Hi How are you
I don`t know squid use smp , multi cpu process purge cache, each
process define cache_dir ,when purge cache Choose a different worker,Lead to
clear the cache fails
___
squid-users mailing list
Hi.
I have thought to have several delay pools but I doubt whether this is the
right way.
Eg.
I want to give to the "administration" 512kb in total, to be distributed
among 8 users.
Give the "video editing area" a total of 1000KB to divide among 8 users.
I want to limit the bandwidth dedicated to
On 08/24/2016 12:24 PM, Omid Kosari wrote:
> Alex Rousskov wrote
>> Thus, the existing implementation should cover non-HTTP
>> requests on port 80 (or 3128). If it does not, it is a bug. We should
>> polish the documentation to make this clear.
> The problem is not squid itself . The problem is
Alex Rousskov wrote
> Thus, the existing implementation should cover non-HTTP
> requests on port 80 (or 3128). If it does not, it is a bug. We should
> polish the documentation to make this clear.
The problem is not squid itself . The problem is in some situations for
example DOS(with malformed
I just read through the wiki being discussed. For the first time, I think I
finally understand, for the most part, what peek, splice and stare do. The
last time I read the wiki a few months ago, I gave up understanding those
because it was too confusing to me.
Thanks!
On Wed, Aug 24, 2016 at
On 08/24/2016 06:36 AM, Yuri Voinov wrote:
> 24.08.2016 18:32, Antony Stone пишет:
>> He wants to configure his browser to connect to the proxy over an SSL
>> connection, and then inside this secure connection send standard HTTP and
>> HTTPS requests
> Yeah, I get it. It seems to me, is
On 08/24/2016 07:54 AM, Amos Jeffries wrote:
> on_unsupported_protocol will need patching to be applied when HTTP
> parser detects unsupported protocol on port 80 (or 3128).
on_unsupported_protocol determines (among other things) Squid behavior
when encountering a strange (i.e., probably
Oh, an a tiny little detail :)
# squid -v
Squid Cache: Version 4.0.13
Service Name: squid
configure options: '--with-openssl' '--prefix=/usr' '--localstatedir=/var'
'--libexecdir=/lib/squid' '--datadir=/share/squid'
'--sysconfdir=/etc/squid' '--with-default-user=proxy'
This configuration here covers the use case described by the OP:
https://gist.githubusercontent.com/splashx/758ff0c59ea291f32edafc516fdaad73/raw/8050fa054821657812961050332b38a56e7e3e68/
If everything works well, you'll notice you won't support HTTP proxy at
all, but users can reach both HTTP
On 08/24/2016 07:23 AM, Marcus Kool wrote:
> I added an image in PNG format with data flow and events.
And I added an XXX why that image might do more harm than good.
> If you are interested I can send you the ODG file that was
> used to generate the image.
Please attach those image sources to
acl status_400 http_status 400
deny_info TCP_RESET status_400
http_reply_access deny status_400
still send headers . just the 400 changed to 403
HTTP/1.1 403 Forbidden
Server: squid
Mime-Version: 1.0
Date: Wed, 24 Aug 2016 14:11:35 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 5
On Mon, 2016-08-22 at 16:46 +0500, Garri Djavadyan wrote:
> Hello Squid users,
>
> Can anyone explain, why Squid doesn't cache the objects with max-age
> values below 60 seconds? For example:
>
> $ http_proxy="127.0.0.1:3128" curl --head "http://sandbox.comnet.loca
> l/
> cgi-bin/hello.cgi" &&
On 25/08/2016 12:39 a.m., Omid Kosari wrote:
> This config works for dstdomain acl type
>
> acl test dstdomain 123.com
> deny_info TCP_RESET test
> adapted_http_access deny test
>
>
> but it is not what i want . I want
>
> acl status_400 http_status 400
> deny_info TCP_RESET status_400
>
Just to rewind this conversation to the actual problem ...
On 24/08/2016 11:42 p.m., Samuraiii wrote:
> On 24.8.2016 13:18, Antony Stone wrote:
>> Unfortunately it's not Squid that's the challenge - it's the browser.
>>
>> If you're using Firefox and/or Chrome, you should be okay.
