Re: [squid-users] Help: How to calculate all bytes when communicate with client for a request

2016-12-20 Thread wei 
Hi Alex,


Many thanks for your reply and sorry for the misleading. In fact I just want to 
log the number of encrypted bytes received from the HTTPS client, not the 
decrypted HTTPS body sizes. Do you know how to do this?


I also build squid 3.5.23 with default parameter, and seems squid log still 
ignore the encrypted bytes(except "CONNECT" header) that the client send to 
squid server.


Below is two Get and Post commands and you can see there is no difference with 
their total size(%st 3520) in the logs:

curl --proxy 48.96.17.25:3128  https://showip.net
curl --proxy 48.96.17.25:3128 -d'test' https://showip.net

1482292236.816   1700 48.96.17.25 TCP_TUNNEL/200 3408 112 3520 0 112 CONNECT 
showip.net:443 - HIER_DIRECT/showip.net:23.253.100.206 -
1482292258.735   1234 48.96.17.25 TCP_TUNNEL/200 3408 112 3520 0 112 CONNECT 
showip.net:443 - HIER_DIRECT/showip.net:23.253.100.206 -

logformat in squid.conf is:
logformat squid %ts.%03tu %6tr %>a %Ss/%03Hs %st %st %sh %rm %ru 
%un %Sh/%st is supposed to be "Total bytes received from client" and %st is 
supposed to be "Total bytes received from client and sent to client", right? 
But why they have no change while the client send more data to squid server? Is 
this a bug?

Thanks for all your help!

Regards,
Edwin


On 20 December 2016 at 16:38, Alex Rousskov  
wrote:

> I want to calculate all bytes when a request is sent to squid,

According to squid.conf.documented, you can use the following logformat
%codes to get unencrypted HTTP request sizes:


> including:

>  1. the header length that client will send to squid

[http::]>sh Size of request headers received from client


>  2. the post content length that send to squid

[http::]>st Total size of request received from client.

minus

[http::]>sh Size of request headers received from client


>  3. the response length squid will reply to client


[http::] I don't need to know the request content, just want to know how many
> bytes the client totally send including the post and https bytes, is it
> possible to do this?

The only way to measure the size of encrypted HTTP message parts is to
decrypt that message. Thus, if you want to log HTTPS POST body sizes (as
opposed to just the number of encrypted bytes received from the HTTPS
client), then you have to tell Squid to decrypt that traffic. In most
cases, decryption is not worth the associated headaches if you just want
to log sizes.


HTH,

Alex.

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid freeze each hour.

2016-12-20 Thread David Touzeau 
Thanks, 

I'm test it now

-Message d'origine-
De : squid-users [mailto:squid-users-boun...@lists.squid-cache.org] De la part 
de Garri Djavadyan
Envoyé : mardi 20 décembre 2016 18:58
À : squid-users@lists.squid-cache.org
Objet : Re: [squid-users] Squid freeze each hour.

On 2016-12-20 21:42, David Touzeau wrote:
> Is there any way to disabling Cache digest without need to recompile 
> squid ?

Hi,

Use "digest_generation off".

http://www.squid-cache.org/Doc/config/digest_generation/


Garri
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid freeze each hour.

2016-12-20 Thread Garri Djavadyan 

On 2016-12-20 21:42, David Touzeau wrote:
Is there any way to disabling Cache digest without need to recompile 
squid ?


Hi,

Use "digest_generation off".

http://www.squid-cache.org/Doc/config/digest_generation/


Garri
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid Websocket Issue

2016-12-20 Thread Alex Rousskov 
On 12/20/2016 02:42 AM, Hardik Dangar wrote:
> Following changes in config works and whatsapp starts working,
> 
> acl serverIsws ssl::server_name_regex ^w[0-9]+\.web\.whatsapp\.com$
> 
> acl step1 at_step SslBump1
> ssl_bump peek step1
> ssl_bump splice serverIsws
> ssl_bump bump !serverIsws all

You do not need the "!serverIsws" part because if serverIsws matches,
then the splice rule wins, and Squid does not reach the bump rule. This
configuration is sufficient:

  ssl_bump peek step1
  ssl_bump splice serverIsws
  ssl_bump bump all

In theory, adding "!serverIsws" does not hurt. However, negating complex
ACLs is tricky/dangerous and should be avoided when possible.

Alex.

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid freeze each hour.

2016-12-20 Thread David Touzeau 
Hi Alex,

Is there any way to disabling Cache digest without need to recompile squid ?

-Message d'origine-
De : Alex Rousskov [mailto:rouss...@measurement-factory.com] 
Envoyé : mardi 20 décembre 2016 17:21
À : squid-users@lists.squid-cache.org
Cc : David Touzeau 
Objet : Re: [squid-users] Squid freeze each hour.

On 12/20/2016 04:53 AM, David Touzeau wrote:

> I'm using the 3.5.23, each hour, the proxy port did not respond for 3 
> to 10 minutes.

Do you have Cache Digests enabled (either implicitly or explicitly)? If yes, 
try disabling them. Others on the list can help you with that if you cannot 
figure it out.

If disabling Cache Digests solves the problem, keep them disabled unless your 
Squids actually need/use them.


HTH,

Alex.


___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Help: How to calculate all bytes when communicate with client for a request

2016-12-20 Thread Alex Rousskov 
On 12/20/2016 03:56 AM, wei wrote:

> I want to calculate all bytes when a request is sent to squid,

According to squid.conf.documented, you can use the following logformat
%codes to get unencrypted HTTP request sizes:


> including:

>  1. the header length that client will send to squid

[http::]>sh Size of request headers received from client


>  2. the post content length that send to squid

[http::]>st Total size of request received from client.

minus

[http::]>sh Size of request headers received from client


>  3. the response length squid will reply to client


[http::] I don't need to know the request content, just want to know how many
> bytes the client totally send including the post and https bytes, is it
> possible to do this?

The only way to measure the size of encrypted HTTP message parts is to
decrypt that message. Thus, if you want to log HTTPS POST body sizes (as
opposed to just the number of encrypted bytes received from the HTTPS
client), then you have to tell Squid to decrypt that traffic. In most
cases, decryption is not worth the associated headaches if you just want
to log sizes.


HTH,

Alex.

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squidcliente stopped working!

2016-12-20 Thread Sameh Onaissi 
That did it.

Again, Thanks Eliezer! I really appreciate it. 




> On Dec 20, 2016, at 11:20 AM, Eliezer Croitoru  wrote:
> 
> What I wrote is that you will need to put it as the first line in the 
> squid.conf file...
> But in your case you are using squidguard so you will need to add the next 
> lines in this order:
> url_rewrite_access deny localhost
> url_rewrite_access allow all
> 
> Eliezer
> 
> * Anthony thanks for pointing me to the squid.conf paste.
> 
> 
> Eliezer Croitoru
> Linux System Administrator
> Mobile: +972-5-28704261
> Email: elie...@ngtech.co.il
> 
> 
> -Original Message-
> From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On 
> Behalf Of Sameh Onaissi
> Sent: Tuesday, December 20, 2016 6:16 PM
> Cc: squid-users@lists.squid-cache.org
> Subject: Re: [squid-users] squidcliente stopped working!
> 
> Antony is right….
> 
> I have that line in my config file. That is my config that Antony posted 
> (http://pastebin.com/TQ8H6bRp), except I excluded the SMTP port as Amos 
> recommended.
> 
>> On Dec 20, 2016, at 11:11 AM, Antony Stone 
>>  wrote:
>> 
>> On Tuesday 20 December 2016 at 16:59:11, Eliezer Croitoru wrote:
>> 
>>> The issue is with acls and probably squidguard.
>>> You should add to the configuration something like:
>>> http_access allow localhost manager
>> 
>> Er, that line is already in his squid.conf
>> 
>>> and also another line that will deny localhost traffic from being 
>>> inspected. If the above as the first line doesn't sort it out I will 
>>> need squid.conf to understand what is causing it.
>> 
>> I think http://pastebin.com/TQ8H6bRp is what he is working with?
>> 
>> 
>> Antony.
>> 
>> --
>> The truth is rarely pure, and never simple.
>> 
>> - Oscar Wilde
>> 
>>  Please reply to the list;
>>please *don't* CC me.
>> ___
>> squid-users mailing list
>> squid-users@lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
> 
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
> 

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid freeze each hour.

