Re: [squid-users] Squid for Windows 4.14 is available

[Odhiambo Washington]

On Mon, May 17, 2021 at 12:23 PM Rafael Akchurin <
rafael.akchu...@diladele.com> wrote:

> Hello everyone,
>
>
>
> After years of postponing we were finally able to build and pack the Squid
> 4 for Microsoft Windows.
>
> Sorry it took a lot more time and efforts than anticipated. The already
> existing version 4.15 is also being packed.
>
> I will update once again when it is available.
>
>
>
> The MSI can be downloaded from https://squid.diladele.com/ site.
>
>
>
> While you are there be sure to check out our other projects – Web Safety
> ICAP web filter and Admin UI for Squid (https://www.diladele.com/) and
>
> DNS Safety filter (something like web safety but on DNS level -
> https://dnssafety.diladele.com/).
>
>
>
> Repo for development of Squid for Windows is available at
> https://github.com/diladele/squid-windows.
>
> Please post your question **for MSI problems only** at
> supp...@diladele.com – and for Squid part here.
>
>
I installed this on my Windows 10, but gave up when I could not make it to
cache anything.
cache_dir aufs c:\Squid\cachedir 3000 16 256

I created this director, but squid -z would not hear of it!

The given example:

#cache_dir aufs /cygdrive/d/squid/cache 3000 16 256

.. is unix lingo, not Windows

What is the correct format of the above config on Windows?





-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", egrep -v "^$|^.*#" :-)
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Squid for Windows 4.14 is available

[Rafael Akchurin]

Hello everyone,

After years of postponing we were finally able to build and pack the Squid 4 
for Microsoft Windows.
Sorry it took a lot more time and efforts than anticipated. The already 
existing version 4.15 is also being packed.
I will update once again when it is available.

The MSI can be downloaded from https://squid.diladele.com/ site.

While you are there be sure to check out our other projects - Web Safety ICAP 
web filter and Admin UI for Squid (https://www.diladele.com/) and
DNS Safety filter (something like web safety but on DNS level - 
https://dnssafety.diladele.com/).

Repo for development of Squid for Windows is available at  
https://github.com/diladele/squid-windows.
Please post your question *for MSI problems only* at 
supp...@diladele.com - and for Squid part here.

Best regards,
Rafael




___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid for Windows: negotiate_kerberos_auth helper seems to leak(?) handles

[Markus Moeller]

Hi Klaus,

  The negotiate_kerberos_auth helper is not intended to run on Windows. 
How did you compile it ?


Markus



"Klaus Westkamp"  wrote in message 
news:8251c91f-1b08-82f2-f6ec-46ef92fe9...@westkamp.net...


Hi,

i digged a little further (but i'm no exert in WinDBG):

Attachimng to the process with the most handles (currently 323 shown by
Windows Process Manager, as newly started)

!handles gives me:

277 Handles (weired, shows less than process manager)
Type   Count
None   4
Event  199
Section7
File   18
Directory  3
SymbolicLink   1
Mutant 9
Semaphore  5
Key8
Token  2
Thread 5
IoCompletion   2
TpWorkerFactory2
ALPC Port  5
WaitCompletionPacket7

Asking for Handle Details:

0:003> !handle 5e8 f
Handle 5e8
  Type Event
  Attributes   0
  GrantedAccess0x1f0003:
 Delete,ReadControl,WriteDac,WriteOwner,Synch
 QueryState,ModifyState
  HandleCount  2
  PointerCount 32769
  Name 
  Object Specific Information
Event Type Auto Reset
Event is Waiting

0:003> !handle 5e0 f
Handle 5e0
  Type Event
  Attributes   0
  GrantedAccess0x1f0003:
 Delete,ReadControl,WriteDac,WriteOwner,Synch
 QueryState,ModifyState
  HandleCount  2
  PointerCount 32769
  Name 
  Object Specific Information
Event Type Auto Reset
Event is Waiting

0:003> !handle 374 f
Handle 374
  Type Event
  Attributes   0
  GrantedAccess0x1f0003:
 Delete,ReadControl,WriteDac,WriteOwner,Synch
 QueryState,ModifyState
  HandleCount  2
  PointerCount 32769
  Name 
  Object Specific Information
Event Type Auto Reset
Event is Waiting

These events seem to increase, but only one process gets to the limit of
3x00 handles and then the other processes seem to hang ...


On 15/12/2020 12:18, Klaus Westkamp wrote:

Hi,


yes this is Dildale's last available package. Output of squid -v is as 
follows:


squid -v

Squid Cache: Version 3.5.28
Service Name: squid

This binary uses OpenSSL 1.0.2j  26 Sep 2016. For legal restrictions on 
distribution see https://www.openssl.org/source/license.html


configure options:  '--bindir=/bin/squid' '--sbindir=/usr/sbin/squid' 
'--sysconfdir=/etc/squid' '--datadir=/usr/share/squid' 
'--libexecdir=/usr/lib/squid'
'--disable-strict-error-checking' '--with-logdir=/var/log/squid' 
'--with-swapdir=/var/cache/squid' '--with-pidfile=/var/run/squid.pid' 
'--enable-ssl'
'--enable-delay-pools' '--enable-ssl-crtd' '--enable-icap-client' 
'--disable-eui' '--localstatedir=/var/run/squid' 
'--sharedstatedir=/var/run/squid'
'--datarootdir=/usr/share/squid' 
'--enable-disk-io=AIO,Blocking,DiskThreads,IpcIo,Mmapped' 
'--enable-auth-basic=DB,LDAP,NCSA,POP3,RADIUS,SASL,SMB,fake,getpwnam'
'--enable-auth-ntlm=fake' '--enable-auth-negotiate=kerberos,wrapper' 
'--enable-external-acl-helpers=LDAP_group,SQL_session,eDirectory_userip,file_userip,kerberos_ldap_group,session,time_quota,unix_group,wbinfo_group'
'--with-openssl' '--with-filedescriptors=65536' 
'--enable-removal-policies=lru,heap'


The helper negotiate_kerberos_auth.exe doesn't produce a Version output.


Best regards,

Klaus Westkamp


On 15/12/2020 09:10, Amos Jeffries wrote:

On 15/12/20 4:03 am, Klaus Westkamp wrote:

Hi,

i'm uncertain, wether this mailing list is the correct one to ask, but i 
have the disputable honor to make a squid running on a Windows Server 
(if possible). Whilst squid.exe seems to run fine, i constantly run into 
an unresponsive system, when i enable Kerberos authentication via 
auth_param and the negotiate_kerberos_auth.exe helper.


For a while authentication works fine, but all at the sudden the system 
hangs at 100% CPU usage. My Observation is that one of the 
negotiate_kerberos_auth.exe processes has a constantly increasing number 
of handles (Files and events). If i understand the Sysinternals handle 
tool correctly, most handles are event corrolated.


The setting:

Windows 2012 R2 AD Controllers with Windows 2008R2 Domain Level. A 
Windows Server 2016 running Squid 3.5 for Windows.


Is Squid the package built by Diladele or a custom build?

Which exact version number is it? (output of "squid -v" please)


Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users 



___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid for Windows: negotiate_kerberos_auth helper seems to leak(?) handles

[Klaus Westkamp]

Hi,

i digged a little further (but i'm no exert in WinDBG):

Attachimng to the process with the most handles (currently 323 shown by 
Windows Process Manager, as newly started)


!handles gives me:

277 Handles (weired, shows less than process manager)
Type       Count
None       4
Event      199
Section        7
File       18
Directory      3
SymbolicLink       1
Mutant     9
Semaphore      5
Key        8
Token      2
Thread     5
IoCompletion       2
TpWorkerFactory    2
ALPC Port      5
WaitCompletionPacket    7

Asking for Handle Details:

0:003> !handle 5e8 f
Handle 5e8
  Type     Event
  Attributes       0
  GrantedAccess    0x1f0003:
 Delete,ReadControl,WriteDac,WriteOwner,Synch
 QueryState,ModifyState
  HandleCount      2
  PointerCount     32769
  Name     
  Object Specific Information
    Event Type Auto Reset
    Event is Waiting

0:003> !handle 5e0 f
Handle 5e0
  Type     Event
  Attributes       0
  GrantedAccess    0x1f0003:
 Delete,ReadControl,WriteDac,WriteOwner,Synch
 QueryState,ModifyState
  HandleCount      2
  PointerCount     32769
  Name     
  Object Specific Information
    Event Type Auto Reset
    Event is Waiting

0:003> !handle 374 f
Handle 374
  Type     Event
  Attributes       0
  GrantedAccess    0x1f0003:
 Delete,ReadControl,WriteDac,WriteOwner,Synch
 QueryState,ModifyState
  HandleCount      2
  PointerCount     32769
  Name     
  Object Specific Information
    Event Type Auto Reset
    Event is Waiting

These events seem to increase, but only one process gets to the limit of 
3x00 handles and then the other processes seem to hang ...



On 15/12/2020 12:18, Klaus Westkamp wrote:

Hi,


yes this is Dildale's last available package. Output of squid -v is as 
follows:


squid -v

Squid Cache: Version 3.5.28
Service Name: squid

This binary uses OpenSSL 1.0.2j  26 Sep 2016. For legal restrictions 
on distribution see https://www.openssl.org/source/license.html


configure options:  '--bindir=/bin/squid' '--sbindir=/usr/sbin/squid' 
'--sysconfdir=/etc/squid' '--datadir=/usr/share/squid' 
'--libexecdir=/usr/lib/squid'
'--disable-strict-error-checking' '--with-logdir=/var/log/squid' 
'--with-swapdir=/var/cache/squid' '--with-pidfile=/var/run/squid.pid' 
'--enable-ssl'
'--enable-delay-pools' '--enable-ssl-crtd' '--enable-icap-client' 
'--disable-eui' '--localstatedir=/var/run/squid' 
'--sharedstatedir=/var/run/squid'
'--datarootdir=/usr/share/squid' 
'--enable-disk-io=AIO,Blocking,DiskThreads,IpcIo,Mmapped' 
'--enable-auth-basic=DB,LDAP,NCSA,POP3,RADIUS,SASL,SMB,fake,getpwnam'
'--enable-auth-ntlm=fake' '--enable-auth-negotiate=kerberos,wrapper' 
'--enable-external-acl-helpers=LDAP_group,SQL_session,eDirectory_userip,file_userip,kerberos_ldap_group,session,time_quota,unix_group,wbinfo_group' 

'--with-openssl' '--with-filedescriptors=65536' 
'--enable-removal-policies=lru,heap'


The helper negotiate_kerberos_auth.exe doesn't produce a Version output.


Best regards,

Klaus Westkamp


On 15/12/2020 09:10, Amos Jeffries wrote:

On 15/12/20 4:03 am, Klaus Westkamp wrote:

Hi,

i'm uncertain, wether this mailing list is the correct one to ask, 
but i have the disputable honor to make a squid running on a Windows 
Server (if possible). Whilst squid.exe seems to run fine, i 
constantly run into an unresponsive system, when i enable Kerberos 
authentication via auth_param and the negotiate_kerberos_auth.exe 
helper.


For a while authentication works fine, but all at the sudden the 
system hangs at 100% CPU usage. My Observation is that one of the 
negotiate_kerberos_auth.exe processes has a constantly increasing 
number of handles (Files and events). If i understand the 
Sysinternals handle tool correctly, most handles are event corrolated.


The setting:

Windows 2012 R2 AD Controllers with Windows 2008R2 Domain Level. A 
Windows Server 2016 running Squid 3.5 for Windows.


Is Squid the package built by Diladele or a custom build?

Which exact version number is it? (output of "squid -v" please)


Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid for Windows: negotiate_kerberos_auth helper seems to leak(?) handles

[Amos Jeffries]

On 15/12/20 4:03 am, Klaus Westkamp wrote:

Hi,

i'm uncertain, wether this mailing list is the correct one to ask, but i 
have the disputable honor to make a squid running on a Windows Server 
(if possible). Whilst squid.exe seems to run fine, i constantly run into 
an unresponsive system, when i enable Kerberos authentication via 
auth_param and the negotiate_kerberos_auth.exe helper.


For a while authentication works fine, but all at the sudden the system 
hangs at 100% CPU usage. My Observation is that one of the 
negotiate_kerberos_auth.exe processes has a constantly increasing number 
of handles (Files and events). If i understand the Sysinternals handle 
tool correctly, most handles are event corrolated.


The setting:

Windows 2012 R2 AD Controllers with Windows 2008R2 Domain Level. A 
Windows Server 2016 running Squid 3.5 for Windows.


Is Squid the package built by Diladele or a custom build?

Which exact version number is it? (output of "squid -v" please)


Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Squid for Windows: negotiate_kerberos_auth helper seems to leak(?) handles

[Klaus Westkamp]

Hi,

i'm uncertain, wether this mailing list is the correct one to ask, but i 
have the disputable honor to make a squid running on a Windows Server 
(if possible). Whilst squid.exe seems to run fine, i constantly run into 
an unresponsive system, when i enable Kerberos authentication via 
auth_param and the negotiate_kerberos_auth.exe helper.


For a while authentication works fine, but all at the sudden the system 
hangs at 100% CPU usage. My Observation is that one of the 
negotiate_kerberos_auth.exe processes has a constantly increasing number 
of handles (Files and events). If i understand the Sysinternals handle 
tool correctly, most handles are event corrolated.


The setting:

Windows 2012 R2 AD Controllers with Windows 2008R2 Domain Level. A 
Windows Server 2016 running Squid 3.5 for Windows. The squid server is a 
VM running on HyperV with 8 Gigs of RAM and 4 vCPUs. The AD Controllers 
are HP Systems with 24 Cores and 64 GByte of RAM.


Any Suggestions, besides changing to Linux, as inn that case the 
customer will favor to look for another proxy,(Sigh) that i might follow.



Best Regards,

Klaus Westkamp

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid for Windows Repeatedly Crashing

[Van Order, Drew (US - Hermitage)]

It is confirmed that the problems experienced under Windows Server 2016 do not 
occur under Linux. All traffic in the VIP is going to the Linux Squid (using 4K 
file descriptors), but I've requisitioned another for redundancy.

Thanks to everyone for their advice!

-Original Message-
From: Van Order, Drew (US - Hermitage) 
Sent: Wednesday, February 27, 2019 4:47 PM
To: 'elie...@ngtech.co.il' 
Cc: squid-users@lists.squid-cache.org
Subject: RE: [EXT] RE: [squid-users] Squid for Windows Repeatedly Crashing

Wow. This is very generous Eliezer. I am humbled by your generosity!

Before I try your proxy for Windows, I've decided it's time to eliminate the OS 
as a variable. I quickly tacked up Squid running on a sandbox RHEL, and 
submitted a ticket to have it added to the F5 VIP. 

If the issue vanishes, bye bye Windows, and some folks are going to have to 
teach themselves Linux quickly :-) 

Stay tuned...

-Original Message-
From: elie...@ngtech.co.il 
Sent: Wednesday, February 27, 2019 4:28 PM
To: Van Order, Drew (US - Hermitage) 
Cc: squid-users@lists.squid-cache.org
Subject: [EXT] RE: [squid-users] Squid for Windows Repeatedly Crashing

Forgot to mention that this simple proxy:
http://secure-web.cisco.com/11Ju3FBMy81J840cSoCXGXdubwW80knGlevOiEwmFux7MQTjMwodNApLbJYerezA5dSOY7bJJChXO2aVi80fseEIMDaEj12mh4Ig4yNYzxviiWXlGyk_IUiyoo4tIFc-tnaWbefXsQ49afvPY1yTX-B3H7BK3voG5Dfw2WmyZJ1N8lEwnCwquwbLcdnYnYw8zp5qIMe-Rq4fl-399jML9snz7QIUgE4jK46s-OgXDOPlHDlMfqgp66UhJL7cw-AkWDYfQV_uIGnUEWpvvmS1qEfhOLC89KnTzH3WCIRGR-Zh3LgWUo5yr4vW_nmyO0deNOGfNP4t2D-JjK85rZEahU_JLuFgzQLJC95M-uzoATapIbxqkCdSJ9ibyDaLhZWNdCyV6H64olDKlBBonUSnOTeu2C-RaoCUoOPhOL4I2zX_vyKrB5zGX2qWpo4TVQxRWd1z-WVIOJb0AS9J9m86mpQ-Op-Govz_L9XwqaMOHngH2bb1UB9JWMHbW8fcZny9nFZR2VeG6N9X87shN9Ek1dQ/http%3A%2F%2Fgogs.ngtech.co.il%2Felicro%2Fgolang-http-proxy

Is a simple forward proxy I wrote.
A binary packaged for any OS that GoLang supports including Windows 2k16 is 
there:
http://secure-web.cisco.com/1ySd839vtqkoCLOWAs5SXi2Fzc8RNRQd0Vk53qQWH0XChRYXvX7qhbT1_QhocdaqgeVsDhkDZscU9PQNRd-4mhsOlnZHRKyqrSW4zlw4x-BaRogwP4jInaTbDEhCTTt4wUSiKS9VaahRIdiCoI81Sy46jhpq4i14fB5KSHtSywhD1SzmqDQfokkEr0vUFP0x2RdYtkY9axCTbSljyVgdDMk0QQfIPQ8nmFs5FULbfd4Xrts9UPlcmoNleo0YXHCWlrizaT2JCuRqW23kq9baAB8VOk06MtwBkmdFLY7AMT49HqRhTwgHHPTuL2jyL7IA4FYG-RAlo3JU0GyLgZWeX2ruEk66ZhadtuwLNkyucJwAoyoQMIyhM5ps0lC2DdHWEamYLT8M7NoW4TZju03jD76ixc8xMPzbnN0IBFznWcnZPYIooUHeAxyAaYEBp47vR-pAMV4kur_zcuU_Exv7B2jY9lfXLPAnPUW-c20el5ZGTosbPeV6bF9D7XofMf6FvnbsqTkf_VgUDynE-tnLDsw/http%3A%2F%2Fgogs.ngtech.co.il%2FNgTech-LTD%2Fgolang-http-proxy%2Fsrc%2Fmaster%2Fgolang-http-proxy.tar.xz

You will need some software to make it a service but these are easy to find.
If you need a recommendation for one I will try to find.

All The Bests,
Eliezer


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il


-Original Message-
From: squid-users  On Behalf Of 
elie...@ngtech.co.il
Sent: Wednesday, February 27, 2019 22:44
To: 'Van Order, Drew (US - Hermitage)' 
Cc: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid for Windows Repeatedly Crashing

So just to be on the clear.
You need a basic forward proxy that does CONNECT requests for any LAN client to 
safe ports?

Do you have any other requirements then being Windows 2k16 compatbile and the 
mentioned ACL's?

If you Insist on a Windows proxy there are couple I collected...
http://secure-web.cisco.com/17a99t4PIGRmHeQmTLY5KRhYDoGTUPwyYGXT0fAV0DVh9MsSteT4Pi-0sb_DM-mY6nLb-NLB1ftORaQ0bC7KstwyrnAci2lsLoKWzNgOiKHwBGQSVL7MMHSGJ1zHRTGIcyEuDlGdldzgihQb6_79nG9yppR2yvpbWX2uvTAEr-qZB46PVCd_d3YtLah9RzDxyJymPdDeyaAw66X6Agmqs512eb5uI1oCN3auT9qbjI11NDr8edlo3R04C-tHHqBAka4hQXEs9LavQUNcBcHFWhME6PEBNCdLVBeitC3d9ZF2rtYKIP5iFYZs1w72GL_-Xh0zawz7uiX9GcwN60Tx0m8MJQQoEMPp4v3cfSiM-pFHI7YAJRvcCfFENvZcgNXFQrzX4ZVaLIxPkV5q2fN8uGObAZKRTWkqAXwo2LE40s9waGLpTDmiXy76gE6sGFerW5m1mImQElzPWjajbWJfqSi8aD7W1TC0w42AGOqQJ60VnXhZw4CuupXzmylyd8E6D_GPtTtAdp5VPrXTEQCT20w/http%3A%2F%2Fwww1.ngtech.co.il%2Fwpe%2F2016%2F05%2F02%2Fproxy-per-internet-user-is-it-realis
tic/

I know that RedWood might be good for your needs to compare...:
http://secure-web.cisco.com/1ETToAy7lpIzQDnVWVx4VN460yeA4V0c0irlIMN9P5wE50B-0kLELWsz8usawuOgy7IZPOJ6iV2FTApPTEaJH1nHFLR-pnUkuG7C5E6f_fZdUofEV5UX__yh2g0MRKI7XB3x1uEdiMhlhtodTsSeJYzqWK_5Zij6_rNjYlWlY8573ATbmhIZNgkfwcaoRJl4FwO50zEAueB_tlGyikPc8FfJGgKZbcRYa7frdZcwsn9JKeQh_GISsi-_BpAETFQf6ZeZ5SGXQ5TB4z9GoPlncAf0vxingBSktcPgqF-jRLgxwHQ9nv6a-Ses-94UmCser4hIzsd6pTOHLVYY8u0OWUjlB5rRqROlH_IMkslBcFtEXaRYl1Fy2LEgL9RWaSuNFG-wRWmFw4BRtweHIpRnypuF24a2vKjwnN929-EHwHv-t-rCk8FSTQ5OfkHkP78sN0ErpcZv9GFBXOPA_7y0MTp3evd2SWbD4YBfXSZ5a3BCL4iM2Jx4KfG9SBK5KIz2TkdGzjQXIWujLFeWtOd5KIw/http%3A%2F%2Fngtech.co.il%2Fstatic%2Fredwood%2Fredwood-0.2.0.tar.xz
https://secure-web.cisco.com/14Y9nKqTcPsVkJBCkyIkxFkE_XO9jqzDvqIf1yzNdAIfhtJDiPPfe1HdfUmXxsFWMojRBhFGJfxGogPbIh16U9bdtA5l-XZkZAXM-KcwTAto3X

Re: [squid-users] Squid for Windows Repeatedly Crashing

[Van Order, Drew (US - Hermitage)]

Wow. This is very generous Eliezer. I am humbled by your generosity!

Before I try your proxy for Windows, I've decided it's time to eliminate the OS 
as a variable. I quickly tacked up Squid running on a sandbox RHEL, and 
submitted a ticket to have it added to the F5 VIP. 

If the issue vanishes, bye bye Windows, and some folks are going to have to 
teach themselves Linux quickly :-) 

Stay tuned...

-Original Message-
From: elie...@ngtech.co.il  
Sent: Wednesday, February 27, 2019 4:28 PM
To: Van Order, Drew (US - Hermitage) 
Cc: squid-users@lists.squid-cache.org
Subject: [EXT] RE: [squid-users] Squid for Windows Repeatedly Crashing

Forgot to mention that this simple proxy:
http://secure-web.cisco.com/11Ju3FBMy81J840cSoCXGXdubwW80knGlevOiEwmFux7MQTjMwodNApLbJYerezA5dSOY7bJJChXO2aVi80fseEIMDaEj12mh4Ig4yNYzxviiWXlGyk_IUiyoo4tIFc-tnaWbefXsQ49afvPY1yTX-B3H7BK3voG5Dfw2WmyZJ1N8lEwnCwquwbLcdnYnYw8zp5qIMe-Rq4fl-399jML9snz7QIUgE4jK46s-OgXDOPlHDlMfqgp66UhJL7cw-AkWDYfQV_uIGnUEWpvvmS1qEfhOLC89KnTzH3WCIRGR-Zh3LgWUo5yr4vW_nmyO0deNOGfNP4t2D-JjK85rZEahU_JLuFgzQLJC95M-uzoATapIbxqkCdSJ9ibyDaLhZWNdCyV6H64olDKlBBonUSnOTeu2C-RaoCUoOPhOL4I2zX_vyKrB5zGX2qWpo4TVQxRWd1z-WVIOJb0AS9J9m86mpQ-Op-Govz_L9XwqaMOHngH2bb1UB9JWMHbW8fcZny9nFZR2VeG6N9X87shN9Ek1dQ/http%3A%2F%2Fgogs.ngtech.co.il%2Felicro%2Fgolang-http-proxy

Is a simple forward proxy I wrote.
A binary packaged for any OS that GoLang supports including Windows 2k16 is 
there:
http://secure-web.cisco.com/1ySd839vtqkoCLOWAs5SXi2Fzc8RNRQd0Vk53qQWH0XChRYXvX7qhbT1_QhocdaqgeVsDhkDZscU9PQNRd-4mhsOlnZHRKyqrSW4zlw4x-BaRogwP4jInaTbDEhCTTt4wUSiKS9VaahRIdiCoI81Sy46jhpq4i14fB5KSHtSywhD1SzmqDQfokkEr0vUFP0x2RdYtkY9axCTbSljyVgdDMk0QQfIPQ8nmFs5FULbfd4Xrts9UPlcmoNleo0YXHCWlrizaT2JCuRqW23kq9baAB8VOk06MtwBkmdFLY7AMT49HqRhTwgHHPTuL2jyL7IA4FYG-RAlo3JU0GyLgZWeX2ruEk66ZhadtuwLNkyucJwAoyoQMIyhM5ps0lC2DdHWEamYLT8M7NoW4TZju03jD76ixc8xMPzbnN0IBFznWcnZPYIooUHeAxyAaYEBp47vR-pAMV4kur_zcuU_Exv7B2jY9lfXLPAnPUW-c20el5ZGTosbPeV6bF9D7XofMf6FvnbsqTkf_VgUDynE-tnLDsw/http%3A%2F%2Fgogs.ngtech.co.il%2FNgTech-LTD%2Fgolang-http-proxy%2Fsrc%2Fmaster%2Fgolang-http-proxy.tar.xz

You will need some software to make it a service but these are easy to find.
If you need a recommendation for one I will try to find.

All The Bests,
Eliezer


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il


-Original Message-
From: squid-users  On Behalf Of 
elie...@ngtech.co.il
Sent: Wednesday, February 27, 2019 22:44
To: 'Van Order, Drew (US - Hermitage)' 
Cc: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid for Windows Repeatedly Crashing

So just to be on the clear.
You need a basic forward proxy that does CONNECT requests for any LAN client to 
safe ports?

Do you have any other requirements then being Windows 2k16 compatbile and the 
mentioned ACL's?

