2015/08/21 10:02:33 kid1| DiskThreadsDiskFile::openDone: (13) Permission denied 2015/08/21 10:02:33 kid1| /var/spool/squid4/00/00/0004 2015/08/21 10:02:33 kid1| DiskThreadsDiskFile::openDone: (13) Permission denied 2015/08/21 10:02:33 kid1| /var/spool/squid4/00/00/0005 2015/08/21 10:02:33 kid1| DiskThreadsDiskFile::openDone: (13) Permission denied 2015/08/21 10:02:33 kid1| /var/spool/squid4/00/00/0006 2015/08/21 10:02:33 kid1| DiskThreadsDiskFile::openDone: (13) Permission denied 2015/08/21 10:02:33 kid1| /var/spool/squid4/00/00/0007 The folders remain empty of course, so no caching is taking place. I am truly stumped as to what I may be doing wrong since squid has enough perms to create the dirs but not enough to save to them. Any help would be great. Thanks! Zim ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Cache Permission Errors
Hi Xen, Thanks for the feedback. I can confirm both the --with-default-user=squid is present in squid -v and the perms of the logs are indeed squid user. Regards, Zim On Mon, Aug 24, 2015 at 12:47 PM, Xen x...@dds.nl wrote: Are you terribly certain the owner:group of the generated log files is the same as those of the cache dirs?. That is a way to check for sure what user it is running under. I was just compiling the latest 3.5.x when it would complain, and I had forgotten to compile it with --with-default-user=squid. On 08/24/2015 04:05 PM, JL wrote: Hi, Sorry if this is a duplicate message, I am not sure it went through initially. I am having an issue with my caching drives that I can't seem to pinpoint the problem. I have 4 drives to be used for caching, they are ext3 filesystems mounted like so. I am running CentOS 7. /dev/sde1 on /var/spool/squid4 type ext3 (rw,noatime,seclabel,data=ordered) /dev/sdd1 on /var/spool/squid3 type ext3 (rw,noatime,seclabel,data=ordered) /dev/sdc1 on /var/spool/squid2 type ext3 (rw,noatime,seclabel,data=ordered) /dev/sdb1 on /var/spool/squid1 type ext3 (rw,noatime,seclabel,data=ordered) I set the cache user to be squid in the squid.conf and I reference the drives for caching. cache_dir aufs /var/spool/squid1 460800 32 512 cache_dir aufs /var/spool/squid2 460800 32 512 cache_dir aufs /var/spool/squid3 460800 32 512 cache_dir aufs /var/spool/squid4 460800 32 512 ls -l of the /var/spool shows proper perms, they are propagated. drwxr-x---. 34 squid squid 4096 Aug 21 10:01 squid1 drwxr-x---. 34 squid squid 4096 Aug 21 10:01 squid2 drwxr-x---. 34 squid squid 4096 Aug 21 10:01 squid3 drwxr-x---. 34 squid squid 4096 Aug 21 10:01 squid4 The cache dirs were successfully created using squid -z and all of the subfolders were generated. Squid starts and everything appears to be great. Until I monitor the cache.log, then I see the errors begin. Some like this. 2015/08/16 03:41:55 kid1| /var/spool/squid1/cache/19/8B: (13) Permission denied 2015/08/16 03:42:10 kid1| /var/spool/squid2/cache/19/8B: (13) Permission denied 2015/08/16 03:42:25 kid1| /var/spool/squid3/cache/19/8B: (13) Permission denied 2015/08/16 03:42:40 kid1| /var/spool/squid4/cache/19/8B: (13) Permission denied 2015/08/16 03:42:55 kid1| /var/spool/squid1/cache/1A/8B: (13) Permission denied 2015/08/16 03:43:10 kid1| /var/spool/squid2/cache/1A/8B: (13) Permission denied 2015/08/16 03:43:25 kid1| /var/spool/squid3/cache/1A/8B: (13) Permission denied 2015/08/16 03:43:40 kid1| /var/spool/squid4/cache/1A/8B: (13) Permission denied 2015/08/16 03:43:55 kid1| /var/spool/squid1/cache/1B/8B: (13) Permission denied Some like this. 2015/08/21 10:02:13 kid1| /var/spool/squid2/17/1FF: (13) Permission denied 2015/08/21 10:02:13 kid1| DiskThreadsDiskFile::openDone: (13) Permission denied 2015/08/21 10:02:13 kid1| /var/spool/squid4/00/00/ 2015/08/21 10:02:28 kid1| /var/spool/squid3/17/1FF: (13) Permission denied 2015/08/21 10:02:32 kid1| DiskThreadsDiskFile::openDone: (13) Permission denied 2015/08/21 10:02:32 kid1| /var/spool/squid4/00/00/0001 2015/08/21 10:02:33 kid1| DiskThreadsDiskFile::openDone: (13) Permission denied 2015/08/21 10:02:33 kid1| /var/spool/squid4/00/00/0002 2015/08/21 10:02:33 kid1| DiskThreadsDiskFile::openDone: (13) Permission denied 2015/08/21 10:02:33 