2016-12-20 Thread Alex Rousskov 
On 12/20/2016 04:53 AM, David Touzeau wrote:

> I'm using the 3.5.23, each hour, the proxy port did not respond for 3 to 10
> minutes.

Do you have Cache Digests enabled (either implicitly or explicitly)? If
yes, try disabling them. Others on the list can help you with that if
you cannot figure it out.

If disabling Cache Digests solves the problem, keep them disabled unless
your Squids actually need/use them.


HTH,

Alex.

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squidcliente stopped working!

2016-12-20 Thread Eliezer Croitoru 
What I wrote is that you will need to put it as the first line in the 
squid.conf file...
But in your case you are using squidguard so you will need to add the next 
lines in this order:
url_rewrite_access deny localhost
url_rewrite_access allow all

Eliezer

* Anthony thanks for pointing me to the squid.conf paste.


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il


-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf 
Of Sameh Onaissi
Sent: Tuesday, December 20, 2016 6:16 PM
Cc: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] squidcliente stopped working!

Antony is right….

I have that line in my config file. That is my config that Antony posted 
(http://pastebin.com/TQ8H6bRp), except I excluded the SMTP port as Amos 
recommended.

> On Dec 20, 2016, at 11:11 AM, Antony Stone 
>  wrote:
> 
> On Tuesday 20 December 2016 at 16:59:11, Eliezer Croitoru wrote:
> 
>> The issue is with acls and probably squidguard.
>> You should add to the configuration something like:
>> http_access allow localhost manager
> 
> Er, that line is already in his squid.conf
> 
>> and also another line that will deny localhost traffic from being 
>> inspected. If the above as the first line doesn't sort it out I will 
>> need squid.conf to understand what is causing it.
> 
> I think http://pastebin.com/TQ8H6bRp is what he is working with?
> 
> 
> Antony.
> 
> --
> The truth is rarely pure, and never simple.
> 
> - Oscar Wilde
> 
>   Please reply to the list;
> please *don't* CC me.
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squidcliente stopped working!

2016-12-20 Thread Sameh Onaissi 
Antony is right….

I have that line in my config file. That is my config that Antony posted 
(http://pastebin.com/TQ8H6bRp), except I excluded the SMTP port as Amos 
recommended.

> On Dec 20, 2016, at 11:11 AM, Antony Stone 
>  wrote:
> 
> On Tuesday 20 December 2016 at 16:59:11, Eliezer Croitoru wrote:
> 
>> The issue is with acls and probably squidguard.
>> You should add to the configuration something like:
>> http_access allow localhost manager
> 
> Er, that line is already in his squid.conf
> 
>> and also another line that will deny localhost traffic from being
>> inspected. If the above as the first line doesn't sort it out I will need
>> squid.conf to understand what is causing it.
> 
> I think http://pastebin.com/TQ8H6bRp is what he is working with?
> 
> 
> Antony.
> 
> -- 
> The truth is rarely pure, and never simple.
> 
> - Oscar Wilde
> 
>   Please reply to the list;
> please *don't* CC me.
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squidcliente stopped working!

2016-12-20 Thread Antony Stone 
On Tuesday 20 December 2016 at 16:59:11, Eliezer Croitoru wrote:

> The issue is with acls and probably squidguard.
> You should add to the configuration something like:
> http_access allow localhost manager

Er, that line is already in his squid.conf

> and also another line that will deny localhost traffic from being
> inspected. If the above as the first line doesn't sort it out I will need
> squid.conf to understand what is causing it.

I think http://pastebin.com/TQ8H6bRp is what he is working with?


Antony.

-- 
The truth is rarely pure, and never simple.

 - Oscar Wilde

   Please reply to the list;
 please *don't* CC me.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squidcliente stopped working!

2016-12-20 Thread Eliezer Croitoru 
The issue is with acls and probably squidguard.
You should add to the configuration something like:
http_access allow localhost manager

and also another line that will deny localhost traffic from being inspected.
If the above as the first line doesn't sort it out I will need squid.conf to
understand what is causing it.
If you want to send the squid.conf privately feel free to do so.

Eliezer


http://ngtech.co.il/lmgtfy/
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il


From: Sameh Onaissi [mailto:sameh.onai...@solcv.com] 
Sent: Tuesday, December 20, 2016 5:40 PM
To: Eliezer Croitoru 
Cc: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] squidcliente stopped working!

Hi Eliezer, 
Thanks for the reply.

changing /etc/hosts made no difference, the new log just showed the ipv4
localhost:

verbosity level set to 2
Request:
GET cache_object://localhost/info HTTP/1.0
Host: localhost
User-Agent: squidclient/3.5.22
Accept: */*
Connection: close


.
Transport detected: IPv4-mapped  and IPv6
Resolving localhost ...
Connecting... localhost (127.0.0.1:3128)
Connected to: localhost (127.0.0.1:3128)
Sending HTTP request ... 
done.
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2016 15:42:07 GMT
Server: Apache/2.4.7 (Ubuntu)
Last-Modified: Fri, 25 Nov 2016 16:55:22 GMT
ETag: "bd-54222fce80317"
Accept-Ranges: bytes
Content-Length: 189
Vary: Accept-Encoding
Content-Type: text/html
Age: 225
X-Cache: HIT from http://squidpxy.domain.com
X-Cache-Lookup: HIT from http://squidpxy.domain.com:3128
Via: 1.1 http://squidpxy.domain.com (squid/3.5.22)
Connection: close






http://www.domain.com/squid/access_denied.jpg"; alt="Acceso
Denegado" style="width:704px;height:428px;">






curl just returns the html code of the access denied page.


On Dec 20, 2016, at 10:26 AM, Eliezer Croitoru 
wrote:

curl http://localhost:3128/squid-internal-mgr/info


___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squidcliente stopped working!

2016-12-20 Thread Sameh Onaissi 
Hi Eliezer,
Thanks for the reply.

changing /etc/hosts made no difference, the new log just showed the ipv4 
localhost:

verbosity level set to 2
Request:
GET cache_object://localhost/info HTTP/1.0
Host: localhost
User-Agent: squidclient/3.5.22
Accept: */*
Connection: close


.
Transport detected: IPv4-mapped  and IPv6
Resolving localhost ...
Connecting... localhost (127.0.0.1:3128)
Connected to: localhost (127.0.0.1:3128)
Sending HTTP request ...
done.
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2016 15:42:07 GMT
Server: Apache/2.4.7 (Ubuntu)
Last-Modified: Fri, 25 Nov 2016 16:55:22 GMT
ETag: "bd-54222fce80317"
Accept-Ranges: bytes
Content-Length: 189
Vary: Accept-Encoding
Content-Type: text/html
Age: 225
X-Cache: HIT from squidpxy.domain.com
X-Cache-Lookup: HIT from squidpxy.domain.com:3128
Via: 1.1 squidpxy.domain.com (squid/3.5.22)
Connection: close






http://www.domain.com/squid/access_denied.jpg"; alt="Acceso 
Denegado" style="width:704px;height:428px;">






curl just returns the html code of the access denied page.


On Dec 20, 2016, at 10:26 AM, Eliezer Croitoru 
mailto:elie...@ngtech.co.il>> wrote:

curl http://localhost:3128/squid-internal-mgr/info

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squidcliente stopped working!

2016-12-20 Thread Eliezer Croitoru 
It looks like your acls are denying access to the localhost because it's trying 
to access the proxy using ipv6.
Try to comment the "::1 localhost" line from /etc/hosts and try to see if it's 
the same.
If it's still not working you will need to write couple rules at the top of the 
squid.conf files to allow manager interface access from localhost.
Also since squid 3.2 you have the option to use curl or any other tool to 
access the info pages without squid client which can help you.
Try the next:
# curl http://localhost:3128/squid-internal-mgr/info

And see what happens.
Also if you have some filtering solution in this squid setup you will need to 
make an exception from this inspection on connections for localhost(both ipv4 
and ipv6) since the admin doesn't need these restrictions.

Let me know about the results.

Eliezer


http://ngtech.co.il/lmgtfy/
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il


From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf 
Of Sameh Onaissi
Sent: Tuesday, December 20, 2016 4:04 PM
Cc: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] squidcliente stopped working!


