Re: [squid-users] Recommended squid settings when using IPS-based domain blocking

tell the team that is running the IPS to change their policy from DROP to something else, so you are not a captive audience to the timeout. By sending a RST, they can cause Squid to close the connection and fail faster. if they are intercepting the DNS request, have them leverage an RPZ and send

[squid-users] FATAL: assertion failed: peer_digest.cc:399: "fetch->pd && receivedData.data"

list members, i am running squid 6.5 on fedora 38, and have found this issue when running "cache sharing" (or cache_peer siblings) between my 3 squid instances.  a couple weeks ago, this was happening and an update seems to have fixed the majority of issues.  when i ran into the issue, i

Re: [squid-users] [DMARC] log_db_daemon errors

On 11/3/23 8:27 AM, Amos Jeffries wrote: On 3/11/23 08:14, jose.rodriguez wrote: On 2023-11-02 13:46, Brendan Kearney wrote: list members, i am trying to log to a mariadb database, and cannot get the log_db_daemon script working.  i think i have everything setup, but an error is being

Re: [squid-users] log_db_daemon errors

On 11/2/23 2:51 PM, Brendan Kearney wrote: On 11/2/23 2:49 PM, Francesco Chemolli wrote: Hi Robert,   are you sure that you have the required packages on your system? You'll need perl-DBD-MariaDB and what it depends on On Thu, Nov 2, 2023 at 6:41 PM Brendan Kearney wrote: On 11/2/23 2

Re: [squid-users] log_db_daemon errors

On 11/2/23 2:49 PM, Francesco Chemolli wrote: Hi Robert,   are you sure that you have the required packages on your system? You'll need perl-DBD-MariaDB and what it depends on On Thu, Nov 2, 2023 at 6:41 PM Brendan Kearney wrote: On 11/2/23 2:14 PM, Robert 'Bobby' Zenz wrote

Re: [squid-users] log_db_daemon errors

On 11/2/23 2:14 PM, Robert 'Bobby' Zenz wrote: Use of uninitialized value $DBI::errstr in concatenation (.) or string at /usr/lib64/squid/log_db_daemon line 403. You're trying to use an uninitialized variable when outputting(?) the error message. Fix that first. I'm guessing you're using the

[squid-users] log_db_daemon errors

list members, i am trying to log to a mariadb database, and cannot get the log_db_daemon script working.  i think i have everything setup, but an error is being thrown when i try to run the script manually. /usr/lib64/squid/log_db_daemon /database:3306/squid/access_log/brendan/pass

[squid-users] sharing generated certs between squid instances

list members, i have a couple squid instances that are performing bump/peek/splice and generating dynamic certs.  i want to share the certs that are generated by the individual instances across the rest of them, via NFS or some shared mechanism.  so, if squid1 creates a certs i want squid2,

Re: [squid-users] cachemgr.cgi & Internal Error: Missing Template MGR_INDEX

0400,192.168.88.2,3128,-,"squid",GET,"HTTP/1.0","http://proxy2.bpk2.com:3128/squid-internal-mgr/","cachemgr.cgi/6.1",404,372,-,"TCP_MISS/HIER_NONE","text/html; Jul 28 12:59:15 server2 (squid-1)[227457]: 192.168.88.2,server2.bpk2.com,-,28/Jul

Re: [squid-users] cachemgr.cgi & Internal Error: Missing Template MGR_INDEX

, is needed what is that? thanks, brendan On 7/29/23 12:22 PM, Alex Rousskov wrote: On 7/29/23 11:07, Brendan Kearney wrote: the package installed does not have any file named MGR_INDEX. running "rpm -ql squid |grep -i index" does not return anything. searching in /usr/s

Re: [squid-users] cachemgr.cgi & Internal Error: Missing Template MGR_INDEX

that helps. thank you, brendan On 7/29/23 1:26 AM, Amos Jeffries wrote: On 29/07/23 14:42, Alex Rousskov wrote: On 7/28/23 20:08, Brendan Kearney wrote: i am running squid 6.1 on fedora 38, and cannot get the cachemgr.cgi working on this box.  I am getting the error: Internal Error: Missin

[squid-users] cachemgr.cgi & Internal Error: Missing Template MGR_INDEX

list members, i am running squid 6.1 on fedora 38, and cannot get the cachemgr.cgi working on this box.  I am getting the error: Internal Error: Missing Template MGR_INDEX when i try to connect using the cache manager interface.  oddly, when i connect from a different host running squid,

Re: [squid-users] Block doc documents

You need an ICAP server intelligent enough to differentiate between the file types. Squid is a proxy and can only deal with the protocol. An ICAP server can deal with the content. C-icap and ecap are a couple options that seem to be available. I havr no experience with either. On Jun 27, 2017

