[squid-users] Cannot access outlook!

Hi everybody. I have a huge problem: I cannot access outlook using the browser. I am using squid3.5 over a Debian 8 that . Outlook is the only website that causes problems. I tried rebuild the caché, load extra rules in the firewall (the hosts that not use squid can access outlook)... Here is

Re: [squid-users] Carp example on Debian

On 30/10/2015 12:40 a.m., TarotApprentice wrote: Change this: > http_port 127.0.0.1:400${process_number} To: http_port localhost:400${process_number} Amos ___ squid-users mailing list squid-users@lists.squid-cache.org

Re: [squid-users] squid: ERROR: Could not send signal 1 to process 4711: (1) Operation not permitted

Hi Cheikhou, sounds like wrong access right for the .pid file, the default is /usr/local/squid/var/run/${service_name}.pid , if you can't find it there have a look in your squid.conf maybe you set it to another location. Maybe I´m wrong but your PID file should be accessible from user squid

[squid-users] Carp example on Debian

Trying to run the carp example on Debian this time. The machine is testing with is an i5 with 8Gb of RAM and a 320Gb HDD. I'm getting the following errors in the frontend.cache.log when I try to access a site. Which debug flags should I try? It looks to me like a permissions issue, but I'm not

[squid-users] squid: ERROR: Could not send signal 1 to process 4711: (1) Operation not permitted

hi , I have this error after an update of my centos 6.6 system. Logs files are empty and i can't stop ou restart squid. squid -v Squid Cache: Version 3.1.23 ps -fu squid UIDPID PPID C STIME TTY TIME CMD squid 4711 4708 20 Oct19 ?2-02:05:21 (squid) -f

[squid-users] Squid 3.5.10 and debian Jessie

Hello, I'm trying the latest Jessie + Squid 3.5.10 and there is something wrong with ldap Of course the package libldap2.dev is present and no problem with the same options and Debian Wheezy I missed something ? Fred ./configure '--build=x86_64-linux-gnu' '--enable-cache-digests'

Re: [squid-users] Multiple connection resets TCP_MISS 000

On 30/10/2015 12:14 a.m., Sunny Aujla wrote: > Hi, > > We're having issues with multiple websites going through our Squid > proxy. The issues only started to occur when we upgraded from Squid > 3.1.8 to 3.5.2. Can you please try with the current 3.5.10 snaphot and see if the problem remains.

Re: [squid-users] squid: ERROR: Could not send signal 1 to process 4711: (1) Operation not permitted

Dear Cheikhou, 1. Please don’t reply to me direct , answer to the list. 2. Could you post the owner, group and access rights of the .pid file (like with the command ls -l) ? Best Regards Sebastian -Ursprüngliche Nachricht- Von: Cheikhou Dramé Gesendet: Donnerstag, 29. Oktober 2015

Re: [squid-users] Squid 3.5.10 available in Debian Stretch and Debian Sid

Hey, I was wondering about the details on how to install these unstable packages. It was not mentioned in the squid wiki and I would be happy to add the details into it. Thanks, Eliezer On 12/10/2015 15:36, TarotApprentice wrote: Thanks to Luigi at Debian they have Squid 3.5.10-1 in

Re: [squid-users] Host header forgery detected after upgrade from 3.5.8 to 3.5.9

On 10/28/2015 10:46 PM, Amos Jeffries wrote: > NP: these problems do not exist for forward proxies. Only for traffic > hijacking interceptor proxies. For intercepted connections, Squid should, with an admin permission, connect to the intended IP address without validating whether that IP address

Re: [squid-users] squid: ERROR: Could not send signal 1 to process 4711: (1) Operation not permitted

Updated how? using "yum update"? compiled it from sources? 32 bits or 64 bits cpu? Eliezer On 29/10/2015 16:12, Cheikhou Dramé wrote: hi , I have this error after an update of my centos 6.6 system. Logs files are empty and i can't stop ou restart squid. squid -v Squid Cache: Version 3.1.23