On Dec 19, 2016, at 11:55 PM, Amos Jeffries  wrote:

On 20/12/2016 9:52 a.m., Sameh Onaissi wrote:



On Dec 19, 2016, at 1:31 PM, Antony Stone wrote:

On Monday 19 December 2016 at 17:44:11, Sameh Onaissi wrote:


Hello,

I was using squid client to get cache stats, however this morning it
completely stopped working.


http://mydomainname.com/squid/access_denied.jpg";
alt="Acceso Denegado" style="width:704px;height:428px;">


the html code is the code of my redirect page whenever a client tries to
access a blacklisted website.

How big is your blacklist?  Could you show us what's in it?

Have you added the proxy itself to the whitelist?

The blacklist consistes of the ads, porn, socialnet and spyware lists of the BL 
list. 

I added both LAN and WAN IPs of the server to the whitelist but didn’t help.

What URL was being requested that got the above access denied response?

Use -vv parameter to squidclient and "debug_options 11,2" in squid.conf
to have the requests header logged and find that out.

This is what shows now:

verbosity level set to 2
Request:
GET cache_object://localhost/info HTTP/1.0
Host: localhost
User-Agent: squidclient/3.5.22
Accept: */*
Connection: close


.
Transport detected: IPv4-mapped  and IPv6
Resolving localhost ...
Connecting... localhost ([::1]:3128)
Connected to: localhost ([::1]:3128)
Sending HTTP request ... 
done.
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2016 14:03:46 GMT
Server: Apache/2.4.7 (Ubuntu)
Last-Modified: Fri, 25 Nov 2016 16:55:22 GMT
ETag: "bd-54222fce80317"
Accept-Ranges: bytes
Content-Length: 189
Vary: Accept-Encoding
Content-Type: text/html
Age: 103
X-Cache: HIT from http://squidpxy.domain.com
X-Cache-Lookup: HIT from http://squidpxy.domain.com:3128
Via: 1.1 http://squidpxy.domain.com (squid/3.5.22)
Connection: close






http://www.domain.com/squid/access_denied.jpg"; alt="Acceso 
Denegado" style="width:704px;height:428px;">





And in the access log:

1482242596.513  0 ::1 TCP_MEM_HIT/200 598 GET cache_object://localhost/info 
- HIER_NONE/- text/html








So, I changed my default acl setting in squid guard config file to pass all for 
now (I know it is not ideal), just to monitor the cache as I am trying to get 
the HIT ratio up. (currently only at 7.8%)

squid guard config: http://pastebin.com/bbe8CWLE

So your SG config just does basic IP, URL and time based allow or
redirect decisions.

I suggest you drop SG entirely and move that config into your squid.conf:


# Time rules
# abbrev for weekdays:
# s = sun, m = mon, t =tue, w = wed, h = thu, f = fri, a = sat
acl non-working-hours time MTWHF 18:00-24:00 00:00-08:00
acl non-working-hours time MTWHF 18:00-24:00 00:00-08:00
acl non-working-hours time SA 00:00-24:00

# Source addresses
acl exempt src 10.0.0.90 10.0.0.167
acl youtubers src 10.0.0.1-10.0.0.4
acl localnet src 10.0.0.0/24

# Destination classes
acl blah_domains dstdomain "adv/domains"
acl blah_domains dstdomain "deny/domains"
acl blah_domains dstdomain "porn/domains"
acl blah_domains dstdomain "spyware/domains"
acl blah_domains dstdomain "socialnet/domains"

acl blah_urls dstdom_regex "adv/urls"
acl blah_urls dstdom_regex "deny/urls"
acl blah_urls dstdom_regex "porn/urls"
acl blah_urls dstdom_regex "spyware/urls"
acl blah_urls dstdom_regex "socialnet/urls"

acl stuff_always_blocked anyof blah_domains blah_urls

acl whitelist_domains dstdomain "whitelist/domains"
acl whitelist_urls dstdom_regex "whitelist/urls"
acl whitelist anyof whitelist_domains whitelist_urls
deny_info 302:http://example.com/squid/denegado.html whitelist

acl youtubers_domains dstdomain "socialnet/domains"
acl youtubers_urls dstdom_regex "adv/urls"
acl youtubers anyof youtubers_domains youtubers_urls
deny_info 302:http://example.com/squid/denegado.html youtubers

# Policies
http_acc

Re: [squid-users] Squid freeze each hour.

2016-12-20 Thread David Touzeau 

Proxy has freezed again and when doing squid -k debug

Many refresh.cc, store_digest.cc, store_dir.cc

After finishing these tasks, proxy will return to be responsive 

2016/12/20 15:27:41.470 kid1| 71,6| store_digest.cc(288) storeDigestAdd: 
storeDigestAdd: added entry, key: A035B81FB42C32A106E4384A2F17F4B4
2016/12/20 15:27:41.470 kid1| 71,6| store_digest.cc(226) storeDigestAddable: 
storeDigestAddable: checking entry, key: A07598353220500410873ECDA474BE05
2016/12/20 15:27:41.470 kid1| 22,3| refresh.cc(291) refreshCheck: checking 
freshness of 
'http://pagead2.googlesyndication.com/activeview?avi=Bddpfgi1ZWMuzC9OS3gOp9KzwCAAQATgByAEJwAIC4AIA4AQBoAYg&cid=CAASFeRoE1xZjx5ogoC0cxxshgMXQzuIPQ&id=osdim&ti=1&adk=2863166925&p=0,0,0,0&tos=0,0,0,0,0&mtos=0,0,0,0,0&rs=3&ht=0&mc=0timestamp:   Tue, 20 Dec 2016 13:09:41 GMT
2016/12/20 15:27:41.531 kid1| 22,3| refresh.cc(173) refreshStaleness: STALE: 
expires 631152000 < check_time 1482247661 
2016/12/20 15:27:41.531 kid1| 22,3| refresh.cc(338) refreshCheck: Staleness = 
851095661
2016/12/20 15:27:41.531 kid1| 22,3| refresh.cc(362) refreshCheck: YES: Must 
revalidate stale object (origin set no-cache or private)
2016/12/20 15:27:41.531 kid1| 71,6| store_digest.cc(259) storeDigestAddable: 
storeDigestAdd: entry expires within 3600 secs, ignoring
2016/12/20 15:27:41.531 kid1| 71,6| store_digest.cc(226) storeDigestAddable: 
storeDigestAddable: checking entry, key: A035C0F65A81E715DA653BDE6632A99E
2016/12/20 15:27:41.531 kid1| 22,3| refresh.cc(291) refreshCheck: checking 
freshness of 'http://img.2ememain.be/f/listthumb/323814646.jpg'
2016/12/20 15:27:41.531 kid1| 22,3| refresh.cc(312) refreshCheck: Matched 
'\.(jpeg|jpg|jpe|jp2|gif|tiff?|pcx|png|bmp|pic|ico|bif|ver|pict)(\?.*|$) 36000 
80%% 604800'
2016/12/20 15:27:41.532 kid1| 22,3| refresh.cc(314) refreshCheck:   age:
18430
2016/12/20 15:27:41.532 kid1| 22,3| refresh.cc(316) refreshCheck:   
check_time: Tue, 20 Dec 2016 15:27:41 GMT
2016/12/20 15:27:41.532 kid1| 22,3| refresh.cc(318) refreshCheck:   
entry->timestamp:   Tue, 20 Dec 2016 10:20:31 GMT
2016/12/20 15:27:41.532 kid1| 22,3| refresh.cc(168) refreshStaleness: FRESH: 
expires 1643826450 >= check_time 1482247661 
2016/12/20 15:27:41.532 kid1| 22,3| refresh.cc(338) refreshCheck: Staleness = -1
2016/12/20 15:27:41.532 kid1| 22,3| refresh.cc(461) refreshCheck: Object isn't 
stale..
2016/12/20 15:27:41.532 kid1| 22,3| refresh.cc(463) refreshCheck: returning 
FRESH_EXPIRES
2016/12/20 15:27:41.532 kid1| 71,6| store_digest.cc(288) storeDigestAdd: 
storeDigestAdd: added entry, key: A035C0F65A81E715DA653BDE6632A99E
2016/12/20 15:27:41.532 kid1| 47,3| store_dir.cc(1352) copyBucket: 
StoreSearchHashIndex::copyBucket #13729
2016/12/20 15:27:41.532 kid1| 47,3| store_dir.cc(1366) copyBucket: got entries: 
4
2016/12/20 15:27:41.532 kid1| 71,6| store_digest.cc(226) storeDigestAddable: 
storeDigestAddable: checking entry, key: A1F528E3C02DAB25C5FB18C8D2EDACEE
2016/12/20 15:27:41.532 kid1| 22,3| refresh.cc(291) refreshCheck: checking 
freshness of 'http://static1.hln.be/images/logos/hln_logo.png?6.16.0.20161219'
2016/12/20 15:27:41.532 kid1| 22,3| refresh.cc(312) refreshCheck: Matched 
'\.(jpeg|jpg|jpe|jp2|gif|tiff?|pcx|png|bmp|pic|ico|bif|ver|pict)(\?.*|$) 36000 
80%% 604800'
2016/12/20 15:27:41.532 kid1| 22,3| refresh.cc(314) refreshCheck:   age:
13612
2016/12/20 15:27:41.532 kid1| 22,3| refresh.cc(316) refreshCheck:   
check_time: Tue, 20 Dec 2016 15:27:41 GMT
2016/12/20 15:27:41.532 kid1| 22,3| refresh.cc(318) refreshCheck:   
entry->timestamp:   Tue, 20 Dec 2016 11:40:49 GMT
2016/12/20 15:27:41.532 kid1| 22,3| refresh.cc(168) refreshStaleness: FRESH: 
expires 1487346358 >= check_time 1482247661 
2016/12/20 15:27:41.532 kid1| 22,3| refresh.cc(338) refreshCheck: Staleness = -1
2016/12/20 15:27:41.532 kid1| 22,3| refresh.cc(461) refreshCheck: Object isn't 
stale..
2016/12/20 15:27:41.532 kid1| 22,3| refresh.cc(463) refreshCheck: returning 
FRESH_EXPIRES
2016/12/20 15:27:41.532 kid1| 71,6| store_digest.cc(288) storeDigestAdd: 
storeDigestAdd: added entry, key: A1F528E3C02DAB25C5FB18C8D2EDACEE
2016/12/20 15:27:41.532