>>
>> See
On 24/08/2016 4:24 a.m., Diogenes S. Jesus wrote:
If you want to do things like this safely please upgrade to Squid-4
where the logformat codes are available. Those codes provide
customizable escaping and quoting styles so you can set one that
protects LDAP against these
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
24.08.2016 19:24, Antony Stone пишет:
> On Wednesday 24 August 2016 at 14:35:03, Yuri Voinov wrote:
>
Then I do not understand what he wants op.
>>
>>
http://wiki.squid-cache.org/Features/HTTPS#Encrypted_browser-Squid_connecti
>> on
>>
>>>
On Wednesday 24 August 2016 at 14:35:03, Yuri Voinov wrote:
> >> Then I do not understand what he wants op.
>
> http://wiki.squid-cache.org/Features/HTTPS#Encrypted_browser-Squid_connecti
> on
>
> > Secure connection to squid proxy without need for anything else (on
> > client side) than
On 24/08/2016 3:55 a.m., Sergio Belkin wrote:
> 2016-08-19 17:22 GMT-03:00 Antony Stone :
>
>> On Friday 19 August 2016 at 20:41:11, Jok Thuau wrote:
>>
>>> On Fri, Aug 19, 2016 at 9:33 AM, Sergio Belkin wrote:
/var/log/squid/access.log
On 08/24/2016 02:43 AM, Alex Rousskov wrote:
On 08/23/2016 08:34 AM, Marcus Kool wrote:
ok, I suggest that you review what is done already.
I have made a few corrections and improvements, trying to document every
change (and some suggestions for future work) in the commit messages.
The
Hello Dia,
Thank you for the reply,
So, can this be a “MIT” kerberos of HEIMDAL thing.
Im use Samba4 for ADDC and that uses heimdal.
Even that the logs says :
"Client 'HTTP/hostname.internet.domain@your.realm.tld' not found in
Kerberos database".
Im using NFSv4 over
Ok
This is answer (not) I was looking for.
Thank you
S
On 24 August 2016 14:48:40 CEST, Yuri Voinov wrote:
>
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA256
>
>
>
>24.08.2016 18:44, Samuraiii пишет:
>>
>>>
>>> > No SSL-bumping or whatever just forwarding.
>>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
24.08.2016 18:44, Samuraiii пишет:
>
>>
>> > No SSL-bumping or whatever just forwarding.
>> Firstly, the concept is not safe. Users will have a secure connection
to the proxy - as well as the next? HTTP? User misled green padlock,
believes
>
> > No SSL-bumping or whatever just forwarding.
> Firstly, the concept is not safe. Users will have a secure connection
> to the proxy - as well as the next? HTTP? User misled green padlock,
> believes all secure connection - as external traffic is not encrypted
> after the fact. Second.
This config works for dstdomain acl type
acl test dstdomain 123.com
deny_info TCP_RESET test
adapted_http_access deny test
but it is not what i want . I want
acl status_400 http_status 400
deny_info TCP_RESET status_400
adapted_http_access deny status_400
OR
acl HTTP proto HTTP
acl PORT_80
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Against this backdrop, even a bump SSL security seems a masterpiece.
24.08.2016 18:32, Antony Stone пишет:
> On Wednesday 24 August 2016 at 14:26:48, Yuri Voinov wrote:
>
>> 24.08.2016 18:23, Antony Stone пишет:
>>> On Wednesday 24 August 2016
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
24.08.2016 18:31, Samuraiii пишет:
>
>> look to the browser
>>
>> > like HTTPS ones.
>> Then I do not understand what he wants op.
>>
>>
>>
>
>
http://wiki.squid-cache.org/Features/HTTPS#Encrypted_browser-Squid_connection
>
> Secure
On Wednesday 24 August 2016 at 14:26:48, Yuri Voinov wrote:
> 24.08.2016 18:23, Antony Stone пишет:
> > On Wednesday 24 August 2016 at 14:18:46, Yuri Voinov wrote:
> >> No one CA do not issue signing CA for subject, which is not CA itself.
> >>
> >> So, op wants impossible thing.
> >
> > Why
> look to the browser
>
> > like HTTPS ones.
> Then I do not understand what he wants op.
>
>
>
http://wiki.squid-cache.org/Features/HTTPS#Encrypted_browser-Squid_connection
Secure connection to squid proxy without need for anything else (on
client side) than configuring proxy in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
24.08.2016 18:23, Antony Stone пишет:
> On Wednesday 24 August 2016 at 14:18:46, Yuri Voinov wrote:
>
>> No one CA do not issue signing CA for subject, which is not CA itself.