kid1| /var/spool/squid4/00/00/0003 2015/08/21 10:02:33 kid1| DiskThreadsDiskFile::openDone: (13) Permission denied 2015/08/21 10:02:33 kid1| /var/spool/squid4/00/00/0004 2015/08/21 10:02:33 kid1| DiskThreadsDiskFile::openDone: (13) Permission denied 2015/08/21 10:02:33 kid1| /var/spool/squid4/00/00/0005 2015/08/21 10:02:33 kid1| DiskThreadsDiskFile::openDone: (13) Permission denied 2015/08/21 10:02:33 kid1| /var/spool/squid4/00/00/0006 2015/08/21 10:02:33 kid1| DiskThreadsDiskFile::openDone: (13) Permission denied 2015/08/21 10:02:33 kid1| /var/spool/squid4/00/00/0007 The folders remain empty of course, so no caching is taking place. I am truly stumped as to what I may be doing wrong since squid has enough perms to create the dirs but not enough to save to them. Any help would be great. Thanks! Zim ___ squid-users mailing listsquid-users@lists.squid-cache.orghttp://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Squid 3.5.7, cache_swap_high, bug or not bug ?
Hi Amos, The patch is running since 3 days and seems working fine Can we expect the next squid build including the patch ? Bye Fred -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-3-5-7-cache-swap-high-bug-or-not-bug-tp4672750p4672835.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Squid 3.5.7, cache_swap_high, bug or not bug ?
On 24/08/2015 9:23 p.m., FredT wrote: Hi Amos, Since the patch, the Percent Used is decreasing correctly, no new 100% at the moment. Oh well. Good signs at least for current needs. If you are open to the experiment http://bugs.squid-cache.org/show_bug.cgi?id=2448 indicates a good way to force the over-100% issue to happen on demand. Just cut a GB off the current cache-used size and reconfigure. (I do fully understand not wanting to see the effects of that in a production machine. So your choice.) This patch will make that bugs issue more visible since it will outright pause all service while the resize happens. Rather than just slowing things down randomly as it grabs CPU cycles between traffic I/O. But clear predictable situation is better anyway. So is acceptable if pause is the only bad side effect. Why not using the Req/min as the value to use in the cleaning when the cache_swap_low/high are reached ? ex: Average HTTP requests per minute since start: 19232.8 Btw, when the cache_swap_low is reached, the squid could use 25% of the req/min for the cleaning and with the cache_swap_high the squid could use 100%. This is an example, there are tons of data in the squid we could use That is what I hope for long-term. But the value you see in those reports is not a narrow point value. It is an average over the entire uptime of the Squid. Calculating it requires clock lookups and a histogram of past data. A bit too complex for this loop which runs every single second. We simply dont have any nice metric yet that says done N requests in the past 1 second. There are a few things in Squid that could make good use of it :-). Or, we could have special options to define by ourselves the number of objects to clean, example: - cache_swap_low_del_object 256 - cache_swap_high_del_object 1024 I have been considering both, and some others and the TODO is getting a bit longer. But its unlikely to happen in the coming weekends release. So far just the two bug fixes, and rate increase. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] TCP_MISS/429
Hi everyone, this is the first time i use a mailinglist, so i hope i don't mess things up. I encountered a very strange TPC_MISS/429 in my squid access.log. 1440405573.871285 10.2.0.5 TCP_MISS/429 255 GET http://crushftp.com/ Preism HIER_DIRECT/104.236.78.254 - I've searched the web, but nothing fount yet. The Webpage is blank. When i try from home, everything works fine. http://wiki.squid-cache.org/SquidFaq/SquidLogs#access.log does not list the status code. I'm not sure if this error is maybe: Too Many Requests. The user has sent too many requests in a given amount of time If it is, i dunno why. I got this error right when i tried to open the webpage for the very first time. Hope someone can help me. best regards Markus ___ Markus Preis Berge Meer Touristik GmbH Andréestrasse 27 56578 Rengsdorf Tel: +49 2634 960 1077 Fax: +49 2634 967 Mailto:markus.pr...