Re: [squid-users] Squid freeze each hour.

2016-12-20 Thread David Touzeau 

Thanks Elizer, i will send you squid configuration and cache.log in a separate 
message

Some things are missing and we need you to fill the picture for us.

What OS are you running squid ontop? --> Debian 7 64 bits
Are you running it in intercept or tproxy mode? --> connected mode.
Are you using ssl-bump? --> No
Are you using it with multiple cores? --> Only one core
Can you attach the squid.conf( removing the confidential details) to this
email?

-Message d'origine-
De : Eliezer Croitoru [mailto:elie...@ngtech.co.il]
Envoyé : mardi 20 décembre 2016 14:30
À : 'David Touzeau' ;
squid-users@lists.squid-cache.org
Objet : RE: [squid-users] Squid freeze each hour.

Hey David,

Some things are missing and we need you to fill the picture for us.
What OS are you running squid ontop?
Are you running it in intercept or tproxy mode?
Are you using ssl-bump?
Are you using it with multiple cores?
Can you attach the squid.conf( removing the confidential details) to this
email?

Thanks,
Eliezer


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il


-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On
Behalf Of David Touzeau
Sent: Tuesday, December 20, 2016 1:53 PM
To: squid-users@lists.squid-cache.org
Subject: [squid-users] Squid freeze each hour.

Hi

I'm using the 3.5.23, each hour, the proxy port did not respond for 3 to 10
minutes.
During the freeze have made a -k debug to see whats happening.
Here a piece of log of the log during the freeze:

Is there something relevant ?:

2016/12/20 12:09:09.072 kid1| 71,6| store_digest.cc(226) storeDigestAddable:
storeDigestAddable: checking entry, key: 877FE61D1641BCA926338890AF1478D2
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(291) refreshCheck: checking
freshness of ''
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(312) refreshCheck: Matched '.
0 75%% 2592000'
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(314) refreshCheck:   age:
1024129
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(316) refreshCheck:
check_time: Tue, 20 Dec 2016 12:09:09 GMT
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(318) refreshCheck:
entry->timestamp:   Thu, 08 Dec 2016 15:40:20 GMT
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(168) refreshStaleness: FRESH:
expires 1486393228 >= check_time 1482235749
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(338) refreshCheck: Staleness
= -1
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(461) refreshCheck: Object
isn't stale..
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(463) refreshCheck: returning
FRESH_EXPIRES
2016/12/20 12:09:09.072 kid1| 71,6| store_digest.cc(288) storeDigestAdd:
storeDigestAdd: added entry, key: 877FE61D1641BCA926338890AF1478D2
2016/12/20 12:09:09.072 kid1| 71,6| store_digest.cc(226) storeDigestAddable:
storeDigestAddable: checking entry, key: 87BF2568F0A7D71F1E567579CCC216F7
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(291) refreshCheck: checking
freshness of ''
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(312) refreshCheck: Matched '.
0 75%% 2592000'
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(314) refreshCheck:   age:
1019863
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(316) refreshCheck:
check_time: Tue, 20 Dec 2016 12:09:09 GMT
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(318) refreshCheck:
entry->timestamp:   Thu, 08 Dec 2016 16:51:26 GMT
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(173) refreshStaleness: STALE:
expires 1481215886 < check_time 1482235749
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(338) refreshCheck: Staleness
= 1019863
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(362) refreshCheck: YES: Must
revalidate stale object (origin set no-cache or private)
2016/12/20 12:09:09.072 kid1| 71,6| store_digest.cc(259) storeDigestAddable:
storeDigestAdd: entry expires within 3600 secs, ignoring
2016/12/20 12:09:09.072 kid1| 71,6| store_digest.cc(226) storeDigestAddable:
storeDigestAddable: checking entry, key: 873F5089579B6B7E351555B77F98259A
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(291) refreshCheck: checking
freshness of ''
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(312) refreshCheck: Matched '.
0 75%% 2592000'
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(314) refreshCheck:   age:
956460
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(316) refreshCheck:
check_time: Tue, 20 Dec 2016 12:09:09 GMT
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(318) refreshCheck:
entry->timestamp:   Fri, 09 Dec 2016 10:28:09 GMT
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(173) refreshStaleness: STALE:
expires 1481279289 < check_time 1482235749
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(338) refreshCheck: Staleness
= 956460
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(362) refreshCheck: YES: Must
revalidate stale object (origin set no-cache or private)
2016/12/20 12:09:09.072 kid1| 71,6| store_digest.cc(259) storeDigestAddable:
storeDigestAdd: entry expires within 3600 se