>>
>> So, op wants impossible thing.
>
> Why would one need a signING
On 24.8.2016 14:24, Antony Stone wrote:
> On Wednesday 24 August 2016 at 14:22:18, Samuraiii wrote:
>
>> On 24.8.2016 14:18, Yuri Voinov wrote:
>>> No one CA do not issue signing CA for subject, which is not CA itself.
>>>
>>> So, op wants impossible thing.
>> I have tried to drop clientca option,
On Wednesday 24 August 2016 at 14:22:18, Samuraiii wrote:
> On 24.8.2016 14:18, Yuri Voinov wrote:
> > No one CA do not issue signing CA for subject, which is not CA itself.
> >
> > So, op wants impossible thing.
>
> I have tried to drop clientca option, to add generate-host-certificates=off
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Predictable.
24.08.2016 18:22, Samuraiii пишет:
> On 24.8.2016 14:18, Yuri Voinov wrote:
> >
>> No one CA do not issue signing CA for subject, which is not CA itself.
>>
>> So, op wants impossible thing.
>>
> I have tried to drop clientca
On Wednesday 24 August 2016 at 14:18:46, Yuri Voinov wrote:
> No one CA do not issue signing CA for subject, which is not CA itself.
>
> So, op wants impossible thing.
Why would one need a signING certificate just to create an SSL connection
between the browser and Squid?
Surely one merely
On 24.8.2016 14:18, Yuri Voinov wrote:
>
> No one CA do not issue signing CA for subject, which is not CA itself.
>
> So, op wants impossible thing.
>
I have tried to drop clientca option, to add generate-host-certificates=off
but outcome is still same error...
even with just this as config:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
No one CA do not issue signing CA for subject, which is not CA itself.
So, op wants impossible thing.
24.08.2016 18:15, Antony Stone пишет:
> On Wednesday 24 August 2016 at 14:02:43, Samuraiii wrote:
>
>> Squid fails to start for me with:
>>
Just one thing I noticed:
"clientca" is not the CA which issued your "cert" (sklad.duckdns.org) -
it's the CA to be used when doing client-side authentication, which I'm not
sure if you're doing.
Dio
On Wed, Aug 24, 2016 at 2:02 PM, Samuraiii
wrote:
>
> > Please
On Wednesday 24 August 2016 at 14:02:43, Samuraiii wrote:
> Squid fails to start for me with:
> FATAL: No valid signing SSL certificate configured for HTTPS_port [::]:8443
>
> I have found that this is related to missing self signed certificate,
> and since I do not want to use self signed
Hello,
I want to squid send tcp_reset as reply to non http requests on port 80 .
I want that squid DONT reply these headers
HTTP/1.1 400 Bad Request
Server: squid
Mime-Version: 1.0
Date: Wed, 24 Aug 2016 12:08:02 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 0
X-Cache: MISS from
> Please give more details for "fails".
>
> Is the following your entire squid.conf (except for comments)?
>
> Have you tried getting SSL access to Squid working before introducing
> authentication?
>
> What are you trying, to test this, and what are the results?
>
>
> Regards,
>
>
> Antony.
On Wednesday 24 August 2016 at 13:42:16, Samuraiii wrote:
> On 24.8.2016 13:18, Antony Stone wrote:
> >
> > See "Encrypted browser-Squid connection" at the bottom of
> > http://wiki.squid-cache.org/Features/HTTPS
>
> I have seen that, it is the cause of my subscription to this list.
> I haven't
On 24.8.2016 13:18, Antony Stone wrote:
> Unfortunately it's not Squid that's the challenge - it's the browser.
>
> If you're using Firefox and/or Chrome, you should be okay.
>
> See "Encrypted browser-Squid connection" at the bottom of
> http://wiki.squid-cache.org/Features/HTTPS
>
>
> Antony.
>
Hi there.
Well, the log says "Client 'HTTP/hostname.internet.domain@your.realm.tld'
not found in Kerberos database".
Check your krb5.conf on the squid host if you're pointing to the right KDC
and make sure the principal exists in the Kerberos database.
kadmin.local and "getprinc
On Wednesday 24 August 2016 at 13:09:52, Samuraiii wrote:
> Hello,
> I am trying to setup squid as SSL protected proxy for few users without
> any intention to use ssl-bumping or any other MITM technique.
> I just want to have SSL secured connection between browser and proxy.
> Proxy will not be
43 matches
Mail list logo