Thanks Amos,
OK this seems to answer my question.
A session helper with ttl=3 should be enough if it will return the username
associated by the helper.
The next thing is to block traffic if there is no username.
Eliezer
Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email:
This is more of Amos and Alex area.
In general I think that haproxy does load balancing much more efficiently then
squid.
It is being used in production for years so I'm not sure why you should use
Squid for LB.
If you want to resolve this issue then be my guest I can only offer so QA and
Hi,
thank you Amos, this is bringing me into the right direction.
Now I know what I'll have to debug: the pinger.
Cache.log shows:
2021/02/09 14:49:27| pinger: Initialising ICMP pinger ...
2021/02/09 14:49:27| pinger: ICMP socket opened.
2021/02/09 14:49:27| pinger: ICMPv6 socket opened
This is what I'm seeing in peer_select in cache_log with 44,3 debug options:
2021/02/09 16:25:11.588 kid1| 44,2| peer_select.cc(258)
peerSelectDnsPaths: Find IP destination for: '[the_request]' via
[ip_cache_peer_srv1]
2021/02/09 16:25:11.588 kid1| 44,2| peer_select.cc(280)
Oh, that lib won't help, sorry, forget about my pinger_program path
So do I have to recompile squid myself and than install the pinger as
described here:
https://wiki.squid-cache.org/SquidFaq/OperatingSquid#Using_ICMP_to_Measure_the_Network
?
On 09.02.21 16:03, Chris wrote:
Hi,
thank you
Maybe its apparmor.
pinger needs to have a setuid permission as root.
its a pinger and needs root privleges as far as i remember.
Eliezer
On Tue, Feb 9, 2021, 17:03 Chris wrote:
> Hi,
>
> thank you Amos, this is bringing me into the right direction.
>
> Now I know what I'll have to debug: the
Hi Elizer, this helped, it seems as if I got the pinger working.
It's now owned by root in the same group as the squid user and the
setuid set.
So I used chown root:squidusergroup and chmod u+s on the pinger (and in
ubuntu it is actually found under /usr/lib/squid/pinger ).
Now with debug
On 2/9/21 11:35 AM, Chris wrote:
> This is what I'm seeing in peer_select in cache_log with 44,3 debug
> options:
Add (at least) "15,3" to your debug_options and then look for
getWeightedRoundRobinParent lines. Looking at mgr:server_list Cache
Manager page may also be useful.
> Does the
On 2/7/21 12:47 PM, Eliezer Croitoru wrote:
> I move on to testing squid-6.0.0-20210204-r5f37a71ac
>
> Most of the issues I see are related to Host header forgery detection.
>
> I do see that the main issue with TLS is similar to:
>
> 2021/02/07 19:46:07 kid1| ERROR: failure while accepting a
On 10/02/21 9:59 am, Alex Rousskov wrote:
On 2/9/21 11:35 AM, Chris wrote:
This is what I'm seeing in peer_select in cache_log with 44,3 debug
options:
Add (at least) "15,3" to your debug_options and then look for
getWeightedRoundRobinParent lines. Looking at mgr:server_list Cache
Manager
10 matches
Mail list logo