Re: [squid-users] sslpassword_program

2016-12-20 Thread creditu 


On Mon, Dec 19, 2016, at 06:58 PM, cred...@eml.cc wrote:
> 
> On Sun, Dec 18, 2016, at 11:24 PM, Amos Jeffries wrote:
> > On 19/12/2016 5:59 p.m., creditu wrote:
> > > 
> > > On Sun, Dec 18, 2016, at 01:21 PM, Michael Pelletier wrote:
> > >> Check your file permissions on the key.
> > >>
> > >> On Dec 18, 2016 2:13 PM, creditu wrote:
> > >>
> > >>> I'm having trouble getting the sslpassword_program working for an
> > >>> encrypted key.  Config looks like this:
> > >>>
> > >>> sslpassword_program /usr/local/bin/pass.sh
> > >>> https_port 10.10.10.1:443 accel vhost cert=/etc/squid/www.crt
> > >>> key=/etc/squid/private.key
> > >>>
> > >>> On start, cache log states "Ignoring https_port 10.10.10.1:443 due to
> > >>> SSL initialization failure."
> > >>> On stop, console states "Failed to acquire SSL private key
> > >>> '/etc/squid/private.key': error:0200100D:system library:fopen:Permission
> > >>> denied"
> > >>>
> > >>> Removing the passphrase from the private key, squid starts normally.
> > >>> Permissions on the encrypted and non-encrypted keys are the same.  I
> > >>> also tried putting the pass.sh program in /bin.  The pass.sh program
> > >>> looks like this:
> > >>> #!/bin/sh
> > >>> echo "testing"
> > >>>
> > >>> The hash of the private key modulus and the certificate modulus match as
> > >>> well.
> > >>>
> > >>> Am I missing something? This is on squid 3.1.
> > 
> > If the ideas below don't help can you try an upgrade? there are a few
> > fixes in 3.2 and 3.3 related to that directive.
> > 
> > >>> ___
> > > 
> > > Checked the perms and they are identical as the private key that I
> > > stripped the password out of.  They are also in the same directory.  The
> > > one without a password works fine.
> > 
> > The one without a password is being opened by OpenSSL directly.
> > 
> > The one with pssword is being opened in Squid oeprating context, which
> > should be root, but may also be the low-privilege proxy user at the time
> > the script is run.
> > 
> > So you need the key file to be readable by whichever of those privilege
> > contexts Squid is using at the time. (Sorry I can't be more precise, I'm
> > not sure myself which is used in 3.1).
> > 
> > If you have SELinux or AppArmour they may also be interferring with the
> > priviledged access.
> > 
> > The script itself needs either executable permissions set, or squid.conf
> > containing the full shell interpreter path as well as the script path.
> >  ie. "sslpassword_program /bin/sh /usr/local/bin/pass.sh"
> > 
> > 
> > >  Also tried encrypting with des3
> > > versus aes128 and that didn't make a difference either.   Gotta be
> > > missing something.
> > 
> > >  The error points to a perms problem, but not seeing
> > > how since everything is the same.
> > 
> > The error message says fopen() command is not permitted for whichever
> > user account is trying to access the .key file.
> >  It's not clear if that is fopen() of the .key file, or fopen() of the
> > pass.sh file before running it.
> > 
> > The way you describe the issues below hint to me that it is the
> > permission to access the script which is breaking things.
> > 
> > 
> > Also, those old Squid had some issues with processing errno at the wrong
> > times. So there is a small but non-zero chance that the error is
> > actually something else. :-(
> > 
> > 
> > >  Also, added a line in the
> > > sslpassword_program to touch a file to see if it got executed and it
> > > didn't create the file. Additionally, ran the stat command on the 
> > > /usr/local/bin/pass.sh after squid started up
> > 
> > FYI: That test only works if your filesystem has been configured to
> > record access times. Using such a setup with Squid will cause major
> > slowdown as cache related files and logs get accessed *a lot*. So is
> > typically disabled via fstab "noatime" settings if anyone with expertise
> > has tuned the proxy machine before you.
> > 
> > 
> > > and the access time never
> > > changes.  It seems like the shell script may not being executed for some
> > > reason.  I'm able to launch the shell script from the command line and
> > > it echos out the pass fine.
> > 
> > This kind of implies the file permission problem is for Squid to open
> > the script "file" before running whats inside.
> > 
> > Check /usr/local/bin/pass.sh ownership, executable rights, and
> > SELinux/AppArmour permissions (whichever is present on that achine).
> > 
> > Amos
> > ___
> > squid-users mailing list
> > squid-users@lists.squid-cache.org
> > http://lists.squid-cache.org/listinfo/squid-users
> 
> Thanks.  Worked down the list and the problem ended up being SELinux. 
> Of course I would have sworn that it was not in enforcing mode.

After getting the SELinux straightened out, I tightened up the perms on
the key file and the pass program.  In my case, the tightest I could set
the perms and still have it work was the key file readab

Re: [squid-users] squidcliente stopped working!

2016-12-20 Thread Sameh Onaissi 

On Dec 19, 2016, at 11:55 PM, Amos Jeffries 
mailto:squ...@treenet.co.nz>> wrote:

On 20/12/2016 9:52 a.m., Sameh Onaissi wrote:

On Dec 19, 2016, at 1:31 PM, Antony Stone wrote:

On Monday 19 December 2016 at 17:44:11, Sameh Onaissi wrote:

Hello,

I was using squid client to get cache stats, however this morning it
completely stopped working.

http://mydomainname.com/squid/access_denied.jpg";
alt="Acceso Denegado" style="width:704px;height:428px;">

the html code is the code of my redirect page whenever a client tries to
access a blacklisted website.

How big is your blacklist?  Could you show us what's in it?

Have you added the proxy itself to the whitelist?

The blacklist consistes of the ads, porn, socialnet and spyware lists of the BL 
list.

I added both LAN and WAN IPs of the server to the whitelist but didn’t help.


What URL was being requested that got the above access denied response?

Use -vv parameter to squidclient and "debug_options 11,2" in squid.conf
to have the requests header logged and find that out.

This is what shows now:

verbosity level set to 2
Request:
GET cache_object://localhost/info HTTP/1.0
Host: localhost
User-Agent: squidclient/3.5.22
Accept: */*
Connection: close


.
Transport detected: IPv4-mapped  and IPv6
Resolving localhost ...
Connecting... localhost ([::1]:3128)
Connected to: localhost ([::1]:3128)
Sending HTTP request ...
done.
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2016 14:03:46 GMT
Server: Apache/2.4.7 (Ubuntu)
Last-Modified: Fri, 25 Nov 2016 16:55:22 GMT
ETag: "bd-54222fce80317"
Accept-Ranges: bytes
Content-Length: 189
Vary: Accept-Encoding
Content-Type: text/html
Age: 103
X-Cache: HIT from squidpxy.domain.com
X-Cache-Lookup: HIT from squidpxy.domain.com:3128
Via: 1.1 squidpxy.domain.com (squid/3.5.22)
Connection: close






http://www.domain.com/squid/access_denied.jpg"; alt="Acceso 
Denegado" style="width:704px;height:428px;">




And in the access log:

1482242596.513  0 ::1 TCP_MEM_HIT/200 598 GET cache_object://localhost/info 
- HIER_NONE/- text/html






So, I changed my default acl setting in squid guard config file to pass all for 
now (I know it is not ideal), just to monitor the cache as I am trying to get 
the HIT ratio up. (currently only at 7.8%)

squid guard config: pastebin.com/bbe8CWLE


So your SG config just does basic IP, URL and time based allow or
redirect decisions.

I suggest you drop SG entirely and move that config into your squid.conf:


# Time rules
# abbrev for weekdays:
# s = sun, m = mon, t =tue, w = wed, h = thu, f = fri, a = sat
acl non-working-hours time MTWHF 18:00-24:00 00:00-08:00
acl non-working-hours time MTWHF 18:00-24:00 00:00-08:00
acl non-working-hours time SA 00:00-24:00

# Source addresses
acl exempt src 10.0.0.90 10.0.0.167
acl youtubers src 10.0.0.1-10.0.0.4
acl localnet src 10.0.0.0/24

# Destination classes
acl blah_domains dstdomain "adv/domains"
acl blah_domains dstdomain "deny/domains"
acl blah_domains dstdomain "porn/domains"
acl blah_domains dstdomain "spyware/domains"
acl blah_domains dstdomain "socialnet/domains"

acl blah_urls dstdom_regex "adv/urls"
acl blah_urls dstdom_regex "deny/urls"
acl blah_urls dstdom_regex "porn/urls"
acl blah_urls dstdom_regex "spyware/urls"
acl blah_urls dstdom_regex "socialnet/urls"

acl stuff_always_blocked anyof blah_domains blah_urls

acl whitelist_domains dstdomain "whitelist/domains"
acl whitelist_urls dstdom_regex "whitelist/urls"
acl whitelist anyof whitelist_domains whitelist_urls
deny_info 302:http://example.com/squid/denegado.html whitelist

acl youtubers_domains dstdomain "socialnet/domains"
acl youtubers_urls dstdom_regex "adv/urls"
acl youtubers anyof youtubers_domains youtubers_urls
deny_info 302:http://example.com/squid/denegado.html youtubers

# Policies
http_access deny !localnet
deny_info 302:http://example.com/squid/denegado.html localnet

http_access allow exempt
http_access allow youtubers !stuff_always_blocked
http_access deny youtubers
http_access allow non-working-hours
http_access allow whitelist !stuff_always_blocked
http_access deny whitelist
http_access allow localnet

deny_info 302:http://example.com/squid/denegado.html all
http_access deny all




squid.conf: http://pastebin.com/TQ8H6bRp

Quote from your config:

acl Safe_ports port 587 #SMTP

Did you read Amos' reply "SMTP is the #1 worst protocol to let anywhere near
an HTTP proxy.  Preventing what you have allowed to happen is one of the
primary reasons Safe_ports exists in the first place!”


The reason I allow 587 is because the Squid Proxy lives on the same
server as a mail server which needs this port, and several clients have
their mail clientes (Outlook..etc) already configured to use this port.

Bogus. You should know it is possible that two pieces of software can
run on one machine without interferring with each other.

Whether or not a mailserver exists on the same machine

Re: [squid-users] Antw: CentOS Linux 7 / Squid Cache: Version 3.5.20 / ecap clamav

2016-12-20 Thread Eliezer Croitoru 
Can you share what was the issue and how did you managed to resolve it?