@berge-meer.de http://www.berge-meer.de Melden Sie sich unter https://www.berge-meer.de/newsletter?f=1762 für unseren Newsletter an und erhalten Sie jede Woche kostenlos die aktuellsten Reiseangebote Berge Meer Touristik GmbH Handelsregistergericht: Montabaur/HRB 13067 Sitz: Rengsdorf Geschäftsführer: Thomas Klein (Vorsitzender), Tim Dunker, Marcel Mayer Vertraulichkeitshinweis: Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. Confidential Note: This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] external_acl_type not working on Squid Cache: Version 3.5.5
On 24/08/2015 12:17 p.m., hs tan wrote: I have been trying to test squid but it doesn't seems to be working. The closest example I studied are: http://etutorials.org/Server+Administration/Squid.+The+definitive+guide/Chapter+12.+Authentication+Helpers/12.5+External+ACLs/ http://www.stress-free.co.nz/transparent_squid_authentication_to_edirectory but none of it works. From the simple test, I did on the following: The print ERR supposed to have an out put at the cache.log, but I din't see anything appearing Neither I change the ERR nor OK, there is no effect on the access. I just want a simple test, if set to print ERR then stop user to proceed, if OK then proceed. The error message in cache.log 2015/07/28 11:45:56 kid1| helperHandleRead: unexpected reply on channel 0 from mysql_log #Hlpr17 '' on channel 0 means your Squid is using concurrency channels when talking to this helper. The helper protocol syntax is documented here: http://wiki.squid-cache.org/Features/AddonHelpers#Access_Control_.28ACL.29 ** Be careful about emitting unnecessarys newlines. ** Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Squid 3.5.7, cache_swap_high, bug or not bug ?
On 24/08/2015 7:11 p.m., Stakres wrote: Hi Amos, The patch is running since 3 days and seems working fine Can we expect the next squid build including the patch ? Yes, or a close variant. Some details though please (if you can): Has it had to deal with an over-100% filled event yet? if so was there any noticible effects such as traffic slowdown or HDD load peaks? if not, how close to or far past high-water is it getting as compared to before? The rate-of-purge tuning is arbitrary number changes in the new patch, and I'm not aware of any actual measurements for the previous numbers either. So I'm hoping its not just bumped up out of your speed range and waiting quietly for somebody else at higher speeds. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Squid 3.5.7, cache_swap_high, bug or not bug ?
Hi Amos, Since the patch, the Percent Used is decreasing correctly, no new 100% at the moment. Why not using the Req/min as the value to use in the cleaning when the cache_swap_low/high are reached ? ex: Average HTTP requests per minute since start: 19232.8 Btw, when the cache_swap_low is reached, the squid could use 25% of the req/min for the cleaning and with the cache_swap_high the squid could use 100%. This is an example, there are tons of data in the squid we could use Or, we could have special options to define by ourselves the number of objects to clean, example: - cache_swap_low_del_object 256 - cache_swap_high_del_object 1024 Bye Fred -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-3-5-7-cache-swap-high-bug-or-not-bug-tp4672750p4672841.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] TCP_MISS/429
On 24/08/2015 8:51 p.m., Markus.Preis wrote: Hi everyone, this is the first time i use a mailinglist, so i hope i don't mess things up. No problem. Welcome. I encountered a very strange TPC_MISS/429 in my squid access.log. 1440405573.871285 10.2.0.5 TCP_MISS/429 255 GET http://crushftp.com/ Preism HIER_DIRECT/104.236.78.254 - I've searched the web, but nothing fount yet. The Webpage is blank. When i try from home, everything works fine. http://wiki.squid-cache.org/SquidFaq/SquidLogs#access.log does not list the status code. see http://tools.ietf.org/html/rfc6585#section-4 for what it means. Squid does not generate that code itself. Although it is possible for an admin to use deny_info 429:ERR_BLANK someAcl and have setup a custom rate-limiting ACL helper. In this case I think its just the normal traffic event with the origin server 104.236.78.254 generating it. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Mac OS X Updates