Re: [squid-users] microsoft edge and proxy auth not working

(simple) instructions to have Kerberous auth supported ftom Mac/iPhone/iPad and Linux (Ubuntu/CentOS) it would be beneficial to all. Best regards, Rafael Akchurin Op 9 mrt. 2017 om 19:47 heeft Brendan Kearney <bpk...@gmail.com> het volgende geschreven: On 03/09/2017 01:17 PM, Rafael Akchurin

Re: [squid-users] Tunnelling requests using squid-cache

On 02/08/2017 09:54 PM, Kottur, Abhijit wrote: Hi Team, I am writing this email to understand the capabilities of the product ‘squid-cache’. Requirement: I have an executable(.exe) which is trying to hit an internet website. This executable has the capability to accept proxy IP and port.

Re: [squid-users] AD Ldap (automatically take the user that is logging on PC)

You want Kerberos and/or NTLM authentication for Single Sign On. These authentication methods automatically provide credentials when browser are configured and the necessary network services are running. On Aug 17, 2016 6:30 PM, "erdosain9" wrote: > lol > no, for all the

Re: [squid-users] Squid performance not able to drive a 1Gbps internet link

At what point does buffer bloat set in? I have a linux router with the below sysctl tweaks load balancing with haproxy to 2 squid instances. I have 4 x 1Gb interfaces bonded and have bumped the ring buffers on RX and TX to 1024 on all interfaces. The squid servers run with almost the same

Re: [squid-users] Problem site

On 07/20/2016 08:24 PM, brendan kearney wrote: Developer tools is not browser specific. Both IE and Firefox have it. Not sure about Chrome. Yes telerik fiddler is what I meant. There is a free version I use. I have not come across an open source equivalent. On Jul 20, 2016 8:12 PM

Re: [squid-users] Problem site

rce.it> wrote: > On Thursday 21 July 2016 at 01:07:51, brendan kearney wrote: > > > I would use developer tools (press f12 in your browser) > > That sounds quite browser-specific - thanks for mentioning previously that > you're using Firefox. > > > or maybe run fid

Re: [squid-users] Problem site

I would use developer tools (press f12 in your browser) or maybe run fiddler to dig into the details. On Jul 20, 2016 6:59 PM, "brendan kearney" <bpk...@gmail.com> wrote: > Firefox on android :) > > On Jul 20, 2016 6:34 PM, "Antony Stone" <anto

Re: [squid-users] Problem site

Firefox on android :) On Jul 20, 2016 6:34 PM, "Antony Stone" <antony.st...@squid.open.source.it> wrote: > On Thursday 21 July 2016 at 00:25:38, brendan kearney wrote: > > > An error occurred during a connection to e-vista.scsolutionsinc.com. SSL > > received a

Re: [squid-users] Problem site

An error occurred during a connection to e-vista.scsolutionsinc.com. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. Error code: SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY On Jul 20, 2016 5:49 PM, "Antony Stone" wrote: On

Re: [squid-users] Force DNS queries over TCP?

Nscd or name server caching daemon may be of help. I believe you can run your own bind instqnce and point it at the roots, instead of using your isp's broken implementation On Jun 30, 2016 2:21 PM, "Chris Horry" wrote: > > > On 06/30/2016 13:34, Alex Crow wrote: > > I'd

Re: [squid-users] Identifying intercepted clients

On 04/03/2016 08:06 PM, Amos Jeffries wrote: On 4/04/2016 4:22 a.m., Brendan Kearney wrote: with fedora 24 being released in a couple months, haproxy v1.6.x will be available, and the ability to easily intercept HTTP traffic will be in the version (see the set-uri directive). with v1.6 i

[squid-users] Identifying intercepted clients

with fedora 24 being released in a couple months, haproxy v1.6.x will be available, and the ability to easily intercept HTTP traffic will be in the version (see the set-uri directive). with v1.6 i will be able to rewrite the URL, so that squid can process the request properly. my problem is

Re: [squid-users] intercepting roku traffic

On 03/09/2016 06:18 AM, Amos Jeffries wrote: On 9/03/2016 4:59 a.m., Brendan Kearney wrote: i have a roku4 device and it constantly has issues causing it to buffer. i want to try intercepting the traffic to see if i can smooth out the rough spots. Squid is unlikely to help with this issue

[squid-users] intercepting roku traffic

i have a roku4 device and it constantly has issues causing it to buffer. i want to try intercepting the traffic to see if i can smooth out the rough spots. i can install squid on the router device i have and intercept the port 80/443 traffic, but i want to push the traffic to my load

Re: [squid-users] Problems with NTLM authentication

On 11/24/2015 10:08 AM, Verónica Ovando wrote: My Squid Version: Squid 3.4.8 OS Version: Debian 8 I have installed Squid on a server using Debian 8 and seem to have the basics operating, at least when I start the squid service, I have am no longer getting any error messages. At this time,

