tell the team that is running the IPS to change their policy from DROP
to something else, so you are not a captive audience to the timeout.
By sending a RST, they can cause Squid to close the connection and
fail faster. if they are intercepting the DNS request, have them
leverage an RPZ and send
list members,
i am running squid 6.5 on fedora 38, and have found this issue when
running "cache sharing" (or cache_peer siblings) between my 3 squid
instances. a couple weeks ago, this was happening and an update seems
to have fixed the majority of issues. when i ran into the issue, i
On 11/3/23 8:27 AM, Amos Jeffries wrote:
On 3/11/23 08:14, jose.rodriguez wrote:
On 2023-11-02 13:46, Brendan Kearney wrote:
list members,
i am trying to log to a mariadb database, and cannot get the
log_db_daemon script working. i think i have everything setup, but
an error is being
On 11/2/23 2:51 PM, Brendan Kearney wrote:
On 11/2/23 2:49 PM, Francesco Chemolli wrote:
Hi Robert,
are you sure that you have the required packages on your system?
You'll need perl-DBD-MariaDB and what it depends on
On Thu, Nov 2, 2023 at 6:41 PM Brendan Kearney wrote:
On 11/2/23 2
On 11/2/23 2:49 PM, Francesco Chemolli wrote:
Hi Robert,
are you sure that you have the required packages on your system?
You'll need perl-DBD-MariaDB and what it depends on
On Thu, Nov 2, 2023 at 6:41 PM Brendan Kearney wrote:
On 11/2/23 2:14 PM, Robert 'Bobby' Zenz wrote
On 11/2/23 2:14 PM, Robert 'Bobby' Zenz wrote:
Use of uninitialized value $DBI::errstr in concatenation (.) or
string at /usr/lib64/squid/log_db_daemon line 403.
You're trying to use an uninitialized variable when outputting(?) the
error message. Fix that first. I'm guessing you're using the
list members,
i am trying to log to a mariadb database, and cannot get the
log_db_daemon script working. i think i have everything setup, but an
error is being thrown when i try to run the script manually.
/usr/lib64/squid/log_db_daemon /database:3306/squid/access_log/brendan/pass
list members,
i have a couple squid instances that are performing bump/peek/splice and
generating dynamic certs. i want to share the certs that are generated
by the individual instances across the rest of them, via NFS or some
shared mechanism. so, if squid1 creates a certs i want squid2,
0400,192.168.88.2,3128,-,"squid",GET,"HTTP/1.0","http://proxy2.bpk2.com:3128/squid-internal-mgr/","cachemgr.cgi/6.1",404,372,-,"TCP_MISS/HIER_NONE","text/html;
Jul 28 12:59:15 server2 (squid-1)[227457]:
192.168.88.2,server2.bpk2.com,-,28/Jul
, is needed what is that?
thanks,
brendan
On 7/29/23 12:22 PM, Alex Rousskov wrote:
On 7/29/23 11:07, Brendan Kearney wrote:
the package installed does not have any file named MGR_INDEX. running
"rpm -ql squid |grep -i index" does not return anything. searching in
/usr/s
that helps.
thank you,
brendan
On 7/29/23 1:26 AM, Amos Jeffries wrote:
On 29/07/23 14:42, Alex Rousskov wrote:
On 7/28/23 20:08, Brendan Kearney wrote:
i am running squid 6.1 on fedora 38, and cannot get the cachemgr.cgi
working on this box. I am getting the error:
Internal Error: Missin
list members,
i am running squid 6.1 on fedora 38, and cannot get the cachemgr.cgi
working on this box. I am getting the error:
Internal Error: Missing Template MGR_INDEX
when i try to connect using the cache manager interface. oddly, when i
connect from a different host running squid,
You need an ICAP server intelligent enough to differentiate between the
file types. Squid is a proxy and can only deal with the protocol. An ICAP
server can deal with the content. C-icap and ecap are a couple options
that seem to be available. I havr no experience with either.
On Jun 27, 2017
(simple) instructions to have Kerberous
auth supported ftom Mac/iPhone/iPad and Linux (Ubuntu/CentOS) it would be
beneficial to all.