Eliezer


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il


-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf 
Of bjoern wahl
Sent: Tuesday, December 20, 2016 10:33 AM
To: squid-users@lists.squid-cache.org
Subject: [squid-users] Antw: CentOS Linux 7 / Squid Cache: Version 3.5.20 / 
ecap clamav

Hello!

Just a short update.

Got it working.

So now we have CentOS/Squid/ecap camav and ldap auth. Just the redirect is 
missing if a virus was fond...working on that.

Thanks for all the help.

björn


>>> "bjoern wahl"  20.12.16 8.19 Uhr >>>
Hello!

I would like to switch from SLES to CentOS Squid proxy server and just learned 
that icap is no longer up-to-date.

Better use eCap, but i am not able to find a good howto telling me how to get 
it to work in my environment.

Can anybody help me out ?

Thanks, Björn.

Träger: Klinikum Westmünsterland GmbH
Jur. Sitz der Gesellschaft: Am Boltenhof 7, 46325 Borken Registergericht 
Coesfeld, HRB Nr. 4184 I Ust.-Id.Nr.: DE123762133
Geschäftsführer: Christoph Bröcker, Ludger Hellmann (Sprecher)
Aufsichtsratsvorsitzender: Jürgen Büngeler

Diese E-Mail enthält vertrauliche oder rechtlich geschützte Informationen. Wenn 
Sie nicht der beabsichtigte Empfänger sind, informieren Sie bitte sofort den 
Absender und löschen Sie diese E-Mail.
Das unbefugte Kopieren dieser E-Mail oder die unbefugte Weitergabe der 
enthaltenen Informationen ist nicht gestattet.



___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Träger: Klinikum Westmünsterland GmbH
Jur. Sitz der Gesellschaft: Am Boltenhof 7, 46325 Borken Registergericht 
Coesfeld, HRB Nr. 4184 I Ust.-Id.Nr.: DE123762133
Geschäftsführer: Christoph Bröcker, Ludger Hellmann (Sprecher)
Aufsichtsratsvorsitzender: Jürgen Büngeler

Diese E-Mail enthält vertrauliche oder rechtlich geschützte Informationen. Wenn 
Sie nicht der beabsichtigte Empfänger sind, informieren Sie bitte sofort den 
Absender und löschen Sie diese E-Mail.
Das unbefugte Kopieren dieser E-Mail oder die unbefugte Weitergabe der 
enthaltenen Informationen ist nicht gestattet.



___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid freeze each hour.

2016-12-20 Thread FredB 
I do not see this, do you have something particular ? SSLBump maybe ? SMP ?
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] r14088 crash on FreeBSD 11

2016-12-20 Thread Eliezer Croitoru 
Hey Simon,

Just to clear out things for me since the bug report is a bit confusing in the 
Bugzilla.
What should I do to replicate the bug in my lab?
1. install FreeBSD 11 stable
2. Compile squid latest
And what then?
Just use the proxy?

Thanks,
Eliezer


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il


-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf 
Of k simon
Sent: Friday, December 16, 2016 8:34 AM
To: squid-users@lists.squid-cache.org
Subject: [squid-users] r14088 crash on FreeBSD 11

Hi,lists,
   r14087 is quite stable on FB 11. But r14088 crashed frequently with
"2016/12/16 09:00:59 kid1| assertion failed: MemBuf.cc:216: "0 <= tailSize && 
tailSize <= cSize" ". The config file is almost the default except listening 
port and http_access modification.


Simon
20161216





P.S.
# uname -a
FreeBSD unkn-j9 11.0-STABLE FreeBSD 11.0-STABLE #0 r309724: Fri Dec  9
11:01:51 CST 2016
root@cache-farm-n1:/usr/obj/usr/src/sys/11-ule-r309209  amd64

# squid -vv
Squid Cache: Version 3.5.21
Service Name: squid
configure options:  '--with-default-user=squid' 
'--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin' 
'--datadir=/usr/local/etc/squid' '--libexecdir=/usr/local/libexec/squid' 
'--localstatedir=/var' '--sysconfdir=/usr/local/etc/squid' 
'--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid/squid.pid' 
'--with-swapdir=/var/squid/cache' '--without-gnutls' '--enable-auth' 
'--enable-build-info' '--enable-loadable-modules' 
'--enable-removal-policies=lru heap' '--disable-epoll' 
'--disable-linux-netfilter' '--disable-linux-tproxy' 
'--disable-translation' '--disable-arch-native' '--disable-eui' 
'--disable-cache-digests' '--disable-delay-pools' '--disable-ecap' 
'--disable-esi' '--enable-follow-x-forwarded-for' '--disable-htcp' 
'--disable-icap-client' '--disable-icmp' '--disable-ident-lookups' 
'--enable-ipv6' '--enable-kqueue' '--with-large-files' 
'--enable-http-violations' '--without-nettle' '--enable-snmp' 
'--disable-ssl' '--disable-ssl-crtd' '--disable-stacktraces' 
'--disable-forw-via-db' '--disable-wccp' '--disable-wccpv2' 
'--without-heimdal-krb5' '--without-mit-krb5' '--without-gss' 
'--disable-ipf-transparent' '--enable-ipfw-transparent' 
'--disable-pf-transparent' '--without-nat-devpf' '--enable-auth-basic=DB SMB_LM 
MSNT-multi-domain NCSA PAM POP3 RADIUS fake getpwnam' 
'--enable-auth-digest=file' '--enable-external-acl-helpers=file_userip
time_quota unix_group' '--enable-auth-negotiate=none' 
'--enable-auth-ntlm=fake smb_lm' '--enable-storeio=aufs diskd rock ufs' 
'--enable-disk-io=DiskThreads DiskDaemon AIO Blocking IpcIo Mmapped' 
'--enable-log-daemon-helpers=file' '--enable-url-rewrite-helpers=fake' 
'--enable-storeid-rewrite-helpers=file' '--prefix=/usr/local' 
'--mandir=/usr/local/man' '--disable-silent-rules' 
'--infodir=/usr/local/info/' '--build=amd64-portbld-freebsd11.0' 
'build_alias=amd64-portbld-freebsd11.0' 'CC=cc' 'CFLAGS=-O2 -pipe -m64 
-fno-strict-aliasing -fno-omit-frame-pointer -march=penryn -fstack-protector' 
'LDFLAGS=-L/usr/local/lib -Wl,--eh-frame-hdr' 
'LIBS=-lthr -lpcreposix -lpcre -ltcmalloc_minimal' 'CPPFLAGS=' 'CXX=c++' 
'CXXFLAGS=-std=c++11 -fPIC -DPIC -I/usr/local/include' 'CPP=cpp'
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid freeze each hour.

2016-12-20 Thread Eliezer Croitoru 
Hey David,

Some things are missing and we need you to fill the picture for us.
What OS are you running squid ontop?
Are you running it in intercept or tproxy mode?
Are you using ssl-bump?
Are you using it with multiple cores?
Can you attach the squid.conf( removing the confidential details) to this email?

Thanks,
Eliezer


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il


-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf 
Of David Touzeau
Sent: Tuesday, December 20, 2016 1:53 PM
To: squid-users@lists.squid-cache.org
Subject: [squid-users] Squid freeze each hour.