Re: [squid-users] Multiple connection resets TCP_MISS 000

On 29/10/2015 13:14, Sunny Aujla wrote: Hi, We're having issues with multiple websites going through our Squid proxy. The issues only started to occur when we upgraded from Squid 3.1.8 to 3.5.2. May I ask on what OS? Eliezer ___ squid-users

Re: [squid-users] Multiple connection resets TCP_MISS 000

On Thu, Oct 29, 2015 at 3:38 PM, Eliezer Croitoru wrote: > May I ask on what OS? RHEL 6.7 ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Multiple connection resets TCP_MISS 000

On 30/10/2015 3:26 a.m., Sunny Aujla wrote: > On Thu, Oct 29, 2015 at 12:03 PM, Amos Jeffries wrote: >> On 30/10/2015 12:14 a.m., Sunny Aujla wrote: >>> Hi, >>> >>> We're having issues with multiple websites going through our Squid >>> proxy. The issues only started to occur when we upgraded from

Re: [squid-users] squid: ERROR: Could not send signal 1 to process 4711: (1) Operation not permitted

ls -l /var/run/squid.pid -rw-r--r-- 1 squid squid 5 29 oct. 14:47 /var/run/squid.pid On 29.10.2015 15:06, Sebastian Kirschner wrote: Dear Cheikhou, 1. Please don’t reply to me direct , answer to the list. 2. Could you post the owner, group and access rights of the .pid file (like with the

Re: [squid-users] Multiple connection resets TCP_MISS 000

On Thu, Oct 29, 2015 at 12:03 PM, Amos Jeffries wrote: > On 30/10/2015 12:14 a.m., Sunny Aujla wrote: >> Hi, >> >> We're having issues with multiple websites going through our Squid >> proxy. The issues only started to occur when we upgraded from Squid >> 3.1.8 to 3.5.2. >

Re: [squid-users] squid: ERROR: Could not send signal 1 to process 4711: (1) Operation not permitted

On 30/10/2015 3:12 a.m., Cheikhou Dramé wrote: > hi , > I have this error after an update of my centos 6.6 system. > Logs files are empty and i can't stop ou restart squid. > > squid -v > Squid Cache: Version 3.1.23 > > ps -fu squid > UIDPID PPID C STIME TTY TIME CMD > squid

Re: [squid-users] Host header forgery detected after upgrade from 3.5.8 to 3.5.9

On 10/28/2015 10:46 PM, Amos Jeffries wrote: NP: these problems do not exist for forward proxies. Only for traffic hijacking interceptor proxies. On 29.10.15 09:05, Alex Rousskov wrote: For intercepted connections, Squid should, with an admin permission, connect to the intended IP address

Re: [squid-users] Host header forgery detected after upgrade from 3.5.8 to 3.5.9

On 10/29/2015 11:29 AM, Matus UHLAR - fantomas wrote: >> On 10/28/2015 10:46 PM, Amos Jeffries wrote: >>> NP: these problems do not exist for forward proxies. Only for traffic >>> hijacking interceptor proxies. > > On 29.10.15 09:05, Alex Rousskov wrote: >> For intercepted connections, Squid

Re: [squid-users] "NF getsockopt(SO_ORIGINAL_DST)" filling cache.log due to AWS ELB healthchecks

Hi Eliezer, It is entirely possible that haproxy is a better solution than squid for what we are doing. I have never used either solution, and inherited this 'working' squid configuration with the task of cleaning things up and stabilizing it. Regarding your question of 'How do the first layer of

Re: [squid-users] Squid 3.5.10 available in Debian Stretch and Debian Sid

On 30/10/2015 4:47 a.m., Eliezer Croitoru wrote: > Hey, > > I was wondering about the details on how to install these unstable > packages. > It was not mentioned in the squid wiki and I would be happy to add the > details into it. Ah, they are the names of the Debian repositories "Unstable" or

Re: [squid-users] "NF getsockopt(SO_ORIGINAL_DST)" filling cache.log due to AWS ELB healthchecks