Best regards,
Rafael Akchurin
Op 9 mrt. 2017 om 19:47 heeft Brendan Kearney <bpk...@gmail.com> het volgende
geschreven:
On 03/09/2017 01:17 PM, Rafael Akchurin
On 02/08/2017 09:54 PM, Kottur, Abhijit wrote:
Hi Team,
I am writing this email to understand the capabilities of the product
‘squid-cache’.
Requirement:
I have an executable(.exe) which is trying to hit an internet website.
This executable has the capability to accept proxy IP and port.
You want Kerberos and/or NTLM authentication for Single Sign On. These
authentication methods automatically provide credentials when browser are
configured and the necessary network services are running.
On Aug 17, 2016 6:30 PM, "erdosain9" wrote:
> lol
> no, for all the
At what point does buffer bloat set in? I have a linux router with the
below sysctl tweaks load balancing with haproxy to 2 squid instances. I
have 4 x 1Gb interfaces bonded and have bumped the ring buffers on RX and
TX to 1024 on all interfaces.
The squid servers run with almost the same
On 07/20/2016 08:24 PM, brendan kearney wrote:
Developer tools is not browser specific. Both IE and Firefox have
it. Not sure about Chrome.
Yes telerik fiddler is what I meant. There is a free version I use.
I have not come across an open source equivalent.
On Jul 20, 2016 8:12 PM
rce.it>
wrote:
> On Thursday 21 July 2016 at 01:07:51, brendan kearney wrote:
>
> > I would use developer tools (press f12 in your browser)
>
> That sounds quite browser-specific - thanks for mentioning previously that
> you're using Firefox.
>
> > or maybe run fid
I would use developer tools (press f12 in your browser) or maybe run
fiddler to dig into the details.
On Jul 20, 2016 6:59 PM, "brendan kearney" <bpk...@gmail.com> wrote:
> Firefox on android :)
>
> On Jul 20, 2016 6:34 PM, "Antony Stone" <anto
Firefox on android :)
On Jul 20, 2016 6:34 PM, "Antony Stone" <antony.st...@squid.open.source.it>
wrote:
> On Thursday 21 July 2016 at 00:25:38, brendan kearney wrote:
>
> > An error occurred during a connection to e-vista.scsolutionsinc.com. SSL
> > received a
An error occurred during a connection to e-vista.scsolutionsinc.com. SSL
received a weak ephemeral Diffie-Hellman key in Server Key Exchange
handshake message. Error code: SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY
On Jul 20, 2016 5:49 PM, "Antony Stone"
wrote:
On
Nscd or name server caching daemon may be of help. I believe you can run
your own bind instqnce and point it at the roots, instead of using your
isp's broken implementation
On Jun 30, 2016 2:21 PM, "Chris Horry" wrote:
>
>
> On 06/30/2016 13:34, Alex Crow wrote:
> > I'd
On 04/03/2016 08:06 PM, Amos Jeffries wrote:
On 4/04/2016 4:22 a.m., Brendan Kearney wrote:
with fedora 24 being released in a couple months, haproxy v1.6.x will be
available, and the ability to easily intercept HTTP traffic will be in
the version (see the set-uri directive). with v1.6 i
with fedora 24 being released in a couple months, haproxy v1.6.x will be
available, and the ability to easily intercept HTTP traffic will be in
the version (see the set-uri directive). with v1.6 i will be able to
rewrite the URL, so that squid can process the request properly. my
problem is
On 03/09/2016 06:18 AM, Amos Jeffries wrote:
On 9/03/2016 4:59 a.m., Brendan Kearney wrote:
i have a roku4 device and it constantly has issues causing it to
buffer. i want to try intercepting the traffic to see if i can smooth
out the rough spots.
