Re: [squid-users] refresh_pattern and same objects

On 09/01/2015 05:14 AM, FredB wrote: More precisely I reduced the ttl of the first line refresh_pattern -i \.(htm|html|xml|css)(\?.*)?$ 10080 100% 10080 #All File 30 days max refresh_pattern -i \.(3gp|7z|ace|asx|bin|deb|divx|dvr-ms|ram|rpm|exe|inc|cab|qt)(\?.*)?$ 43200 100% 43200

Re: [squid-users] refresh_pattern and same objects

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 And, finally, trackers is relatively easy to block ;) Simple. Against caching and garbaging cache storage. With ufdbGuard, for example :) 02.09.15 0:00, Marcus Kool пишет: > > > On 09/01/2015 05:14 AM, FredB wrote: >> More precisely >> >> I

Re: [squid-users] refresh_pattern and same objects

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 02.09.15 0:16, Marcus Kool пишет: > > > On 09/01/2015 03:08 PM, Yuri Voinov wrote: >> > Better to write store-id rule which cut off parameters and store gif. > > Something like this: > >

Re: [squid-users] refresh_pattern and same objects

On 09/01/2015 03:08 PM, Yuri Voinov wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Better to write store-id rule which cut off parameters and store gif. Something like this: ^https?:\/\/(.+?)\/(.+?)\.(js|css|jp(?:e?g|e|2)|gif|png|bmp|ico|svg|web(p|m)) http://$1.squidinternal/$2.$3

Re: [squid-users] refresh_pattern and same objects

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 This is bad idea - to cache the same gifs with unique parameters. They keeps unchanged for one HTTP-session in best case. You cache will overloads with this small same gifs with unique parameters. Only store ID saves this situation. In other hand,

Re: [squid-users] error windbind

On 2/09/2015 3:27 a.m., Posta Esterna wrote: > Hi, > i've solved samba and winbind problem winbindd is now running > misconfiguration of Samba, DNS and DC > > wbinfo -t > and > wbinfo -p > > is ok! > > I restarted squid > > and in cache.log i find this message 5 times > > 2015/09/01

Re: [squid-users] refresh_pattern and same objects

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Better to write store-id rule which cut off parameters and store gif. Something like this: ^https?:\/\/(.+?)\/(.+?)\.(js|css|jp(?:e?g|e|2)|gif|png|bmp|ico|svg|web(p|m)) http://$1.squidinternal/$2.$3 And, of course, universal rule for

Re: [squid-users] CACHE partition fills up

On 2/09/2015 2:35 a.m., Jasper Van Der Westhuizen wrote: > Good day everyone > > I have a problem with my Squid proxy cache. On two occasions over the last > week the cache partitions have filled up to 100%. I have 4 load balanced > nodes with 100GB cache partitions each. All of them have

Re: [squid-users] Squid 2.7, 3.4 and 3.5 Videos/Music/Images/Libraries/CDNs Booster

Hi All, Advanced Caching Add-On for Linux Squid Proxy Cache v2.7, v3.4 and v3.5 with Videos, Music, Images, Libraries and CDNs. New version 2.622 - September 1st 2015. - New domains - Few bugs fix More details on

Re: [squid-users] Getting updated squid builds (Debian)

On 2/09/2015 10:30 a.m., Tarot Apprentice wrote: > Is there an easier way of getting updated builds on Debian? > > The Jessie (stable) repo has 3.4.8 in it. Even Stretch (testing/next release) > has 3.4.8 in it. Only the experimental version is up to date with 3.5.7. Is > the only option to

Re: [squid-users] HTTPS URL Rewrite

When a browser requests https://www.example.com/index.html, Squid with ssl-bump sends two requests to the URL rewriter: 1. CONNECT www.example.com:443 2. GET https://www.example.com/index.html The URL rewriter must _not_ block the first and send an alternative URL for the second. Caveat:

Re: [squid-users] refresh_pattern and same objects

On 09/01/2015 03:57 PM, Yuri Voinov wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 This is bad idea - to cache the same gifs with unique parameters. They keeps unchanged for one HTTP-session in best case. You cache will overloads with this small same gifs with unique parameters.