If you Insist on a Windows proxy there are couple I collected...
http://secure-web.cisco.com/17a99t4PIGRmHeQmTLY5KRhYDoGTUPwyYGXT0fAV0DVh9MsSteT4Pi-0sb_DM-mY6nLb-NLB1ftORaQ0bC7KstwyrnAci2lsLoKWzNgOiKHwBGQSVL7MMHSGJ1zHRTGIcyEuDlGdldzgihQb6_79nG9yppR2yvpbWX2uvTAEr-qZB46PVCd_d3YtLah9RzDxyJymPdDeyaAw66X6Agmqs512eb5uI1oCN3auT9qbjI11NDr8edlo3R04C-tHHqBAka4hQXEs9LavQUNcBcHFWhME6PEBNCdLVBeitC3d9ZF2rtYKIP5iFYZs1w72GL_-Xh0zawz7uiX9GcwN60Tx0m8MJQQoEMPp4v3cfSiM-pFHI7YAJRvcCfFENvZcgNXFQrzX4ZVaLIxPkV5q2fN8uGObAZKRTWkqAXwo2LE40s9waGLpTDmiXy76gE6sGFerW5m1mImQElzPWjajbWJfqSi8aD7W1TC0w42AGOqQJ60VnXhZw4CuupXzmylyd8E6D_GPtTtAdp5VPrXTEQCT20w/http%3A%2F%2Fwww1.ngtech.co.il%2Fwpe%2F2016%2F05%2F02%2Fproxy-per-internet-user-is-it-realis
tic/

I know that RedWood might be good for your needs to compare...:
http://secure-web.cisco.com/1ETToAy7lpIzQDnVWVx4VN460yeA4V0c0irlIMN9P5wE50B-0kLELWsz8usawuOgy7IZPOJ6iV2FTApPTEaJH1nHFLR-pnUkuG7C5E6f_fZdUofEV5UX__yh2g0MRKI7XB3x1uEdiMhlhtodTsSeJYzqWK_5Zij6_rNjYlWlY8573ATbmhIZNgkfwcaoRJl4FwO50zEAueB_tlGyikPc8FfJGgKZbcRYa7frdZcwsn9JKeQh_GISsi-_BpAETFQf6ZeZ5SGXQ5TB4z9GoPlncAf0vxingBSktcPgqF-jRLgxwHQ9nv6a-Ses-94UmCser4hIzsd6pTOHLVYY8u0OWUjlB5rRqROlH_IMkslBcFtEXaRYl1Fy2LEgL9RWaSuNFG-wRWmFw4BRtweHIpRnypuF24a2vKjwnN929-EHwHv-t-rCk8FSTQ5OfkHkP78sN0ErpcZv9GFBXOPA_7y0MTp3evd2SWbD4YBfXSZ5a3BCL4iM2Jx4KfG9SBK5KIz2TkdGzjQXIWujLFeWtOd5KIw/http%3A%2F%2Fngtech.co.il%2Fstatic%2Fredwood%2Fredwood-0.2.0.tar.xz
https://secure-web.cisco.com/14Y9nKqTcPsVkJBCkyIkxFkE_XO9jqzDvqIf1yzNdAIfhtJDiPPfe1HdfUmXxsFWMojRBhFGJfxGogPbIh16U9bdtA5l-XZkZAXM-KcwTAto3X-WRpC6ogpKA9wuNMuWwgKlRAPdgz1hvOAho8mcmXlY3Zct0t1WX6qy5RJ4Yjm_Nwfk5gBzAn_HXuCRAVkwmXYtzSqdwxpxhZ7bG-nsO4bHr0CwqU2WmvzUSsTQEHERFcVTMX0B5PrzmySJtmZlzv33zvGFFwrW8SSSTSqVrxZtiiHJly8tc9e42bpY2v7tmkhkacmX50Vn5w7FcsqjKVew6Qey7TAPp2K6_7n-Dr15pHPvpunEiHUVC-ewcE5OXL3uf1bruR-XsF2xLNe1UN2TxTQdLNO5od_wmbO1KzFAq70T8o5gS7Tf5xPbUqX_GHNbHWi53302aJvDUpIH6Dlr7llzwKR1J51WdEL2XCiu61T2w-Sn7rmzQnoS8kkwzadmdrJAxXyaOcJTO82wmRT8W4fcPPWVIRzwdyAXjqg/https%3A%2F%2Fgithub.com%2Fandybalholm%2Fredwood

I wrote a tiny proxy the other day which should also work fine for you as long 
as you have

Re: [squid-users] Squid for Windows Repeatedly Crashing

[eliezer]

Forgot to mention that this simple proxy:
http://gogs.ngtech.co.il/elicro/golang-http-proxy

Is a simple forward proxy I wrote.
A binary packaged for any OS that GoLang supports including Windows 2k16 is 
there:
http://gogs.ngtech.co.il/NgTech-LTD/golang-http-proxy/src/master/golang-http-proxy.tar.xz

You will need some software to make it a service but these are easy to find.
If you need a recommendation for one I will try to find.

All The Bests,
Eliezer


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il


-Original Message-
From: squid-users  On Behalf Of 
elie...@ngtech.co.il
Sent: Wednesday, February 27, 2019 22:44
To: 'Van Order, Drew (US - Hermitage)' 
Cc: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid for Windows Repeatedly Crashing

So just to be on the clear.
You need a basic forward proxy that does CONNECT requests for any LAN client
to safe ports?

Do you have any other requirements then being Windows 2k16 compatbile and
the mentioned ACL's?

If you Insist on a Windows proxy there are couple I collected...
http://www1.ngtech.co.il/wpe/2016/05/02/proxy-per-internet-user-is-it-realis
tic/

I know that RedWood might be good for your needs to compare...:
http://ngtech.co.il/static/redwood/redwood-0.2.0.tar.xz
https://github.com/andybalholm/redwood

I wrote a tiny proxy the other day which should also work fine for you as
long as you have a working and properly configured firewall on the Server.
Let me know if something fit your needs.
If so you can try and test and maybe find the right culprit(ie windows or
linux).

Eliezer


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il


-Original Message-
From: Van Order, Drew (US - Hermitage)  
Sent: Wednesday, February 27, 2019 17:55
To: elie...@ngtech.co.il
Cc: squid-users@lists.squid-cache.org
Subject: RE: [squid-users] Squid for Windows Repeatedly Crashing

Business objective is to enable MSFT Azure MMA's (Microsoft Monitoring
Agents) blocked from the internet to send agent data to Azure Log Analytics

Simple proxy
No SSL bump
Squid config is attached
I tried disabling caching with Squid, found it crashed more frequently
Squid was chosen this is intended to be a stopgap solution, and it's free.
It's a battle to win over security in order to have tcp/443 opened
everywhere.

I'm not sure Squid is the problem, I have an identically configured Squid
that bypasses the F5 working beautifully, but it's only 50 clients (MMA's)
connecting, Each client takes roughly 5 connections. The clients are still
going through a firewall(s). 

Our network folks say that neither the FW or F5 leading up to Squid report
congestion. 

It's possible that Squid for Windows + F5 VIP are not intended to work
together, but it makes sense to just have one proxy IP address.

I'm getting ready to Skype with our F5 guy to compare what I'm seeing with
what he's seeing. Also trying to get how many clients are going through the
F5 to compare to my 'good' Squid

-Original Message-
From: elie...@ngtech.co.il  
Sent: Wednesday, February 27, 2019 9:20 AM
To: Van Order, Drew (US - Hermitage) 
Cc: squid-users@lists.squid-cache.org
Subject: [EXT] RE: [squid-users] Squid for Windows Repeatedly Crashing

The setup itself is not clear to me.
Is it a simple proxy?
With SSL bump?
Can you share or send me the squid configuration?
There might be another solution for your use case that you have yet to try.
Also if the purpose is not caching, why do you try to use squid?
There are lots of other proxies for windows out there? (just wondering what
and why have you choose Squid)

Thanks,
Eliezer


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il


-Original Message-
From: Van Order, Drew (US - Hermitage) 
Sent: Wednesday, February 27, 2019 05:51
To: Eliezer Croitoru ; Rafael Akchurin

Cc: 'Amos Jeffries' ;
squid-users@lists.squid-cache.org
Subject: RE: [squid-users] Squid for Windows Repeatedly Crashing

Hello folks, and thanks for keeping interest. Today I spent a bit of time
learning squidclient, and have determined that the server is not in any way
resource constrained. I've attached the output from mgr:info,
mgr:client_list, and mgr:filedescriptors in between crashes. Was wondering
if someone could explain Tout, which I presume is timeout. Of interest are
the ones set to 86400, which I presume is one day. That seems like a big
problem--but where is it coming from? I'm using the Cygwin Squid config
defaults.

There seems to be a lot of Reading next request going on before Squid
recycles. I wonder if the F5 VIP is dealing with congestion through the
firewall, which, in turn, is causing congestion on the pool output side, the
10.26.25.220 address. Our F5 guys have gone silent on me, I have been asking
questions, in particular why all the F5 traffic is coming over just one IP
address in the pool.

In case

Re: [squid-users] Squid for Windows Repeatedly Crashing

[eliezer]

So just to be on the clear.
You need a basic forward proxy that does CONNECT requests for any LAN client
to safe ports?

Do you have any other requirements then being Windows 2k16 compatbile and
the mentioned ACL's?

If you Insist on a Windows proxy there are couple I collected...
http://www1.ngtech.co.il/wpe/2016/05/02/proxy-per-internet-user-is-it-realis
tic/

I know that RedWood might be good for your needs to compare...:
http://ngtech.co.il/static/redwood/redwood-0.2.0.tar.xz
https://github.com/andybalholm/redwood

I wrote a tiny proxy the other day which should also work fine for you as
long as you have a working and properly configured firewall on the Server.
Let me know if something fit your needs.
If so you can try and test and maybe find the right culprit(ie windows or
linux).

Eliezer


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il


-Original Message-
From: Van Order, Drew (US - Hermitage)  
Sent: Wednesday, February 27, 2019 17:55
To: elie...@ngtech.co.il
Cc: squid-users@lists.squid-cache.org
Subject: RE: [squid-users] Squid for Windows Repeatedly Crashing

Business objective is to enable MSFT Azure MMA's (Microsoft Monitoring
Agents) blocked from the internet to send agent data to Azure Log Analytics

Simple proxy
No SSL bump
Squid config is attached
I tried disabling caching with Squid, found it crashed more frequently
Squid was chosen this is intended to be a stopgap solution, and it's free.
It's a battle to win over security in order to have tcp/443 opened
everywhere.

I'm not sure Squid is the problem, I have an identically configured Squid
that bypasses the F5 working beautifully, but it's only 50 clients (MMA's)
connecting, Each client takes roughly 5 connections. The clients are still
going through a firewall(s). 

Our network folks say that neither the FW or F5 leading up to Squid report
congestion. 

It's possible that Squid for Windows + F5 VIP are not intended to work
together, but it makes sense to just have one proxy IP address.

I'm getting ready to Skype with our F5 guy to compare what I'm seeing with
what he's seeing. Also trying to get how many clients are going through the
F5 to compare to my 'good' Squid

-Original Message-
From: elie...@ngtech.co.il  
Sent: Wednesday, February 27, 2019 9:20 AM
To: Van Order, Drew (US - Hermitage) 
Cc: squid-users@lists.squid-cache.org
Subject: [EXT] RE: [squid-users] Squid for Windows Repeatedly Crashing

The setup itself is not clear to me.
Is it a simple proxy?
With SSL bump?
Can you share or send me the squid configuration?
There might be another solution for your use case that you have yet to try.
Also if the purpose is not caching, why do you try to use squid?
There are lots of other proxies for windows out there? (just wondering what
and why have you choose Squid)

Thanks,
Eliezer


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il


-Original Message-
From: Van Order, Drew (US - Hermitage) 
Sent: Wednesday, February 27, 2019 05:51
To: Eliezer Croitoru ; Rafael Akchurin

Cc: 'Amos Jeffries' ;
squid-users@lists.squid-cache.org
Subject: RE: [squid-users] Squid for Windows Repeatedly Crashing

Hello folks, and thanks for keeping interest. Today I spent a bit of time
learning squidclient, and have determined that the server is not in any way
resource constrained. I've attached the output from mgr:info,
mgr:client_list, and mgr:filedescriptors in between crashes. Was wondering
if someone could explain Tout, which I presume is timeout. Of interest are
the ones set to 86400, which I presume is one day. That seems like a big
problem--but where is it coming from? I'm using the Cygwin Squid config
defaults.

There seems to be a lot of Reading next request going on before Squid
recycles. I wonder if the F5 VIP is dealing with congestion through the
firewall, which, in turn, is causing congestion on the pool output side, the
10.26.25.220 address. Our F5 guys have gone silent on me, I have been asking
questions, in particular why all the F5 traffic is coming over just one IP
address in the pool.

In case folks wonder what the IP's are in the file descriptor output

1310 Socket  8986044*2806  40.71.12.224:443
593a6510-ebfc-4d6b-a8f0-a0411dfee098.ods.opinsights.azure.com:443 (this is
Squid forwarding Windows event/perf data from an agent to Azure Log
Analytics)
1311 Socket  8993015*9208  10.26.25.220:61088Reading next
request (10.26.25.220) is the pool IP address of the F5 in use)
1312 Socket  8992690*8826  10.26.25.220:61436Reading next
request
1313 Socket  8999169*2884  104.208.163.218:443
eus2-jobruntimedata-prod-su1.azure-automation.net:443 (Squid to Azure)
1314 Socket  8998787*2508  104.208.163.218:443
eus2-jobruntimedata-prod-su1.azure-automation.net:443
1315 Socket  118 119*3924  10.26.25.220:52153Idle client:
Waiting for next request
1316 Socket  900

Re: [squid-users] Squid for Windows Repeatedly Crashing

[Rafael Akchurin]

I would try deploying Squid on Linux machine running within Hyper-V just to be 
sure the Squid part itself works fine. Then only specifics of it running on 
Cygwin will remain to be uncovered. Should be very easy to setup. Couple of 
hours at most (you have already dedicated much more time to this).

For example here is how we do it 
https://github.com/diladele/websafety-virtual-appliance/blob/master/scripts.ubuntu18/03_squid.sh
It is even easier if you do not need to sslbump. Just

apt-get update && apt-get install -y squid

And voila!

-Original Message-
From: squid-users  On Behalf Of Van 
Order, Drew (US - Hermitage)
Sent: Wednesday, 27 February 2019 16:55
To: elie...@ngtech.co.il
Cc: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid for Windows Repeatedly Crashing

Business objective is to enable MSFT Azure MMA's (Microsoft Monitoring Agents) 
blocked from the internet to send agent data to Azure Log Analytics

Simple proxy
No SSL bump
Squid config is attached
I tried disabling caching with Squid, found it crashed more frequently Squid 
was chosen this is intended to be a stopgap solution, and it's free. It's a 
battle to win over security in order to have tcp/443 opened everywhere.

I'm not sure Squid is the problem, I have an identically configured Squid that 
bypasses the F5 working beautifully, but it's only 50 clients (MMA's) 
connecting, Each client takes roughly 5 connections. The clients are still 
going through a firewall(s). 

Our network folks say that neither the FW or F5 leading up to Squid report 
congestion. 

It's possible that Squid for Windows + F5 VIP are not intended to work 
together, but it makes sense to just have one proxy IP address.

I'm getting ready to Skype with our F5 guy to compare what I'm seeing with what 
he's seeing. Also trying to get how many clients are going through the F5 to 
compare to my 'good' Squid

-Original Message-
From: elie...@ngtech.co.il 
Sent: Wednesday, February 27, 2019 9:20 AM
To: Van Order, Drew (US - Hermitage) 
Cc: squid-users@lists.squid-cache.org
Subject: [EXT] RE: [squid-users] Squid for Windows Repeatedly Crashing

The setup itself is not clear to me.
Is it a simple proxy?
With SSL bump?
Can you share or send me the squid configuration?
There might be another solution for your use case that you have yet to try.
Also if the purpose is not caching, why do you try to use squid?
There are lots of other proxies for windows out there? (just wondering what and 
why have you choose Squid)

Thanks,
Eliezer


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il


-Original Message-
From: Van Order, Drew (US - Hermitage) 
Sent: Wednesday, February 27, 2019 05:51
To: Eliezer Croitoru ; Rafael Akchurin 

Cc: 'Amos Jeffries' ; squid-users@lists.squid-cache.org
Subject: RE: [squid-users] Squid for Windows Repeatedly Crashing

Hello folks, and thanks for keeping interest. Today I spent a bit of time 
learning squidclient, and have determined that the server is not in any way 
resource constrained. I've attached the output from mgr:info, mgr:client_list, 
and mgr:filedescriptors in between crashes. Was wondering if someone could 
explain Tout, which I presume is timeout. Of interest are the ones set to 
86400, which I presume is one day. That seems like a big problem--but where is 
it coming from? I'm using the Cygwin Squid config defaults.

There seems to be a lot of Reading next request going on before Squid recycles. 
I wonder if the F5 VIP is dealing with congestion through the firewall, which, 
in turn, is causing congestion on the pool output side, the
10.26.25.220 address. Our F5 guys have gone silent on me, I have been asking 
questions, in particular why all the F5 traffic is coming over just one IP 
address in the pool.

In case folks wonder what the IP's are in the file descriptor output

1310 Socket  8986044*2806  40.71.12.224:443
593a6510-ebfc-4d6b-a8f0-a0411dfee098.ods.opinsights.azure.com:443 (this is 
Squid forwarding Windows event/perf data from an agent to Azure Log
Analytics)
1311 Socket  8993015*9208  10.26.25.220:61088Reading next
request (10.26.25.220) is the pool IP address of the F5 in use)
1312 Socket  8992690*8826  10.26.25.220:61436Reading next
request
1313 Socket  8999169*2884  104.208.163.218:443
eus2-jobruntimedata-prod-su1.azure-automation.net:443 (Squid to Azure)
1314 Socket  8998787*2508  104.208.163.218:443
eus2-jobruntimedata-prod-su1.azure-automation.net:443
1315 Socket  118 119*3924  10.26.25.220:52153Idle client:
Waiting for next request
1316 Socket  9001382*8697  10.26.25.220:54786Reading next
request

This is from a box that restarts squid every few minutes. Typical cache.log 
snippet

2019/02/26 21:24:22 kid1| storeDirWriteCleanLogs: Starting...
2019/02/26 21:24:22 kid1|   Finished.  Wrote 0 entries.
2019/02/26 21:24:22 kid1|   Took 0.00 seconds

Re: [squid-users] Squid for Windows Repeatedly Crashing

[Van Order, Drew (US - Hermitage)]

Business objective is to enable MSFT Azure MMA's (Microsoft Monitoring Agents) 
blocked from the internet to send agent data to Azure Log Analytics

Simple proxy
No SSL bump
Squid config is attached
I tried disabling caching with Squid, found it crashed more frequently
Squid was chosen this is intended to be a stopgap solution, and it's free. It's 
a battle to win over security in order to have tcp/443 opened everywhere.

I'm not sure Squid is the problem, I have an identically configured Squid that 
bypasses the F5 working beautifully, but it's only 50 clients (MMA's) 
connecting, Each client takes roughly 5 connections. The clients are still 
going through a firewall(s). 

Our network folks say that neither the FW or F5 leading up to Squid report 
congestion. 

It's possible that Squid for Windows + F5 VIP are not intended to work 
together, but it makes sense to just have one proxy IP address.

I'm getting ready to Skype with our F5 guy to compare what I'm seeing with what 
he's seeing. Also trying to get how many clients are going through the F5 to 
compare to my 'good' Squid

-Original Message-
From: elie...@ngtech.co.il  
Sent: Wednesday, February 27, 2019 9:20 AM
To: Van Order, Drew (US - Hermitage) 
Cc: squid-users@lists.squid-cache.org
Subject: [EXT] RE: [squid-users] Squid for Windows Repeatedly Crashing

The setup itself is not clear to me.
Is it a simple proxy?
With SSL bump?
Can you share or send me the squid configuration?
There might be another solution for your use case that you have yet to try.
Also if the purpose is not caching, why do you try to use squid?
There are lots of other proxies for windows out there? (just wondering what and 
why have you choose Squid)

Thanks,
Eliezer


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il


-Original Message-
From: Van Order, Drew (US - Hermitage) 
Sent: Wednesday, February 27, 2019 05:51
To: Eliezer Croitoru ; Rafael Akchurin 

Cc: 'Amos Jeffries' ; squid-users@lists.squid-cache.org
Subject: RE: [squid-users] Squid for Windows Repeatedly Crashing

Hello folks, and thanks for keeping interest. Today I spent a bit of time 
learning squidclient, and have determined that the server is not in any way 
resource constrained. I've attached the output from mgr:info, mgr:client_list, 
and mgr:filedescriptors in between crashes. Was wondering if someone could 
explain Tout, which I presume is timeout. Of interest are the ones set to 
86400, which I presume is one day. That seems like a big problem--but where is 
it coming from? I'm using the Cygwin Squid config defaults.

There seems to be a lot of Reading next request going on before Squid recycles. 
I wonder if the F5 VIP is dealing with congestion through the firewall, which, 
in turn, is causing congestion on the pool output side, the
10.26.25.220 address. Our F5 guys have gone silent on me, I have been asking 
questions, in particular why all the F5 traffic is coming over just one IP 
address in the pool.

In case folks wonder what the IP's are in the file descriptor output

1310 Socket  8986044*2806  40.71.12.224:443
593a6510-ebfc-4d6b-a8f0-a0411dfee098.ods.opinsights.azure.com:443 (this is 
Squid forwarding Windows event/perf data from an agent to Azure Log
Analytics)
1311 Socket  8993015*9208  10.26.25.220:61088Reading next
request (10.26.25.220) is the pool IP address of the F5 in use)
1312 Socket  8992690*8826  10.26.25.220:61436Reading next
request
1313 Socket  8999169*2884  104.208.163.218:443
eus2-jobruntimedata-prod-su1.azure-automation.net:443 (Squid to Azure)
1314 Socket  8998787*2508  104.208.163.218:443
eus2-jobruntimedata-prod-su1.azure-automation.net:443
1315 Socket  118 119*3924  10.26.25.220:52153Idle client:
Waiting for next request
1316 Socket  9001382*8697  10.26.25.220:54786Reading next
request

This is from a box that restarts squid every few minutes. Typical cache.log 
snippet

2019/02/26 21:24:22 kid1| storeDirWriteCleanLogs: Starting...
2019/02/26 21:24:22 kid1|   Finished.  Wrote 0 entries.
2019/02/26 21:24:22 kid1|   Took 0.00 seconds (  0.00 entries/sec).
2019/02/26 21:24:26 kid1| Set Current Directory to /var/cache/squid
2019/02/26 21:24:26 kid1| Starting Squid Cache version 3.5.28 for 
x86_64-unknown-cygwin...
2019/02/26 21:24:26 kid1| Service Name: squid
2019/02/26 21:24:26 kid1| Process ID 1796
2019/02/26 21:24:26 kid1| Process Roles: worker
2019/02/26 21:24:26 kid1| With 3200 file descriptors available
2019/02/26 21:24:26 kid1| Initializing IP Cache...
2019/02/26 21:24:26 kid1| parseEtcHosts: /etc/hosts: (2) No such file or 
directory
2019/02/26 21:24:26 kid1| DNS Socket created at [::], FD 5
2019/02/26 21:24:26 kid1| DNS Socket created at 0.0.0.0, FD 6
2019/02/26 21:24:26 kid1| Adding nameserver 208.67.220.220 from squid.conf
2019/02/26 21:24:26 kid1| Adding nameserver 208.67.222.222 from squid.conf
2019/02/26 21:24:26 kid1

Re: [squid-users] Squid for Windows Repeatedly Crashing

[eliezer]

The setup itself is not clear to me.
Is it a simple proxy?
With SSL bump?
Can you share or send me the squid configuration?
There might be another solution for your use case that you have yet to try.
Also if the purpose is not caching, why do you try to use squid?
There are lots of other proxies for windows out there? (just wondering what
and why have you choose Squid)

Thanks,
Eliezer


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il


-Original Message-
From: Van Order, Drew (US - Hermitage)  
Sent: Wednesday, February 27, 2019 05:51
To: Eliezer Croitoru ; Rafael Akchurin

Cc: 'Amos Jeffries' ;
squid-users@lists.squid-cache.org
Subject: RE: [squid-users] Squid for Windows Repeatedly Crashing

Hello folks, and thanks for keeping interest. Today I spent a bit of time
learning squidclient, and have determined that the server is not in any way
resource constrained. I've attached the output from mgr:info,
mgr:client_list, and mgr:filedescriptors in between crashes. Was wondering
if someone could explain Tout, which I presume is timeout. Of interest are
the ones set to 86400, which I presume is one day. That seems like a big
problem--but where is it coming from? I'm using the Cygwin Squid config
defaults.

There seems to be a lot of Reading next request going on before Squid
recycles. I wonder if the F5 VIP is dealing with congestion through the
firewall, which, in turn, is causing congestion on the pool output side, the
10.26.25.220 address. Our F5 guys have gone silent on me, I have been asking
questions, in particular why all the F5 traffic is coming over just one IP
address in the pool.

In case folks wonder what the IP's are in the file descriptor output

1310 Socket  8986044*2806  40.71.12.224:443
593a6510-ebfc-4d6b-a8f0-a0411dfee098.ods.opinsights.azure.com:443 (this is
Squid forwarding Windows event/perf data from an agent to Azure Log
Analytics)
1311 Socket  8993015*9208  10.26.25.220:61088Reading next
request (10.26.25.220) is the pool IP address of the F5 in use)
1312 Socket  8992690*8826  10.26.25.220:61436Reading next
request
1313 Socket  8999169*2884  104.208.163.218:443
eus2-jobruntimedata-prod-su1.azure-automation.net:443 (Squid to Azure)
1314 Socket  8998787*2508  104.208.163.218:443
eus2-jobruntimedata-prod-su1.azure-automation.net:443
1315 Socket  118 119*3924  10.26.25.220:52153Idle client:
Waiting for next request
1316 Socket  9001382*8697  10.26.25.220:54786Reading next
request

This is from a box that restarts squid every few minutes. Typical cache.log
snippet

2019/02/26 21:24:22 kid1| storeDirWriteCleanLogs: Starting...
2019/02/26 21:24:22 kid1|   Finished.  Wrote 0 entries.
2019/02/26 21:24:22 kid1|   Took 0.00 seconds (  0.00 entries/sec).
2019/02/26 21:24:26 kid1| Set Current Directory to /var/cache/squid
2019/02/26 21:24:26 kid1| Starting Squid Cache version 3.5.28 for
x86_64-unknown-cygwin...
2019/02/26 21:24:26 kid1| Service Name: squid
2019/02/26 21:24:26 kid1| Process ID 1796
2019/02/26 21:24:26 kid1| Process Roles: worker
2019/02/26 21:24:26 kid1| With 3200 file descriptors available
2019/02/26 21:24:26 kid1| Initializing IP Cache...
2019/02/26 21:24:26 kid1| parseEtcHosts: /etc/hosts: (2) No such file or
directory
2019/02/26 21:24:26 kid1| DNS Socket created at [::], FD 5
2019/02/26 21:24:26 kid1| DNS Socket created at 0.0.0.0, FD 6
2019/02/26 21:24:26 kid1| Adding nameserver 208.67.220.220 from squid.conf
2019/02/26 21:24:26 kid1| Adding nameserver 208.67.222.222 from squid.conf
2019/02/26 21:24:26 kid1| Logfile: opening log
daemon:/var/log/squid/access.log
2019/02/26 21:24:26 kid1| Logfile Daemon: opening log
/var/log/squid/access.log
2019/02/26 21:24:26 kid1| WARNING: no_suid: setuid(0): (22) Invalid argument
2019/02/26 21:24:26 kid1| Store logging disabled
2019/02/26 21:24:26 kid1| Swap maxSize 3072000 + 262144 KB, estimated 256472
objects
2019/02/26 21:24:26 kid1| Target number of buckets: 12823
2019/02/26 21:24:26 kid1| Using 16384 Store buckets
2019/02/26 21:24:26 kid1| Max Mem  size: 262144 KB
2019/02/26 21:24:26 kid1| Max Swap size: 3072000 KB
2019/02/26 21:24:26 kid1| Rebuilding storage in /cygdrive/e/squid/cache
(clean log)
2019/02/26 21:24:26 kid1| Using Least Load store dir selection
2019/02/26 21:24:26 kid1| Set Current Directory to /var/cache/squid
2019/02/26 21:24:26 kid1| Finished loading MIME types and icons.
2019/02/26 21:24:26 kid1| HTCP Disabled.
2019/02/26 21:24:26 kid1| Squid plugin modules loaded: 0
2019/02/26 21:24:26 kid1| Adaptation support is off.
2019/02/26 21:24:26 kid1| Accepting HTTP Socket connections at
local=10.26.24.65:3128 remote=[::] FD 12 flags=9
2019/02/26 21:24:26 kid1| Done reading /cygdrive/e/squid/cache swaplog (0
entries)
2019/02/26 21:24:26 kid1| Store rebuilding is 0.00% complete
2019/02/26 21:24:26 kid1| Finished rebuilding storage from disk.
2019/02/26 21:24:26 kid1| 0 Entries scanned

Re: [squid-users] Squid for Windows Repeatedly Crashing

[Eliezer Croitoru]

It depends on the hardware in the server grade Windows.
It can take more then 3k conn's for 100%.
It's possible that squid was not designed for windows 2k16

Eliezer

On 2019-02-24 15:47, Rafael Akchurin wrote:

As far as I know the internal FD limit for Windows build is around 3K - 
might be being existed and thus unexpected behavior raising its ugly 
head..


