Re: [squid-users] TPROXY and IPv6 issues CentOS 7

On 14/10/2015 7:07 a.m., James White wrote: > Hi all, > > I operate a squid box which has two http_port setups: > > http_port 3128 > http_port 3129 TPROXY > > I have implemented TPROXY to replace my NAT setup on a CentOS 7 Squid > 3.3 box. Currently the IPv4 connectivity is working great, the

Re: [squid-users] Safari 9 vs. SSL Bump

On 14/10/15 16:08, Dan Charlesworth wrote: > I thought that fixed it for a second … > > But in reality ssl_bump peek step1 & ssl_bump bump step3 is actually splicing > everything, it seems. > > Any other advice? :-) Could this imply be a pinning issue? ie does Safari track the CAs used by those

Re: [squid-users] Safari 9 vs. SSL Bump

On 14/10/2015 1:13 p.m., Dan Charlesworth wrote: > Throwing this out to the list in case anyone else might be trying to get SSL > Bump to work with the latest version of Safari. > > Every other browser on OS X (and iOS) is happy with bumping for pretty much > all HTTPS sites, so long as the

Re: [squid-users] Delay pool with large negative numbers

On 14/10/2015 11:46 a.m., Chico Venancio wrote: > I have configured delay pools for a client that delays access to a few > sites, including youtube and facebook. > It seems to work for some clients, and has significantly reduced link > congestion. However, some clients seem to be unaffected by the

Re: [squid-users] Safari 9 vs. SSL Bump

I meant to say “forward secrecy”, which appears to be a list of specific ciphers: https://developer.apple.com/library/watchos/technotes/App-Transport-Security-Technote/index.html Anyone know how to translate that list of ciphers to use in sslproxy_cipher in squid.conf? > On 14 Oct 2015, at

Re: [squid-users] ERROR: NAT/TPROXY lookup failed to locate original IPs

On 14/10/2015 1:43 p.m., SaRaVanAn wrote: > Hi Amos, > I have tested squid 3.5.10 in linux kernel 3.16 compiled for debian wheezy. > But still I am seeing same kind of errors. > What could be the issue? Is there anything else we need to change? > > *Linux version * > uname -r >

Re: [squid-users] Safari 9 vs. SSL Bump

¯\_(ツ)_/¯ All I really have to go on is those errors com.apple.WebKit.Networking is logging which apparently points to a specific thing it’s missing called “forward transport security”. Only the peek@step1 seems to make it as far as any of squid’s logs. No other browsers affected that I can

Re: [squid-users] Safari 9 vs. SSL Bump

I thought that fixed it for a second … But in reality ssl_bump peek step1 & ssl_bump bump step3 is actually splicing everything, it seems. Any other advice? :-) > On 14 Oct 2015, at 1:51 PM, Amos Jeffries wrote: > > On 14/10/2015 1:13 p.m., Dan Charlesworth wrote: >>

Re: [squid-users] SQUID: cache_dir filling up and squid imploding

On 14/10/2015 3:05 a.m., Nelson Manuel Marques wrote: > > Hi all, > > We have a squid running for quite a few years and with the increase of > traffic we noticed a bit of I/O hammering on the squid server (local > disks). > > For some testing, I've made a small 1.2GB tmpfs and pointed cache_dir

Re: [squid-users] Safari 9 vs. SSL Bump

On 14/10/2015 5:03 p.m., Dan Charlesworth wrote: > I meant to say “forward secrecy”, which appears to be a list of specific > ciphers: > https://developer.apple.com/library/watchos/technotes/App-Transport-Security-Technote/index.html > > Anyone know how to translate that list of ciphers to use

Re: [squid-users] decreased requests per second with big file size

On 12/10/2015 6:51 p.m., Ambadas H wrote: > Hi Amos, > > Thanks for responding > > *"You would be better off taking the first use of any domain by a client,* > > *then ignoring other requests for it until there is some long period* > *between two of them. The opposite of what session helpers

Re: [squid-users] acl Question

On 13/10/2015 12:19 p.m., joe wrote: > ok again i filter out most of the squid conf with this minimum config should > i get any static img or anything as hit or not > caus i dont get any > i test on squid 3.5.8 and up same think Please continue to use that later version. In absence of any