[squid-users] winbind interface

Hi I have squid setup to use NTLM and then faill back to basic. when it fails back to basic, my user put in firstname.surname@a.b.c which fails. if they put in firstname.surname it works is there some way to get squid to strip off the @<.*> also is there some way to change the info in the

Re: [squid-users] winbind interface

On 2/09/2015 11:50 a.m., Alex Samad wrote: > Hi > > I have squid setup to use > NTLM and then faill back to basic. > > when it fails back to basic, my user put in > > firstname.surname@a.b.c which fails. > > if they put in firstname.surname it works > > is there some way to get squid to

Re: [squid-users] HTTPS URL Rewrite

On 2/09/2015 12:59 p.m., Oliver Webb wrote: > Hopefully quite a simple one (to ask anyway!): > In Squid 3.5.7 *with working Peek and Splice* how can I give my > url_rewrite_program access to the decrypted URL? > eg. https://example.com/malware-that-the-url-rewriter-will-block.exe.pdf You

Re: [squid-users] Volunteers sought

Hey Kinkie, If you want to publish this specific version as an RPM I would be happy to build couple of them with this patch. Eliezer On 01/09/2015 11:26, Kinkie wrote: Hi all, I am currently working on some performance improvements for the next version of squid; I need some help from

[squid-users] Getting updated squid builds (Debian)

Is there an easier way of getting updated builds on Debian? The Jessie (stable) repo has 3.4.8 in it. Even Stretch (testing/next release) has 3.4.8 in it. Only the experimental version is up to date with 3.5.7. Is the only option to build your own to get a current release? MarkJ

[squid-users] Volunteers sought

Hi all, I am currently working on some performance improvements for the next version of squid; I need some help from volunteers to verify the benefit given by a memory pools feature in real-life scenarios, to better understand how to develop it further. I need the help of someone who has a

Re: [squid-users] wiki.squid-cache.org is broken

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Not available when IPv6 enabled on my outgoing interface. Note: IPv6 globally not used in my country. 01.09.15 5:22, Eliezer Croitoru пишет: > Works for me: > #curl -Iv wiki.squid-cache.org > * Rebuilt URL to: wiki.squid-cache.org/ > * Hostname

Re: [squid-users] refresh_pattern and same objects

> The cases I have personally seen that you might run into serious > trouble > with are .tiff files, TFF is a "high quality" format. At least its > very > high in detail, and I've seen it used with only no-store protection > to > send medical, mapping and hi-res photographic data around by

Re: [squid-users] refresh_pattern and same objects

> > > > refresh_pattern -i \.(htm|html|xml|css)(\?.*)?$ 43200 1000% 43200 > > -> This is my previous rule "http" > > Yes. > > Oh, and there is the less common .chm could be in that set too. > Ok added A last point there is a real difference between (\?.*)?$ and (?.*)?$ Here

Re: [squid-users] refresh_pattern and same objects

On 1/09/2015 7:55 p.m., FredB wrote: > >> >> Trying to avoid override-no-store as long as possible, and target it >> to >> problem sites when it is used. >> >> And after placing this at the end of the patterns: >> >> (\?.*)?$ >> >> > > > Something like this ? > > refresh_pattern -i

Re: [squid-users] refresh_pattern and same objects

More precisely I reduced the ttl of the first line refresh_pattern -i \.(htm|html|xml|css)(\?.*)?$ 10080 100% 10080 #All File 30 days max refresh_pattern -i \.(3gp|7z|ace|asx|bin|deb|divx|dvr-ms|ram|rpm|exe|inc|cab|qt)(\?.*)?$ 43200 100% 43200 ignore-no-store reload-into-ims store-stale

Re: [squid-users] refresh_pattern and same objects

windowsupdate is http, no ssl here... Bye Fred -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/refresh-pattern-and-same-objects-tp4672792p4673014.html Sent from the Squid - Users mailing list archive at Nabble.com.