Squid is unlikely to help with this issue
i have a roku4 device and it constantly has issues causing it to
buffer. i want to try intercepting the traffic to see if i can smooth
out the rough spots. i can install squid on the router device i have
and intercept the port 80/443 traffic, but i want to push the traffic to
my load
On 11/24/2015 10:08 AM, Verónica Ovando wrote:
My Squid Version: Squid 3.4.8
OS Version: Debian 8
I have installed Squid on a server using Debian 8 and seem to have the
basics operating, at least when I start the squid service, I have am
no longer getting any error messages. At this time,
On 11/18/2015 10:42 PM, Amos Jeffries wrote:
On 19/11/2015 3:08 p.m., Brendan Kearney wrote:
I am trying to set up a transparent, intercepting squid instance, along
side my existing explicit instance, and would like some input around
what i have buggered up so far.
i am running HAProxy
So does that mean I can run the DNAT on the firewall/router/load balancer
device and remove the intercept line from my configs, and expect things to
work?
On Nov 18, 2015 10:43 PM, "Amos Jeffries" <squ...@treenet.co.nz> wrote:
> On 19/11/2015 3:08 p.m., Brendan Kearney wro
I am interested in this topic. Would love to hear about your progress.
The os that squid runs on must participate in a dynamic routing protocol
such as ospf and needs to advertise a route to the multicast ip via itself.
Generally this is done by adding a virtual interface to the loopback and
On 10/20/2015 02:26 PM, sebastien.boulia...@cpu.ca wrote:
Hi,
I would like to monitor Squid with Centreon using SNMP.
I configured Squid using http://wiki.squid-cache.org/Features/Snmp
## SNMP Configuration
acl snmpcpu snmp_community cpuread
snmp_port 3401
snmp_access allow snmpcpu
Not near my gear and notes, but will get you what I have later.
On Jul 31, 2015 10:31 AM, Eliezer Croitoru elie...@ngtech.co.il wrote:
On 31/07/2015 15:37, brendan kearney wrote:
Pretty sure memberOf is an overlay you have to enable in openldap
I have tried to use this:
http
Pretty sure memberOf is an overlay you have to enable in openldap
On Jul 31, 2015 8:34 AM, Dan Purgert d...@djph.net wrote:
Quoting Eliezer Croitoru elie...@ngtech.co.il:
I managed to make it work!
I am using ubuntu 14.04.2 with openLDAP and phpldapadmin.
I have changed my server to look like
On 07/31/2015 08:34 AM, Dan Purgert wrote:
Quoting Eliezer Croitoru elie...@ngtech.co.il:
I managed to make it work!
I am using ubuntu 14.04.2 with openLDAP and phpldapadmin.
I have changed my server to look like yours and it still didn't work.
So what I did was this: I changed the command to:
Look into the pacparser project on github. It allows you to evaluate a pac
file and test the logic.
Hi All,
I have 2 issues
First one: How can i bypass proxy for an IP in LAN.
Second one:
I am running squid on openwrt and i want to allow some websites to bypass
proxy and want to allow them go
On 06/08/2015 06:46 PM, Amos Jeffries wrote:
On 8/06/2015 11:02 p.m., Antony Stone wrote:
On Monday 08 June 2015 at 12:53:00 (EU time), Robert Lasota wrote:
the problem is it still writes logs to files /var/log/access.log or
/opt/var/log/access.log (depends what I set in conf) but never to
On 06/08/2015 04:23 PM, Rafael Akchurin wrote:
Hello all,
What is the recommended approach to perform load balancing and high
availability between N squid servers?
I have the following list of requirements to fullfil:
1) Manage N squid servers that share cache (as far as i understand is done
i have 2 squid instances behind HAProxy, balanced using leastconn. each
proxy server has a NFS mount under /etc/squid/acls/ where external acls
are kept. because the NFS mount is common to both instances, i only
need to make an update in one place and both proxies will get the
update. when
Note the lack of a user-agent string. This is likely an app that cannot
authenticate.
My standard for Auth Bypass is source IP, user-agent string and destination
URL. Generally the source is preferred to be statically assigned otherwise
you need to allow the entire dhcp pool or range. Because
On Thu, 2015-03-26 at 13:53 +1300, Amos Jeffries wrote:
On 26/03/2015 10:26 a.m., Brendan Kearney wrote:
On Wed, 2015-03-25 at 15:03 +1300, Amos Jeffries wrote:
On 25/03/2015 9:55 a.m., brendan kearney wrote:
Was not sure if bugzilla was used for mailing list issues. If you would
like me
On Wed, 2015-03-25 at 15:03 +1300, Amos Jeffries wrote:
On 25/03/2015 9:55 a.m., brendan kearney wrote:
Was not sure if bugzilla was used for mailing list issues. If you would
like me to open one, I will but it looks like the list is working again.