-Original Message-
From: squid-users  On Behalf 
Of Van Order, Drew (US - Hermitage)

Sent: Sunday, 24 February 2019 14:40
To: elie...@ngtech.co.il; 'Amos Jeffries' ; 
squid-users@lists.squid-cache.org

Subject: Re: [squid-users] Squid for Windows Repeatedly Crashing

This is helpful, and I especially appreciate the time given it is the 
weekend.



___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid for Windows Repeatedly Crashing

[eliezer]

It depends on the hardware in the server grade Windows.
It can take more then 3k conn's for 100%.
It's possible that squid was not designed for windows 2k16


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il


-Original Message-
From: Rafael Akchurin  
Sent: Sunday, February 24, 2019 15:47
To: Van Order, Drew (US - Hermitage) ; 
elie...@ngtech.co.il; 'Amos Jeffries' ; 
squid-users@lists.squid-cache.org
Subject: RE: [squid-users] Squid for Windows Repeatedly Crashing

As far as I know the internal FD limit for Windows build is around 3K - might 
be being existed and thus unexpected behavior raising its ugly head..

-Original Message-
From: squid-users  On Behalf Of Van 
Order, Drew (US - Hermitage)
Sent: Sunday, 24 February 2019 14:40
To: elie...@ngtech.co.il; 'Amos Jeffries' ; 
squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid for Windows Repeatedly Crashing

This is helpful, and I especially appreciate the time given it is the weekend.

The Squids are confusing me, as everything is well behaved at the moment. One 
server was erroring off and on for a few hours earlier today, but stopped after 
a reboot.

It does appear that redirecting roughly 125 servers to no longer use the proxy 
has helped. Unfortunately, our F5 guy can't tell me how many IP addresses 
remain coming into this F5 VIP, which would give me the number of servers, and 
an idea how loaded this thing is. I have good reason to believe it is under 
1,000. He has shown us graphs indicating the VIP isn't stressed, but I will 
keep working on him, b/c I can't imagine not being able to report how many 
distinct IP addresses hit the VIP.

I don't have a Visio, but

Server running the Microsoft Monitoring Agent sends data over 
tcp/443-->Internal facing firewall(s)-->F5 VIP-->one of 4 Squids-->internet 

Each of the 4 VMWare Squids has 4 proc and 8 GB memory, 10 GB NIC.

We're a large enterprise with multiple data centers and many subnets, so there 
are quite a few firewalls, and most of the time a server must go through more 
than one firewall. Can't help but wonder if firewall exhaustion could cause the 
symptoms.

Revision: I typed the above last night. This morning, the server that had been 
erroring is at it again, but stopped. Others are fine. Interesting problem.

-Original Message-
From: elie...@ngtech.co.il 
Sent: Saturday, February 23, 2019 12:16 PM
To: Van Order, Drew (US - Hermitage) ; 'Amos Jeffries' 
; squid-users@lists.squid-cache.org
Subject: [EXT] RE: [squid-users] Squid for Windows Repeatedly Crashing

The next tool might help you to understand the status of the open connections.
If the socket is being closed( I think Windows Server 2016 is a very good 
OS...).
https://secure-web.cisco.com/1gLLf4HP_bwYOteW6x8gJ8EGyBrYzTMzMIi7P6q7aGi136WObNRd7uZQkrv-CKTO7ipHpLgOvHaGbzxLT7RpG6AGtkeTHUn2O8-CIAgcBOCUzn6KyZoPhqsAcpIXokXWcjlWHdUVUwlZVT0WKEhuOuAGvw2washhJEOg1Gcbsf99cy7ofqJfuTc-fS23KxfiE8W-2GLLNuF_J8q5uGJdvUMhm6HN-4CO3c_i8wxOlHrxgX3GjSLbLo8odnA6YctD5A01sjW3dpC4oiioIkGY7gDY-hjSSNYr_xoZzsixScColG-JRDlR3uktjsFF5JCkU1EROfoOfUHsDdeJ0IV2Cpk6yzbSPNNno7jV5BmZSsmR_jRgW7WJa4eVhKUvicMfy8RBespjtbfk17lUf9JamqmxPBtP2eHsiIb4_wk9iJfRr_S-aA1Ve7rPDmCXm9bZ9HRmXphi8o5AeYMWbK9DTrnmPDmFamis922AT6F4KUuBvS3PKqeCkT3EUuGmlwHXxCiJGwYBKXQmOehcFbqgfFQ/https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fcports.html

There is a possibility that some OS TCP limit is being reached and there for 
the socket closure.
If you are using F5 you can easily find out the load at the crash point.
I assume that if a normal Squid instance can take a load of 900k requests per 
second in somewhat constant rate for more than a minute then the issue might be 
else where then squid.
I am not sure but pretty sure that if you do not have anyone that is 
knowledgeable enough about windows sockets, sessions and FW limitations you 
will either:
- learn it your self
- find an expert
- use an OS that is more then 20% supported by any of the Squid-Cache team 
members and other developers around the globe.

Just to say a good word about Windows Server 2016, I compared it to a Windows 
10 under load and it seems to take a lot more load.
Also it not just takes the load but balance it well (on an open source windows 
designed software).

Also if you have a specific use case maybe a specific proxy can be customized 
for it.
Let me know if you wish to shed more details on the configuration so I can take 
my time and understand if there is a solution else then Squid.

Eliezeer


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il


-Original Message-
From: squid-users  On Behalf Of Van 
Order, Drew (US - Hermitage)
Sent: Friday, February 22, 2019 15:32
To: Amos Jeffries ; squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid for Windows Repeatedly Crashing

The test box I set up outside the F5 finally started exhibiting these errors, 
on

Re: [squid-users] Squid for Windows Repeatedly Crashing

[Van Order, Drew (US - Hermitage)]

Wondered that too, and experimented with the squid.conf setting to see when 
warning messages appear, which was 1,000. Default cygwin setting of 3,200 is 
plenty.

Thanks for the idea, though!



Sent via the Samsung Galaxy S8+, an AT 5G Evolution smartphone


 Original message 
From: Rafael Akchurin 
Date: 2/24/19 8:47 AM (GMT-05:00)
To: "Van Order, Drew (US - Hermitage)" , 
elie...@ngtech.co.il, 'Amos Jeffries' , 
squid-users@lists.squid-cache.org
Subject: [EXT] RE: [squid-users] Squid for Windows Repeatedly Crashing

As far as I know the internal FD limit for Windows build is around 3K - might 
be being existed and thus unexpected behavior raising its ugly head..

-Original Message-
From: squid-users  On Behalf Of Van 
Order, Drew (US - Hermitage)
Sent: Sunday, 24 February 2019 14:40
To: elie...@ngtech.co.il; 'Amos Jeffries' ; 
squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid for Windows Repeatedly Crashing

This is helpful, and I especially appreciate the time given it is the weekend.

The Squids are confusing me, as everything is well behaved at the moment. One 
server was erroring off and on for a few hours earlier today, but stopped after 
a reboot.

It does appear that redirecting roughly 125 servers to no longer use the proxy 
has helped. Unfortunately, our F5 guy can't tell me how many IP addresses 
remain coming into this F5 VIP, which would give me the number of servers, and 
an idea how loaded this thing is. I have good reason to believe it is under 
1,000. He has shown us graphs indicating the VIP isn't stressed, but I will 
keep working on him, b/c I can't imagine not being able to report how many 
distinct IP addresses hit the VIP.

I don't have a Visio, but

Server running the Microsoft Monitoring Agent sends data over 
tcp/443-->Internal facing firewall(s)-->F5 VIP-->one of 4 Squids-->internet

Each of the 4 VMWare Squids has 4 proc and 8 GB memory, 10 GB NIC.

We're a large enterprise with multiple data centers and many subnets, so there 
are quite a few firewalls, and most of the time a server must go through more 
than one firewall. Can't help but wonder if firewall exhaustion could cause the 
symptoms.

Revision: I typed the above last night. This morning, the server that had been 
erroring is at it again, but stopped. Others are fine. Interesting problem.

-Original Message-
From: elie...@ngtech.co.il 
Sent: Saturday, February 23, 2019 12:16 PM
To: Van Order, Drew (US - Hermitage) ; 'Amos Jeffries' 
; squid-users@lists.squid-cache.org
Subject: [EXT] RE: [squid-users] Squid for Windows Repeatedly Crashing

The next tool might help you to understand the status of the open connections.
If the socket is being closed( I think Windows Server 2016 is a very good 
OS...).
https://secure-web.cisco.com/1gLLf4HP_bwYOteW6x8gJ8EGyBrYzTMzMIi7P6q7aGi136WObNRd7uZQkrv-CKTO7ipHpLgOvHaGbzxLT7RpG6AGtkeTHUn2O8-CIAgcBOCUzn6KyZoPhqsAcpIXokXWcjlWHdUVUwlZVT0WKEhuOuAGvw2washhJEOg1Gcbsf99cy7ofqJfuTc-fS23KxfiE8W-2GLLNuF_J8q5uGJdvUMhm6HN-4CO3c_i8wxOlHrxgX3GjSLbLo8odnA6YctD5A01sjW3dpC4oiioIkGY7gDY-hjSSNYr_xoZzsixScColG-JRDlR3uktjsFF5JCkU1EROfoOfUHsDdeJ0IV2Cpk6yzbSPNNno7jV5BmZSsmR_jRgW7WJa4eVhKUvicMfy8RBespjtbfk17lUf9JamqmxPBtP2eHsiIb4_wk9iJfRr_S-aA1Ve7rPDmCXm9bZ9HRmXphi8o5AeYMWbK9DTrnmPDmFamis922AT6F4KUuBvS3PKqeCkT3EUuGmlwHXxCiJGwYBKXQmOehcFbqgfFQ/https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fcports.html

There is a possibility that some OS TCP limit is being reached and there for 
the socket closure.
If you are using F5 you can easily find out the load at the crash point.
I assume that if a normal Squid instance can take a load of 900k requests per 
second in somewhat constant rate for more than a minute then the issue might be 
else where then squid.
I am not sure but pretty sure that if you do not have anyone that is 
knowledgeable enough about windows sockets, sessions and FW limitations you 
will either:
- learn it your self
- find an expert
- use an OS that is more then 20% supported by any of the Squid-Cache team 
members and other developers around the globe.

Just to say a good word about Windows Server 2016, I compared it to a Windows 
10 under load and it seems to take a lot more load.
Also it not just takes the load but balance it well (on an open source windows 
designed software).

Also if you have a specific use case maybe a specific proxy can be customized 
for it.
Let me know if you wish to shed more details on the configuration so I can take 
my time and understand if there is a solution else then Squid.

Eliezeer


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il


-Original Message-
From: squid-users  On Behalf Of Van 
Order, Drew (US - Hermitage)
Sent: Friday, February 22, 2019 15:32
To: Amos Jeffries ; squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid for Windows Repeatedly Crashing

The test box I set up outside the F5 finally started exhibiting

Re: [squid-users] Squid for Windows Repeatedly Crashing

[Rafael Akchurin]

As far as I know the internal FD limit for Windows build is around 3K - might 
be being existed and thus unexpected behavior raising its ugly head..

-Original Message-
From: squid-users  On Behalf Of Van 
Order, Drew (US - Hermitage)
Sent: Sunday, 24 February 2019 14:40
To: elie...@ngtech.co.il; 'Amos Jeffries' ; 
squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid for Windows Repeatedly Crashing

This is helpful, and I especially appreciate the time given it is the weekend.

The Squids are confusing me, as everything is well behaved at the moment. One 
server was erroring off and on for a few hours earlier today, but stopped after 
a reboot.

It does appear that redirecting roughly 125 servers to no longer use the proxy 
has helped. Unfortunately, our F5 guy can't tell me how many IP addresses 
remain coming into this F5 VIP, which would give me the number of servers, and 
an idea how loaded this thing is. I have good reason to believe it is under 
1,000. He has shown us graphs indicating the VIP isn't stressed, but I will 
keep working on him, b/c I can't imagine not being able to report how many 
distinct IP addresses hit the VIP.

I don't have a Visio, but

Server running the Microsoft Monitoring Agent sends data over 
tcp/443-->Internal facing firewall(s)-->F5 VIP-->one of 4 Squids-->internet 

Each of the 4 VMWare Squids has 4 proc and 8 GB memory, 10 GB NIC.

We're a large enterprise with multiple data centers and many subnets, so there 
are quite a few firewalls, and most of the time a server must go through more 
than one firewall. Can't help but wonder if firewall exhaustion could cause the 
symptoms.

Revision: I typed the above last night. This morning, the server that had been 
erroring is at it again, but stopped. Others are fine. Interesting problem.

-Original Message-
From: elie...@ngtech.co.il 
Sent: Saturday, February 23, 2019 12:16 PM
To: Van Order, Drew (US - Hermitage) ; 'Amos Jeffries' 
; squid-users@lists.squid-cache.org
Subject: [EXT] RE: [squid-users] Squid for Windows Repeatedly Crashing

The next tool might help you to understand the status of the open connections.
If the socket is being closed( I think Windows Server 2016 is a very good 
OS...).
https://secure-web.cisco.com/1gLLf4HP_bwYOteW6x8gJ8EGyBrYzTMzMIi7P6q7aGi136WObNRd7uZQkrv-CKTO7ipHpLgOvHaGbzxLT7RpG6AGtkeTHUn2O8-CIAgcBOCUzn6KyZoPhqsAcpIXokXWcjlWHdUVUwlZVT0WKEhuOuAGvw2washhJEOg1Gcbsf99cy7ofqJfuTc-fS23KxfiE8W-2GLLNuF_J8q5uGJdvUMhm6HN-4CO3c_i8wxOlHrxgX3GjSLbLo8odnA6YctD5A01sjW3dpC4oiioIkGY7gDY-hjSSNYr_xoZzsixScColG-JRDlR3uktjsFF5JCkU1EROfoOfUHsDdeJ0IV2Cpk6yzbSPNNno7jV5BmZSsmR_jRgW7WJa4eVhKUvicMfy8RBespjtbfk17lUf9JamqmxPBtP2eHsiIb4_wk9iJfRr_S-aA1Ve7rPDmCXm9bZ9HRmXphi8o5AeYMWbK9DTrnmPDmFamis922AT6F4KUuBvS3PKqeCkT3EUuGmlwHXxCiJGwYBKXQmOehcFbqgfFQ/https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fcports.html

There is a possibility that some OS TCP limit is being reached and there for 
the socket closure.
If you are using F5 you can easily find out the load at the crash point.
I assume that if a normal Squid instance can take a load of 900k requests per 
second in somewhat constant rate for more than a minute then the issue might be 
else where then squid.
I am not sure but pretty sure that if you do not have anyone that is 
knowledgeable enough about windows sockets, sessions and FW limitations you 
will either:
- learn it your self
- find an expert
- use an OS that is more then 20% supported by any of the Squid-Cache team 
members and other developers around the globe.

Just to say a good word about Windows Server 2016, I compared it to a Windows 
10 under load and it seems to take a lot more load.
Also it not just takes the load but balance it well (on an open source windows 
designed software).

Also if you have a specific use case maybe a specific proxy can be customized 
for it.
Let me know if you wish to shed more details on the configuration so I can take 
my time and understand if there is a solution else then Squid.

Eliezeer


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il


-Original Message-
From: squid-users  On Behalf Of Van 
Order, Drew (US - Hermitage)
Sent: Friday, February 22, 2019 15:32
To: Amos Jeffries ; squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid for Windows Repeatedly Crashing

The test box I set up outside the F5 finally started exhibiting these errors, 
once I pointed roughly 60 machines to it. It took a few hours.
Sounds like this narrows it down to either the OS itself (seems unlikely, other 
apps would crash), or the litany of agents our security folks have mandated. It 
may indeed be necessary to move to Linux.

Thank you very much for your time!

-Original Message-
From: Amos Jeffries 
Sent: Thursday, February 21, 2019 11:31 PM
To: Van Order, Drew (US - Hermitage) ; 
squid-users@lists.squid-cache.org
Subject: [EXT] Re: [squid-users] Squid for Windows Repeatedly Crashing

Re: [squid-users] Squid for Windows Repeatedly Crashing

[Van Order, Drew (US - Hermitage)]

This is helpful, and I especially appreciate the time given it is the weekend.

The Squids are confusing me, as everything is well behaved at the moment. One 
server was erroring off and on for a few hours earlier today, but stopped after 
a reboot.

It does appear that redirecting roughly 125 servers to no longer use the proxy 
has helped. Unfortunately, our F5 guy can't tell me how many IP addresses 
remain coming into this F5 VIP, which would give me the number of servers, and 
an idea how loaded this thing is. I have good reason to believe it is under 
1,000. He has shown us graphs indicating the VIP isn't stressed, but I will 
keep working on him, b/c I can't imagine not being able to report how many 
distinct IP addresses hit the VIP.

I don't have a Visio, but

Server running the Microsoft Monitoring Agent sends data over 
tcp/443-->Internal facing firewall(s)-->F5 VIP-->one of 4 Squids-->internet 

Each of the 4 VMWare Squids has 4 proc and 8 GB memory, 10 GB NIC.

We're a large enterprise with multiple data centers and many subnets, so there 
are quite a few firewalls, and most of the time a server must go through more 
than one firewall. Can't help but wonder if firewall exhaustion could cause the 
symptoms.

Revision: I typed the above last night. This morning, the server that had been 
erroring is at it again, but stopped. Others are fine. Interesting problem.

-Original Message-
From: elie...@ngtech.co.il  
Sent: Saturday, February 23, 2019 12:16 PM
To: Van Order, Drew (US - Hermitage) ; 'Amos Jeffries' 
; squid-users@lists.squid-cache.org
Subject: [EXT] RE: [squid-users] Squid for Windows Repeatedly Crashing

The next tool might help you to understand the status of the open connections.
If the socket is being closed( I think Windows Server 2016 is a very good 
OS...).
https://secure-web.cisco.com/1gLLf4HP_bwYOteW6x8gJ8EGyBrYzTMzMIi7P6q7aGi136WObNRd7uZQkrv-CKTO7ipHpLgOvHaGbzxLT7RpG6AGtkeTHUn2O8-CIAgcBOCUzn6KyZoPhqsAcpIXokXWcjlWHdUVUwlZVT0WKEhuOuAGvw2washhJEOg1Gcbsf99cy7ofqJfuTc-fS23KxfiE8W-2GLLNuF_J8q5uGJdvUMhm6HN-4CO3c_i8wxOlHrxgX3GjSLbLo8odnA6YctD5A01sjW3dpC4oiioIkGY7gDY-hjSSNYr_xoZzsixScColG-JRDlR3uktjsFF5JCkU1EROfoOfUHsDdeJ0IV2Cpk6yzbSPNNno7jV5BmZSsmR_jRgW7WJa4eVhKUvicMfy8RBespjtbfk17lUf9JamqmxPBtP2eHsiIb4_wk9iJfRr_S-aA1Ve7rPDmCXm9bZ9HRmXphi8o5AeYMWbK9DTrnmPDmFamis922AT6F4KUuBvS3PKqeCkT3EUuGmlwHXxCiJGwYBKXQmOehcFbqgfFQ/https%3A%2F%2Fwww.nirsoft.net%2Futils%2Fcports.html

There is a possibility that some OS TCP limit is being reached and there for 
the socket closure.
If you are using F5 you can easily find out the load at the crash point.
I assume that if a normal Squid instance can take a load of 900k requests per 
second in somewhat constant rate for more than a minute then the issue might be 
else where then squid.
I am not sure but pretty sure that if you do not have anyone that is 
knowledgeable enough about windows sockets, sessions and FW limitations you 
will either:
- learn it your self
- find an expert
- use an OS that is more then 20% supported by any of the Squid-Cache team 
members and other developers around the globe.

Just to say a good word about Windows Server 2016, I compared it to a Windows 
10 under load and it seems to take a lot more load.
Also it not just takes the load but balance it well (on an open source windows 
designed software).

Also if you have a specific use case maybe a specific proxy can be customized 
for it.
Let me know if you wish to shed more details on the configuration so I can take 
my time and understand if there is a solution else then Squid.

Eliezeer


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il


-Original Message-
From: squid-users  On Behalf Of Van 
Order, Drew (US - Hermitage)
Sent: Friday, February 22, 2019 15:32
To: Amos Jeffries ; squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid for Windows Repeatedly Crashing

The test box I set up outside the F5 finally started exhibiting these errors, 
once I pointed roughly 60 machines to it. It took a few hours.
Sounds like this narrows it down to either the OS itself (seems unlikely, other 
apps would crash), or the litany of agents our security folks have mandated. It 
may indeed be necessary to move to Linux.

Thank you very much for your time!

-Original Message-
From: Amos Jeffries 
Sent: Thursday, February 21, 2019 11:31 PM
To: Van Order, Drew (US - Hermitage) ; 
squid-users@lists.squid-cache.org
Subject: [EXT] Re: [squid-users] Squid for Windows Repeatedly Crashing

On 22/02/19 4:21 am, Van Order, Drew (US - Hermitage) wrote:
> Thank you for replying, and that's an excellent point.
>
> Short answer--definitely not in a container, these are garden variety
VMWare instances. I've already flagged the OS power settings to maximum 
performance, so nothing should be going to sleep. I'll doublecheck, though.
>
> So, if I understand correctly, this error could also b

Re: [squid-users] Squid for Windows Repeatedly Crashing

[eliezer]

The next tool might help you to understand the status of the open
connections.
If the socket is being closed( I think Windows Server 2016 is a very good
OS...).
https://www.nirsoft.net/utils/cports.html

There is a possibility that some OS TCP limit is being reached and there for
the socket closure.
If you are using F5 you can easily find out the load at the crash point.
I assume that if a normal Squid instance can take a load of 900k requests
per second in somewhat constant rate for more then a minute then the issue
might be else where then squid.
I am not sure but pretty sure that if you do not have anyone that is
knowledgeable enough about windows sockets, sessions and FW limitations you
will either:
- learn it your self
- find an expert
- use an OS that is more then 20% supported by any of the Squid-Cache team
members and other developers around the globe.

Just to say a good word about Windows Server 2016, I compared it to a
Windows 10 under load and it seems to take a lot more load.
Also it not just takes the load but balance it well (on an open source
windows designed software).

Also if you have a specific use case maybe a specific proxy can be
customized for it.
Let me know if you wish to shed more details on the configuration so I can
take my time and understand if there is a solution else then Squid.

Eliezeer


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il


-Original Message-
From: squid-users  On Behalf Of
Van Order, Drew (US - Hermitage)
Sent: Friday, February 22, 2019 15:32
To: Amos Jeffries ; squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid for Windows Repeatedly Crashing

The test box I set up outside the F5 finally started exhibiting these
errors, once I pointed roughly 60 machines to it. It took a few hours.
Sounds like this narrows it down to either the OS itself (seems unlikely,
other apps would crash), or the litany of agents our security folks have
mandated. It may indeed be necessary to move to Linux.

Thank you very much for your time!

-Original Message-
From: Amos Jeffries 
Sent: Thursday, February 21, 2019 11:31 PM
To: Van Order, Drew (US - Hermitage) ;
squid-users@lists.squid-cache.org
Subject: [EXT] Re: [squid-users] Squid for Windows Repeatedly Crashing

On 22/02/19 4:21 am, Van Order, Drew (US - Hermitage) wrote:
> Thank you for replying, and that's an excellent point.
>
> Short answer--definitely not in a container, these are garden variety
VMWare instances. I've already flagged the OS power settings to maximum
performance, so nothing should be going to sleep. I'll doublecheck, though.
>
> So, if I understand correctly, this error could also be indicative of an
issue in between the agent and Squid. Agents first go through a firewall,
then the F5 before reaching Squid.

No that is not what I meant.

The port Squid has already opened and used syscall listen(2) on is what is
being closed (or its address corrupted) outside of Squid. That should only
ever be closed by Squid itself. Thus the error.

It is being closed repeatedly. Thus the abort/shutdown. This is not a crash,
it is intentional shutdown by Squid due to these fatal
(non-recoverable) errors.


>
> [Stopped, reason:Listener socket closed job1]: (14) Bad address
>
> Any thoughts on this error, which tends to be more common than the other?
>
> 2019/02/20 09:42:33 kid1| comm_poll: poll failure: (14) Bad address
> 2019/02/20 09:42:33 kid1| Select loop Error. Retry 2
>

Notice how the error from the OS "(14) Bad Address" is the same. This is
just another display of the same problem. Maybe the poll() layer reporting
the exact same error as Squid tries to recover. Maybe for other non-listener
ports also being corrupted somehow.

If non-listener ports are having that same error it would be a sign the
machine memory is being corrupted rather than other software touching the
listener ports specifically.