John, The fact that intercept is changing that seems to be a very specific bug. You should remove it and find the 'correct' way to make it work. Chico Venancio CEO e Diretor de Criação VM TECH - (98) 9 8800 2743 2015-10-29 16:39 GMT-03:00 John Smith : > Hi Eliezer, > >

[squid-users] Strange Interaction between Squid and Facebook

Hi All, I apologize for the length of this post, but I'm really at my wits' end and am completely out of ideas as to how I might fix this or why this is happening. Background and Architecture: We are using Squid as our user internet access proxy, it is performing authentication via LDAP if a

Re: [squid-users] Strange Interaction between Squid and Facebook

Hey Patrick, Choosing CentOS 7.1 is a great choice. First thing is to let you know I am packaging squid RPMs for CentOS 7 and since the next version of squid(3.5.11) will be out in a few days it will be published later next month. About the issue itself. Couple questions? Are you

Re: [squid-users] Squid 3.5.10 available in Debian Stretch and Debian Sid

On 29/10/2015 22:30, Amos Jeffries wrote: I would not recommend the backporting. There are GCC-5 toolchain changes that are quite huge in Testing. We also added a squid3/squid package name transition in Squid itself. So the things that a backport like that will pull as dependencies may blow up

Re: [squid-users] "NF getsockopt(SO_ORIGINAL_DST)" filling cache.log due to AWS ELB healthchecks

On 30/10/2015 9:51 a.m., John Smith wrote: > The outbound traffic from the L1proxy instance in question connects to a > public IP / DNS name of an ELB in another AWS region. > We need to send some traffic to a different AWS region, thus the mess below: > > AWS instances (clients) -> > AWS

Re: [squid-users] Squid 3.5.10 available in Debian Stretch and Debian Sid

Instructions on what to add into the sources.list. I know I have used one of these in the past on some machine but I am unable to find how to. I have tried to look at the wiki as the first step and I have found it mentioned with the url for the bugzilla but not one word on what to add into the

Re: [squid-users] "NF getsockopt(SO_ORIGINAL_DST)" filling cache.log due to AWS ELB healthchecks

Hey John, You and me are missing couple things in the picture and you first need to understand what you have in order to fix it. The http_port 3128 intercept cannot and should not handle CONNECT request which are the basic form of HTTPS connections that squid knows in general how to use. I

Re: [squid-users] Strange Interaction between Squid and Facebook

Amos, Thanks for the reply, I apologize if this doesn't come through correctly as gmail doesn't seem to be parsing the list emails properly. Are these https:// traffic arriving to the proxy in the form of CONNECT > requests? > Or regular http:// URLs arriving as GET method? > Is a POST or PUT

Re: [squid-users] "NF getsockopt(SO_ORIGINAL_DST)" filling cache.log due to AWS ELB healthchecks

On 30/10/2015 8:39 a.m., John Smith wrote: > Hi Eliezer, > > It is entirely possible that haproxy is a better solution than squid for > what we are doing. > I have never used either solution, and inherited this 'working' squid > configuration with the task of cleaning things up and stabilizing

Re: [squid-users] Squid 3.5.10 available in Debian Stretch and Debian Sid

PS. replying to me directly does not help the list members asking. ;-) On 30/10/2015 8:58 a.m., TarotApprentice wrote: > Depending on if you're running Debian Stretch (the current testing version) > you'd do an "apt-get install squid" or if you're on an older Debian I believe > you can do an

Re: [squid-users] Strange Interaction between Squid and Facebook

On 30/10/2015 8:44 a.m., Patrick Blair - Peapod wrote: > Since then, everything has been working fine, apart from one site, > Facebook, not loading correctly. It varies based on the particular browser > accessing it, but some/most of the style sheets or content don't appear to > load correctly,

Re: [squid-users] "NF getsockopt(SO_ORIGINAL_DST)" filling cache.log due to AWS ELB healthchecks

The outbound traffic from the L1proxy instance in question connects to a public IP / DNS name of an ELB in another AWS region. We need to send some traffic to a different AWS region, thus the mess below: AWS instances (clients) -> AWS internal ELB for L1 proxies -> AWS L1 proxy instances -> a