Re: [squid-users] Volunteers sought

Hi, Can participate too, just ping... Bye Fred -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Volunteers-sought-tp4673002p4673009.html Sent from the Squid - Users mailing list archive at Nabble.com. ___

Re: [squid-users] refresh_pattern and same objects

> Hi Fred, > By keeping objects 30 days maxi, does it mean you expect to upgrade > all > windowsupdate objects in 30 days ? > > I'm still thinking we should have an option forcing some type of > objects > that could never be deleted... ;o) > > Bye Fred > > Hi Yes perhaps, actually it's

Re: [squid-users] refresh_pattern and same objects

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 01.09.15 18:40, FredB пишет: > > >> Hi Fred, >> By keeping objects 30 days maxi, does it mean you expect to upgrade >> all >> windowsupdate objects in 30 days ? >> >> I'm still thinking we should have an option forcing some type of >> objects >>

Re: [squid-users] refresh_pattern and same objects

Hi Fred, By keeping objects 30 days maxi, does it mean you expect to upgrade all windowsupdate objects in 30 days ? I'm still thinking we should have an option forcing some type of objects that could never be deleted... ;o) Bye Fred -- View this message in context:

Re: [squid-users] wiki.squid-cache.org is broken

On 1/09/2015 10:42 p.m., Yuri Voinov wrote: > > Not available when IPv6 enabled on my outgoing interface. > > Note: IPv6 globally not used in my country. > The rest of your country does not matter. For *any* protocol your router should either have connectivity to your ISP, or not. It still

Re: [squid-users] wiki.squid-cache.org is broken

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Check it. This is ISP. They are hands-curved. 01.09.15 21:47, Amos Jeffries пишет: > On 2/09/2015 1:06 a.m., Yuri Voinov wrote: >> >> Found it. My ISP can't pass ICMPv4/v6 to wiki.squid-cache.org . Here is >> problem. >> >> # ping

Re: [squid-users] restriction of sites to a subnet

On 2/09/2015 1:28 a.m., jake driscoll wrote: > here is my requirement: > >> i have a subnet >> only a small list of sites need to be allowed access to this subnet >> this subnet should not get access to any other site except the ones in the > list >> access for other users will remain the same >

[squid-users] CACHE partition fills up

Good day everyone I have a problem with my Squid proxy cache. On two occasions over the last week the cache partitions have filled up to 100%. I have 4 load balanced nodes with 100GB cache partitions each. All of them have filled up. I tried to limit the size by using the following cache_dir

Re: [squid-users] wiki.squid-cache.org is broken

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Found it. My ISP can't pass ICMPv4/v6 to wiki.squid-cache.org . Here is problem. # ping wiki.squid-cache.org no answer from wiki.squid-cache.org haribda#ping wiki.squid-cache.org Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to

[squid-users] restriction of sites to a subnet

here is my requirement: >i have a subnet >only a small list of sites need to be allowed access to this subnet >this subnet should not get access to any other site except the ones in the list >access for other users will remain the same I tried the following acl station-ip src 192.168.1.0/24 acl

Re: [squid-users] Dropbox and GoogleDrive apps won't connect with SSLBump enabled

Thanks for the info, Rafael. Stan On Mon, Aug 31, 2015 at 11:39 PM, Rafael Akchurin < rafael.akchu...@diladele.com> wrote: > The SSL pinning means dropbox application does know the fingerprint of the > certificate of the connection out-of-band and will simply refuse to work > with another (even

Re: [squid-users] error windbind

Hi, i've solved samba and winbind problem winbindd is now running misconfiguration of Samba, DNS and DC wbinfo -t and wbinfo -p is ok! I restarted squid and in cache.log i find this message 5 times 2015/09/01 16:54:18| Failed to select source for '[null entry]' 2015/09/01 16:54:18|

Re: [squid-users] wiki.squid-cache.org is broken

On 2/09/2015 1:06 a.m., Yuri Voinov wrote: > > Found it. My ISP can't pass ICMPv4/v6 to wiki.squid-cache.org . Here is > problem. > > # ping wiki.squid-cache.org > no answer from wiki.squid-cache.org > Perhapse that is involved. But I think you have mistaken what I wrote. Ping just *uses*

Re: [squid-users] refresh_pattern and same objects

On 1/09/2015 9:32 p.m., FredB wrote: > >>> >>> refresh_pattern -i \.(htm|html|xml|css)(\?.*)?$ 43200 1000% 43200 >>> -> This is my previous rule "http" >> >> Yes. >> >> Oh, and there is the less common .chm could be in that set too. >> > > > Ok added > > A last point there is a real