Re: [squid-users] intercepting traffic

On 11/18/2015 10:42 PM, Amos Jeffries wrote: On 19/11/2015 3:08 p.m., Brendan Kearney wrote: I am trying to set up a transparent, intercepting squid instance, along side my existing explicit instance, and would like some input around what i have buggered up so far. i am running HAProxy

Re: [squid-users] intercepting traffic

So does that mean I can run the DNAT on the firewall/router/load balancer device and remove the intercept line from my configs, and expect things to work? On Nov 18, 2015 10:43 PM, "Amos Jeffries" <squ...@treenet.co.nz> wrote: > On 19/11/2015 3:08 p.m., Brendan Kearney wro

Re: [squid-users] Multicast WCCPv2 + Squid 3.3.8

I am interested in this topic. Would love to hear about your progress. The os that squid runs on must participate in a dynamic routing protocol such as ospf and needs to advertise a route to the multicast ip via itself. Generally this is done by adding a virtual interface to the loopback and

Re: [squid-users] Monitoring Squid using SNMP.

On 10/20/2015 02:26 PM, sebastien.boulia...@cpu.ca wrote: Hi, I would like to monitor Squid with Centreon using SNMP. I configured Squid using http://wiki.squid-cache.org/Features/Snmp ## SNMP Configuration acl snmpcpu snmp_community cpuread snmp_port 3401 snmp_access allow snmpcpu

Re: [squid-users] LDAP related question.

Not near my gear and notes, but will get you what I have later. On Jul 31, 2015 10:31 AM, Eliezer Croitoru elie...@ngtech.co.il wrote: On 31/07/2015 15:37, brendan kearney wrote: Pretty sure memberOf is an overlay you have to enable in openldap I have tried to use this: http

Re: [squid-users] LDAP related question.

Pretty sure memberOf is an overlay you have to enable in openldap On Jul 31, 2015 8:34 AM, Dan Purgert d...@djph.net wrote: Quoting Eliezer Croitoru elie...@ngtech.co.il: I managed to make it work! I am using ubuntu 14.04.2 with openLDAP and phpldapadmin. I have changed my server to look like

Re: [squid-users] LDAP related question.

On 07/31/2015 08:34 AM, Dan Purgert wrote: Quoting Eliezer Croitoru elie...@ngtech.co.il: I managed to make it work! I am using ubuntu 14.04.2 with openLDAP and phpldapadmin. I have changed my server to look like yours and it still didn't work. So what I did was this: I changed the command to:

Re: [squid-users] bypass proxy

Look into the pacparser project on github. It allows you to evaluate a pac file and test the logic. Hi All, I have 2 issues First one: How can i bypass proxy for an IP in LAN. Second one: I am running squid on openwrt and i want to allow some websites to bypass proxy and want to allow them go

Re: [squid-users] Squid doesn't write logs via rsyslog

On 06/08/2015 06:46 PM, Amos Jeffries wrote: On 8/06/2015 11:02 p.m., Antony Stone wrote: On Monday 08 June 2015 at 12:53:00 (EU time), Robert Lasota wrote: the problem is it still writes logs to files /var/log/access.log or /opt/var/log/access.log (depends what I set in conf) but never to

Re: [squid-users] High-availability and load-balancing between N squid servers

On 06/08/2015 04:23 PM, Rafael Akchurin wrote: Hello all, What is the recommended approach to perform load balancing and high availability between N squid servers? I have the following list of requirements to fullfil: 1) Manage N squid servers that share cache (as far as i understand is done

[squid-users] sharing a tidbit

i have 2 squid instances behind HAProxy, balanced using leastconn. each proxy server has a NFS mount under /etc/squid/acls/ where external acls are kept. because the NFS mount is common to both instances, i only need to make an update in one place and both proxies will get the update. when

Re: [squid-users] NTLM authentication problems with HTTP 1.1

Note the lack of a user-agent string. This is likely an app that cannot authenticate. My standard for Auth Bypass is source IP, user-agent string and destination URL. Generally the source is preferred to be statically assigned otherwise you need to allow the entire dhcp pool or range. Because

Re: [squid-users] load balancing and site failover

On Thu, 2015-03-26 at 13:53 +1300, Amos Jeffries wrote: On 26/03/2015 10:26 a.m., Brendan Kearney wrote: On Wed, 2015-03-25 at 15:03 +1300, Amos Jeffries wrote: On 25/03/2015 9:55 a.m., brendan kearney wrote: Was not sure if bugzilla was used for mailing list issues. If you would like me

Re: [squid-users] load balancing and site failover

On Wed, 2015-03-25 at 15:03 +1300, Amos Jeffries wrote: On 25/03/2015 9:55 a.m., brendan kearney wrote: Was not sure if bugzilla was used for mailing list issues. If you would like me to open one, I will but it looks like the list is working again. Bugzilla is used, list bugs under

