Re: [squid-users] receive only (asymatric routing)

On Monday 18 January 2016 at 11:32:02, behrad eslami wrote: > User traffic diagram is like this: > > _receive squid <-router1-- | > | <---> internetuser > ---send>

Re: [squid-users] How to setup a secure(!) squid proxy

I just checked it. It'll work at the moment. But only because the dependencies (and the dependency version) doesn't changed from 3.4.8 to 3.5. So there's is no guarantee that it will work with further releases. On the other hand: Installing unstable software is not the way the state system

Re: [squid-users] receive only (asymatric routing)

Thanks for you reply Im askinng about one way traffic. Some user sends traffic ,route from another ISP and only received packet route from squid On Sunday, January 17, 2016 12:21 PM, Antony Stone wrote: On Sunday 17 January 2016 at 08:55:56, behrad

Re: [squid-users] How to setup a secure(!) squid proxy

Hai,   > I just checked it. It'll work at the moment. But only because the > dependencies (and the dependency version) doesn't changed from 3.4.8 to 3.5. > So there's is no guarantee that it will work > with further releases. Yes and if depencies change, you can do the same for these

Re: [squid-users] receive only (asymatric routing)

On Monday 18 January 2016 at 10:56:27, behrad eslami wrote: > Thanks for you reply > Im askinng about one way traffic. Some user sends traffic ,route from > another ISP and only received packet route from squid Sorry, this is still not clear to me. Do the requests from the client to the server

Re: [squid-users] More NAT/TPROXY lookup fails (NetBSD 7.0, IPFilter 5.1)

You saved hours of debugging for me. Thank You! It works with the patch applied. -- Gergely EGERVARY This is a bug in IPFilter 5. We're waiting to hear back from the IPFilter maintainer before committing. Try this patch (and read the PR for more info): ---

[squid-users] squidclient can't connect to localhost

Hi list, Since I upgraded the OS to CentOS 7.2 and Squid to 3.5.12 (RPM from www1.ngtech.co.il the local squidclient gets no answer if pointed to localhost: # squidclient -v -p 3128 mgr:info Request: GET cache_object://localhost/info HTTP/1.0 Host: localhost User-Agent: squidclient/3.5.12 Accept:

Re: [squid-users] receive only (asymatric routing)

User traffic diagram is like this:          _receive squid <-router1--         |                                                                   |     <---> internetuser   ---send> router2 On Monday, January 18, 2016 1:41 PM, Antony Stone

Re: [squid-users] More NAT/TPROXY lookup fails (NetBSD 7.0, IPFilter 5.1)

On 16/01/2016 13:16, Egerváry Gergely wrote: > Hi, > > I'm running on: > - NetBSD 7.0_STABLE (checked out today) > - Squid 3.5.12 from NetBSD pkgsrc 2015Q4 > - IP Filter: v5.1.2 (536) > > Configured with "--enable-ipf-transparent": > > $ ./configure --sysconfdir=/usr/pkg/etc/squid >

Re: [squid-users] Squid Log messages Database

On Monday 18 January 2016 at 17:55:51, romain noyer wrote: > Is there a way to get all the messages a squid server can create and send > to a syslog? See the "syslog" method of: http://www.squid-cache.org/Doc/config/access_log/ http://www.squid-cache.org/Doc/config/cache_store_log/ > The goal

Re: [squid-users] urlpath_regex not being matched

On Monday 18 January 2016 at 18:22:24, Lucía Guevgeozian wrote: > acl good_facebook urlpath_regex groups > acl banned_sites url_regex "/etc/squid/config/banned_sites" > > inside banned_sites I have the word facebook > > http_access allow good_facebook > http_access deny banned_sites Okay, so

Re: [squid-users] urlpath_regex not being matched

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 And more: Facebook (like more others) uses Akamai CDN as background delivery service. So, facebook.* domain is a little part of whole big fat Facebook :) 18.01.16 23:29, Antony Stone пишет: > On Monday 18 January 2016 at 18:22:24, Lucía

Re: [squid-users] urlpath_regex not being matched

On Monday 18 January 2016 at 18:31:40, Yuri Voinov wrote: > Facebook (like more others) uses Akamai CDN as background delivery service. > > So, facebook.* domain is a little part of whole big fat Facebook :) True, but that should still match *request* URLs (once the HTTP/S problem is sorted

Re: [squid-users] urlpath_regex not being matched

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 18.01.16 23:38, Antony Stone пишет: > On Monday 18 January 2016 at 18:31:40, Yuri Voinov wrote: > >> Facebook (like more others) uses Akamai CDN as background delivery service. >> >> So, facebook.* domain is a little part of whole big fat

Re: [squid-users] urlpath_regex not being matched

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 18.01.16 23:56, Lucía Guevgeozian пишет: > Thank you very much for your responses. > > I understand from http://www.squid-cache.org/Doc/config/http_access/ that > http_access will not work with https in version of squid older than 3.3. > > Do

[squid-users] urlpath_regex not being matched

Hello, I think I have a very basic question about acl, but I can't figure out why this simple config is not working: In my squid.conf file I have 2 acl acl good_facebook urlpath_regex groups acl banned_sites url_regex "/etc/squid/config/banned_sites" inside banned_sites I have the word

Re: [squid-users] urlpath_regex not being matched

Thank you very much for your responses. I understand from http://www.squid-cache.org/Doc/config/http_access/ that http_access will not work with https in version of squid older than 3.3. Do you know if an alternative config exists without upgrading? Regards, Lucia 2016-01-18 14:38 GMT-03:00