Hi

I'm using the 3.5.23, each hour, the proxy port did not respond for 3 to 10 
minutes.
During the freeze have made a -k debug to see whats happening.
Here a piece of log of the log during the freeze:

Is there something relevant ?:

2016/12/20 12:09:09.072 kid1| 71,6| store_digest.cc(226) storeDigestAddable:
storeDigestAddable: checking entry, key: 877FE61D1641BCA926338890AF1478D2
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(291) refreshCheck: checking 
freshness of ''
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(312) refreshCheck: Matched '.
0 75%% 2592000'
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(314) refreshCheck:   age:
1024129
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(316) refreshCheck:
check_time: Tue, 20 Dec 2016 12:09:09 GMT
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(318) refreshCheck:
entry->timestamp:   Thu, 08 Dec 2016 15:40:20 GMT
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(168) refreshStaleness: FRESH:
expires 1486393228 >= check_time 1482235749
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(338) refreshCheck: Staleness = -1
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(461) refreshCheck: Object isn't 
stale..
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(463) refreshCheck: returning 
FRESH_EXPIRES
2016/12/20 12:09:09.072 kid1| 71,6| store_digest.cc(288) storeDigestAdd:
storeDigestAdd: added entry, key: 877FE61D1641BCA926338890AF1478D2
2016/12/20 12:09:09.072 kid1| 71,6| store_digest.cc(226) storeDigestAddable:
storeDigestAddable: checking entry, key: 87BF2568F0A7D71F1E567579CCC216F7
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(291) refreshCheck: checking 
freshness of ''
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(312) refreshCheck: Matched '.
0 75%% 2592000'
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(314) refreshCheck:   age:
1019863
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(316) refreshCheck:
check_time: Tue, 20 Dec 2016 12:09:09 GMT
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(318) refreshCheck:
entry->timestamp:   Thu, 08 Dec 2016 16:51:26 GMT
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(173) refreshStaleness: STALE:
expires 1481215886 < check_time 1482235749
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(338) refreshCheck: Staleness = 
1019863
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(362) refreshCheck: YES: Must 
revalidate stale object (origin set no-cache or private)
2016/12/20 12:09:09.072 kid1| 71,6| store_digest.cc(259) storeDigestAddable:
storeDigestAdd: entry expires within 3600 secs, ignoring
2016/12/20 12:09:09.072 kid1| 71,6| store_digest.cc(226) storeDigestAddable:
storeDigestAddable: checking entry, key: 873F5089579B6B7E351555B77F98259A
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(291) refreshCheck: checking 
freshness of ''
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(312) refreshCheck: Matched '.
0 75%% 2592000'
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(314) refreshCheck:   age:
956460
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(316) refreshCheck:
check_time: Tue, 20 Dec 2016 12:09:09 GMT
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(318) refreshCheck:
entry->timestamp:   Fri, 09 Dec 2016 10:28:09 GMT
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(173) refreshStaleness: STALE:
expires 1481279289 < check_time 1482235749
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(338) refreshCheck: Staleness = 
956460
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(362) refreshCheck: YES: Must 
revalidate stale object (origin set no-cache or private)
2016/12/20 12:09:09.072 kid1| 71,6| store_digest.cc(259) storeDigestAddable:
storeDigestAdd: entry expires within 3600 secs, ignoring
2016/12/20 12:09:09.072 kid1| 71,6| store_digest.cc(226) storeDigestAddable:
storeDigestAddable: checking entry, key: 87FFFEA8EBEFAE0DBC21EBC97D405839
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(291) refreshCheck: checking 
freshness of ''
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(312) refreshCheck: Matched '.
0 75%% 2592000'
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(314) refreshCheck:   age:
948473
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(316) refreshCheck:
check_time: Tue, 20 Dec 2016 12:09:09 GMT
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(318) refreshCheck:
entry->timestamp:   Fri, 09 Dec 2016 12:41:16 GMT
201

[squid-users] Squid freeze each hour.

2016-12-20 Thread David Touzeau 
Hi

I'm using the 3.5.23, each hour, the proxy port did not respond for 3 to 10
minutes.
During the freeze have made a -k debug to see whats happening.
Here a piece of log of the log during the freeze:

Is there something relevant ?:

2016/12/20 12:09:09.072 kid1| 71,6| store_digest.cc(226) storeDigestAddable:
storeDigestAddable: checking entry, key: 877FE61D1641BCA926338890AF1478D2
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(291) refreshCheck: checking
freshness of ''
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(312) refreshCheck: Matched '.
0 75%% 2592000'
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(314) refreshCheck:   age:
1024129
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(316) refreshCheck:
check_time: Tue, 20 Dec 2016 12:09:09 GMT
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(318) refreshCheck:
entry->timestamp:   Thu, 08 Dec 2016 15:40:20 GMT
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(168) refreshStaleness: FRESH:
expires 1486393228 >= check_time 1482235749
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(338) refreshCheck: Staleness
= -1
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(461) refreshCheck: Object
isn't stale..
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(463) refreshCheck: returning
FRESH_EXPIRES
2016/12/20 12:09:09.072 kid1| 71,6| store_digest.cc(288) storeDigestAdd:
storeDigestAdd: added entry, key: 877FE61D1641BCA926338890AF1478D2
2016/12/20 12:09:09.072 kid1| 71,6| store_digest.cc(226) storeDigestAddable:
storeDigestAddable: checking entry, key: 87BF2568F0A7D71F1E567579CCC216F7
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(291) refreshCheck: checking
freshness of ''
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(312) refreshCheck: Matched '.
0 75%% 2592000'
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(314) refreshCheck:   age:
1019863
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(316) refreshCheck:
check_time: Tue, 20 Dec 2016 12:09:09 GMT
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(318) refreshCheck:
entry->timestamp:   Thu, 08 Dec 2016 16:51:26 GMT
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(173) refreshStaleness: STALE:
expires 1481215886 < check_time 1482235749
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(338) refreshCheck: Staleness
= 1019863
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(362) refreshCheck: YES: Must
revalidate stale object (origin set no-cache or private)
2016/12/20 12:09:09.072 kid1| 71,6| store_digest.cc(259) storeDigestAddable:
storeDigestAdd: entry expires within 3600 secs, ignoring
2016/12/20 12:09:09.072 kid1| 71,6| store_digest.cc(226) storeDigestAddable:
storeDigestAddable: checking entry, key: 873F5089579B6B7E351555B77F98259A
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(291) refreshCheck: checking
freshness of ''
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(312) refreshCheck: Matched '.
0 75%% 2592000'
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(314) refreshCheck:   age:
956460
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(316) refreshCheck:
check_time: Tue, 20 Dec 2016 12:09:09 GMT
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(318) refreshCheck:
entry->timestamp:   Fri, 09 Dec 2016 10:28:09 GMT
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(173) refreshStaleness: STALE:
expires 1481279289 < check_time 1482235749
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(338) refreshCheck: Staleness
= 956460
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(362) refreshCheck: YES: Must
revalidate stale object (origin set no-cache or private)
2016/12/20 12:09:09.072 kid1| 71,6| store_digest.cc(259) storeDigestAddable:
storeDigestAdd: entry expires within 3600 secs, ignoring
2016/12/20 12:09:09.072 kid1| 71,6| store_digest.cc(226) storeDigestAddable:
storeDigestAddable: checking entry, key: 87FFFEA8EBEFAE0DBC21EBC97D405839
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(291) refreshCheck: checking
freshness of ''
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(312) refreshCheck: Matched '.
0 75%% 2592000'
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(314) refreshCheck:   age:
948473
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(316) refreshCheck:
check_time: Tue, 20 Dec 2016 12:09:09 GMT
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(318) refreshCheck:
entry->timestamp:   Fri, 09 Dec 2016 12:41:16 GMT
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(179) refreshStaleness: No
explicit expiry given, using heuristics to determine freshness
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(198) refreshStaleness: Last
modified 19509132 sec before we cached it, L-M factor 75.00% = 14631849 sec
freshness lifetime
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(205) refreshStaleness: FRESH:
age 948473 <= stale_age 14631849
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(338) refreshCheck: Staleness
= -1
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(461) refreshCheck: Object
isn't stale..
2016/12/20 12:09:09.072 kid1| 22,3| refresh.cc(470) refreshCheck: returning
FRESH_LMFACTOR_RULE
2016/12/20 12:

Re: [squid-users] cache_peer and PROXY protocol

2016-12-20 Thread David Touzeau 
Thanks Amos.


It is to create a kind of WAN Proxy that accepts only PROXY Protocol and to
get Proxy Protocol benefits (without losing the client information - IP 
addresses and Authentications )
Forwarding SSL can be useful too.

<< You can send to me your ways to be a sponsor on it... >>

-Message d'origine-
De : squid-users [mailto:squid-users-boun...@lists.squid-cache.org] De la
part de Amos Jeffries
Envoyé : lundi 19 décembre 2016 13:20
À : squid-users@lists.squid-cache.org
Objet : Re: [squid-users] cache_peer and PROXY protocol

On 20/12/2016 12:44 a.m., David Touzeau wrote:
>
> Hi
>
> Squid accept "Proxy protocol" in http_port, is there a chance to see
> "PROXY Protocol" supported in cache_peer if you need to link 2 squid ?
>

'a chance' only at this point unless somebody (you?) wants to sponsor it. It
is on my TODO list, way down under TLS improvements and HTTP/2 support -
both big projects.

What is your use-case ?

Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Squid 3.5.23 for Microsoft Windows 64-bit is available

2016-12-20 Thread Rafael Akchurin 
Greetings everyone,



The CygWin based build of Squid proxy for Microsoft Windows version 3.5.23 is 
now available (amd64 only!).