( The details you have provided so far have no hints about where the problem
may be coming from, and I am not having any ideas about possibilities
either. I just hope the above explanation of meaning can help you think of
things to look at for more hints on this very weird issue. )

Amos
This message (including any attachments) contains confidential information
intended for a specific individual and purpose, and is protected by law. If
you are not the intended recipient, you should delete this message and any
disclosure, copying, or distribution of this message, or the taking of any
action based on it, by you is strictly prohibited.

v.E.1
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid for Windows Repeatedly Crashing

[Amos Jeffries]

On 22/02/19 4:21 am, Van Order, Drew (US - Hermitage) wrote:
> Thank you for replying, and that's an excellent point.
> 
> Short answer--definitely not in a container, these are garden variety VMWare 
> instances. I've already flagged the OS power settings to maximum performance, 
> so nothing should be going to sleep. I'll doublecheck, though.
> 
> So, if I understand correctly, this error could also be indicative of an 
> issue in between the agent and Squid. Agents first go through a firewall, 
> then the F5 before reaching Squid.

No that is not what I meant.

The port Squid has already opened and used syscall listen(2) on is what
is being closed (or its address corrupted) outside of Squid. That should
only ever be closed by Squid itself. Thus the error.

It is being closed repeatedly. Thus the abort/shutdown. This is not a
crash, it is intentional shutdown by Squid due to these fatal
(non-recoverable) errors.


> 
> [Stopped, reason:Listener socket closed job1]: (14) Bad address
> 
> Any thoughts on this error, which tends to be more common than the other?
> 
> 2019/02/20 09:42:33 kid1| comm_poll: poll failure: (14) Bad address
> 2019/02/20 09:42:33 kid1| Select loop Error. Retry 2
> 

Notice how the error from the OS "(14) Bad Address" is the same. This is
just another display of the same problem. Maybe the poll() layer
reporting the exact same error as Squid tries to recover. Maybe for
other non-listener ports also being corrupted somehow.

If non-listener ports are having that same error it would be a sign the
machine memory is being corrupted rather than other software touching
the listener ports specifically.


( The details you have provided so far have no hints about where the
problem may be coming from, and I am not having any ideas about
possibilities either. I just hope the above explanation of meaning can
help you think of things to look at for more hints on this very weird
issue. )

Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid for Windows Repeatedly Crashing

[Van Order, Drew (US - Hermitage)]

Thank you for replying, and that's an excellent point.

Short answer--definitely not in a container, these are garden variety VMWare 
instances. I've already flagged the OS power settings to maximum performance, 
so nothing should be going to sleep. I'll doublecheck, though.

So, if I understand correctly, this error could also be indicative of an issue 
in between the agent and Squid. Agents first go through a firewall, then the F5 
before reaching Squid.

[Stopped, reason:Listener socket closed job1]: (14) Bad address

Any thoughts on this error, which tends to be more common than the other?

2019/02/20 09:42:33 kid1| comm_poll: poll failure: (14) Bad address
2019/02/20 09:42:33 kid1| Select loop Error. Retry 2



-Original Message-
From: Amos Jeffries 
Sent: Thursday, February 21, 2019 6:38 AM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid for Windows Repeatedly Crashing

On 21/02/19 6:23 pm, Van Order, Drew (US - Hermitage) wrote:
> Hello folks, we're running Squid 3.5.28 on four Windows 2016 VM's,
> each has 4 CPU, 8 GB memory, 10 GB NIC. We implemented Squid to
> support forwarding Azure Log Analytics data, it's all CONNECT. The
> Squids are load balanced through a F5. There are less than 1,000
> servers sending data to Log Analytics.
>
>
>
> All four Squids are regularly crashing, and I don't know how to
> interpret the errors in cache.log. It crashes if we disable caching too.
>
...
>
> 2019/02/20 09:42:32 kid1|  FD 12, 10.5.11.12 [Stopped, reason:Listener
> socket closed job1]: (14) Bad address
>

Something other than Squid closed the network socket Squid was using to receive 
new client connections (the http_port socket).

The only things which should know that socket even exists are Squid and the 
operating system.

This is not an error I've seen before. Is this Squid maybe running in a 
container or VM which is being hibernated, or suspended, or anything along 
those lines which may cause the OS filedescriptors to change unexpectedly?

Amos

This message (including any attachments) contains confidential information 
intended for a specific individual and purpose, and is protected by law. If you 
are not the intended recipient, you should delete this message and any 
disclosure, copying, or distribution of this message, or the taking of any 
action based on it, by you is strictly prohibited.

v.E.1
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid for Windows Repeatedly Crashing

[Van Order, Drew (US - Hermitage)]

This was my first concern with posting, having managed NetView/AIX for 
years-that folks may focus on the choice of OS versus the problem at hand. This 
is not meant to be an enterprise solution, it's something for a team of 
non-network engineers to use to support passing tcp/443 traffic from servers 
blocked from the internet. Why not choose the platform that is most familiar to 
the people that will need to support it?

I've got a fifth Windows Squid test box running outside the F5 that has yet to 
error, but it only has a handful of agents sending Log Analytics data. The F5's 
have been checked out, so the hope is that a Squid config or OS registry change 
will fix this.

However, if the consensus is that the Windows port is unstable under any kind 
of load, then we'd have to consider options.

From: elie...@ngtech.co.il 
Sent: Thursday, February 21, 2019 12:50 AM
To: Van Order, Drew (US - Hermitage) ; 
squid-users@lists.squid-cache.org
Subject: [EXT] RE: [squid-users] Squid for Windows Repeatedly Crashing

May I ask about the usage of Windows 2016 VM's compared to CentOS or Ubuntu?

Eliezer


Eliezer 
Croitoru<http://secure-web.cisco.com/1QlNYIFwJYHHQ7Gju-o31exeEfzmLfLHD-tlPBXtA4AjezZjFRrjCjQhCtZ3finQTxn34ZnlGjGrThEMYGWtTzylNEw-ofQAp8U32g0ctuACuPLDsaX0vdvlccEM9yAFrtly-r6W9v8aAND2sTwtjG_DdCWCqHr20GzEBelQB5zTXPLSrBWKwb2lQG4S9q1TfNVRxihuQEW_4yLWhCq4aD2qelhYU-Z_IcKwsQ5SDh_RAGgz1tx_F3PIGffKM9wlJgUgh75XoWakVDRnMuUx_OdOl2IgHlZsveHKOFhCiBjHKJ5MsZCUVdB2EsQ-WarU2je57Od_AQy8Le44KosAmxe7QcJbvSFxmUm6Gea-lNQZPJ__ZRbR8U-OurUTPnV8l2paOjYM2srjFrDknyxo_5KwLIn6pqIR2O2RpC6mUFl4Jj2LOaSoPW1RPPepT4-bm-YdpU5ZU9rymMsiZWEIxrhT1IJYxMYP7HuQFJ-4MmxrZAY2yUaMbB9tiyHf2CimH/http%3A%2F%2Fngtech.co.il%2Fmain-en%2F>
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il<mailto:elie...@ngtech.co.il>
[cid:image001.png@01D2675E.DCF360D0]

From: squid-users 
mailto:squid-users-boun...@lists.squid-cache.org>>
 On Behalf Of Van Order, Drew (US - Hermitage)
Sent: Thursday, February 21, 2019 07:23
To: squid-users@lists.squid-cache.org<mailto:squid-users@lists.squid-cache.org>
Subject: [squid-users] Squid for Windows Repeatedly Crashing

Hello folks, we're running Squid 3.5.28 on four Windows 2016 VM's, each has 4 
CPU, 8 GB memory, 10 GB NIC. We implemented Squid to support forwarding Azure 
Log Analytics data, it's all CONNECT. The Squids are load balanced through a 
F5. There are less than 1,000 servers sending data to Log Analytics.

All four Squids are regularly crashing, and I don't know how to interpret the 
errors in cache.log. It crashes if we disable caching too.

Any insight is appreciated-I've inherited this responsibility and more a cloud 
engineer than a network specialist.

Thanks in advance!

Typical error sequence in cache.log

2019/02/20 09:42:32 kid1|  FD 12, 10.5.11.12 [Stopped, reason:Listener socket 
closed job1]: (14) Bad address
2019/02/20 09:42:32 kid1|  FD 12, 10.5.11.12 [Stopped, reason:Listener socket 
closed job1]: (14) Bad address
2019/02/20 09:42:32 kid1|  FD 12, 10.5.11.12 [Stopped, reason:Listener socket 
closed job1]: (14) Bad address
2019/02/20 09:42:32 kid1|  FD 12, 10.5.11.12 [Stopped, reason:Listener socket 
closed job1]: (14) Bad address
2019/02/20 09:42:32 kid1|  FD 12, 10.5.11.12 [Stopped, reason:Listener socket 
closed job1]: (14) Bad address
2019/02/20 09:42:32 kid1|  FD 12, 10.5.11.12 [Stopped, reason:Listener socket 
closed job1]: (14) Bad address
2019/02/20 09:42:32 kid1|  FD 12, 10.5.11.12 [Stopped, reason:Listener socket 
closed job1]: (14) Bad address
2019/02/20 09:42:33 kid1|  FD 12, 10.5.11.12 [Stopped, reason:Listener socket 
closed job1]: (14) Bad address
2019/02/20 09:42:33 kid1|  FD 12, 10.5.11.12 [Stopped, reason:Listener socket 
closed job1]: (14) Bad address
2019/02/20 09:42:33 kid1|  FD 12, 10.5.11.12 [Stopped, reason:Listener socket 
closed job1]: (14) Bad address
2019/02/20 09:42:33 kid1|  FD 12, 10.5.11.12 [Stopped, reason:Listener socket 
closed job1]: (14) Bad address
2019/02/20 09:42:33 kid1|  FD 12, 10.5.11.12 [Stopped, reason:Listener socket 
closed job1]: (14) Bad address
2019/02/20 09:42:33 kid1| comm_poll: poll failure: (14) Bad address
2019/02/20 09:42:33 kid1| Select loop Error. Retry 1
2019/02/20 09:42:33 kid1| comm_poll: poll failure: (14) Bad address
2019/02/20 09:42:33 kid1| Select loop Error. Retry 2
2019/02/20 09:42:33 kid1| comm_poll: poll failure: (14) Bad address
2019/02/20 09:42:33 kid1| Select loop Error. Retry 3
2019/02/20 09:42:33 kid1| comm_poll: poll failure: (14) Bad address
2019/02/20 09:42:33 kid1| Select loop Error. Retry 4
2019/02/20 09:42:33 kid1| comm_poll: poll failure: (14) Bad address
2019/02/20 09:42:33 kid1| Select loop Error. Retry 5
2019/02/20 09:42:33 kid1| comm_poll: poll failure: (14) Bad address
2019/02/20 09:42:33 kid1| Select loop Error. Retry 6
2019/02/20 09:42:33 kid1| comm_poll: poll failure: (14) Bad address
2019/02/20 09:42:33 kid1| Select loop Error. Retry 7
2019/02/20 09:42:

Re: [squid-users] Squid for Windows Repeatedly Crashing

[Amos Jeffries]

On 21/02/19 6:23 pm, Van Order, Drew (US - Hermitage) wrote:
> Hello folks, we’re running Squid 3.5.28 on four Windows 2016 VM’s, each
> has 4 CPU, 8 GB memory, 10 GB NIC. We implemented Squid to support
> forwarding Azure Log Analytics data, it’s all CONNECT. The Squids are
> load balanced through a F5. There are less than 1,000 servers sending
> data to Log Analytics.
> 
>  
> 
> All four Squids are regularly crashing, and I don’t know how to
> interpret the errors in cache.log. It crashes if we disable caching too.
> 
...
> 
> 2019/02/20 09:42:32 kid1|  FD 12, 10.5.11.12 [Stopped, reason:Listener
> socket closed job1]: (14) Bad address
> 

Something other than Squid closed the network socket Squid was using to
receive new client connections (the http_port socket).

The only things which should know that socket even exists are Squid and
the operating system.

This is not an error I've seen before. Is this Squid maybe running in a
container or VM which is being hibernated, or suspended, or anything
along those lines which may cause the OS filedescriptors to change
unexpectedly?

Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Squid for Windows Repeatedly Crashing

[Van Order, Drew (US - Hermitage)]

Hello folks, we're running Squid 3.5.28 on four Windows 2016 VM's, each has 4 
CPU, 8 GB memory, 10 GB NIC. We implemented Squid to support forwarding Azure 
Log Analytics data, it's all CONNECT. The Squids are load balanced through a 
F5. There are less than 1,000 servers sending data to Log Analytics.

All four Squids are regularly crashing, and I don't know how to interpret the 
errors in cache.log. It crashes if we disable caching too.

Any insight is appreciated-I've inherited this responsibility and more a cloud 
engineer than a network specialist.

Thanks in advance!

Typical error sequence in cache.log

2019/02/20 09:42:32 kid1|  FD 12, 10.5.11.12 [Stopped, reason:Listener socket 
closed job1]: (14) Bad address
2019/02/20 09:42:32 kid1|  FD 12, 10.5.11.12 [Stopped, reason:Listener socket 
closed job1]: (14) Bad address
2019/02/20 09:42:32 kid1|  FD 12, 10.5.11.12 [Stopped, reason:Listener socket 
closed job1]: (14) Bad address
2019/02/20 09:42:32 kid1|  FD 12, 10.5.11.12 [Stopped, reason:Listener socket 
closed job1]: (14) Bad address
2019/02/20 09:42:32 kid1|  FD 12, 10.5.11.12 [Stopped, reason:Listener socket 
closed job1]: (14) Bad address
2019/02/20 09:42:32 kid1|  FD 12, 10.5.11.12 [Stopped, reason:Listener socket 
closed job1]: (14) Bad address
2019/02/20 09:42:32 kid1|  FD 12, 10.5.11.12 [Stopped, reason:Listener socket 
closed job1]: (14) Bad address
2019/02/20 09:42:33 kid1|  FD 12, 10.5.11.12 [Stopped, reason:Listener socket 
closed job1]: (14) Bad address
2019/02/20 09:42:33 kid1|  FD 12, 10.5.11.12 [Stopped, reason:Listener socket 
closed job1]: (14) Bad address
2019/02/20 09:42:33 kid1|  FD 12, 10.5.11.12 [Stopped, reason:Listener socket 
closed job1]: (14) Bad address
2019/02/20 09:42:33 kid1|  FD 12, 10.5.11.12 [Stopped, reason:Listener socket 
closed job1]: (14) Bad address
2019/02/20 09:42:33 kid1|  FD 12, 10.5.11.12 [Stopped, reason:Listener socket 
closed job1]: (14) Bad address
2019/02/20 09:42:33 kid1| comm_poll: poll failure: (14) Bad address
2019/02/20 09:42:33 kid1| Select loop Error. Retry 1
2019/02/20 09:42:33 kid1| comm_poll: poll failure: (14) Bad address
2019/02/20 09:42:33 kid1| Select loop Error. Retry 2
2019/02/20 09:42:33 kid1| comm_poll: poll failure: (14) Bad address
2019/02/20 09:42:33 kid1| Select loop Error. Retry 3
2019/02/20 09:42:33 kid1| comm_poll: poll failure: (14) Bad address
2019/02/20 09:42:33 kid1| Select loop Error. Retry 4
2019/02/20 09:42:33 kid1| comm_poll: poll failure: (14) Bad address
2019/02/20 09:42:33 kid1| Select loop Error. Retry 5
2019/02/20 09:42:33 kid1| comm_poll: poll failure: (14) Bad address
2019/02/20 09:42:33 kid1| Select loop Error. Retry 6
2019/02/20 09:42:33 kid1| comm_poll: poll failure: (14) Bad address
2019/02/20 09:42:33 kid1| Select loop Error. Retry 7
2019/02/20 09:42:33 kid1| comm_poll: poll failure: (14) Bad address
2019/02/20 09:42:33 kid1| Select loop Error. Retry 8
2019/02/20 09:42:33 kid1| comm_poll: poll failure: (14) Bad address
2019/02/20 09:42:33 kid1| Select loop Error. Retry 9
2019/02/20 09:42:33 kid1| comm_poll: poll failure: (14) Bad address
2019/02/20 09:42:33 kid1| Select loop Error. Retry 10
2019/02/20 09:42:33 kid1| Closing HTTP port 10.5.11.12:3128
FATAL: Event loop exited with failure.
Squid Cache (Version 3.5.28): Terminated abnormally.
CPU Usage: 12.640 seconds = 4.234 user + 8.406 sys
Maximum Resident Size: 5159680 KB
Page faults with physical i/o: 20341

Squid restarts, and will often start erroring right away:

2019/02/20 09:42:33 kid1| storeDirWriteCleanLogs: Starting...
2019/02/20 09:42:33 kid1|   Finished.  Wrote 0 entries.
2019/02/20 09:42:33 kid1|   Took 0.00 seconds (  0.00 entries/sec).
2019/02/20 09:42:36 kid1| Set Current Directory to 
/cygdrive/e/squid/var/coredump
2019/02/20 09:42:36 kid1| Starting Squid Cache version 3.5.28 for 
x86_64-unknown-cygwin...
2019/02/20 09:42:36 kid1| Service Name: squid
2019/02/20 09:42:36 kid1| Process ID 2292
2019/02/20 09:42:36 kid1| Process Roles: worker
2019/02/20 09:42:36 kid1| With 3200 file descriptors available
2019/02/20 09:42:36 kid1| Initializing IP Cache...
2019/02/20 09:42:36 kid1| parseEtcHosts: /etc/hosts: (2) No such file or 
directory
2019/02/20 09:42:36 kid1| DNS Socket created at [::], FD 5
2019/02/20 09:42:36 kid1| DNS Socket created at 0.0.0.0, FD 6
2019/02/20 09:42:36 kid1| Adding nameserver 208.67.220.220 from squid.conf
2019/02/20 09:42:36 kid1| Adding nameserver 208.67.222.222 from squid.conf
2019/02/20 09:42:36 kid1| Logfile: opening log daemon:/var/log/squid/access.log
2019/02/20 09:42:36 kid1| Logfile Daemon: opening log /var/log/squid/access.log
2019/02/20 09:42:36 kid1| WARNING: no_suid: setuid(0): (22) Invalid argument
2019/02/20 09:42:36 kid1| Store logging disabled
2019/02/20 09:42:36 kid1| Swap maxSize 262144 + 262144 KB, estimated 40329 
objects
2019/02/20 09:42:36 kid1| Target number of buckets: 2016
2019/02/20 09:42:36 kid1| Using 8192 Store buckets
2019/02/20 09:42:36 kid1| Max Mem  size: 262144 KB
2019/02/20 09:42:36 

Re: [squid-users] Squid for windows Very slow downloads of large files through squid with normal uploads

[Keith Hartley]

Good recommendation on Privoxy. It took a few hours to get it installed, but 
most of that came from struggles configuring a work group server, missing a lot 
of the normal tools that I would have in a domain-joined server.

It took me maybe 30 minutes to figure out how to configure it and get it up and 
running and I think will definitely be more practical for implementing static 
screening of the 30-40 URIs that I need


Keith Hartley
Network Engineer II
khart...@geocent.com
www.geocent.com

-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf 
Of Yuri
Sent: Friday, March 23, 2018 10:41 AM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid for windows Very slow downloads of large files 
through squid with normal uploads



23.03.2018 21:25, Keith Hartley пишет:
> I had not thought to test that. I will do that today.
>
> In regards to Yuri's comments on firewall vs squid - I don’t agree that a 
> firewall would be a direct replacement in this case.
>
> The 30-40 URIs I need to access resolve to a potential pool of several 
> million IP addresses, and the pool of IP addresses gets updated multiple 
> times per year. Writing rules at the network level would not be practical to 
> implement even one time, let alone maintain over time. A more expensive 
> firewall that is able to implement ACLs by hostname would be needed, and 
> options for virtual firewalls hosted in Azure are limited. It would also 
> require either implementing many static routes, or a transit network with a 
> virtual router, and this environment will be supported by an organization 
> that does not have a network engineer on staff.
It depends. If your make Internet access for servers due to updates - in most 
cases updates has limited distribution points (of course, we're not considering 
CDN now). Some cases can be easy solved by server's built-in firewall.

If we're talking about infrastructure, best solution for updates is internal 
updates server (like WSUS), which only have access to Internet with all 
security restrictions. You know this better than me ;) Anyway, centralized 
patch/updates server behind the border firewall is best solution.

But this is, of course, abstract discussion.
>
> I understand that there is very little functionality I need to leverage, but 
> I like Squid, as it is a name that most people in IT will recognize and be 
> able to google.
We're like it too, but Squid's itself is big and relatively complex software, 
requires much experience to use and not always easy in support. It has a lot of 
functions and can have very complex configurations. This is why I can't 
recommend use it in all cases requires proxying/caching without serious reasons.
>
> I may still review privoxy however. If it is simple enough that 
> supporting it would be something easy to just figure out with minimal 
> research, it may still be a good option. I like simple, but high 
> supportability is mandatory
Yes. Privoxy is very simple instead Squid. It is non-caching proxy, which have 
all functionality you require. It works with hostnames.

Don't worry - you will not require much support for it. It's just works. ;)
>
>
> Keith Hartley
> Network Engineer II
> khart...@geocent.com
> www.geocent.com
>
> -Original Message-
> From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] 
> On Behalf Of Matus UHLAR - fantomas
> Sent: Friday, March 23, 2018 3:56 AM
> To: squid-users@lists.squid-cache.org
> Subject: Re: [squid-users] Squid for windows Very slow downloads of 
> large files through squid with normal uploads
>
> On 22.03.18 23:08, Keith Hartley wrote:
>> However on large files I am only getting 115 Kbps sustained download speeds.
> does this happen evben when you try using squid on the mavchine squid is 
> installed?
>
>
> --
> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> I drive way too fast to worry about cholesterol.
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
> Confidentiality Notice:
> This email communication may contain confidential information, may be legally 
> privileged, and is intended only for the use of the intended recipients(s) 
> identified. Any unauthorized review, use, distribution, downloading, or 
> copying of this communication is strictly prohibited. If you are not the 
> intended recipient and have received this message in error, immediately 
> notify the sender by reply email, delete the communication, and destroy all 
> copies. Thank you.
> _

Re: [squid-users] Squid for windows Very slow downloads of large files through squid with normal uploads

[Keith Hartley]

Yeah, there are some other considerations with this environment. While WSUS is 
the only service that downloads files in any significant quantity, there were 
architectural decisions made in the application that this environment hosts 
which requires the application to have some minimal internet access, which is 
what caused the need for the proxy. WSUS was originally set up exactly as you 
described until I learned of the application requirements, and technically it 
is the only thing that needs a proxy, but I didn't want to set up a different 
way of accessing the internet for each service that needed access and making it 
confusing, so went to using a proxy for everything so there would only be one 
path to the internet.


Keith Hartley
Network Engineer II
khart...@geocent.com
www.geocent.com

-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf 
Of Yuri
Sent: Friday, March 23, 2018 10:41 AM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid for windows Very slow downloads of large files 
through squid with normal uploads



23.03.2018 21:25, Keith Hartley пишет:
> I had not thought to test that. I will do that today.
>
> In regards to Yuri's comments on firewall vs squid - I don’t agree that a 
> firewall would be a direct replacement in this case.
>
> The 30-40 URIs I need to access resolve to a potential pool of several 
> million IP addresses, and the pool of IP addresses gets updated multiple 
> times per year. Writing rules at the network level would not be practical to 
> implement even one time, let alone maintain over time. A more expensive 
> firewall that is able to implement ACLs by hostname would be needed, and 
> options for virtual firewalls hosted in Azure are limited. It would also 
> require either implementing many static routes, or a transit network with a 
> virtual router, and this environment will be supported by an organization 
> that does not have a network engineer on staff.
It depends. If your make Internet access for servers due to updates - in most 
cases updates has limited distribution points (of course, we're not considering 
CDN now). Some cases can be easy solved by server's built-in firewall.

If we're talking about infrastructure, best solution for updates is internal 
updates server (like WSUS), which only have access to Internet with all 
security restrictions. You know this better than me ;) Anyway, centralized 
patch/updates server behind the border firewall is best solution.

But this is, of course, abstract discussion.
>
> I understand that there is very little functionality I need to leverage, but 
> I like Squid, as it is a name that most people in IT will recognize and be 
> able to google.
We're like it too, but Squid's itself is big and relatively complex software, 
requires much experience to use and not always easy in support. It has a lot of 
functions and can have very complex configurations. This is why I can't 
recommend use it in all cases requires proxying/caching without serious reasons.
>
> I may still review privoxy however. If it is simple enough that 
> supporting it would be something easy to just figure out with minimal 
> research, it may still be a good option. I like simple, but high 
> supportability is mandatory
Yes. Privoxy is very simple instead Squid. It is non-caching proxy, which have 
all functionality you require. It works with hostnames.

Don't worry - you will not require much support for it. It's just works. ;)
>
>
> Keith Hartley
> Network Engineer II
> khart...@geocent.com
> www.geocent.com
>
> -Original Message-
> From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] 
> On Behalf Of Matus UHLAR - fantomas
> Sent: Friday, March 23, 2018 3:56 AM
> To: squid-users@lists.squid-cache.org
> Subject: Re: [squid-users] Squid for windows Very slow downloads of 
> large files through squid with normal uploads
>
> On 22.03.18 23:08, Keith Hartley wrote:
>> However on large files I am only getting 115 Kbps sustained download speeds.
> does this happen evben when you try using squid on the mavchine squid is 
> installed?
>
>
> --
> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> I drive way too fast to worry about cholesterol.
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
> Confidentiality Notice:
> This email communication may contain confidential information, may be legally 
> privileged, and is intended only for the use of the intended recipients(s) 
> identified. Any unauthorized rev

Re: [squid-users] Squid for windows Very slow downloads of large files through squid with normal uploads

[Yuri]

23.03.2018 21:25, Keith Hartley пишет:
> I had not thought to test that. I will do that today.
>
> In regards to Yuri's comments on firewall vs squid - I don’t agree that a 
> firewall would be a direct replacement in this case.
>
> The 30-40 URIs I need to access resolve to a potential pool of several 
> million IP addresses, and the pool of IP addresses gets updated multiple 
> times per year. Writing rules at the network level would not be practical to 
> implement even one time, let alone maintain over time. A more expensive 
> firewall that is able to implement ACLs by hostname would be needed, and 
> options for virtual firewalls hosted in Azure are limited. It would also 
> require either implementing many static routes, or a transit network with a 
> virtual router, and this environment will be supported by an organization 
> that does not have a network engineer on staff.
It depends. If your make Internet access for servers due to updates - in
most cases updates has limited distribution points (of course, we're not
considering CDN now). Some cases can be easy solved by server's built-in
firewall.

If we're talking about infrastructure, best solution for updates is
internal updates server (like WSUS), which only have access to Internet
with all security restrictions. You know this better than me ;) Anyway,
centralized patch/updates server behind the border firewall is best
solution.