Re: [squid-users] urlpath_regex not being matched

Ok, thanks again for the quick reply, I'm upgrading :) Regards, Lucia 2016-01-18 14:58 GMT-03:00 Yuri Voinov : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > > > 18.01.16 23:56, Lucía Guevgeozian пишет: > > Thank you very much for your responses. > > > > I

Re: [squid-users] urlpath_regex not being matched

I didn't test this, but i think it works better: *http_access deny banned_sites !good_facebook* is it works? 2016-01-18 16:35 GMT-02:00 Lucía Guevgeozian : > Ok, thanks again for the quick reply, I'm upgrading :) > > Regards, > Lucia > > 2016-01-18 14:58 GMT-03:00 Yuri

Re: [squid-users] urlpath_regex not being matched

Hi, unfortunately I tried that already and in 3.0 version I can say it didn't work. cheers 2016-01-18 15:43 GMT-03:00 Jorgeley Junior : > I didn't test this, but i think it works better: > *http_access deny banned_sites !good_facebook* > is it works? > > 2016-01-18 16:35

Re: [squid-users] Squid Log messages Database

Hello all, I really apologize in advance if this topic have already been discussed, but I didn't found anything. Is there a way to get all the messages a squid server can create and send to a syslog? Or somewhere I can get a database or .xls file or whatever containing the whole list of messages

Re: [squid-users] Maxconn Parameter behaviour with NAT

Hi Squid experts, Can you please tell me if below scenario is possible to be implemented in Squid? <--> User 1 enters the proxy, browses some pages. <--> User 2 tries to enter, and he receives a reject. <--> User1 stops browsing pages. <--> User2 tries to enter, but because the TTL is not

Re: [squid-users] Maxconn Parameter behaviour with NAT

On 19/01/2016 5:19 a.m., Murat Balkan wrote: > Hi Squid experts, > > Can you please tell me if below scenario is possible to be implemented in > Squid? > > <--> User 1 enters the proxy, browses some pages. > <--> User 2 tries to enter, and he receives a reject. > <--> User1 stops browsing

Re: [squid-users] urlpath_regex not being matched

On 19/01/2016 6:56 a.m., Lucía Guevgeozian wrote: > Thank you very much for your responses. > > I understand from http://www.squid-cache.org/Doc/config/http_access/ that > http_access will not work with https in version of squid older than 3.3. Incorrect. http_access works with any HTTP message

Re: [squid-users] Maxconn Parameter behaviour with NAT

On 16/01/2016 4:11 a.m., Murat Balkan wrote: > Hi, > > Thanks for the response. > What I want to achieve is to prevent 2 users enter with the same username > simultaneously. User usernames are unique. Same username == same user. There cannot be a second user with same username. However:

Re: [squid-users] SSLBUMP certificate verify failed

On 18/01/2016 10:13 a.m., Roman Gelfand wrote: > I am not sure where I am going wrong here... > > > ssl bump certificate > openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -keyout > squidCA.pem -out squidCA.pem > > The der certificate was generated and deployed on client

[squid-users] delay pools

Hi Is it possible to implement delay pools such that if file is less than 10M then allow 60Mb/s else allow 20Mb/s fi is that possible the aim is to allow a higher through put for smaller files, but to limit bigger / longer connections Alex ___

Re: [squid-users] MS update woes

On 18/01/2016 1:58 p.m., Alex Samad wrote: > Hi > > so I have this in place now > > This works well for delaying YAY > > # > # Delay Pools > # http://wiki.squid-cache.org/Features/DelayPools > # >

Re: [squid-users] MS update woes

On 19 January 2016 at 16:59, Amos Jeffries wrote: > > Hmm. Are you using the exact same HTTP headers as WU tools on the other > machines do to prefetch the URL into the cache ? I have a script that checks the squid logs and then does a download of the files through the

Re: [squid-users] MS update woes

On 19/01/2016 7:11 p.m., Alex Samad wrote: > Hi > > Think I answered my own on this > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > > > Does the last refresh_pattern config win ? > No, this one does: "windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip)" The problem is

Re: [squid-users] delay pools

On 19/01/2016 6:52 p.m., Alex Samad wrote: > Hi > > Is it possible to implement delay pools such that > > if file is less than 10M > then > allow 60Mb/s > else > allow 20Mb/s > fi > There is no "file" in HTTP. Only messages. Some messages have payloads. Sometimes those payload sizes are

Re: [squid-users] MS update woes

On 19 January 2016 at 16:59, Amos Jeffries wrote: >> refresh_pattern -i >> microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% >> 129600 reload-into-ims >> refresh_pattern -i >> windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 >> 80%

Re: [squid-users] squidclient can't connect to localhost

On 18/01/2016 11:13 p.m., Henri Wahl wrote: > Hi list, > Since I upgraded the OS to CentOS 7.2 and Squid to 3.5.12 (RPM from > www1.ngtech.co.il the local squidclient gets no answer if pointed to > localhost: > > # squidclient -v -p 3128 mgr:info > Request: > GET cache_object://localhost/info

Re: [squid-users] MS update woes

Hi Think I answered my own on this refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 Does the last refresh_pattern config win ? On 19 January 2016 at 17:08, Alex Samad wrote: > On 19 January 2016 at 16:59, Amos Jeffries wrote: >>> refresh_pattern -i

Re: [squid-users] Fwd: Re: Squid Log messages Database

On 2016-01-18 14:59, Antony Stone wrote: Forwarding private reply back to the list... -- Forwarded Message Starts -- Thanks for your answer. Sorry for my poor english, I'll try to reword because I'm not looking for a log analyzer. In fact, I don't even need Squid itself