Re: [squid-users] decreased requests per second with big file size

Hey Ambadas, I was wondering if you want it to be something like a "live feed" or just for logs analyzing? Eliezer On 09/10/2015 15:47, Ambadas H wrote: Hi, I am using below setup: Squid proxy 3.5.4. CentOS 7.1 I am trying to analyze the most used websites by the users via Squid proxy. I

[squid-users] SQUID: cache_dir filling up and squid imploding

Hi all, We have a squid running for quite a few years and with the increase of traffic we noticed a bit of I/O hammering on the squid server (local disks). For some testing, I've made a small 1.2GB tmpfs and pointed cache_dir to it so that our cache would be in the 'ramdrive'. This did help a

Re: [squid-users] SQUID: cache_dir filling up and squid imploding

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Squid has its own in-memory cache, what's the point to put the disk cache to the same ?! 13.10.15 20:05, Nelson Manuel Marques пишет: > > Hi all, > > We have a squid running for quite a few years and with the increase of > traffic we noticed a

Re: [squid-users] SQUID: cache_dir filling up and squid imploding

On Tue, 2015-10-13 at 20:22 +0600, Yuri Voinov wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Squid has its own in-memory cache, what's the point to put the disk > cache to the same ?! The problem here isn't the tmpfs, but instead Squid going 20% over the max size defined

Re: [squid-users] SQUID: cache_dir filling up and squid imploding

On Tuesday 13 October 2015 at 16:37:10, Nelson Manuel Marques wrote: > On Tue, 2015-10-13 at 20:22 +0600, Yuri Voinov wrote: > > > > Squid has its own in-memory cache, what's the point to put the disk > > cache to the same ?! > > The problem here isn't the tmpfs, but instead Squid going 20%

Re: [squid-users] SQUID: cache_dir filling up and squid imploding

On 10/13/2015 10:17 AM, Nelson Manuel Marques wrote: > Hi Antony, > > I had actually seen that document and it's "10%". That's why I've left > 20% also taking in mind the space reserved for 'root'. > > I suppose we have to increase it and go on trial/error until we find a > safe margin?

[squid-users] TPROXY and IPv6 issues CentOS 7

Hi all, I operate a squid box which has two http_port setups: http_port 3128 http_port 3129 TPROXY I have implemented TPROXY to replace my NAT setup on a CentOS 7 Squid 3.3 box. Currently the IPv4 connectivity is working great, the IPv6 connectivity is broken when going through TPROXY. All IPv6

[squid-users] How to allow subdomains in my config.

Hi, I searched on the doc and on the web, I cant find what I want. The primary site is http://ezproxyx.reseaubiblio.ca. After the user is authentificated, he cans access many ressources / other sites. In the access.log, I got an TCP_DENIED TCP_DENIED/403 4524 GET

[squid-users] Safari 9 vs. SSL Bump

Throwing this out to the list in case anyone else might be trying to get SSL Bump to work with the latest version of Safari. Every other browser on OS X (and iOS) is happy with bumping for pretty much all HTTPS sites, so long as the proxy’s CA is trusted. However Safari throws generic “secure

Re: [squid-users] ERROR: NAT/TPROXY lookup failed to locate original IPs

Hi Amos, I have tested squid 3.5.10 in linux kernel 3.16 compiled for debian wheezy. But still I am seeing same kind of errors. What could be the issue? Is there anything else we need to change? *Linux version * uname -r 3.16.7-ckt11-ram.custom-1.4 *Squid version* /usr/sbin/squid -v Squid

Re: [squid-users] How to allow subdomains in my config.

Em 13/10/15 18:14, sebastien.boulia...@cpu.ca escreveu: cache_peer ezproxyx.reseaubiblio.ca parent 80 0 no-query originserver name=ezproxycqlm acl ezproxycqlmacl dstdomain ezproxycqlm.reseaubiblio.ca http_access allow www80 ezproxycqlmacl cache_peer_access ezproxycqlm allow www80