But this is, of course, abstract discussion.
>
> I understand that there is very little functionality I need to leverage, but 
> I like Squid, as it is a name that most people in IT will recognize and be 
> able to google.
We're like it too, but Squid's itself is big and relatively complex
software, requires much experience to use and not always easy in
support. It has a lot of functions and can have very complex
configurations. This is why I can't recommend use it in all cases
requires proxying/caching without serious reasons.
>
> I may still review privoxy however. If it is simple enough that supporting it 
> would be something easy to just figure out with minimal research, it may 
> still be a good option. I like simple, but high supportability is mandatory
Yes. Privoxy is very simple instead Squid. It is non-caching proxy,
which have all functionality you require. It works with hostnames.

Don't worry - you will not require much support for it. It's just works. ;)
>
>
> Keith Hartley
> Network Engineer II
> khart...@geocent.com
> www.geocent.com
>
> -Original Message-
> From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On 
> Behalf Of Matus UHLAR - fantomas
> Sent: Friday, March 23, 2018 3:56 AM
> To: squid-users@lists.squid-cache.org
> Subject: Re: [squid-users] Squid for windows Very slow downloads of large 
> files through squid with normal uploads
>
> On 22.03.18 23:08, Keith Hartley wrote:
>> However on large files I am only getting 115 Kbps sustained download speeds.
> does this happen evben when you try using squid on the mavchine squid is 
> installed?
>
>
> --
> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> I drive way too fast to worry about cholesterol.
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
> Confidentiality Notice:
> This email communication may contain confidential information, may be legally 
> privileged, and is intended only for the use of the intended recipients(s) 
> identified. Any unauthorized review, use, distribution, downloading, or 
> copying of this communication is strictly prohibited. If you are not the 
> intended recipient and have received this message in error, immediately 
> notify the sender by reply email, delete the communication, and destroy all 
> copies. Thank you.
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-- 
"C++ seems like a language suitable for firing other people's legs."

*
* C++20 : Bug to the future *
*




signature.asc
Description: OpenPGP digital signature
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid for windows Very slow downloads of large files through squid with normal uploads

[Keith Hartley]

I had not thought to test that. I will do that today.

In regards to Yuri's comments on firewall vs squid - I don’t agree that a 
firewall would be a direct replacement in this case.

The 30-40 URIs I need to access resolve to a potential pool of several million 
IP addresses, and the pool of IP addresses gets updated multiple times per 
year. Writing rules at the network level would not be practical to implement 
even one time, let alone maintain over time. A more expensive firewall that is 
able to implement ACLs by hostname would be needed, and options for virtual 
firewalls hosted in Azure are limited. It would also require either 
implementing many static routes, or a transit network with a virtual router, 
and this environment will be supported by an organization that does not have a 
network engineer on staff.

I understand that there is very little functionality I need to leverage, but I 
like Squid, as it is a name that most people in IT will recognize and be able 
to google.

I may still review privoxy however. If it is simple enough that supporting it 
would be something easy to just figure out with minimal research, it may still 
be a good option. I like simple, but high supportability is mandatory


Keith Hartley
Network Engineer II
khart...@geocent.com
www.geocent.com

-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf 
Of Matus UHLAR - fantomas
Sent: Friday, March 23, 2018 3:56 AM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid for windows Very slow downloads of large files 
through squid with normal uploads

On 22.03.18 23:08, Keith Hartley wrote:
>However on large files I am only getting 115 Kbps sustained download speeds.

does this happen evben when you try using squid on the mavchine squid is 
installed?


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I drive way too fast to worry about cholesterol.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Confidentiality Notice:
This email communication may contain confidential information, may be legally 
privileged, and is intended only for the use of the intended recipients(s) 
identified. Any unauthorized review, use, distribution, downloading, or copying 
of this communication is strictly prohibited. If you are not the intended 
recipient and have received this message in error, immediately notify the 
sender by reply email, delete the communication, and destroy all copies. Thank 
you.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid for windows Very slow downloads of large files through squid with normal uploads

[Matus UHLAR - fantomas]

On 22.03.18 23:08, Keith Hartley wrote:

However on large files I am only getting 115 Kbps sustained download speeds.


does this happen evben when you try using squid on the mavchine squid is
installed?


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I drive way too fast to worry about cholesterol. 
___

squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid for windows Very slow downloads of large files through squid with normal uploads

[Yuri]

And, if you still insist that you need a proxy, consider Privoxy.

Lightweight primitive HTTP proxy with basic access control, has Windows
implementation, works as service.

It will be good enough.

https://www.privoxy.org/

23.03.2018 05:27, Yuri пишет:
>
> Your task is simple - you need a simple control of access to the
> Internet, for servers, without any caching. Squid here is excessive,
> moreover, in your configuration it gives an excessive overhead.
>
> You not requires advanced requests processing, SSL bumping, content
> adaptation, AV real-time checking, advanced caching, content
> compression - am I right yet?
>
> So, firewall is enough.
>
>
> 23.03.2018 05:11, Yuri пишет:
>>
>>
>>
>> 23.03.2018 05:08, Keith Hartley пишет:
>>>
>>> I don’t need it to cache anything – the goal of it is not
>>> performance optimization, it is to provide restricted access to the
>>> internet. I have 1200 Mbps of network i/o available to the squid
>>> servers and can confirm I am able to reliably achieve at least 800
>>> Mbps when I download something directly on the squid server.
>>> Additionally, it would be extremely rare that the same file ever
>>> would get downloaded more than once, if it ever actually happens.
>>>
>>>  
>>>
>>> By policy none of the servers may have direct internet access. This
>>> is to protect the data contained in the environment. Only one 4 bit
>>> subnet has internet access, where the squids are located, and 8 of
>>> the 45 servers need restricted internet access.
>>>
>> Now your protects nothing. You don't have any advanced ACLs in your
>> config.
>>>
>>>  
>>>
>>> This config is complete at least in a base configuration. If I have
>>> time in the project I am going to add URI restrictions. The 8
>>> servers will only need to get to about 30-40 static URIs in total
>>> and want to block the others, but first I need to get the throughput up.
>>>
>>>  
>>>
>>> I have 800 Mbps minimum available bandwidth to the squid servers
>>> that I can confirm is available in download tests from the squids. I
>>> have 1200 Mbps (these are Azure virtual machines) of bandwidth
>>> available in both directions between the servers that use the squids
>>> and the squids.
>>>
>>>  
>>>
>>> However on large files I am only getting 115 Kbps sustained download
>>> speeds.
>>>
>>>  
>>>
>>> Now if squid needs to be able to buffer the downloads to cache in
>>> order to perform well – I could enable caching if that is the case,
>>> but would prefer to not cache anything. I very seriously doubt that
>>> I will ever download the same file two times in this environment as
>>> the only thing being downloaded is software updates that are
>>> centrally distributed from WSUS, and antivirus definitions that are
>>> released about 6-10 times per day. Most of the traffic is also
>>> https, with very little http.
>>>
>>>  
>>>
>>> Is it the case that I may see better performance if I configure it
>>> to cache the files first before sending it to clients?
>>>
>> Nothing above can not be solved by trivial border firewall.
>>
>> Just imagine - now you have useless server which not buffers network IO.
>>
>> Ideally just drop it. And setup border firewall. This solves all of
>> your problems.
>>
>> Squid's (especially Windows Squid) is not appropriate tool here.
>>>
>>> * *
>>>
>>> *Keith Hartley*
>>>
>>> /Network Engineer II/
>>>
>>> khart...@geocent.com <mailto:khart...@geocent.com>
>>>
>>> www.geocent.com <http://www.geocent.com>
>>>
>>>  
>>>
>>> *From:*squid-users
>>> [mailto:squid-users-boun...@lists.squid-cache.org] *On Behalf Of *Yuri
>>> *Sent:* Thursday, March 22, 2018 5:39 PM
>>> *To:* squid-users@lists.squid-cache.org
>>> *Subject:* Re: [squid-users] Squid for windows Very slow downloads
>>> of large files through squid with normal uploads
>>>
>>>  
>>>
>>>  
>>>
>>>  
>>>
>>> 22.03.2018 23:10, Keith Hartley пишет:
>>>
>>> I am using squid 3.5 for windows as a transparent proxy to
>>> provide internet access to 7 servers in a secure environment
>>> that otherwise does not have internet access. I have two squids
>>> run

Re: [squid-users] Squid for windows Very slow downloads of large files through squid with normal uploads

[Yuri]

Your task is simple - you need a simple control of access to the
Internet, for servers, without any caching. Squid here is excessive,
moreover, in your configuration it gives an excessive overhead.

You not requires advanced requests processing, SSL bumping, content
adaptation, AV real-time checking, advanced caching, content compression
- am I right yet?

So, firewall is enough.


23.03.2018 05:11, Yuri пишет:
>
>
>
> 23.03.2018 05:08, Keith Hartley пишет:
>>
>> I don’t need it to cache anything – the goal of it is not performance
>> optimization, it is to provide restricted access to the internet. I
>> have 1200 Mbps of network i/o available to the squid servers and can
>> confirm I am able to reliably achieve at least 800 Mbps when I
>> download something directly on the squid server. Additionally, it
>> would be extremely rare that the same file ever would get downloaded
>> more than once, if it ever actually happens.
>>
>>  
>>
>> By policy none of the servers may have direct internet access. This
>> is to protect the data contained in the environment. Only one 4 bit
>> subnet has internet access, where the squids are located, and 8 of
>> the 45 servers need restricted internet access.
>>
> Now your protects nothing. You don't have any advanced ACLs in your
> config.
>>
>>  
>>
>> This config is complete at least in a base configuration. If I have
>> time in the project I am going to add URI restrictions. The 8 servers
>> will only need to get to about 30-40 static URIs in total and want to
>> block the others, but first I need to get the throughput up.
>>
>>  
>>
>> I have 800 Mbps minimum available bandwidth to the squid servers that
>> I can confirm is available in download tests from the squids. I have
>> 1200 Mbps (these are Azure virtual machines) of bandwidth available
>> in both directions between the servers that use the squids and the
>> squids.
>>
>>  
>>
>> However on large files I am only getting 115 Kbps sustained download
>> speeds.
>>
>>  
>>
>> Now if squid needs to be able to buffer the downloads to cache in
>> order to perform well – I could enable caching if that is the case,
>> but would prefer to not cache anything. I very seriously doubt that I
>> will ever download the same file two times in this environment as the
>> only thing being downloaded is software updates that are centrally
>> distributed from WSUS, and antivirus definitions that are released
>> about 6-10 times per day. Most of the traffic is also https, with
>> very little http.
>>
>>  
>>
>> Is it the case that I may see better performance if I configure it to
>> cache the files first before sending it to clients?
>>
> Nothing above can not be solved by trivial border firewall.
>
> Just imagine - now you have useless server which not buffers network IO.
>
> Ideally just drop it. And setup border firewall. This solves all of
> your problems.
>
> Squid's (especially Windows Squid) is not appropriate tool here.
>>
>> * *
>>
>> *Keith Hartley*
>>
>> /Network Engineer II/
>>
>> khart...@geocent.com <mailto:khart...@geocent.com>
>>
>> www.geocent.com <http://www.geocent.com>
>>
>>  
>>
>> *From:*squid-users [mailto:squid-users-boun...@lists.squid-cache.org]
>> *On Behalf Of *Yuri
>> *Sent:* Thursday, March 22, 2018 5:39 PM
>> *To:* squid-users@lists.squid-cache.org
>> *Subject:* Re: [squid-users] Squid for windows Very slow downloads of
>> large files through squid with normal uploads
>>
>>  
>>
>>  
>>
>>  
>>
>> 22.03.2018 23:10, Keith Hartley пишет:
>>
>> I am using squid 3.5 for windows as a transparent proxy to
>> provide internet access to 7 servers in a secure environment that
>> otherwise does not have internet access. I have two squids
>> running behind a load balancer, each one is running server 2016
>> core with 2 Xeon processors that is either haswell generation
>> with 1:1 physical processor to virtual processor mapping or a
>> hyper-threading Broadwell generation processor that is 1:1
>> logical processor to virtual processor mapping, depending on how
>> they are provisioned when they get started.
>>
>>  
>>
>> Doing a bandwidth test directly in the VM I am able to get
>> internet throughput of 800-1200 Mbps.
>>
>>  
>>
>> Doing a file copy to and from the VM I am able to get 1200 Mbps
>> lan throughput.

Re: [squid-users] Squid for windows Very slow downloads of large files through squid with normal uploads

[Yuri]

23.03.2018 05:08, Keith Hartley пишет:
>
> I don’t need it to cache anything – the goal of it is not performance
> optimization, it is to provide restricted access to the internet. I
> have 1200 Mbps of network i/o available to the squid servers and can
> confirm I am able to reliably achieve at least 800 Mbps when I
> download something directly on the squid server. Additionally, it
> would be extremely rare that the same file ever would get downloaded
> more than once, if it ever actually happens.
>
>  
>
> By policy none of the servers may have direct internet access. This is
> to protect the data contained in the environment. Only one 4 bit
> subnet has internet access, where the squids are located, and 8 of the
> 45 servers need restricted internet access.
>
Now your protects nothing. You don't have any advanced ACLs in your config.
>
>  
>
> This config is complete at least in a base configuration. If I have
> time in the project I am going to add URI restrictions. The 8 servers
> will only need to get to about 30-40 static URIs in total and want to
> block the others, but first I need to get the throughput up.
>
>  
>
> I have 800 Mbps minimum available bandwidth to the squid servers that
> I can confirm is available in download tests from the squids. I have
> 1200 Mbps (these are Azure virtual machines) of bandwidth available in
> both directions between the servers that use the squids and the squids.
>
>  
>
> However on large files I am only getting 115 Kbps sustained download
> speeds.
>
>  
>
> Now if squid needs to be able to buffer the downloads to cache in
> order to perform well – I could enable caching if that is the case,
> but would prefer to not cache anything. I very seriously doubt that I
> will ever download the same file two times in this environment as the
> only thing being downloaded is software updates that are centrally
> distributed from WSUS, and antivirus definitions that are released
> about 6-10 times per day. Most of the traffic is also https, with very
> little http.
>
>  
>
> Is it the case that I may see better performance if I configure it to
> cache the files first before sending it to clients?
>
Nothing above can not be solved by trivial border firewall.

Just imagine - now you have useless server which not buffers network IO.

Ideally just drop it. And setup border firewall. This solves all of your
problems.

Squid's (especially Windows Squid) is not appropriate tool here.
>
> * *
>
> *Keith Hartley*
>
> /Network Engineer II/
>
> khart...@geocent.com <mailto:khart...@geocent.com>
>
> www.geocent.com <http://www.geocent.com>
>
>  
>
> *From:*squid-users [mailto:squid-users-boun...@lists.squid-cache.org]
> *On Behalf Of *Yuri
> *Sent:* Thursday, March 22, 2018 5:39 PM
> *To:* squid-users@lists.squid-cache.org
> *Subject:* Re: [squid-users] Squid for windows Very slow downloads of
> large files through squid with normal uploads
>
>  
>
>  
>
>  
>
> 22.03.2018 23:10, Keith Hartley пишет:
>
> I am using squid 3.5 for windows as a transparent proxy to provide
> internet access to 7 servers in a secure environment that
> otherwise does not have internet access. I have two squids running
> behind a load balancer, each one is running server 2016 core with
> 2 Xeon processors that is either haswell generation with 1:1
> physical processor to virtual processor mapping or a
> hyper-threading Broadwell generation processor that is 1:1 logical
> processor to virtual processor mapping, depending on how they are
> provisioned when they get started.
>
>  
>
> Doing a bandwidth test directly in the VM I am able to get
> internet throughput of 800-1200 Mbps.
>
>  
>
> Doing a file copy to and from the VM I am able to get 1200 Mbps
> lan throughput.
>
>  
>
> In proxied uploads I have observed speeds as high as 120 Mbps,
> which is more than enough for what I need and the bottleneck is
> likely in the backup software rather than squid. Uploads
> performance I am not worried about where they are at now – even if
> I only got 20-30 Mbps it would be adequate for what I need it for.
>
>  
>
> Downloads however are very slow. Small files do not seem to be
> impacted. Using the test a thinkbroadband.com/download, files up
> to 20 Mb will download at a reasonable 20-30 Mbps, but when I get
> to 50, it slows down to about 17 Mbps, and when I download AD
> Connect from Microsoft, which is about 80 Mb, I can see it start
> at about 30 Mbps, but eventually goes down to about 115 kbps and
> levels off. When I put an IP on 

Re: [squid-users] Squid for windows Very slow downloads of large files through squid with normal uploads

[Keith Hartley]

I don’t need it to cache anything – the goal of it is not performance 
optimization, it is to provide restricted access to the internet. I have 1200 
Mbps of network i/o available to the squid servers and can confirm I am able to 
reliably achieve at least 800 Mbps when I download something directly on the 
squid server. Additionally, it would be extremely rare that the same file ever 
would get downloaded more than once, if it ever actually happens.

By policy none of the servers may have direct internet access. This is to 
protect the data contained in the environment. Only one 4 bit subnet has 
internet access, where the squids are located, and 8 of the 45 servers need 
restricted internet access.

This config is complete at least in a base configuration. If I have time in the 
project I am going to add URI restrictions. The 8 servers will only need to get 
to about 30-40 static URIs in total and want to block the others, but first I 
need to get the throughput up.

I have 800 Mbps minimum available bandwidth to the squid servers that I can 
confirm is available in download tests from the squids. I have 1200 Mbps (these 
are Azure virtual machines) of bandwidth available in both directions between 
the servers that use the squids and the squids.

However on large files I am only getting 115 Kbps sustained download speeds.

Now if squid needs to be able to buffer the downloads to cache in order to 
perform well – I could enable caching if that is the case, but would prefer to 
not cache anything. I very seriously doubt that I will ever download the same 
file two times in this environment as the only thing being downloaded is 
software updates that are centrally distributed from WSUS, and antivirus 
definitions that are released about 6-10 times per day. Most of the traffic is 
also https, with very little http.

Is it the case that I may see better performance if I configure it to cache the 
files first before sending it to clients?

Keith Hartley
Network Engineer II
khart...@geocent.com<mailto:khart...@geocent.com>
www.geocent.com<http://www.geocent.com>

From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf 
Of Yuri
Sent: Thursday, March 22, 2018 5:39 PM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid for windows Very slow downloads of large files 
through squid with normal uploads




22.03.2018 23:10, Keith Hartley пишет:
I am using squid 3.5 for windows as a transparent proxy to provide internet 
access to 7 servers in a secure environment that otherwise does not have 
internet access. I have two squids running behind a load balancer, each one is 
running server 2016 core with 2 Xeon processors that is either haswell 
generation with 1:1 physical processor to virtual processor mapping or a 
hyper-threading Broadwell generation processor that is 1:1 logical processor to 
virtual processor mapping, depending on how they are provisioned when they get 
started.

Doing a bandwidth test directly in the VM I am able to get internet throughput 
of 800-1200 Mbps.

Doing a file copy to and from the VM I am able to get 1200 Mbps lan throughput.

In proxied uploads I have observed speeds as high as 120 Mbps, which is more 
than enough for what I need and the bottleneck is likely in the backup software 
rather than squid. Uploads performance I am not worried about where they are at 
now – even if I only got 20-30 Mbps it would be adequate for what I need it for.

Downloads however are very slow. Small files do not seem to be impacted. Using 
the test a thinkbroadband.com/download, files up to 20 Mb will download at a 
reasonable 20-30 Mbps, but when I get to 50, it slows down to about 17 Mbps, 
and when I download AD Connect from Microsoft, which is about 80 Mb, I can see 
it start at about 30 Mbps, but eventually goes down to about 115 kbps and 
levels off. When I put an IP on the server I am using for testing that proxies 
through squid, I am able to download the file at several hundred mbps.  When I 
download the same file on the squid server – I can’t tell exactly what 
throughput I was getting, but the 80 Mb file downloaded within 5 seconds.

In both squid servers, other than when the servers were booting, processor 
activity has not exceeded 9% in the last 7 days but usually sits below 2%. 
Memory usage has not exceeded 2 Gb, leaving 2 Gb free.

I am using OpenDNS for a DNS source, and have tried changing DNS to level3 but 
it made no performance difference.

I think that this may be squid trying to cache something, but had tried to turn 
all caching off.

My cache.log doesn’t really have anything interesting in it that I can see. 
It’s the same ~30 or so log entries each time the service starts, and that is 
about it. Here it is:

2018/03/22 09:47:27 kid1| Set Current Directory to /var/cache/squid
2018/03/22 09:47:27 kid1| Starting Squid Cache version 3.5.27 for 
x86_64-unknown-cygwin...
2018/03/22 09:47:27 kid1| Service Name: squid
2018/03

Re: [squid-users] Squid for windows Very slow downloads of large files through squid with normal uploads

[Yuri]

And also:

your configuration is not transparent proxy.

a) Squid 3.5 for windows does not built as transparent proxy (i.e. with
NAT support).

b) You do not have keyword*intercept* in your configuration.

This is simple forwarding proxy.


23.03.2018 04:38, Yuri пишет:
>
>
>
> 22.03.2018 23:10, Keith Hartley пишет:
>>
>> I am using squid 3.5 for windows as a transparent proxy to provide
>> internet access to 7 servers in a secure environment that otherwise
>> does not have internet access. I have two squids running behind a
>> load balancer, each one is running server 2016 core with 2 Xeon
>> processors that is either haswell generation with 1:1 physical
>> processor to virtual processor mapping or a hyper-threading Broadwell
>> generation processor that is 1:1 logical processor to virtual
>> processor mapping, depending on how they are provisioned when they
>> get started.
>>
>>  
>>
>> Doing a bandwidth test directly in the VM I am able to get internet
>> throughput of 800-1200 Mbps.
>>
>>  
>>
>> Doing a file copy to and from the VM I am able to get 1200 Mbps lan
>> throughput.
>>
>>  
>>
>> In proxied uploads I have observed speeds as high as 120 Mbps, which
>> is more than enough for what I need and the bottleneck is likely in
>> the backup software rather than squid. Uploads performance I am not
>> worried about where they are at now – even if I only got 20-30 Mbps
>> it would be adequate for what I need it for.
>>
>>  
>>
>> Downloads however are very slow. Small files do not seem to be
>> impacted. Using the test a thinkbroadband.com/download, files up to
>> 20 Mb will download at a reasonable 20-30 Mbps, but when I get to 50,
>> it slows down to about 17 Mbps, and when I download AD Connect from
>> Microsoft, which is about 80 Mb, I can see it start at about 30 Mbps,
>> but eventually goes down to about 115 kbps and levels off. When I put
>> an IP on the server I am using for testing that proxies through
>> squid, I am able to download the file at several hundred mbps.  When
>> I download the same file on the squid server – I can’t tell exactly
>> what throughput I was getting, but the 80 Mb file downloaded within 5
>> seconds.
>>
>>  
>>
>> In both squid servers, other than when the servers were booting,
>> processor activity has not exceeded 9% in the last 7 days but usually
>> sits below 2%. Memory usage has not exceeded 2 Gb, leaving 2 Gb free.
>>
>>  
>>
>> I am using OpenDNS for a DNS source, and have tried changing DNS to
>> level3 but it made no performance difference.
>>
>>  
>>
>> I think that this may be squid trying to cache something, but had
>> tried to turn all caching off.
>>
>>  
>>
>> My cache.log doesn’t really have anything interesting in it that I
>> can see. It’s the same ~30 or so log entries each time the service
>> starts, and that is about it. Here it is:
>>
>>  
>>
>> 2018/03/22 09:47:27 kid1| Set Current Directory to /var/cache/squid
>>
>> 2018/03/22 09:47:27 kid1| Starting Squid Cache version 3.5.27 for
>> x86_64-unknown-cygwin...
>>
>> 2018/03/22 09:47:27 kid1| Service Name: squid
>>
>> 2018/03/22 09:47:27 kid1| Process ID 1164
>>
>> 2018/03/22 09:47:27 kid1| Process Roles: worker
>>
>> 2018/03/22 09:47:27 kid1| With 3200 file descriptors available
>>
>> 2018/03/22 09:47:27 kid1| Initializing IP Cache...
>>
>> 2018/03/22 09:47:27 kid1| parseEtcHosts: /etc/hosts: (2) No such file
>> or directory
>>
>> 2018/03/22 09:47:27 kid1| DNS Socket created at [::], FD 5
>>
>> 2018/03/22 09:47:27 kid1| DNS Socket created at 0.0.0.0, FD 6
>>
>> 2018/03/22 09:47:27 kid1| Adding nameserver 208.67.222.222 from
>> squid.conf
>>
>> 2018/03/22 09:47:27 kid1| Adding nameserver 208.67.220.220 from
>> squid.conf
>>
>> 2018/03/22 09:47:27 kid1| Logfile: opening log
>> daemon:/var/log/squid/access.log
>>
>> 2018/03/22 09:47:27 kid1| Logfile Daemon: opening log
>> /var/log/squid/access.log
>>
>> 2018/03/22 09:47:27 kid1| WARNING: no_suid: setuid(0): (22) Invalid
>> argument
>>
>> 2018/03/22 09:47:27 kid1| Store logging disabled
>>
>> 2018/03/22 09:47:27 kid1| Swap maxSize 0 + 262144 KB, estimated 20164
>> objects
>>
>> 2018/03/22 09:47:27 kid1| Target number of buckets: 1008
>>
>> 2018/03/22 09:47:27 kid1| Using 8192 Store buckets
>>
>> 2018/03/22 09:47:27 kid1| Max Mem  size: 262144 KB
>>
>> 2018/03/22 09:47:27 kid1| Max Swap size: 0 KB
>>
>> 2018/03/22 09:47:27 kid1| Using Least Load store dir selection
>>
>> 2018/03/22 09:47:27 kid1| Set Current Directory to /var/cache/squid
>>
>> 2018/03/22 09:47:27 kid1| Finished loading MIME types and icons.
>>
>> 2018/03/22 09:47:27 kid1| HTCP Disabled.
>>
>> 2018/03/22 09:47:27 kid1| Squid plugin modules loaded: 0
>>
>> 2018/03/22 09:47:27 kid1| Adaptation support is off.
>>
>> 2018/03/22 09:47:27 kid1| Accepting HTTP Socket connections at
>> local=[::]:3128 remote=[::] FD 10 flags=9
>>
>> 2018/03/22 09:47:28 kid1| storeLateRelease: released 0 objects
>>
>>  
>>
>>  
>>
>> And this is my squid.conf:
>>
>>  
>>
>> #
>>
>> # Recommended minimum 

[squid-users] Squid for windows Very slow downloads of large files through squid with normal uploads

[Keith Hartley]

I am using squid 3.5 for windows as a transparent proxy to provide internet 
access to 7 servers in a secure environment that otherwise does not have 
internet access. I have two squids running behind a load balancer, each one is 
running server 2016 core with 2 Xeon processors that is either haswell 
generation with 1:1 physical processor to virtual processor mapping or a 
hyper-threading Broadwell generation processor that is 1:1 logical processor to 
virtual processor mapping, depending on how they are provisioned when they get 
started.