[squid-users] Error: squid_ldap_group: No such file or directory

Greetings, I am working on setting up Squid 3 to authenticate from Active directory by using the instructions found http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory and http://wiki.bitbinary.com/index.php/Active_Directory_Integrated_Squid_Proxy and have had

Re: [squid-users] 3.5.8 Arm7 socket permissions

HI Thanks again for having a think about this. with debug options 78.2, I get the following 2015/10/29 20:43:11 test| Starting Squid Cache version 3.5.8 for arm-poky-linux-gnueabi... 2015/10/29 20:43:11 test| Service Name: squid 2015/10/29 20:43:11.918 test| 78,2| src/dns_internal.cc(1534)

[squid-users] SSL-Bump to specific users

Hi all, I've been configured Squid version 3.5.9 and transparent proxy. To do this. I used the "peek and splice" feature to works with https protocol in transparent mode. It's works fine. There is a "acl" to block some sites, like facebook.com, linkedin.com, etc... It's works fine too. acl

Re: [squid-users] Error: squid_ldap_group: No such file or directory

Thank you for your help Amos. Due to this new information, I'm looking at the squid.conf file I'm supposed to be writing and I see two statements that I would like to ask about. 1) auth_param negotiate program /usr/local/bin/negotiate_wrapper -d --ntlm /usr/bin/ntlm_auth --diagnostics

Re: [squid-users] Error: squid_ldap_group: No such file or directory

On 30/10/2015 10:56 a.m., Amos Jeffries wrote: > The tutorial(s) a bit old. The Squid-3.2 release notes explain it: > > > The new name for the same helper in your Squid version is ext_ldapgroup_acl Oops. That should have been:

Re: [squid-users] SSL-Bump to specific users

On 10/29/2015 04:09 PM, Rodrigo de Lima Silva wrote: > I've been configured Squid version 3.5.9 and transparent proxy. To do > this. I used the "peek and splice" feature to works with https protocol > in transparent mode. It's works fine. > > There is a "acl" to block some sites, like

Re: [squid-users] Error: squid_ldap_group: No such file or directory

Thank you! -Original Message- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of Amos Jeffries Sent: Thursday, October 29, 2015 4:56 PM To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] Error: squid_ldap_group: No such file or directory On

Re: [squid-users] Error: squid_ldap_group: No such file or directory

Thank you! -Original Message- From: Amos Jeffries [mailto:squ...@treenet.co.nz] Sent: Thursday, October 29, 2015 5:28 PM To: Dan Olson ; squid-users@lists.squid-cache.org Subject: Re: [squid-users] Error: squid_ldap_group: No such file or directory On 30/10/2015 11:17

Re: [squid-users] Error: squid_ldap_group: No such file or directory

On 30/10/2015 10:19 a.m., dolson wrote: > Greetings, > > I am working on setting up Squid 3 to authenticate from Active > directory by using the instructions found > http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory > and >

Re: [squid-users] Error: squid_ldap_group: No such file or directory

On 30/10/2015 11:17 a.m., dolson wrote: > Thank you for your help Amos. Due to this new information, I'm > looking at the squid.conf file I'm supposed to be writing and I see > two statements that I would like to ask about. 1) auth_param > negotiate program /usr/local/bin/negotiate_wrapper -d

[squid-users] Squid with SMP, CARP and a forwarding loop

I have been attempting to setup a squid forward proxy with one frontend and two backends as per configuration example http://wiki.squid-cache.org/ConfigExamples/SmpCarpCluster My issue is that only the first attempt comes from the cache and then additional requests are downloaded direct by the

Re: [squid-users] Strange Interaction between Squid and Facebook

Hi Eliezer, First, THANK YOU for packaging squid for CentOS 7! I actually reused your SRPM for my squid 3.5.x builds, just changed a few options :) About the issue itself. > Couple questions? > Are you running\using ssl-bump or not? No, not at all, it should just be set to "none" > When a

Re: [squid-users] Strange Interaction between Squid and Facebook

Hi Amos, I ran squid with those debug options you indicated and here is the output for requesting https://www.facebook.com and https://www.facebook.com/PeapodDelivers/ access.log 1446160994.160471 10.1.99.147 TCP_MISS/200 3628 CONNECT api.ip2info.org:443 pblair HIER_DIRECT/178.63.49.5 -

Re: [squid-users] Inconsistent accessing of the cache, craigslist.org images, wacky stuff.