Bugzilla is used, list bugs under
Was not sure if bugzilla was used for mailing list issues. If you would
like me to open one, I will but it looks like the list is working again.
On Mar 24, 2015 2:25 PM, Brendan Kearney bpk...@gmail.com wrote:
On Tue, 2015-03-24 at 10:18 -0400, Brendan Kearney wrote:
while load balancing
On Thu, 2015-03-19 at 19:01 -0600, Samuel Anderson wrote:
Hello All,
I have 2 squid servers that authenticate correctly when you point your
browser to either of them. I'm using a negotiate_wrapper. I set it up
following this
:27 PM, Brendan Kearney bpk...@gmail.com
wrote:
On Thu, 2015-03-19 at 19:01 -0600, Samuel Anderson wrote:
Hello All,
I have 2 squid servers that authenticate correctly when you
point your
browser to either of them. I'm using
here I am messages to WCCP-enabled router, which will redirect
traffic on alive cache. The same time you can reconfigure second squid
instance a visa versa.
18.03.15 0:00, Brendan Kearney пишет:
On Tue, 2015-03-17 at 11:59 -0600, Samuel Anderson wrote:
Unfortunately thats not really
On Tue, 2015-02-24 at 15:04 +0100, Peter Oruba wrote:
Hello everybody,
I’d like to distinguish multiple clients that are behind NAT from
Squid’s perspective. Proxy authentication or sessions are not an
option for different reasons and the idea that came up was to assign
each client a
On Wed, 2015-01-21 at 02:10 +1300, Amos Jeffries wrote:
On 21/01/2015 1:38 a.m., Simon Staeheli wrote:
Whatever floats your boat. The point of the Addon/Plugin/helpers
API is that you can use scripts if thy serve your needs better.
All the usual Open Source benefits of many eyeballs and
On Tue, 2015-01-13 at 09:30 +0200, Eliezer Croitoru wrote:
Hey,
Did you had the chance to see this page:
http://findproxyforurl.com/example-pac-file/
Eliezer
On 13/01/2015 06:22, Simon Dcunha wrote:
Dear Sarfraz,
appreciate your immediate reply
Heres attached is my pac file
i
On Tue, 2014-12-16 at 19:40 +0100, Natxo Asenjo wrote:
hi,
we have 2 centos 6 hosts providing a load-balanced squid service
(behind keepalived and haproxy; haproxy sends requests to both squids)
and authenticating users against an Active Directory environment. This
is working really nice.
On Thu, 2014-11-27 at 02:24 -0800, christianmolecki wrote:
Hello everyone,
we are using squid 3.4.6 with ntlm authentification.
Depending on ActiveDirectory group memberships, the user is able to use
different protocols.
This works very well.
Now we need for some websites an additional
.
On Nov 18, 2014 9:45 PM, Jason Haar jason_h...@trimble.com wrote:
On 19/11/14 01:39, Brendan Kearney wrote:
i would suggest that if you use a pac/wpad solution, you look into
pactester, which is a google summer of code project that executes pac
files and provides output indicating what
On Wed, 2014-11-19 at 19:06 +0530, Nishant Sharma wrote:
On 19 November 2014 6:41:44 pm IST, brendan kearney bpk...@gmail.com wrote:
it
if the Content-Type header is not set to
application/x-ns-proxy-autoconfig.
Ah so that is why most of the java applets don't honour PAC settings
with keepalived.
Are you able to serve also https without any problem through HAProxy or
only http request?
regards,
a.
On Sun, Nov 16, 2014 at 8:00 PM, brendan kearney bpk...@gmail.com wrote:
I use kerberos auth and do not have issues. You have to pay attention to
the details with kerberos
On Tue, 2014-10-07 at 20:50 +0200, Marcel wrote:
Hello,
I have some more information.
The problem seems to have nothing to do with samba, krb5 or anything
else. I set up a new squid that isn't in the AD and doesn't use any
kind of authentication at all.
I have the exact same problem.
55 matches
Mail list logo