Doing a bandwidth test directly in the VM I am able to get internet throughput 
of 800-1200 Mbps.

Doing a file copy to and from the VM I am able to get 1200 Mbps lan throughput.

In proxied uploads I have observed speeds as high as 120 Mbps, which is more 
than enough for what I need and the bottleneck is likely in the backup software 
rather than squid. Uploads performance I am not worried about where they are at 
now - even if I only got 20-30 Mbps it would be adequate for what I need it for.

Downloads however are very slow. Small files do not seem to be impacted. Using 
the test a thinkbroadband.com/download, files up to 20 Mb will download at a 
reasonable 20-30 Mbps, but when I get to 50, it slows down to about 17 Mbps, 
and when I download AD Connect from Microsoft, which is about 80 Mb, I can see 
it start at about 30 Mbps, but eventually goes down to about 115 kbps and 
levels off. When I put an IP on the server I am using for testing that proxies 
through squid, I am able to download the file at several hundred mbps.  When I 
download the same file on the squid server - I can't tell exactly what 
throughput I was getting, but the 80 Mb file downloaded within 5 seconds.

In both squid servers, other than when the servers were booting, processor 
activity has not exceeded 9% in the last 7 days but usually sits below 2%. 
Memory usage has not exceeded 2 Gb, leaving 2 Gb free.

I am using OpenDNS for a DNS source, and have tried changing DNS to level3 but 
it made no performance difference.

I think that this may be squid trying to cache something, but had tried to turn 
all caching off.

My cache.log doesn't really have anything interesting in it that I can see. 
It's the same ~30 or so log entries each time the service starts, and that is 
about it. Here it is:

2018/03/22 09:47:27 kid1| Set Current Directory to /var/cache/squid
2018/03/22 09:47:27 kid1| Starting Squid Cache version 3.5.27 for 
x86_64-unknown-cygwin...
2018/03/22 09:47:27 kid1| Service Name: squid
2018/03/22 09:47:27 kid1| Process ID 1164
2018/03/22 09:47:27 kid1| Process Roles: worker
2018/03/22 09:47:27 kid1| With 3200 file descriptors available
2018/03/22 09:47:27 kid1| Initializing IP Cache...
2018/03/22 09:47:27 kid1| parseEtcHosts: /etc/hosts: (2) No such file or 
directory
2018/03/22 09:47:27 kid1| DNS Socket created at [::], FD 5
2018/03/22 09:47:27 kid1| DNS Socket created at 0.0.0.0, FD 6
2018/03/22 09:47:27 kid1| Adding nameserver 208.67.222.222 from squid.conf
2018/03/22 09:47:27 kid1| Adding nameserver 208.67.220.220 from squid.conf
2018/03/22 09:47:27 kid1| Logfile: opening log daemon:/var/log/squid/access.log
2018/03/22 09:47:27 kid1| Logfile Daemon: opening log /var/log/squid/access.log
2018/03/22 09:47:27 kid1| WARNING: no_suid: setuid(0): (22) Invalid argument
2018/03/22 09:47:27 kid1| Store logging disabled
2018/03/22 09:47:27 kid1| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2018/03/22 09:47:27 kid1| Target number of buckets: 1008
2018/03/22 09:47:27 kid1| Using 8192 Store buckets
2018/03/22 09:47:27 kid1| Max Mem  size: 262144 KB
2018/03/22 09:47:27 kid1| Max Swap size: 0 KB
2018/03/22 09:47:27 kid1| Using Least Load store dir selection
2018/03/22 09:47:27 kid1| Set Current Directory to /var/cache/squid
2018/03/22 09:47:27 kid1| Finished loading MIME types and icons.
2018/03/22 09:47:27 kid1| HTCP Disabled.
2018/03/22 09:47:27 kid1| Squid plugin modules loaded: 0
2018/03/22 09:47:27 kid1| Adaptation support is off.
2018/03/22 09:47:27 kid1| Accepting HTTP Socket connections at local=[::]:3128 
remote=[::] FD 10 flags=9
2018/03/22 09:47:28 kid1| storeLateRelease: released 0 objects


And this is my squid.conf:

#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed

#acl localnet src 10.0.0.0/8   # RFC1918 possible internal network
#acl localnet src 172.16.0.0/12# RFC1918 possible internal network
#acl localnet src 192.168.0.0/16  # RFC1918 possible internal network
acl localnet src fc00::/7   # RFC 4193 local private network range
acl localnet src fe80::/10  # RFC 4291 link-local (directly plugged) 
machines
acl WSUS src 192.168.225.4/32
acl BACKUP src 192.168.225.11/32
acl ADFS src 192.168.224.7/32
acl ADFS src 192.168.228.8/32
acl DEVWEB src 192.168.226.6/32
acl UATWEB src 192.168.226.13/32
acl PRDWEB src 

Re: [squid-users] [squid for windows] article on how to enable sslbump

[Rafael Akchurin]

Hello Yuri,

We tried building it several times, but it was not  clear why it failed.. so we 
keep postponing :(

Best regards,
Rafael Akchurin


Op 13 sep. 2017 om 18:07 heeft Yuri 
> het volgende geschreven:



13.09.2017 21:32, Rafael Akchurin пишет:

Greetings everyone,



For all those using Squid version for Microsoft Windows – here is the article 
explaining how to enable HTTPS decryption (sslbump) on Windows platforms.

Please see https://docs.diladele.com/faq/squid/sslbump_squid_windows.html



If you find any errors please tell us at 
supp...@diladele.com



--

Best regards,

Rafael Akchurin

Diladele B.V.

https://www.diladele.com


P.S. Build of Squid 3.5.27 for Microsoft Windows is still on the way :( …
BTW, Raf. Why not to build 4.0.21 already? Now 2017, 3.5.x is so ancient, ever 
on Win64. :) I would like to see cert downloader also on my laptop ;)



___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] [squid for windows] article on how to enable sslbump

[Yuri]

13.09.2017 21:32, Rafael Akchurin пишет:
>
> Greetings everyone,
>
>  
>
> For all those using Squid version for Microsoft Windows – here is the
> article explaining how to enable HTTPS decryption (sslbump) on Windows
> platforms.
>
> Please see https://docs.diladele.com/faq/squid/sslbump_squid_windows.html
>
>  
>
> If you find any errors please tell us at supp...@diladele.com
> 
>
>  
>
> --
>
> Best regards,
>
> Rafael Akchurin
>
> Diladele B.V.
>
> https://www.diladele.com
>
>  
>
> P.S. Build of Squid 3.5.27 for Microsoft Windows is still on the way :( …
>
BTW, Raf. Why not to build 4.0.21 already? Now 2017, 3.5.x is so
ancient, ever on Win64. :) I would like to see cert downloader also on
my laptop ;)
>
>
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users



signature.asc
Description: OpenPGP digital signature
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] [squid for windows] article on how to enable sslbump

[Rafael Akchurin]

Greetings everyone,



For all those using Squid version for Microsoft Windows - here is the article 
explaining how to enable HTTPS decryption (sslbump) on Windows platforms.

Please see https://docs.diladele.com/faq/squid/sslbump_squid_windows.html



If you find any errors please tell us at 
supp...@diladele.com



--

Best regards,

Rafael Akchurin

Diladele B.V.

https://www.diladele.com


P.S. Build of Squid 3.5.27 for Microsoft Windows is still on the way :( ...
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid for windows, ldaps authentication with tls support.

[Amos Jeffries]

On 11/05/17 20:31, Владимир Глазов wrote:

Hello!

I ran in to a problem with Diladele B.V. squid for windows, then i try 
authenticate user with basic_ldap_auth against ldaps server using TLS 
it's ending with error "Could not Activate TLS connection". From 
traffic dump i can see, what problem is in "Unknown CA" but i don't 
see any way how to add trusted root ca in this setup.


Is there any option in my situation?


Are you using SSL-Bump features of this Squid or using it as a normal proxy?



Squid version 3.5.15.


Please update to latest version before debugging TLS related problems. 
The TLS related code in Squid is quite volatile still, and problem you 
have may already be fixed.


Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Squid for windows, ldaps authentication with tls support.

[Владимир Глазов]

Hello!

I ran in to a problem with Diladele B.V. squid for windows, then i try
authenticate user with basic_ldap_auth against ldaps server using TLS it's
ending with error "Could not Activate TLS connection". From traffic dump i
can see, what problem is in "Unknown CA" but i don't see any way how to add
trusted root ca in this setup.

Is there any option in my situation?

Squid version 3.5.15.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Squid 3.5.6 Windows SquidTray crash

[TarotApprentice]

Unfortunately SquidTray still crashes with 3.5.6. This is on Server 2008 R2 x64 
(as before). The mini dump is shown below.

MarkJ

-
Description:
  Stopped working
Problem signature:
  Problem Event Name: CLR20r3
  Problem Signature 01: diladele.squid.tray.exe
  Problem Signature 02: 1.0.0.0
  Problem Signature 03: 559b843a
  Problem Signature 04: mscorlib
  Problem Signature 05: 2.0.0.0
  Problem Signature 06: 53a11de1
  Problem Signature 07: 123f
  Problem Signature 08: 5f
  Problem Signature 09: System.IO.FileNotFoundException
  OS Version: 6.1.7601.2.1.0.272.7
  Locale ID: 3081
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Squid for Windows

[***some text missing***]

Hi all,

I want to use squid proxy services on MS Windows Server 2008, Please let me 
know the latest version of squid and useful link how to install squid on 
windows. Require your suggestion regarding performance of squid on Windows vs 
Linux.


Regards,
Sarfraz Aslam

Re: [squid-users] Squid for Windows

[Amos Jeffries]

On 28/02/2014 12:57 a.m., ***some text missing*** wrote:
 
 
 Hi all,
 
 I want to use squid proxy services on MS Windows Server 2008, Please
 let me know the latest version of squid and useful link how to
 install squid on windows. Require your suggestion regarding
 performance of squid on Windows vs Linux.
 

Latest version of Squid for Windows easily available is 2.7 packages
from http://squid.acmeconsulting.it/.


As for performance, all of the non-Windows systems run much faster than
the Windows 2.7 version and have a much lower socket capacity. Due to
technical issues - advanced socket APIs not being available or
implemented for Windows.

If you are after high performance and happy to change the server OS I
suggest going for the non-Windows system of your choice.


We (I) are working on restoring a Windows port for Squid-3 latest
version(s). But without sponsorship the going is glacially slow and the
last sponsor only got as far as having 3.3 running with a very specific
build profile and major features disabled (eg win32 service support).

If you are dedicated to Windows you could perhapse help sponsor further
development improving the newer versions Windows support. Please contact
be privately about that. But be aware up front that work has been very
slow/tricky in places and we cannot provide a reliable timeline for
working product.


Cheers
Amos

[squid-users] squid on windows

[kshitij]

Hi,
  I need some help to run squid-3.0 or squid -3.1 on windows platform.

I already tried the squid-2.7 binary at
http://squid.acmeconsulting.it/download/squid-2.7.STABLE8-bin.zip
The squid-2.7 binary works great.

Now I want to move further and need to  implement some icap
transformations.  I understand that there is no stable binary
available for squid3.0+ windows port.
Would like to get some pointers on how to proceed such that a
squid-3.0+ windows can be created
Q1. Which branch of squid would be a good starting point for
compilation on windows.
Q2. Are there major stumbling blocks for a  windows squid 3.0+ port or
the effort is more on compilation and then testing it out.

regards
Kshitij

Re: [squid-users] squid using windows seven and

[Amos Jeffries]

On 22/08/11 17:57, Xavier Magnaudeix wrote:

Hi list,

When surfing to http://privilege.ft.com/signin/news using
squid-3.0.STABLE7-4 with windows seven(IE8), I never can see the page when I
click on register.
Using Windows XP + iE8 and same proxy, it works.
Using Firefox on windows seven, I t works too.

Can someone give a try with Seven + IE8 and see if you can get the same
issue? And maybe see what is going on?

Here come the logs:

1313683343.451  5 10.34.36.57 TCP_MISS/200 1695 GET
http://privilege.ft.com/sites/all/themes/ftprivilege/img/header-signin-middl
e.png csov FIRST_UP_PARENT/127.0.0.1 image/png
1313683343.453  5 10.34.36.57 TCP_MISS/200 1591 GET
http://privilege.ft.com/sites/all/themes/ftprivilege/img/mask-bg.png csov
FIRST_UP_PARENT/127.0.0.1 image/png
1313683343.490 15 10.34.36.57 TCP_MISS/200 475 GET
http://www.google-analytics.com/__utm.gif? - DIRECT/209.85.146.139 image/gif
1313683343.494  1 10.34.36.57 TCP_MISS/200 5391 GET
http://privilege.ft.com/sites/all/themes/ftprivilege/img/footer-bg.png csov
FIRST_UP_PARENT/127.0.0.1 image/png
1313683343.499  0 10.34.36.57 TCP_DENIED/407 5011 GET
http://privilege.ft.com/sites/all/themes/ftprivilege/img/deal-submit-button.
png - NONE/- text/html
1313683343.554  4 10.34.36.57 TCP_MISS/200 5364 GET
http://privilege.ft.com/sites/all/themes/ftprivilege/img/deal-submit-button.
png csov FIRST_UP_PARENT/127.0.0.1 image/png
1313683367.376 28 10.34.36.57 TCP_DENIED/407 3886 CONNECT
registration.ft.com:443 - NONE/- text/html
1313683367.428  0 10.34.36.57 TCP_DENIED/407 4236 CONNECT
registration.ft.com:443 - NONE/- text/html
1313683368.013214 10.34.36.57 TCP_DENIED/407 4134 GET
http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsK8Var42Wv2Ct%2BB0CP
yO0igBZwgQUpe8LEc7AQQOjSmWQSLIc4FctfUcCEFRg9%2Fk0x%2FWn%2Fudlr2CmcNo%3D -
NONE/- text/html
1313683368.067  0 10.34.36.57 TCP_DENIED/407 4484 GET
http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsK8Var42Wv2Ct%2BB0CP
yO0igBZwgQUpe8LEc7AQQOjSmWQSLIc4FctfUcCEFRg9%2Fk0x%2FWn%2Fudlr2CmcNo%3D -
NONE/- text/html
1313683368.140  0 10.34.36.57 TCP_DENIED/407 4404 GET
http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsK8Var42Wv2Ct%2BB0CP
yO0igBZwgQUpe8LEc7AQQOjSmWQSLIc4FctfUcCEFRg9%2Fk0x%2FWn%2Fudlr2CmcNo%3D -
NONE/- text/html
1313683368.408174 10.34.36.57 TCP_DENIED/407 3744 GET
http://svrsecure-g2-crl.verisign.com/SVRSecureG2.crl - NONE/- text/html
1313683368.461  0 10.34.36.57 TCP_DENIED/407 4094 GET
http://svrsecure-g2-crl.verisign.com/SVRSecureG2.crl - NONE/- text/html
1313683368.533  0 10.34.36.57 TCP_DENIED/407 4014 GET
http://svrsecure-g2-crl.verisign.com/SVRSecureG2.crl - NONE/- text/html
1313683368.600   1126 10.34.36.57 TCP_MISS/200 3214 CONNECT
registration.ft.com:443 csov DIRECT/62.25.103.202 -
1313683368.629  0 10.34.36.57 TCP_DENIED/407 3886 CONNECT
registration.ft.com:443 - NONE/- text/html
1313683368.684  0 10.34.36.57 TCP_DENIED/407 4236 CONNECT
registration.ft.com:443 - NONE/- text/html
1313683368.811 81 10.34.36.57 TCP_MISS/200 74 CONNECT
registration.ft.com:443 csov DIRECT/62.25.103.202 –

If I uncheck the proxy settings on Seven/IE8 it goes through, and even when
I check it again. I seems that if it had worked once without proxy, it’ll
work forever with the proxy…



I spy a bunch of 407 + CONNECT events. Would that happen to be NTLM auth 
taking place? There is a keep-alive bug (#3213) in Squid-3 CONNECT 
handling that breaks the NTLM handshake.


NP: tis is where I'd normally say upgrade. But I'm still working on 
making Windows simply build again :(


Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.14
  Beta testers wanted for 3.2.0.10

[squid-users] squid using windows seven and

[Xavier Magnaudeix]

Hi list,

When surfing to http://privilege.ft.com/signin/news using
squid-3.0.STABLE7-4 with windows seven(IE8), I never can see the page when I
click on register.
Using Windows XP + iE8 and same proxy, it works.
Using Firefox on windows seven, I t works too.

Can someone give a try with Seven + IE8 and see if you can get the same
issue? And maybe see what is going on?

Here come the logs:

1313683343.451  5 10.34.36.57 TCP_MISS/200 1695 GET
http://privilege.ft.com/sites/all/themes/ftprivilege/img/header-signin-middl
e.png csov FIRST_UP_PARENT/127.0.0.1 image/png
1313683343.453  5 10.34.36.57 TCP_MISS/200 1591 GET
http://privilege.ft.com/sites/all/themes/ftprivilege/img/mask-bg.png csov
FIRST_UP_PARENT/127.0.0.1 image/png
1313683343.490 15 10.34.36.57 TCP_MISS/200 475 GET
http://www.google-analytics.com/__utm.gif? - DIRECT/209.85.146.139 image/gif
1313683343.494  1 10.34.36.57 TCP_MISS/200 5391 GET
http://privilege.ft.com/sites/all/themes/ftprivilege/img/footer-bg.png csov
FIRST_UP_PARENT/127.0.0.1 image/png
1313683343.499  0 10.34.36.57 TCP_DENIED/407 5011 GET
http://privilege.ft.com/sites/all/themes/ftprivilege/img/deal-submit-button.
png - NONE/- text/html
1313683343.554  4 10.34.36.57 TCP_MISS/200 5364 GET
http://privilege.ft.com/sites/all/themes/ftprivilege/img/deal-submit-button.
png csov FIRST_UP_PARENT/127.0.0.1 image/png
1313683367.376 28 10.34.36.57 TCP_DENIED/407 3886 CONNECT
registration.ft.com:443 - NONE/- text/html
1313683367.428  0 10.34.36.57 TCP_DENIED/407 4236 CONNECT
registration.ft.com:443 - NONE/- text/html
1313683368.013    214 10.34.36.57 TCP_DENIED/407 4134 GET
http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsK8Var42Wv2Ct%2BB0CP
yO0igBZwgQUpe8LEc7AQQOjSmWQSLIc4FctfUcCEFRg9%2Fk0x%2FWn%2Fudlr2CmcNo%3D -
NONE/- text/html
1313683368.067  0 10.34.36.57 TCP_DENIED/407 4484 GET
http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsK8Var42Wv2Ct%2BB0CP
yO0igBZwgQUpe8LEc7AQQOjSmWQSLIc4FctfUcCEFRg9%2Fk0x%2FWn%2Fudlr2CmcNo%3D -
NONE/- text/html
1313683368.140  0 10.34.36.57 TCP_DENIED/407 4404 GET
http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsK8Var42Wv2Ct%2BB0CP
yO0igBZwgQUpe8LEc7AQQOjSmWQSLIc4FctfUcCEFRg9%2Fk0x%2FWn%2Fudlr2CmcNo%3D -
NONE/- text/html
1313683368.408    174 10.34.36.57 TCP_DENIED/407 3744 GET
http://svrsecure-g2-crl.verisign.com/SVRSecureG2.crl - NONE/- text/html
1313683368.461  0 10.34.36.57 TCP_DENIED/407 4094 GET
http://svrsecure-g2-crl.verisign.com/SVRSecureG2.crl - NONE/- text/html
1313683368.533  0 10.34.36.57 TCP_DENIED/407 4014 GET
http://svrsecure-g2-crl.verisign.com/SVRSecureG2.crl - NONE/- text/html
1313683368.600   1126 10.34.36.57 TCP_MISS/200 3214 CONNECT
registration.ft.com:443 csov DIRECT/62.25.103.202 -
1313683368.629  0 10.34.36.57 TCP_DENIED/407 3886 CONNECT
registration.ft.com:443 - NONE/- text/html
1313683368.684  0 10.34.36.57 TCP_DENIED/407 4236 CONNECT
registration.ft.com:443 - NONE/- text/html
1313683368.811 81 10.34.36.57 TCP_MISS/200 74 CONNECT
registration.ft.com:443 csov DIRECT/62.25.103.202 –

If I uncheck the proxy settings on Seven/IE8 it goes through, and even when
I check it again. I seems that if it had worked once without proxy, it’ll
work forever with the proxy…

Xavier Magnaudeix / PHIBEE
+33(0)426847864 / +33(0)607647062

[squid-users] Squid for windows checking for PC in Active Directory

[Julian Zoellner]

Hello,

Squid for Windows 2.7.STABLE8 is running and user authentification is running 
aswell. But some computer should not be allowed to have internet even with 
authenticated users logged in.

is it possible to test if a computer (with random IP-adress) is member of an 
Active Directory Group? 

Tahnks for help
Julian
-- 
Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de

Re: [squid-users] Squid for windows checking for PC in Active Directory

[Amos Jeffries]

On 31/05/11 18:41, Julian Zoellner wrote:

Hello,

Squid for Windows 2.7.STABLE8 is running and user authentification is running 
aswell. But some computer should not be allowed to have internet even with 
authenticated users logged in.

is it possible to test if a computer (with random IP-adress) is member of an 
Active Directory Group?


http://wiki.squid-cache.org/Features/Authentication

Under How do I use authentication in access controls?.

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.12
  Beta testers wanted for 3.2.0.8 and 3.1.12.2

[squid-users] Squid for windows authentication against Active Directory

[Julian Zoellner]

hello all,

in the last days i tried to setup the Squid for windows 2.7.STABLE7 with 
authentication against a Active Directory Group Internet. For this is used 
the folloing HowTo:
http://www.papercut.com/kb/Main/InstallingAndConfiguringSquidNTProxy

So my squid.conf looks like this:

http_port 3128
external_acl_type win_domain_group ttl=120 %LOGIN 
c:/squid/libexec/mswin_check_ad_group.exe -d -G
acl Inet external win_domain_group MY-DOMAIN/Groups/Internet
 
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localnet src 10.0.0.0/13
acl SSL_ports port 443 563 1
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl CONNECT method CONNECT

http_access allow manager localnet
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow Inet

http_access deny all
never_direct allow all
icp_access allow all


After starting up the squid service i get the following reply from my helper:
/mswin_check_ad_group.exe[3692]: Member of Domain MY-DOMAIN
/mswin_check_ad_group.exe[3692]: Into forest MY.DOMAIN
/mswin_check_ad_group.exe[3692]: External ACL win32 group helper build Mar 13 
2010, 14:16:45 starting up...
/mswin_check_ad_group.exe[3692]: Domain Global group mode enabled using 
'MY-DOMAIN' as default domain.

the last entry in my cache.log is:
2011/05/25 08:03:13| storeLateRelease: released 0 objects

when i try to connect i always get Cache Access Denied errorpage.

can please someone help me setting this up?

best regards 
Julian
-- 
Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de

Re: [squid-users] Squid for windows authentication against Active Directory

[Amos Jeffries]

On 25/05/11 18:39, Julian Zoellner wrote:

hello all,

in the last days i tried to setup the Squid for windows 2.7.STABLE7 with authentication 
against a Active Directory Group Internet. For this is used the folloing 
HowTo:
http://www.papercut.com/kb/Main/InstallingAndConfiguringSquidNTProxy



Please use 2.7.STABLE9 at the very least. 2.7 as a whole is aging and 
deprecated, we support 2.7.STABLE9 only until all its useful features 
are ported to 3.x series.




So my squid.conf looks like this:

http_port 3128
external_acl_type win_domain_group ttl=120 %LOGIN 
c:/squid/libexec/mswin_check_ad_group.exe -d -G
acl Inet external win_domain_group MY-DOMAIN/Groups/Internet

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localnet src 10.0.0.0/13
acl SSL_ports port 443 563 1
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl CONNECT method CONNECT

http_access allow manager localnet
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow Inet

http_access deny all
never_direct allow all
icp_access allow all


After starting up the squid service i get the following reply from my helper:
/mswin_check_ad_group.exe[3692]: Member of Domain MY-DOMAIN
/mswin_check_ad_group.exe[3692]: Into forest MY.DOMAIN
/mswin_check_ad_group.exe[3692]: External ACL win32 group helper build Mar 13 
2010, 14:16:45 starting up...
/mswin_check_ad_group.exe[3692]: Domain Global group mode enabled using 
'MY-DOMAIN' as default domain.

the last entry in my cache.log is:
2011/05/25 08:03:13| storeLateRelease: released 0 objects

when i try to connect i always get Cache Access Denied errorpage.

can please someone help me setting this up?


Firstly, remove the never_direct line.

Then follow the instructions in that tutorial about how to setup 
authentication...


auth_param ntlm program c:/squid/libexec/mswin_ntlm_auth.exe
auth_param ntlm children 5

acl loggedIn proxy_auth REQUIRED
http_access deny !loggedIn


The part you followed begins The next step is ...  which is a clear 
indication that it depends on the earlier parts which were skipped.


NP: the bits they have in that config about localnet are broken and 
have never worked as described.


Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.12
  Beta testers wanted for 3.2.0.7 and 3.1.12.1

Re: [squid-users] Squid for windows authentication against Active Directory

[Amos Jeffries]

On 25/05/11 20:42, Julian Zoellner wrote:

hello Amos,


Please use 2.7.STABLE9 at the very least. 2.7 as a whole is aging and
deprecated, we support 2.7.STABLE9 only until all its useful features
are ported to 3.x series.


we already use 2.7.STABLE8 and i can't find a STABLE9 download for windows.

i updated the squid.conf file to:

auth_param ntlm program c:/squid/libexec/mswin_ntlm_auth.exe -d
auth_param ntlm children 5

external_acl_type win_domain_group ttl=120 %LOGIN 
c:/squid/libexec/mswin_check_ad_group.exe -d -G
acl Inet external win_domain_group MY-DOMAIN/Groups/Internet

acl loggedIn proxy_auth REQUIRED
http_access allow loggedIn Inet


This setup ask for username and password in my Browser and nothing is right 
(the same for just the NTLM authentication), maybe no communication in the 
network? also i don't want to login while starting the browser, it should look 
in the given group that the user is in.



The group cannot be known until the user is received from the browser. 
If the browser is showing a popup that means it cannot find any username 
available to it or the ones it has have failed to validate as correct 
with the DC. All of this is inside the client machine, outside of Squids 
control.


Despite popular belief Squid does not generate a popup. All Squid does 
is ask the browser for credentials (*any* credentials) of an acceptable 
type.


Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.12
  Beta testers wanted for 3.2.0.7 and 3.1.12.1

[squid-users] SQUID on Windows (MSI package)

[sichent]

Hello leute,

I have created a MSI installation package builing instructions and 
sourceforge project to wrap the latest windows build from Squid/Acme 
Consulting into MSI suitable for deployment on Windows...


not sure how may folks out there are interested. Shall I post the link 
here or it will be considered as too agressive move towards MS :) ?


best regards,
sich

Re: [squid-users] SQUID on Windows (MSI package)

[Amos Jeffries]

On Sun, 17 Apr 2011 23:04:03 +0200, sichent wrote:

Hello leute,

I have created a MSI installation package builing instructions and
sourceforge project to wrap the latest windows build from Squid/Acme
Consulting into MSI suitable for deployment on Windows...

not sure how may folks out there are interested. Shall I post the
link here or it will be considered as too agressive move towards MS 
:)

?

best regards,
sich


This is a public list, so that depends on whether it is within or 
against the MSI packaging EULA. We have no objections per se.



PS. we are struggling to get 3.2+ working on Windows again. Its kind of 
hard with Guido being the only one with direct MS operating system 
access. Assistance on that work would be a great help and would ensure 
squid for Windows continues.
Current blocker bugs are 
http://bugs.squid-cache.org/show_bug.cgi?id=3043 and some side issues 
with pkg-config.


Amos

[squid-users] squid on Windows

[Markus Moeller]

Hi

Can I run squid on Windows XP or Vista and provide NTLM authentication for 
the XP/Vista local accounts or do I need a DC ?


Thank you
Markus 

Re: [squid-users] squid on Windows

[Amos Jeffries]

Markus Moeller wrote:

Hi

Can I run squid on Windows XP or Vista and provide NTLM authentication 
for the XP/Vista local accounts or do I need a DC ?


Windows builds provide several helpers that use the SSPI interface of 
the local system.


Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.6
  Beta testers wanted for 3.2.0.1

[squid-users] R: [squid-users] squid on Windows

[Guido Serassio]

Hi Markus,

I wrote the native Windows helpers many time ago, but now I don't remember 
exactly if the NTLM one needs a DC, but it should, because is a full 
negotiating NTLM helper. It seems to me that only the Basic one can work using 
local accounts. Again, I'm not sure, and now I don't have the possibility to 
make a check.

Regards

Guido Serassio
Acme Consulting S.r.l.
Microsoft Gold Certified Partner
VMware Professional Partner
Via Lucia Savarino, 110098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135   Fax. : +39.011.9781115
Email: guido.seras...@acmeconsulting.it
WWW: http://www.acmeconsulting.it


-Messaggio originale-
Da: Markus Moeller [mailto:hua...@moeller.plus.com] 
Inviato: venerdì 6 agosto 2010 11.34
A: squid-users@squid-cache.org
Oggetto: [squid-users] squid on Windows

Hi

Can I run squid on Windows XP or Vista and provide NTLM authentication for 
the XP/Vista local accounts or do I need a DC ?

Thank you
Markus 

Re: [squid-users] squid on windows xp

[Marcello Romani]

Lomas es de Primera ha scritto:

Hey guys:

I am trying to use Squid on my PC (Windows XP) as I lay in a proxied LAN. 
However, there is an unrestricted WiFi connection available. However, due to Windows' 
route selection, I can only connect through the WiFi connection by disconnecting from the 
LAN, and therefore, having no access to local servers. Yesterday I installed squid and 
tried to access to both connections by using the following configuration on squid.conf

http_port   127.0.0.1:80
icp_port0
cache_mgr   Me
visible_hostnameMe
memory_poolson
memory_pools_limit  32 MB
logformat   combined %{Host}h %a %ui %un [%tl] %rm %ru  HTTP/%rv %Hs 
%st %{Referer}h %{User-Agent}h %Ss:%Sh
logformat   vcombined %{Host}h %a %ui %un [%tl] %rm %ru  
HTTP/%rv %Hs %st %{Referer}h 
logfile_rotate  60
vary_ignore_expire  on
cache_mem   256 MB
cache_swap_low  94
cache_swap_high 98
maximum_object_size 1 GB
acl all src all
http_access allow all
tcp_outgoing_addressx.x.x.x

Where x.x.x.x is obviously, my WiFi connection IP address. However, this is not 
working at all and I am not seeing something. Could anyone tell me? I keep 
getting socket error and when I disconnect the LAN cable, I am able to use my 
proxy.

Thanks in advance.


  



I'm no expert, but I'll throw in my 2 cents...

I suspect squid is not binding itself to the wifi interface, so Windows 
is routing squid outgoing traffic as usual (i.e. through the cable).


HTH

--
Marcello Romani

Rv: Re: [squid-users] squid on windows xp

[Lomas es de Primera]

However, ping to the x.x.x.x is successful. Is there any other way I can 
correct this?

 2010/7/28 Marcello Romani mrom...@ottotecnica.com:
  Lomas es de Primera ha scritto:
 
  Hey guys:
 
  I am trying to use Squid on my PC (Windows XP) as
 I lay in a proxied
  LAN. However, there is an unrestricted WiFi
 connection available. However,
  due to Windows' route selection, I can only
 connect through the WiFi
  connection by disconnecting from the LAN, and
 therefore, having no access to
  local servers. Yesterday I installed squid and
 tried to access to both
  connections by using the following configuration
 on squid.conf
 
  http_port           
                
        127.0.0.1:80
  icp_port           
                
         0
  cache_mgr           
                
        Me
  visible_hostname         
               Me
  memory_pools         
                
   on
  memory_pools_limit       
               32 MB
  logformat           
                
        combined %{Host}h %a
 %ui %un
  [%tl] %rm %ru  HTTP/%rv %Hs %st
 %{Referer}h %{User-Agent}h %Ss:%Sh
  logformat           
                
        vcombined %{Host}h
 %a %ui
  %un [%tl] %rm %ru  HTTP/%rv %Hs %st
 %{Referer}h 
  logfile_rotate         
                 60
  vary_ignore_expire       
               on
  cache_mem           
                
        256 MB
  cache_swap_low         
                 94
  cache_swap_high         
            
    98
  maximum_object_size       
          1 GB
  acl           
                
              all src
 all
  http_access         
                
    allow all
  tcp_outgoing_address    x.x.x.x
 
  Where x.x.x.x is obviously, my WiFi connection IP
 address. However, this
  is not working at all and I am not seeing
 something. Could anyone tell me? I
  keep getting socket error and when I disconnect
 the LAN cable, I am able to
  use my proxy.
 
  Thanks in advance.
 
 
       
 
  I'm no expert, but I'll throw in my 2 cents...
 
  I suspect squid is not binding itself to the wifi
 interface, so Windows is
  routing squid outgoing traffic as usual (i.e. through
 the cable).
 
  HTH
 
  --
  Marcello Romani
 
 
 
 
 
 
 

Re: Rv: Re: [squid-users] squid on windows xp

[Amos Jeffries]

On Wed, 28 Jul 2010 08:15:50 -0700 (PDT), Lomas es de Primera
soymilray...@users.sourceforge.net wrote:
 However, ping to the x.x.x.x is successful. Is there any other way I can
 correct this?

Not easily. It involves finding a fix for the route selection.

The problem is that squid can bind to the x.x.x.x as its outgoing IP but
it still runs through the OS route selection to send packets. This fixes
the bad selection of outgoing IP, but actual routing choices of what
interfaces are available/running cannot be fixed by Squid.

Amos

 
 2010/7/28 Marcello Romani mrom...@ottotecnica.com:
  Lomas es de Primera ha scritto:
 
  Hey guys:
 
  I am trying to use Squid on my PC (Windows XP) as
 I lay in a proxied
  LAN. However, there is an unrestricted WiFi
 connection available. However,
  due to Windows' route selection, I can only
 connect through the WiFi
  connection by disconnecting from the LAN, and
 therefore, having no access to
  local servers. Yesterday I installed squid and
 tried to access to both
  connections by using the following configuration
 on squid.conf
 
  http_port   

127.0.0.1:80
  icp_port   

 0
  cache_mgr   

Me
  visible_hostname 
   Me
  memory_pools 

   on
  memory_pools_limit   
   32 MB
  logformat   

combined %{Host}h %a
 %ui %un
  [%tl] %rm %ru  HTTP/%rv %Hs %st
 %{Referer}h %{User-Agent}h %Ss:%Sh
  logformat   

vcombined %{Host}h
 %a %ui
  %un [%tl] %rm %ru  HTTP/%rv %Hs %st
 %{Referer}h 
  logfile_rotate 
 60
  vary_ignore_expire   
   on
  cache_mem   

256 MB
  cache_swap_low 
 94
  cache_swap_high 

98
  maximum_object_size   
  1 GB
  acl   

  all src
 all
  http_access 

allow all
  tcp_outgoing_addressx.x.x.x
 
  Where x.x.x.x is obviously, my WiFi connection IP
 address. However, this
  is not working at all and I am not seeing
 something. Could anyone tell me? I
  keep getting socket error and when I disconnect
 the LAN cable, I am able to
  use my proxy.
 
  Thanks in advance.
 
 
   
 
  I'm no expert, but I'll throw in my 2 cents...
 
  I suspect squid is not binding itself to the wifi
 interface, so Windows is
  routing squid outgoing traffic as usual (i.e. through
 the cable).
 
  HTH
 
  --
  Marcello Romani
 
 
 
 
 
 

[squid-users] squid on windows xp

[Lomas es de Primera]

Hey guys:

I am trying to use Squid on my PC (Windows XP) as I lay in a proxied LAN. 
However, there is an unrestricted WiFi connection available. However, due to 
Windows' route selection, I can only connect through the WiFi connection by 
disconnecting from the LAN, and therefore, having no access to local servers. 
Yesterday I installed squid and tried to access to both connections by using 
the following configuration on squid.conf

http_port   127.0.0.1:80
icp_port0
cache_mgr   Me
visible_hostnameMe
memory_poolson
memory_pools_limit  32 MB
logformat   combined %{Host}h %a %ui %un 
[%tl] %rm %ru  HTTP/%rv %Hs %st %{Referer}h %{User-Agent}h %Ss:%Sh
logformat   vcombined %{Host}h %a %ui %un 
[%tl] %rm %ru  HTTP/%rv %Hs %st %{Referer}h 
logfile_rotate  60
vary_ignore_expire  on
cache_mem   256 MB
cache_swap_low  94
cache_swap_high 98
maximum_object_size 1 GB
acl all src all
http_access allow all
tcp_outgoing_addressx.x.x.x

Where x.x.x.x is obviously, my WiFi connection IP address. However, this is not 
working at all and I am not seeing something. Could anyone tell me? I keep 
getting socket error and when I disconnect the LAN cable, I am able to use my 
proxy.

Thanks in advance.

Re: [squid-users] Squid on Windows, slow file transfers

[Serassio Guido]

Hi,

At 01.36 21/07/2009, Amos Jeffries wrote:


 However, file transfers through it are very slow.   The connection is
 20Mbit.   When I go directly to the web file server via a direct NAT, I
 can download at full speed.  1.5MB/s is common from this method.
 However, when I go through the squid reverse-proxy, response time is
great
 but file transfers never go above 200K/s.

Could be many things. From disk speeds, to OS swapping, or FD exhaustion
(Windows is system-capped at 1K handles IIRC).


To be precise, the FD limit on Windows is 2048, it's hard coded in 
the MS C Runtime Library.


Another thing to check is any antivirus software running on the proxy machine.

Please also note that the Windows 2008 support in the 2.7 STABLE6 and 
previous is not optimal (fixed in the next 2.7 STABLE7), but this it 
should not impact on throughput.


Regards

Guido



-
=
Guido Serassio
Acme Consulting S.r.l. - Microsoft Gold Certified Partner
Via Lucia Savarino, 1   10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135  Fax. : +39.011.9781115
Email: guido.seras...@acmeconsulting.it
WWW: http://www.acmeconsulting.it/

[squid-users] Squid on Windows, slow file transfers

[Joseph Jamieson]

Hello,

I have squid 2.7.STABLE6 running on Server 2008.    Its purpose is a 
reverse-proxy for several web services.

For instance, one service is OWA, another is a web-based file-sharing utility, 
and another is a plain old web site.   All DNS records (mail., files., www.) 
point to the same IP which is NATted to Squid.   Each of these services is 
running on a separate machine.

It all works great.   Squid determines which back-end machine/port to request 
the data from based on http headers.   It's squid at its finest.

However, file transfers through it are very slow.   The connection is 20Mbit.   
When I go directly to the web file server via a direct NAT, I can download at 
full speed.  1.5MB/s is common from this method.   However, when I go through 
the squid reverse-proxy, response time is great but file transfers never go 
above 200K/s.

It's almost as if connections are capped/throttled at a certain speed within 
squid.  I tested a direct web server on port 80 under the suspicion that the 
ISP was throttling port 80 but it was fine.

I am having a devil of a time tracking down this problem, and any suggestions 
are most welcome.

Thanks.

Joe

Re: [squid-users] Squid on Windows, slow file transfers

[Amos Jeffries]

On Mon, 20 Jul 2009 14:40:33 -0700, Joseph Jamieson
jjamie...@futurefoundations.com wrote:
 Hello,
 
 I have squid 2.7.STABLE6 running on Server 2008.Its purpose is a
 reverse-proxy for several web services.
 
 For instance, one service is OWA, another is a web-based file-sharing
 utility, and another is a plain old web site.   All DNS records (mail.,
 files., www.) point to the same IP which is NATted to Squid.

Ew. For starters point DNS at the Squid public IP properly.

   Each of
 these services is running on a separate machine.
 
 It all works great.   Squid determines which back-end machine/port to
 request the data from based on http headers.   It's squid at its finest.
 
 However, file transfers through it are very slow.   The connection is
 20Mbit.   When I go directly to the web file server via a direct NAT, I
 can download at full speed.  1.5MB/s is common from this method.  
 However, when I go through the squid reverse-proxy, response time is
great
 but file transfers never go above 200K/s.

Could be many things. From disk speeds, to OS swapping, or FD exhaustion
(Windows is system-capped at 1K handles IIRC).

 
 It's almost as if connections are capped/throttled at a certain speed
 within squid.  I tested a direct web server on port 80 under the
suspicion
 that the ISP was throttling port 80 but it was fine.
 
 I am having a devil of a time tracking down this problem, and any
 suggestions are most welcome.
 
 Thanks.
 
 Joe

Re: [squid-users] Squid for Windows users **Best Practice**

[Amos Jeffries]

Beavis wrote:

thanks for the reply amos..

I'm sorry it seems that i have not been clear on how i want to do this.

I'm not planning to put squid on windows, my plan is to get some best
practice from folks that have experience on using squid as a proxy
for their windows network (with AD and all).


(sorry about the rant)

The official Squid wiki and website I reference below are the only 
current / most accurate  authoritative sources. They are kept very up to 
date with current info as things change.


One of my hobby tasks (and Francesco Chemolli who admins the wiki) is 
going through and re-organising the old FAQ and Squid Authoritive Guide 
book excerpts into an easier reading format and removing obsolete facts. 
If we have incorrect or missing data, please point out for an update.


FWIW: Only Squid 2.7 or higher are supported free by the project 
members. 2.6 and older are starting to cost real money as they obsolete.



If you are one of the crowd who recently have started making their own 
versions please note all the existing third-party best practice 
recommendations often quickly change to incorrect and outdated. Thus the 
wiki format for our own authoritative sources.


We would rather references to our documents than re-writes, and please, 
please specify clearly what versions of Squid your document is talking 
about. I for one am tired of fixing new users 'understanding' from 
obsolete Squid tutorials.


/rant



I'm looking for some suggestions or common setup's on their squid where.

a.) squid can determine the AD user's group and give them their own
list of ACL's


The first part of that requirements is:
http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory

Not sure about the give them their own list of ACL's.
Squid only uses explicit ACLs defined by you in its config.

Some can be sort of dynamic based on custom helpers though:
http://wiki.squid-cache.org/Features/Authentication

The method of configuration can limit certain ACL to only be tested if 
the result of another ACL is true. Anything that can be stated as 
boolean logic with the ACL types provided.




b.) redundancy setup's


HTTP is stateless. Auth is not really much different. Redundancy is 
built into the back end (AD, LDAP, RADIUS, etc) or the very front end 
(PAC,LVS, etc) outside of Squid.


During a failover event either Squid will have the auth result cached 
and things just work. Or squid will deny the lookup until its source 
is fixed or changed. Helpers theoretically can do this second, I'm not 
sure if they do though.




c.) recommended most common way of authenticating AD users to squid.
(NTLM, LDAP, ADS)


Not sure if there is a most common. Every admin has their own 
preferences and local site requirements. There are as many methods of 
operation as there are software to do the auth and ways to connect to 
that software.


The auth methods we get asked about often enough for someone to do a 
write-up are listed under Authentication at:

http://wiki.squid-cache.org/Features/Authentication



thanks again,
-b


On Tue, Jun 16, 2009 at 6:54 PM, Amos Jeffriessqu...@treenet.co.nz wrote:

On Tue, 16 Jun 2009 17:29:33 -0600, Beavis pfu...@gmail.com wrote:

All,

  I just want to get some views from folks that use squid on a windows
environment. I'm looking at the following scenario.

a.) running squid that can be use by windows users (auth via ldap, ntlm.
AD)
b.) site access is on a per group basis (squid auth or through

squidguard)

c.) Squid Redundancy.


Being a squid linux admin with many users on windows I can say that none of
the above require Squid to run on a windows box. Samba + the provided squid
helpers handle windows authentications just fine from most non-windows OS.



Amos
--
Please be using
  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE16
  Current Beta Squid 3.1.0.8

[squid-users] Squid for Windows users **Best Practice**

[Beavis]

All,

  I just want to get some views from folks that use squid on a windows
environment. I'm looking at the following scenario.

a.) running squid that can be use by windows users (auth via ldap, ntlm. AD)
b.) site access is on a per group basis (squid auth or through squidguard)
c.) Squid Redundancy.



any help will be awesomely appreciated.


-b

-- 
()  ascii ribbon campaign - against html e-mail
/\  www.asciiribbon.org   - against proprietary attachments

Re: [squid-users] Squid for Windows users **Best Practice**

[Amos Jeffries]

On Tue, 16 Jun 2009 17:29:33 -0600, Beavis pfu...@gmail.com wrote:
 All,
 
   I just want to get some views from folks that use squid on a windows
 environment. I'm looking at the following scenario.
 
 a.) running squid that can be use by windows users (auth via ldap, ntlm.
 AD)
 b.) site access is on a per group basis (squid auth or through
squidguard)
 c.) Squid Redundancy.
 

Being a squid linux admin with many users on windows I can say that none of
the above require Squid to run on a windows box. Samba + the provided squid
helpers handle windows authentications just fine from most non-windows OS.

Amos

Re: [squid-users] Squid for Windows users **Best Practice**

[Beavis]

thanks for the reply amos..

I'm sorry it seems that i have not been clear on how i want to do this.

I'm not planning to put squid on windows, my plan is to get some best
practice from folks that have experience on using squid as a proxy
for their windows network (with AD and all).

I'm looking for some suggestions or common setup's on their squid where.

a.) squid can determine the AD user's group and give them their own
list of ACL's
b.) redundancy setup's
c.) recommended most common way of authenticating AD users to squid.
(NTLM, LDAP, ADS)


thanks again,
-b


On Tue, Jun 16, 2009 at 6:54 PM, Amos Jeffriessqu...@treenet.co.nz wrote:
 On Tue, 16 Jun 2009 17:29:33 -0600, Beavis pfu...@gmail.com wrote:
 All,

   I just want to get some views from folks that use squid on a windows
 environment. I'm looking at the following scenario.

 a.) running squid that can be use by windows users (auth via ldap, ntlm.
 AD)
 b.) site access is on a per group basis (squid auth or through
 squidguard)
 c.) Squid Redundancy.


 Being a squid linux admin with many users on windows I can say that none of
 the above require Squid to run on a windows box. Samba + the provided squid
 helpers handle windows authentications just fine from most non-windows OS.

 Amos





-- 
()  ascii ribbon campaign - against html e-mail
/\  www.asciiribbon.org   - against proprietary attachments

RE: [squid-users] squid on windows domain users

[Dustin Hane]

What type of IP conflicts? Is yoru DHCP server handing down the same IP address 
to different machines? 
You may want to have a setup similar to this:
IN your domain controller you have 2 subgroups under the COMPUTERS OU. 
Container 1 = Internet Access Allowed
Place all the PCS you want to have IP access allowed in this Container.
Container 2 = Not allowed
Place all the PCs without access here. 
Direct your DHCP server to hand out a certain range to Container 1 and a 
different range to container 2. Within squid, set up a src acl for container 1 
to allow. 
Follow?


 dear friends,
 
 i m from india  is using a 2 Mbps Leased Line
 connection, distributing it through windows 2003 server with
 squid  ip based filtering.
 frequently i suffer from problems like ip conflicts bcoz
 users who dnt hav internet facility track the ip on which
 internet is available  changes them.
 
 what is the remedy to this.
 is there a solution like this.
 for all computers that need to hav internet facility,
 should be in domain of the system on which squid is
 installed  only these will have internet facility 
 no other computer on LAN can access internet, dsnt matter
 what its IP is.

or there is a MAC based filtering available 4 windows in squid.
 
 whts ur opinions frnds?
 
 bye



  Now surf faster and smarter ! Check out the new Firefox 3 - Yahoo! 
Edition http://downloads.yahoo.com/in/firefox/

RE: [squid-users] squid on windows domain users

[Dustin Hane]

I'm sorry. I misunderstood that people were changing them. Best way to stop 
them from doing that, is to change the group policy settings in your domain 
controller to remove access to the network control panel for both users and 
local machines. 
Go to:
User Configuration - Network - Network Connections
Enable - Prohibit access to properties of components of LAN connection
Enable - Prohibit TCP/IP advanced configuration
Enable - Prohibit access to the Advanced Settings item on the Advanced Menu
Enable - Prohibit access to properties of a LAN connection
Enable - Prohibit access to the New Connection Wizard

Then apply this GPO to your COMPUTERS OU and you'll be all set. 

Thanks
Dustin

-Original Message-
From: Leonardo Carneiro [mailto:lscarne...@veltrac.com.br] 
Sent: Wednesday, April 29, 2009 9:45 AM
To: Vicks
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] squid on windows domain users

Hi Vicks,

i'm from brazil and i hope i can help u.
at the way i understood, users who don't have a full connection with 
the internet change their IPs to use the resources otherwise would be 
denied to them.

you have tons of ways to prevent this. one way is to use the domain 
login (with a external program) to do the filtering. it will prevent ip 
conflict in your network.

Vicks escreveu:
 dear friends,

 i m from india  is using a 2 Mbps Leased Line
 connection, distributing it through windows 2003 server with
 squid  ip based filtering.
 frequently i suffer from problems like ip conflicts bcoz
 users who dnt hav internet facility track the ip on which
 internet is available  changes them.

 what is the remedy to this.
 is there a solution like this.
 for all computers that need to hav internet facility,
 should be in domain of the system on which squid is
 installed  only these will have internet facility 
 no other computer on LAN can access internet, dsnt matter
 what its IP is.
 

 or there is a MAC based filtering available 4 windows in squid.
   
 whts ur opinions frnds?

 bye
 



   Now surf faster and smarter ! Check out the new Firefox 3 - Yahoo! 
 Edition http://downloads.yahoo.com/in/firefox/


   


-- 

*Leonardo de Souza Carneiro*
*Veltrac - Tecnologia em Logística.*
lscarne...@veltrac.com.br mailto:lscarne...@veltrac.com.br
http://www.veltrac.com.br http://www.veltrac.com.br/
/Fone Com.: (43)2105-5600/
/Av. Higienópolis 1601 Ed. Eurocenter Sl. 803/
/Londrina- PR/
/Cep: 86015-010/

[squid-users] squid on windows domain users

[Vicks]

 dear friends,
 
 i m from india  is using a 2 Mbps Leased Line
 connection, distributing it through windows 2003 server with
 squid  ip based filtering.
 frequently i suffer from problems like ip conflicts bcoz
 users who dnt hav internet facility track the ip on which
 internet is available  changes them.
 
 what is the remedy to this.
 is there a solution like this.
 for all computers that need to hav internet facility,
 should be in domain of the system on which squid is
 installed  only these will have internet facility 
 no other computer on LAN can access internet, dsnt matter
 what its IP is.

or there is a MAC based filtering available 4 windows in squid.
 
 whts ur opinions frnds?
 
 bye



  Now surf faster and smarter ! Check out the new Firefox 3 - Yahoo! 
Edition http://downloads.yahoo.com/in/firefox/

Re: [squid-users] squid on windows domain users

[Leonardo Carneiro]

Hi Vicks,

i'm from brazil and i hope i can help u.
at the way i understood, users who don't have a full connection with 
the internet change their IPs to use the resources otherwise would be 
denied to them.


you have tons of ways to prevent this. one way is to use the domain 
login (with a external program) to do the filtering. it will prevent ip 
conflict in your network.


Vicks escreveu:

dear friends,

i m from india  is using a 2 Mbps Leased Line
connection, distributing it through windows 2003 server with
squid  ip based filtering.
frequently i suffer from problems like ip conflicts bcoz
users who dnt hav internet facility track the ip on which
internet is available  changes them.

what is the remedy to this.
is there a solution like this.
for all computers that need to hav internet facility,
should be in domain of the system on which squid is
installed  only these will have internet facility 
no other computer on LAN can access internet, dsnt matter
what its IP is.



or there is a MAC based filtering available 4 windows in squid.
  

whts ur opinions frnds?

bye





  Now surf faster and smarter ! Check out the new Firefox 3 - Yahoo! 
Edition http://downloads.yahoo.com/in/firefox/


  



--

*Leonardo de Souza Carneiro*
*Veltrac - Tecnologia em Logística.*
lscarne...@veltrac.com.br mailto:lscarne...@veltrac.com.br
http://www.veltrac.com.br http://www.veltrac.com.br/
/Fone Com.: (43)2105-5600/
/Av. Higienópolis 1601 Ed. Eurocenter Sl. 803/
/Londrina- PR/
/Cep: 86015-010/

Re: [squid-users] squid on windows domain users

[Amos Jeffries]

Vicks wrote:

dear friends,

i m from india  is using a 2 Mbps Leased Line connection, distributing it through 
windows 2003 server with squid  ip based filtering.
frequently i suffer from problems like ip conflicts bcoz users who dnt hav internet 
facility track the ip on which internet is available  changes them.

what is the remedy to this.
is there a solution like this.
for all computers that need to hav internet facility, should be in domain of the system 
on which squid is installed  only these will have internet facility  no other 
computer on LAN can access internet, dsnt matter what its IP is.

whts ur opinions frnds?



Use some form of authentication. Squid is capable of ActiveDirectory auth.
 http://wiki.squid-cache.org/ConfigExamples

What you have described so far is a basic network security failure 
usually seen on Windows NetBIOS networks (users being able to detect 
other users IPs and perform privilege escalation).