Hi John, according to the article you link to, it's not possible to cache these updates: Apple puts some effort as a conscious choice to make it so. Updates for older versions of MacOS may be over HTTP, newer ones are over HTTPs over port 443 and and dynamically-generated ports. HTTP could be cached, https cannot without ssl-bump/peek-n-splice (SSL man-in-the-middle). The wording of the article seems to suggest that the list of trusted issuers of certificates for the https service is not the same as the system's CA root certificate store but is probably locked to Apple's. This means that also SSL MITM is not possible, by design. On Wed, Aug 19, 2015 at 9:20 PM, John Pearson johnpearson...@gmail.com wrote: Anyone have Mac OS X update caching working ? Without doing a SSL bump. I think they are hosted through https ( https://support.apple.com/en-us/HT202943 ) Thanks! ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users -- Francesco ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Cache Permission Errors
On Monday 24 August 2015 at 23:41:49, kuntal_ba...@bnz.co.nz wrote: Could you please un-subscribe me ? I've sent you an unsubscribe request confirmation. Reply to it and you'll be removed from the list. Senior Infrastructure Architecture and Design Specialist Infrastructure Architecture and Design Bank of New Zealand Hm. Regards, Antony. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Cache Permission Errors
Could you please un-subscribe me ? Cheers, Kuntal Senior Infrastructure Architecture and Design Specialist Infrastructure Architecture and Design Bank of New Zealand DDI: 04-474 6722 Mobile: 021-2408034 ?Success is not final, failure is not fatal: it is the courage to continue that counts.? - Winston Churchill From: JL zimu...@gmail.com To: Xen x...@dds.nl, Cc: squid-users@lists.squid-cache.org Date: 25/08/2015 05:02 a.m. Subject:Re: [squid-users] Cache Permission Errors Sent by:squid-users squid-users-boun...@lists.squid-cache.org Hi Xen, Thanks for the feedback. I can confirm both the --with-default-user=squid is present in squid -v and the perms of the logs are indeed squid user. Regards, Zim On Mon, Aug 24, 2015 at 12:47 PM, Xen x...@dds.nl wrote: Are you terribly certain the owner:group of the generated log files is the same as those of the cache dirs?. That is a way to check for sure what user it is running under. I was just compiling the latest 3.5.x when it would complain, and I had forgotten to compile it with --with-default-user=squid. On 08/24/2015 04:05 PM, JL wrote: Hi, Sorry if this is a duplicate message, I am not sure it went through initially. I am having an issue with my caching drives that I can't seem to pinpoint the problem. I have 4 drives to be used for caching, they are ext3 filesystems mounted like so. I am running CentOS 7. /dev/sde1 on /var/spool/squid4 type ext3 (rw,noatime,seclabel,data=ordered) /dev/sdd1 on /var/spool/squid3 type ext3 (rw,noatime,seclabel,data=ordered) /dev/sdc1 on /var/spool/squid2 type ext3 (rw,noatime,seclabel,data=ordered) /dev/sdb1 on /var/spool/squid1 type ext3 (rw,noatime,seclabel,data=ordered) I set the cache user to be squid in the squid.conf and I reference the drives for caching. cache_dir aufs /var/spool/squid1 460800 32 512 cache_dir aufs /var/spool/squid2 460800 32 512 cache_dir aufs /var/spool/squid3 460800 32 512 cache_dir aufs /var/spool/squid4 460800 32 512 ls -l of the /var/spool shows proper perms, they are propagated. drwxr-x---. 34 squid squid 4096 Aug 21 10:01 squid1 drwxr-x---. 34 squid squid 4096 Aug 21 10:01 squid2 drwxr-x---. 34 squid squid 4096 Aug 21 10:01 squid3 drwxr-x---. 