* Original release notes are at 
http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.23-RELEASENOTES.html.

* Ready to use MSI package can be downloaded from http://squid.diladele.com.

* List of open issues for the installer - 
https://github.com/diladele/squid-windows/issues



Thanks a lot for Squid developers for making this great software!



Please join our humble efforts to provide ready to run MSI installer for Squid 
on Microsoft Windows with all required dependencies at GitHub -

https://github.com/diladele/squid-windows. Please report all 
issues/bugs/feature requests at GitHub project. Issues about the *MSI installer 
only* can also be reported to supp...@diladele.com.



Best regards,

Rafael Akchurin

Diladele B.V.

https://www.diladele.com



--

Please take a look at Web Safety - our ICAP based web filter server for Squid 
proxy.

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Help: How to calculate all bytes when communicate with client for a request

2016-12-20 Thread wei 
Hi Guys,


I want to calculate all bytes when a request is sent to squid, including:

  1.  the header length that client will send to squid
  2.  the post content length that send to squid
  3.  the response length squid will reply to client

logformat squid %ts.%03tu %6tr %>a %Ss/%03Hs %___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid Websocket Issue

2016-12-20 Thread Hardik Dangar 
@Eliezer, @Amos

Following changes in config works and whatsapp starts working,

acl serverIsws ssl::server_name_regex ^w[0-9]+\.web\.whatsapp\.com$

acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump splice serverIsws
ssl_bump bump !serverIsws all

[ above is a feature of whatsapp which allows you to connect to
web.whatsapp.com from browser]


now what happens at request level is following,

Request URL:wss://w8.web.whatsapp.com/ws
Request Method:GET
Status Code:101 Switching Protocols

--

Response Headers

Connection:Upgrade
Sec-WebSocket-Accept:Z6CC+QVdvB0cCHPbJAQMaHKL2uQ=
Upgrade:websocket

--
Request Headers

Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:Upgrade
Host:w8.web.whatsapp.com
Origin:https://web.whatsapp.com
Pragma:no-cache
Sec-WebSocket-Extensions:permessage-deflate; client_max_window_bits
Sec-WebSocket-Key:mbCFLN/Q1KMt58t6DoQI9Q==
Sec-WebSocket-Version:13
Upgrade:websocket
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/55.0.2883.75 Safari/537.36

After this no other web sockets open it seems whatsapp switches to normal
communication from websockets.

Above solution could help lot of people who is trying to configure
websockets to run. I have few more websocket applications which i need to
work on and i will let you know if it works soon.

Thank you very much for your help. Really appreciate the help.

On Mon, Dec 19, 2016 at 6:46 PM, Hardik Dangar  wrote:

> Based on Amos's Answer,
>
> acl serverIsws ssl::server_name .w0.whatsapp.com
> acl serverIsws ssl::server_name .w1.whatsapp.com
>
> acl step1 at_step SslBump1
> ssl_bump peek step1
> ssl_bump bump !serverIsws all
> ssl_bump splice all
>
> will above work ?
>
> Or should i splice first and bump all others later?
>
> This is very interesting. I will definitely try this when i will reach
> office.
>
> On Mon, Dec 19, 2016 at 6:40 PM, Eliezer Croitoru 
> wrote:
>
>> I can give a hint that once you see the request you can identify using an
>> ICAP\ECAP services couple details about the request.
>> Basically I had a regex which allowed any what's app traffic to be
>> spliced by the SNI domain name.
>> It should be something like "w[0-9]+\.web\.whatsapp\.com$" to match the
>> required domains for whatsapp to be spliced.
>> If nobody will try it before me it's on my todo list for this release
>> (3.5.23, 4.0.17).
>>
>> Eliezer
>>
>> 
>> Eliezer Croitoru
>> Linux System Administrator
>> Mobile: +972-5-28704261
>> Email: elie...@ngtech.co.il
>>
>>
>> -Original Message-
>> From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On
>> Behalf Of Amos Jeffries
>> Sent: Monday, December 19, 2016 8:51 AM
>> To: Hardik Dangar 
>> Cc: Squid Users 
>> Subject: Re: [squid-users] Squid Websocket Issue
>>
>> On 19/12/2016 12:14 p.m., Hardik Dangar wrote:
>> > can you give me one example please ?
>> > like in the above example.
>> > w4.web.whatsapp.com domain is fixed
>> > are you suggesting i can create acl and by pass it to squid ?
>> >
>>
>> You are the first person to ask about WhatsApp traffic.
>>
>> These might be a useful starting point
>> > guration_Examples>
>>
>> What the examples are doing for banks is what you want to do for WhatsApp.
>>
>> The trick though will be figuring out how to splice *before* seeing what
>> type of HTTP request exists inside the tunnel. If you are lucky the app
>> will be using SNI.
>>
>> Amos
>>
>> ___
>> squid-users mailing list
>> squid-users@lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>>
>
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] r14088 crash on FreeBSD 11

2016-12-20 Thread k simon 
Hi, Garri,
   I've tested 3.5-r14128, it crashed again with the same error.

2016/12/20 16:23:22 kid1| assertion failed: MemBuf.cc:216: "0 <= 
tailSize && tailSize <= cSize"

Simon
20161220

在 2016/12/16 17:47, Garri Djavadyan 写道:
> On Fri, 2016-12-16 at 14:38 +0500, Garri Djavadyan wrote:
>> On Fri, 2016-12-16 at 06:34 +, k simon wrote:
>>> Hi,lists,
>>>r14087 is quite stable on FB 11. But r14088 crashed frequently
>>> with
>>> "2016/12/16 09:00:59 kid1| assertion failed: MemBuf.cc:216: "0 <=
>>> tailSize && tailSize <= cSize" ". The config file is almost the
>>> default
>>> except listening port and http_access modification.
>>
>> Hi,
>>
>> I believe you faced bug 4606 [1]. Do you use 'collapsed_forwarding'
>> option? If you have any new details please add a comment to the bug
>> report.
>>
>> [1] http://bugs.squid-cache.org/show_bug.cgi?id=4606
>
> Sorry, actually, 'collapsed_forwarding' should not be enabled to facethe bug.
>
> Garri
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Antw: CentOS Linux 7 / Squid Cache: Version 3.5.20 / ecap clamav

2016-12-20 Thread bjoern wahl 
Hello!

Just a short update.

Got it working.

So now we have CentOS/Squid/ecap camav and ldap auth. Just the redirect
is missing if a virus was fond...working on that.

Thanks for all the help.

björn


>>> "bjoern wahl"  20.12.16 8.19 Uhr >>>
Hello!

I would like to switch from SLES to CentOS Squid proxy server and just
learned that icap is no longer up-to-date.

Better use eCap, but i am not able to find a good howto telling me how
to get it to work in my environment.

Can anybody help me out ?

Thanks, Björn.

Träger: Klinikum Westmünsterland GmbH
Jur. Sitz der Gesellschaft: Am Boltenhof 7, 46325 Borken
Registergericht Coesfeld, HRB Nr. 4184 I Ust.-Id.Nr.: DE123762133
Geschäftsführer: Christoph Bröcker, Ludger Hellmann (Sprecher)
Aufsichtsratsvorsitzender: Jürgen Büngeler

Diese E-Mail enthält vertrauliche oder rechtlich geschützte
Informationen. Wenn Sie nicht der beabsichtigte Empfänger sind,
informieren Sie bitte sofort den Absender und löschen Sie diese E-Mail.
Das unbefugte Kopieren dieser E-Mail oder die unbefugte Weitergabe der
enthaltenen Informationen ist nicht gestattet.



___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Träger: Klinikum Westmünsterland GmbH
Jur. Sitz der Gesellschaft: Am Boltenhof 7, 46325 Borken
Registergericht Coesfeld, HRB Nr. 4184 I Ust.-Id.Nr.: DE123762133
Geschäftsführer: Christoph Bröcker, Ludger Hellmann (Sprecher)
Aufsichtsratsvorsitzender: Jürgen Büngeler

Diese E-Mail enthält vertrauliche oder rechtlich geschützte
Informationen. Wenn Sie nicht der beabsichtigte Empfänger sind,
informieren Sie bitte sofort den Absender und löschen Sie diese E-Mail.
Das unbefugte Kopieren dieser E-Mail oder die unbefugte Weitergabe der
enthaltenen Informationen ist nicht gestattet.



___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users