Re: [squid-users] load balancing and site failover

Was not sure if bugzilla was used for mailing list issues. If you would like me to open one, I will but it looks like the list is working again. On Mar 24, 2015 2:25 PM, Brendan Kearney bpk...@gmail.com wrote: On Tue, 2015-03-24 at 10:18 -0400, Brendan Kearney wrote: while load balancing

Re: [squid-users] Squid will not authenticate NTLM/Kerberos when behind a haproxy load balancer

On Thu, 2015-03-19 at 19:01 -0600, Samuel Anderson wrote: Hello All, I have 2 squid servers that authenticate correctly when you point your browser to either of them. I'm using a negotiate_wrapper. I set it up following this

Re: [squid-users] Squid will not authenticate NTLM/Kerberos when behind a haproxy load balancer

:27 PM, Brendan Kearney bpk...@gmail.com wrote: On Thu, 2015-03-19 at 19:01 -0600, Samuel Anderson wrote: Hello All, I have 2 squid servers that authenticate correctly when you point your browser to either of them. I'm using

Re: [squid-users] Refresh ACL list only

here I am messages to WCCP-enabled router, which will redirect traffic on alive cache. The same time you can reconfigure second squid instance a visa versa. 18.03.15 0:00, Brendan Kearney пишет: On Tue, 2015-03-17 at 11:59 -0600, Samuel Anderson wrote: Unfortunately thats not really

Re: [squid-users] Log proxy hostname along with HTTP access URI

On Tue, 2015-02-24 at 15:04 +0100, Peter Oruba wrote: Hello everybody, I’d like to distinguish multiple clients that are behind NAT from Squid’s perspective. Proxy authentication or sessions are not an option for different reasons and the idea that came up was to assign each client a

Re: [squid-users] benefits of using ext_kerberos_ldap_group_acl instead of ext_ldap_group_acl

On Wed, 2015-01-21 at 02:10 +1300, Amos Jeffries wrote: On 21/01/2015 1:38 a.m., Simon Staeheli wrote: Whatever floats your boat. The point of the Addon/Plugin/helpers API is that you can use scripts if thy serve your needs better. All the usual Open Source benefits of many eyeballs and

Re: [squid-users] {Disarmed} Re: site cannot be accessed

On Tue, 2015-01-13 at 09:30 +0200, Eliezer Croitoru wrote: Hey, Did you had the chance to see this page: http://findproxyforurl.com/example-pac-file/ Eliezer On 13/01/2015 06:22, Simon Dcunha wrote: Dear Sarfraz, appreciate your immediate reply Heres attached is my pac file i

Re: [squid-users] citrix receiver not authenticating with squid

On Tue, 2014-12-16 at 19:40 +0100, Natxo Asenjo wrote: hi, we have 2 centos 6 hosts providing a load-balanced squid service (behind keepalived and haproxy; haproxy sends requests to both squids) and authenticating users against an Active Directory environment. This is working really nice.

Re: [squid-users] Cascading different authentification methods

On Thu, 2014-11-27 at 02:24 -0800, christianmolecki wrote: Hello everyone, we are using squid 3.4.6 with ntlm authentification. Depending on ActiveDirectory group memberships, the user is able to use different protocols. This works very well. Now we need for some websites an additional

Re: [squid-users] Centralized Squid - design and implementation

. On Nov 18, 2014 9:45 PM, Jason Haar jason_h...@trimble.com wrote: On 19/11/14 01:39, Brendan Kearney wrote: i would suggest that if you use a pac/wpad solution, you look into pactester, which is a google summer of code project that executes pac files and provides output indicating what

Re: [squid-users] Centralized Squid - design and implementation

On Wed, 2014-11-19 at 19:06 +0530, Nishant Sharma wrote: On 19 November 2014 6:41:44 pm IST, brendan kearney bpk...@gmail.com wrote: it if the Content-Type header is not set to application/x-ns-proxy-autoconfig. Ah so that is why most of the java applets don't honour PAC settings

Re: [squid-users] Centralized Squid - design and implementation

with keepalived. Are you able to serve also https without any problem through HAProxy or only http request? regards, a. On Sun, Nov 16, 2014 at 8:00 PM, brendan kearney bpk...@gmail.com wrote: I use kerberos auth and do not have issues. You have to pay attention to the details with kerberos

Re: [squid-users] Fwd: Problems with NTLM authentication

On Tue, 2014-10-07 at 20:50 +0200, Marcel wrote: Hello, I have some more information. The problem seems to have nothing to do with samba, krb5 or anything else. I set up a new squid that isn't in the AD and doesn't use any kind of authentication at all. I have the exact same problem.