34 squid squid 4096 Aug 21 10:01 squid4 The cache dirs were successfully created using squid -z and all of the subfolders were generated. Squid starts and everything appears to be great. Until I monitor the cache.log, then I see the errors begin. Some like this. 2015/08/16 03:41:55 kid1| /var/spool/squid1/cache/19/8B: (13) Permission denied 2015/08/16 03:42:10 kid1| /var/spool/squid2/cache/19/8B: (13) Permission denied 2015/08/16 03:42:25 kid1| /var/spool/squid3/cache/19/8B: (13) Permission denied 2015/08/16 03:42:40 kid1| /var/spool/squid4/cache/19/8B: (13) Permission denied 2015/08/16 03:42:55 kid1| /var/spool/squid1/cache/1A/8B: (13) Permission denied 2015/08/16 03:43:10 kid1| /var/spool/squid2/cache/1A/8B: (13) Permission denied 2015/08/16 03:43:25 kid1| /var/spool/squid3/cache/1A/8B: (13) Permission denied 2015/08/16 03:43:40 kid1| /var/spool/squid4/cache/1A/8B: (13) Permission denied 2015/08/16 03:43:55 kid1| /var/spool/squid1/cache/1B/8B: (13) Permission denied Some like this. 2015/08/21 10:02:13 kid1| /var/spool/squid2/17/1FF: (13) Permission denied 2015/08/21 10:02:13 kid1| DiskThreadsDiskFile::openDone: (13) Permission denied 2015/08/21 10:02:13 kid1| /var/spool/squid4/00/00/ 2015/08/21 10:02:28 kid1| /var/spool/squid3/17/1FF: (13) Permission denied 2015/08/21 10:02:32 kid1| DiskThreadsDiskFile::openDone: (13) Permission denied 2015/08/21 10:02:32 kid1| /var/spool/squid4/00/00/0001 2015/08/21 10:02:33 kid1| DiskThreadsDiskFile::openDone: (13) Permission denied 2015/08/21 10:02:33 kid1| /var/spool/squid4/00/00/0002 2015/08/21 10:02:33 kid1| DiskThreadsDiskFile::openDone: (13) Permission denied 2015/08/21 10:02:33 kid1| /var/spool/squid4/00/00/0003 2015/08/21 10:02:33 kid1| DiskThreadsDiskFile::openDone: (13) Permission denied 2015/08/21 10:02:33 kid1| /var/spool/squid4/00/00/0004 2015/08/21 10:02:33 kid1| DiskThreadsDiskFile::openDone: (13) Permission denied 2015/08/21 10:02:33 kid1| /var/spool/squid4/00/00/0005 2015/08/21 10:02:33 kid1| DiskThreadsDiskFile::openDone: (13) Permission denied 2015/08/21 10:02:33 kid1| /var/spool/squid4/00/00/0006 2015/08/21 10:02:33 kid1| DiskThreadsDiskFile::openDone: (13) Permission denied 2015/08/21 10:02:33 kid1| /var/spool/squid4/00/00/0007 The folders remain empty of course, so no caching is taking place. I am truly stumped as to what I may be doing wrong since squid has enough perms to create the dirs but not enough to save to them. Any help would be great. Thanks! Zim ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users ___
[squid-users] FreeBSD pf route-to and linux tproxy
After remembering this thread: http://www.squid-cache.org/mail-archive/squid-users/201102/0236.html I had some time to run tests here and there, I am testing now FreeBSD traffic diverting with PF and seems to not understand something. The topology is: client(192.168.12.150/24) -- R1(FBSD-PF)R2(VYOS+NAT) (192.168.11.254/24) | | PROXY(192.168.11.1/24) R2 and R1 are at net 192.168.15.0/24 R1 -192.168.15.1, R2 - 192.168.15.254 Now I am watching something weird on both the PROXY and both R2. I am trying to divert traffic using PF to the proxy using the route-to method. Example PF rules: ##START pf.conf int_if = vtnet2 ext_if = vtnet0 proxy_if = vtnet1 lan_net = 192.168.12.0/24 proxy1 = 192.168.11.1 pass in quick on $proxy_if pass in quick on $int_if proto tcp from $lan_net to any port 80 rtable 1 pass in quick on $ext_if proto tcp from any port 80 to $lan_net rtable 1 pass in all pass out all ##END pf.conf In this scenario the tproxy is diverting the SYN packet and the squid do not reply with a syn-ack. When I am disabling the pf and using the FreeBSD machine as a router I am getting a weird result: The tcp packet gets to the origin server without being masqurading(snat) on the VYOS machine. So two weird scenarios with FreeBSD. If I replace the R1 with a drop in replacement with a VYOS or CENTOS machine it all suddenly works magically, both TPROXY and TCP nat. The only packets I see that are being snatted are ICMP but not tcp. * The R1 FreeBSD is a clone of the VYOS so the networks are the same but with different nic mac addresses. I do not look for a resolution to the OS level since with LINUX boxes all works magically fine. But if someone have seen this I will be happy to hear about that I am not lonely on that. Eliezer ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