On 29/10/2015 3:02 p.m., Jester Purtteman wrote: > but my bigger question is: if I setup a parent > proxy that ONLY grabs the big updates down on my big-fast-cheap > connection, then set my little-slow-expensive-connection up to pull > from that connection, would that have a higher chance of

Re: [squid-users] Host header forgery detected after upgrade from 3.5.8 to 3.5.9

On 29/10/2015 1:16 p.m., Dan Charlesworth wrote: > It looks like there’s certain hosts that are designed to load balance (or > something) between a few IPs, regardless of geography. > > For example pbs.twimg.com resolves to wildcard.twimg.com which returns two > different IPs each time, from a

Re: [squid-users] Host header forgery detected after upgrade from 3.5.8 to 3.5.9

This is happening when my client and proxy are using the same DNS server. In this case, a local OS X Server which forwards to my ISP’s DNS servers. As far as I can tell Google’s DNS isn’t in the equation any more. Even so, if I run a `dig watch` on the domain, it happily cycles through a pool

Re: [squid-users] 3.5.8 Arm7 socket permissions

On 29/10/2015 11:16 a.m., Darren Breeze ML wrote: > Hi all > > I have built squid 3.5.8 with yocto to run on an arm 7. > > This build of the OS seems to have different permissions for processes > opening sockets. THe DNS routine fails to open a socket with the > following error > > root@test:~#

Re: [squid-users] 3.5.8 Arm7 socket permissions

Hi Thanks for the reply. Libcap2 is in the build, but the build is for an Arm7 and the rootfs is read only. Anything that needs write access I have moved to a ram disk and symlinked it back into the expected place during the build process. There must be something else in the OS standing in

[squid-users] dynamic ssl cert and active directory

Hi, I am testing Dynamic SSL Certificate Generation: http://wiki.squid-cache.org/Features/DynamicSslCert My clients are mostly Microsoft Windows Active Directory domain members. I can push self-signed root ca certificate to clients by means of group policy in order for browsers not to warn about

Re: [squid-users] Strange Interaction between Squid and Facebook

On 30/10/2015 05:24, Patrick Blair - Peapod wrote: Hi Eliezer, Thanks for your response. I have set up a VM to test out configurations in the same data center and address space as the problematic one. What I haven't done is test it by rebuilding the squid configuration from the defaults up and

Re: [squid-users] Inconsistent accessing of the cache, craigslist.org images, wacky stuff.

> -Original Message- > From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On > Behalf Of Amos Jeffries > Sent: Thursday, October 29, 2015 1:28 AM > To: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] Inconsistent accessing of the cache, craigslist.org >

Re: [squid-users] Strange Interaction between Squid and Facebook

Hi Eliezer, Thanks for your response. I have set up a VM to test out configurations in the same data center and address space as the problematic one. What I haven't done is test it by rebuilding the squid configuration from the defaults up and trying to use the same IP, that will probably be

Re: [squid-users] Inconsistent accessing of the cache, craigslist.org images, wacky stuff.

Hey, I was convinced that there was an option to disable the host forgery test, which will make more sense if you will use bind and will intercept all DNS traffic into it. About your idea for an upstream cache. It's a pretty nice idea, I am pretty sure that the host forgery test can be

Re: [squid-users] Strange Interaction between Squid and Facebook

Hey Patrick, Thanks for clearing the picture out. Since it's HTTPS traffic it will might be a bit difficult to debug. I wanted to notify you that squid 3.5.10 is suffering from some bugs but it is very hard for me to actually find this specific issue meet any of the know bugs else then one