Amos
--
Please be using
  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
  Current Beta Squid 3.1.0.7

[squid-users] squid on windows domain users

[Vicks]

dear friends,

i m from india  is using a 2 Mbps Leased Line connection, distributing it 
through windows 2003 server with squid  ip based filtering.
frequently i suffer from problems like ip conflicts bcoz users who dnt hav 
internet facility track the ip on which internet is available  changes them.

what is the remedy to this.
is there a solution like this.
for all computers that need to hav internet facility, should be in domain of 
the system on which squid is installed  only these will have internet facility 
 no other computer on LAN can access internet, dsnt matter what its IP is.

whts ur opinions frnds?

bye


  From Chandigarh to Chennai - find friends all over India. Go to 
http://in.promos.yahoo.com/groups/citygroups/

[squid-users] Squid 4 Windows

[Vicks]

dear frnds,

i m new to squid  hav following problems.

1. i found only squid 2.5 version exe 4 windows lest there are more latest 
versions available for linux. if there is some other latest version at some 
link. plz provide me the link. thnx in advance.

2. i m looking for mac based filtering on windows platform. how to apply that.

more queries to come soon.

thnx 2 all 4 reading this msg.

thnx again

bye


  Add more friends to your messenger and enjoy! Go to 
http://messenger.yahoo.com/invite/

Re: [squid-users] Squid 4 Windows

[Amos Jeffries]

Vicks wrote:

dear frnds,

i m new to squid  hav following problems.

1. i found only squid 2.5 version exe 4 windows lest there are more latest 
versions available for linux. if there is some other latest version at some 
link. plz provide me the link. thnx in advance.

2. i m looking for mac based filtering on windows platform. how to apply that.

more queries to come soon.

thnx 2 all 4 reading this msg.

thnx again

bye



The official providers of Win32 builds of Squid are Acme Consulting in 
Italy:


http://squid.acmeconsulting.it/


Amos
--
Please be using
  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
  Current Beta Squid 3.1.0.6

Re: [squid-users] Squid NTLM + Windows Vista update

[Amos Jeffries]

Sébastien WENSKE wrote:

Thanks Amos,

It was very helpfull.

Now I need to fix an issue with dansguardian, when I get through it, I notice 
this in squid log:

01/Mar/2009:16:43:48.329  73520 10.0.0.11 TCP_MISS/200 -0- CONNECT 
update.microsoft.com:443 - DIRECT/65.55.13.126 -

and I get a windows update 80072EE2 error...


But with squid only, it works fine. 


01/Mar/2009:16:42:08.667 117784 10.0.0.11 TCP_MISS/200 -7780- CONNECT 
update.microsoft.com:443 - DIRECT/65.55.184.93 -



Welcome.

IIRC allowing localhost (aka Dansguardian) access to the particular 
CONNECT worked for someone.


Amos



Thanks,

Sébastien



-Message d'origine-
De : Amos Jeffries [mailto:squ...@treenet.co.nz] 
Envoyé : samedi 28 février 2009 23:51

À : Sébastien WENSKE
Cc : squid-users@squid-cache.org
Objet : Re: [squid-users] Squid NTLM + Windows Vista update

Sébastien WENSKE wrote:

Hi All,

I have some troubles to get update with windows vista when I use squid with 
NTLM.

28/Feb/2009:19:04:39.534 2 10.0.0.11 TCP_DENIED/407 452 HEAD 
http://download.windowsupdate.com/v8/windowsupdate/redir/muv3wuredir.cab? - 
NONE/- text/html

Is it possible to allow a specific url/domain without the authentication 
process?

Many thanks,

Sébastien WENSKE.


http://wiki.squid-cache.org/SquidFaq/WindowsUpdate



Amos
--
Please be using
  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
  Current Beta Squid 3.1.0.5

RE: [squid-users] Squid NTLM + Windows Vista update

[Sébastien WENSKE]

Thanks Amos,

It was very helpfull.

Now I need to fix an issue with dansguardian, when I get through it, I notice 
this in squid log:

01/Mar/2009:16:43:48.329  73520 10.0.0.11 TCP_MISS/200 -0- CONNECT 
update.microsoft.com:443 - DIRECT/65.55.13.126 -

and I get a windows update 80072EE2 error...


But with squid only, it works fine. 

01/Mar/2009:16:42:08.667 117784 10.0.0.11 TCP_MISS/200 -7780- CONNECT 
update.microsoft.com:443 - DIRECT/65.55.184.93 -


Thanks,

Sébastien



-Message d'origine-
De : Amos Jeffries [mailto:squ...@treenet.co.nz] 
Envoyé : samedi 28 février 2009 23:51
À : Sébastien WENSKE
Cc : squid-users@squid-cache.org
Objet : Re: [squid-users] Squid NTLM + Windows Vista update

Sébastien WENSKE wrote:
 Hi All,
 
 I have some troubles to get update with windows vista when I use squid with 
 NTLM.
 
 28/Feb/2009:19:04:39.534 2 10.0.0.11 TCP_DENIED/407 452 HEAD 
 http://download.windowsupdate.com/v8/windowsupdate/redir/muv3wuredir.cab? - 
 NONE/- text/html
 
 Is it possible to allow a specific url/domain without the authentication 
 process?
 
 Many thanks,
 
 Sébastien WENSKE.

http://wiki.squid-cache.org/SquidFaq/WindowsUpdate

Amos
-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
   Current Beta Squid 3.1.0.5

[squid-users] Squid NTLM + Windows Vista update

[Sébastien WENSKE]

Hi All,

I have some troubles to get update with windows vista when I use squid with 
NTLM.

28/Feb/2009:19:04:39.534 2 10.0.0.11 TCP_DENIED/407 452 HEAD 
http://download.windowsupdate.com/v8/windowsupdate/redir/muv3wuredir.cab? - 
NONE/- text/html

Is it possible to allow a specific url/domain without the authentication 
process?

Many thanks,

Sébastien WENSKE.

Re: [squid-users] Squid NTLM + Windows Vista update

[Amos Jeffries]

Sébastien WENSKE wrote:

Hi All,

I have some troubles to get update with windows vista when I use squid with 
NTLM.

28/Feb/2009:19:04:39.534 2 10.0.0.11 TCP_DENIED/407 452 HEAD 
http://download.windowsupdate.com/v8/windowsupdate/redir/muv3wuredir.cab? - 
NONE/- text/html

Is it possible to allow a specific url/domain without the authentication 
process?

Many thanks,

Sébastien WENSKE.


http://wiki.squid-cache.org/SquidFaq/WindowsUpdate

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
  Current Beta Squid 3.1.0.5

Re: [squid-users] Squid for windows stops working

[Amos Jeffries]

Gustavo Lazarte wrote:

Hello,

I am using Squid 2.5 for Windows and last week it stopped working. We are using 
this server for Image Caching our web site( meaning all the .jpg and .gif 
request go to the Squid server). Before I turn it back on I would like to know 
Why the HTTP Engine stopped working. Where should I look first? (I tried 
/log/cache/ and the event viewer) The HTTP engine on Squid HTTP engine stopped 
working last week according to our monitoring tool and after manually testing 
the Squid Cache. Also I would like to know if there are ways to improve the 
performance of the Squid Cache as image server. Currently is been performing 
slower than our regular web servers.



Sorry I can't help wit the halting problem.

Performance Tips:

Step 1) Squid 2.6

Step 2) check for anything in squid.conf mentioning regex and seek to 
replace.


Step 3) check your hardware is up to the job.

Amos
--
Please use Squid 2.7.STABLE4 or 3.0.STABLE8

[squid-users] Squid for windows stops working

[Gustavo Lazarte]

Hello,

I am using Squid 2.5 for Windows and last week it stopped working. We are using 
this server for Image Caching our web site( meaning all the .jpg and .gif 
request go to the Squid server). Before I turn it back on I would like to know 
Why the HTTP Engine stopped working. Where should I look first? (I tried 
/log/cache/ and the event viewer) The HTTP engine on Squid HTTP engine stopped 
working last week according to our monitoring tool and after manually testing 
the Squid Cache. Also I would like to know if there are ways to improve the 
performance of the Squid Cache as image server. Currently is been performing 
slower than our regular web servers.

Thanks

Gustavo Lazarte

RE: [squid-users] Squid on Windows with in-built ICAP support

[Alex Rousskov]

On Fri, 2008-04-18 at 10:14 +0530, Shailesh Mishra wrote:

 Any idea on when can Squid3 with built-in ICAP support for Windows can
 be expected?

You need to ask Guido Serassio about Squid3 Windows port schedule.
AFAIK, he is the only one working on Squid Windows builds, and he does
not have much spare time for that. If you are not satisfied with the
state of the Windows port, please see
http://wiki.squid-cache.org/SquidFaq/AboutSquid#HowToAddOrFix

Thank you,

Alex.

 -Original Message-
 From: Alex Rousskov [mailto:[EMAIL PROTECTED] 
 Sent: Thursday, April 17, 2008 9:29 PM
 To: Shailesh Mishra
 Cc: squid-users@squid-cache.org
 Subject: Re: [squid-users] Squid on Windows with in-built ICAP support
 
 
 On Fri, 2008-04-18 at 02:04 +1200, Amos Jeffries wrote:
  Shailesh Mishra wrote:
   Hi ,
   
   Do we have a stable squid build ( release quality) for Windows which
 has
   in-build support for ICAP?
   I guess Squid 2.6 and below does not have this support. Am I
 correct?
   
  
  2.6 has an outdated patch with known bugs.
  3.0 only has an experimental port for testing at this time.
 
 To clarify:
 
 Squid2 has a stable Windows build but no built-in ICAP support.
 Squid3 has stable built-in ICAP support but no stable Windows built.
 
 Alex.
 

[squid-users] Squid on Windows with in-built ICAP support

[Shailesh Mishra]

Hi ,

Do we have a stable squid build ( release quality) for Windows which has
in-build support for ICAP?
I guess Squid 2.6 and below does not have this support. Am I correct?

Regards,
Shailesh

Re: [squid-users] Squid on Windows with in-built ICAP support

[Amos Jeffries]

Shailesh Mishra wrote:

Hi ,

Do we have a stable squid build ( release quality) for Windows which has
in-build support for ICAP?
I guess Squid 2.6 and below does not have this support. Am I correct?



2.6 has an outdated patch with known bugs.
3.0 only has an experimental port for testing at this time.

Amos
--
Please use Squid 2.6.STABLE19 or 3.0.STABLE4

Re: [squid-users] Squid on Windows with in-built ICAP support

[Alex Rousskov]

On Fri, 2008-04-18 at 02:04 +1200, Amos Jeffries wrote:
 Shailesh Mishra wrote:
  Hi ,
  
  Do we have a stable squid build ( release quality) for Windows which has
  in-build support for ICAP?
  I guess Squid 2.6 and below does not have this support. Am I correct?
  
 
 2.6 has an outdated patch with known bugs.
 3.0 only has an experimental port for testing at this time.

To clarify:

Squid2 has a stable Windows build but no built-in ICAP support.
Squid3 has stable built-in ICAP support but no stable Windows built.

Alex.

RE: [squid-users] Squid on Windows with in-built ICAP support

[Shailesh Mishra]

Thanks for the info Alex and Amos :)..

Any idea on when can Squid3 with built-in ICAP support for Windows can
be expected?

--shailesh

-Original Message-
From: Alex Rousskov [mailto:[EMAIL PROTECTED] 
Sent: Thursday, April 17, 2008 9:29 PM
To: Shailesh Mishra
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Squid on Windows with in-built ICAP support


On Fri, 2008-04-18 at 02:04 +1200, Amos Jeffries wrote:
 Shailesh Mishra wrote:
  Hi ,
  
  Do we have a stable squid build ( release quality) for Windows which
has
  in-build support for ICAP?
  I guess Squid 2.6 and below does not have this support. Am I
correct?
  
 
 2.6 has an outdated patch with known bugs.
 3.0 only has an experimental port for testing at this time.

To clarify:

Squid2 has a stable Windows build but no built-in ICAP support.
Squid3 has stable built-in ICAP support but no stable Windows built.

Alex.

Re: [squid-users] Squid and Windows Update

[Amos Jeffries]

 On Fri, 22 Jun 2007 13:53:57 +1200 (NZST) [EMAIL PROTECTED] wrote:

 I have just added a FAQ page
 (http://wiki.squid-cache.org/SquidFaq/WindowsUpdate) with the content of
 this thread.

 Can anyone please make a link to
 http://wiki.squid-cache.org/SquidFaq/WindowsUpdate
 in http://wiki.squid-cache.org/SquidFaq/ ?


Done. And the WU page updated with some more info found recently to make
it play nice with Vista and Win98.

Amos

Re: [squid-users] Squid and Windows Update - SOLVED!!

[Henrik Nordstrom]

fre 2007-06-22 klockan 10:39 +0100 skrev Julian Pilfold-Bagwell:

 It's cured. You were right about allowing access to winupdate. The 
 confusing aspect is that some time back, we had to wrestle for a day to 
 get it working after Windows updated itself. It turned out that you had 
 to use the always_direct directive to get it work as it would crash out 
 otherwise.
 
 Don't know what Microsoft have done to Windows Update but it now has to 
 go back to http_allow.

always_direct has little or no effect on things. All always_direct does
it making Squid ignore any cache_peers you may have. If you don't have
any cache_peer then it's a no-operation thing as going direct is then
the only option Squid has..

So if using always_direct did make any difference then you have a
cache_peer which doesn't work with windows update, or otherwise it just
started to work by accident.

Regards
Henrik


signature.asc
Description: Detta är en digitalt signerad	meddelandedel

Re: [squid-users] Squid and Windows Update

[Julian Pilfold-Bagwell]

Henrik Nordstrom wrote:

tor 2007-06-21 klockan 14:22 +0100 skrev Julian Pilfold-Bagwell:

  

If I am to guess you might need to allow access to the windows
  

update
  

servers without using authentication.
  


  

Is it possible to do that while retaining authentication for users?



Yes.

Just allow access to the windows update servers before where you
normally require authentication.

Regards
Henrik
  

Hi again,

Does the first acl line: 


acl winupdate dstdomain .microsoft.com .windowsupdate.com

not do this? I put the always_direct rule in before the mynetwork rule 
but it doesn't seem to do the trick.


Thanks,

Jools

Re: [squid-users] Squid and Windows Update - SOLVED!!

[Julian Pilfold-Bagwell]

Hi Henrik,

It's cured. You were right about allowing access to winupdate. The 
confusing aspect is that some time back, we had to wrestle for a day to 
get it working after Windows updated itself. It turned out that you had 
to use the always_direct directive to get it work as it would crash out 
otherwise.


Don't know what Microsoft have done to Windows Update but it now has to 
go back to http_allow.


Thanks again, much appreciated,

All the best,

Julian Pilfold-Bagwell

[squid-users] Squid and Windows Update

[Julian Pilfold-Bagwell]

Hi All,

I have an NTLM authenticated squid proxy and an trying to get to Windows 
Update. Up until about 3 weeks ago it worked OK  but then stopped and I 
haven't been able to get it going since. I have microsoft.com and 
windowsupdate.com in an always_direct acl and have used proxycfg to set 
the proxy up on the windows boxes.  I've also ticked http 1.1 connection 
on proxy in IE6's options. I've spent hours on Google without finding 
any solution. Could someone have a look through the acls below to see if 
I've missed something please.


Cheers,

Jools

PS: Below is a snap from the proxy log showing what's happening when I 
try to connect. Thanks.


# Log Output

1182427844.513 RELEASE -1  62992ED631E0F39DDA8C8DC2F898F266  407 
1182427844 0 1182427844 text/html 1325/1325 GET 
http://go.microsoft.com/fwlink/?
1182427844.520 RELEASE -1  2E6A5C7F93EEE6901CCCEE0DEB5A2229  407 
1182427844 0 1182427844 text/html 1325/1325 GET 
http://go.microsoft.com/fwlink/?
1182427844.533 RELEASE -1  DEE0F5C0483083C6578A92A5A262DBA8  407 
1182427844 0 1182427844 text/html 1463/1463 POST 
http://stats.update.microsoft.com/ReportingWebService/ReportingWebService.asmx
1182427844.868 RELEASE -1  A8ABED5E2C14C5B1E9D0C071634A6A5F  407 
1182427844 0 1182427844 text/html 1325/1325 GET 
http://go.microsoft.com/fwlink/?
1182427844.898 RELEASE -1  8A2AF11EB29DC53BECCE375C51ED2564  407 
1182427844 0 1182427844 text/html 1325/1325 GET 
http://go.microsoft.com/fwlink/?
1182427845.371 RELEASE -1  E376783F93B586292C10EB17CEED8C0D  302 
1182427844-1 1182427784 text/html 135/135 GET 
http://go.microsoft.com/fwlink/?
1182427845.395 RELEASE -1  DB56627F467C065BB2717F8C4807EE04  302 
1182427844-1 1182427784 text/html 135/135 GET 
http://go.microsoft.com/fwlink/?
1182427845.959 RELEASE -1  FC48317C07A19CD1D257DF7931B8CF91  407 
1182427845 0 1182427845 text/html 1301/1301 CONNECT 
update.microsoft.com:443
1182427845.965 RELEASE -1  9FDB6B061BB1A01FD5774EDCF57BFE72  407 
1182427845 0 1182427845 text/html 1301/1301 CONNECT 
update.microsoft.com:443
1182427845.968 RELEASE -1  24E1583A4D3FE04F9CC5D92791D8234F  407 
1182427845 0 1182427845 text/html 1301/1301 CONNECT 
update.microsoft.com:443
1182427846.017 RELEASE -1  307158AE09CFED627438DB4C97BB6DE7  407 
1182427846 0 1182427846 text/html 1301/1301 CONNECT 
update.microsoft.com:443
1182427848.314 RELEASE -1  B54B1B79B60C0A9EE18BCC5F376CCCF0  407 
1182427848 0 1182427848 text/html 1463/1463 POST 
http://stats.update.microsoft.com/ReportingWebService/ReportingWebService.asmx
1182427848.335 RELEASE -1  106150D23930001055AB50F33462E587  407 
1182427848 0 1182427848 text/html 1463/1463 POST 
http://stats.update.microsoft.com/ReportingWebService/ReportingWebService.asmx
1182427848.385 RELEASE -1  8F2EB8EA5C13E1999AA8BBA44C8DE2CC  407 
1182427848 0 1182427848 text/html 1463/1463 POST 
http://stats.update.microsoft.com/ReportingWebService/ReportingWebService.asmx
1182427848.608 RELEASE -1  9AAF6E2DA487093383A0DD59ADB264B4  407 
1182427848 0 1182427848 text/html 1301/1301 CONNECT 
update.microsoft.com:443
1182427848.628 RELEASE -1  552B7EA2E74614B8A4E9E82E193FC296  407 
1182427848 0 1182427848 text/html 1301/1301 CONNECT 
update.microsoft.com:443
1182427848.631 RELEASE -1  B2701012D1DE2296A7678125A6841581  407 
1182427848 0 1182427848 text/html 1301/1301 CONNECT 
update.microsoft.com:443
1182427848.681 RELEASE -1  6194E73C33414591F76E8645DD78AF71  407 
1182427848 0 1182427848 text/html 1301/1301 CONNECT 
update.microsoft.com:443
1182427848.928 RELEASE -1  2B64CB519E1123FE9772D9D2FD6B9D23  407 
1182427848 0 1182427848 text/html 1463/1463 POST 
http://stats.update.microsoft.com/ReportingWebService/ReportingWebService.asmx
1182427848.959 RELEASE -1  BAB09BA63C9B037455216ED743BDE755  407 
1182427848 0 1182427848 text/html 1463/1463 POST 
http://stats.update.microsoft.com/ReportingWebService/ReportingWebService.asmx
1182427849.014 RELEASE -1  964028CC20022B536F59877D37745174  407 
1182427849 0 1182427849 text/html 1463/1463 POST 
http://stats.update.microsoft.com/ReportingWebService/ReportingWebService.asmx
1182427850.033 RELEASE -1  36FDA330BD08904D927FB76ABD56B1D1  407 
1182427850 0 1182427850 text/html 1292/1292 CONNECT 
urs.microsoft.com:443
1182427850.075 RELEASE -1  B5335E465AA32ED4259749CBB2AC4236  407 
1182427850 0 1182427850 text/html 1292/1292 CONNECT 
urs.microsoft.com:443
1182427850.127 RELEASE -1  0D4261BD99331073CAE9F2FA94E0EE61  407 
1182427850 0 1182427850 text/html 1292/1292 CONNECT 
urs.microsoft.com:443
1182427850.130 RELEASE -1  32CCE2EA2FB00E6CA57DF5D5F2CC6799  407 
1182427850 0 1182427850 

Re: [squid-users] Squid and Windows Update

[Henrik Nordstrom]

tor 2007-06-21 klockan 14:22 +0100 skrev Julian Pilfold-Bagwell:

  If I am to guess you might need to allow access to the windows update
  servers without using authentication.

 Is it possible to do that while retaining authentication for users?

Yes.

Just allow access to the windows update servers before where you
normally require authentication.

Regards
Henrik


signature.asc
Description: Detta är en digitalt signerad	meddelandedel

Re: [squid-users] Squid and Windows Update

[D E Radel]

Henrik Nordstrom wrote:

tor 2007-06-21 klockan 14:22 +0100 skrev Julian Pilfold-Bagwell:


If I am to guess you might need to allow access to the windows update
servers without using authentication.



Is it possible to do that while retaining authentication for users?


Yes.

Just allow access to the windows update servers before where you
normally require authentication.

Regards
Henrik


That's what we do and it works very well. We do the same for common antivirus 
update sites too. :-)

Just a thought on WindowsUpdate via squid though, it's very very slow through squid. Seems to take 
many minutes to check for updates, but when bypassing the proxy this is not the case. I wonder if 
this is normal for squid?


cheers,
Dietrich.

Re: [squid-users] Squid and Windows Update

[Norman Noah]

We implement windows update through proxy without delay pool and
there's no problem at all.

acl fast dstdom_regex download.windowsupdate.com update.microsoft.com
acl fast dstdom_regex download.microsoft.com ds.microsoft.com

#direct bandwitdhfull access to websites
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_access 1 allow fast
delay_access 1 deny all

Re: [squid-users] Squid and Windows Update

[squid3]

 Henrik Nordstrom wrote:
 tor 2007-06-21 klockan 14:22 +0100 skrev Julian Pilfold-Bagwell:

 If I am to guess you might need to allow access to the windows update
 servers without using authentication.

 Is it possible to do that while retaining authentication for users?

 Yes.

 Just allow access to the windows update servers before where you
 normally require authentication.

 Regards
 Henrik

 That's what we do and it works very well. We do the same for common
 antivirus update sites too. :-)

 Just a thought on WindowsUpdate via squid though, it's very very slow
 through squid. Seems to take
 many minutes to check for updates, but when bypassing the proxy this is
 not the case. I wonder if
 this is normal for squid?


It is a side effect of WindowsUpdate that has been seen before on occasion
under some squid configs.

WindowsUpdate apparently pulls its data from the main servers using
partial Ranges. Squid does not to my knowledge fully support storage of
partial ranges (we have plans to improve this but no sponsor yet I think).
Also some configurations are set to always pull the entire file when a
range is requested.
The cachability settings of the WU servers may also be a factor.

If your config has been set to always pull the entire file and cache it,
you could try allowing squid to pull ranges and not cache them.


Amos

Re: [squid-users] Squid and Windows Update

[Dietrich Radel]

[EMAIL PROTECTED] wrote:

Thanks for that Amos. Can anyone please point me in the right direction
to documentation about configuring such features? The WU issues probably
needs expanding upon in the FAQs I guess. :-)

Thanks in advance.
Dietrich




The relevant squid.conf settings I know of are: http_access and range_offset.

Earlier posts here in squid-users or google may have better details.

I have just added a FAQ page
(http://wiki.squid-cache.org/SquidFaq/WindowsUpdate) with the content of
this thread.

Amos

  


Brilliant! Thanks. :-)
Dietrich

[squid-users] squid on windows capabilities

[Lionel Déruaz]

Hello,
i've been asked to deploy squid on windows on of our company site.

What are the main difference with the standard one (performance, functions,
logs, ...)

The goal would to manage intranet/internet for around 1300 users.

Re: [squid-users] squid on windows capabilities

[Henrik Nordstrom]

ons 2007-04-25 klockan 15:53 +0200 skrev Lionel Déruaz:
 Hello,
 i've been asked to deploy squid on windows on of our company site.
 
 What are the main difference with the standard one (performance, functions,
 logs, ...)

which standard one?

Squid on NT is the same Squid as on other platforms.

Performance differs between the different operating systems. But for a
company of only 1300 employees you should not need to worry about
performance I think.

Regards
Henrik


signature.asc
Description: Detta är en digitalt signerad	meddelandedel

Re: [squid-users] Squid on Windows XP

[Henrik Nordstrom]

sön 2007-03-25 klockan 17:25 -0400 skrev Chris Nighswonger:
 On 3/25/07, Guido Serassio [EMAIL PROTECTED] wrote:
  Maybe the same reason because squid is not working ?
 
 
  Also check your antivirus software.
 
 I tried with AV services completely disabled. No luck.
 
 
  Do you can see the 3128 port in use with netstat -a command ?
 
 With squid started:
 
 TCPnighswonger-hm:3128nighswonger-hm:0   LISTENING
 
 With squid stopped: 3128 is not in use.

And if you try using the squidclient command line client shipped with
Squid?

REgards
Henrik


signature.asc
Description: Detta är en digitalt signerad	meddelandedel

Re: [squid-users] Squid on Windows XP

[Chris Nighswonger]

On 3/26/07, Henrik Nordstrom [EMAIL PROTECTED] wrote:

sön 2007-03-25 klockan 17:25 -0400 skrev Chris Nighswonger:
And if you try using the squidclient command line client shipped with
Squid?


C:\squid\binsquidclient http://www.google.com
HTTP/1.0 200 OK
Cache-Control: private
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: PREF=ID=feeb9121718069f4:TM=1174907365:LM=1174907365:S=tDln0NdET5dCL
7Hm; expires=Sun, 17-Jan-2038 19:14:07 GMT; path=/; domain=.google.com
Server: GWS/2.1
Date: Mon, 26 Mar 2007 11:09:25 GMT
X-Cache: MISS from home-computer
X-Cache-Lookup: MISS from home-computer:3128
Via: 1.0 home-computer:3128 (squid/2.6.STABLE12)
Proxy-Connection: close

-html dump clipped-

It appears to work OK here. This request shows up in the access.log as well.

1174907359.980   1462 127.0.0.1 TCP_MISS/200 4319 GET
http://www.google.com - DIRECT/216.239.37.99 text/html

Is it an IE issue? XP issue? M$ issue?

Chris