Re: [squid-users] ERROR connecting to squid proxy server

Hi !   This is the error from cache.log file   2021/01/11 23:21:07 kid1| idnsSendQuery FD -1: sendto: (0) No error.   and following error in access.log file TCP_MISS/503 384 HEAD http://www/google.com - HIER_NONE/- text/html   Any thoughts?   Thanks, Reshma     - Original message -From:

[squid-users] Change cipher suite ordering

Hello Team, I need some help in configuring cipher suite ordering. I am using squid with SSL configs and trying to configure the cipher order but not able to do so, I am using below sites to check my chipher ordering and its showing different ordering then what I have configured.

Re: [squid-users] cache_peer selection based on username

On 11/01/21 8:06 am, roee klinger wrote: Thanks, Eliezer, I was able to get it working. Here is an example in case anybody runs into this in the future: acl mynote1 note mykey note1 acl mynote2 note mykey note2 FYI, key names ending with "_" character are reserved for custom keys

Re: [squid-users] How do I rotate access.log?

On 11/01/21 8:53 am, Matus UHLAR - fantomas wrote: On 10.01.21 17:24, roee klinger wrote: I just wanted to give an update in case anyone is interested, I was not able to find a solution, it was posted here: http://lists.squid-cache.org/pipermail/squid-users/2020-December/023074.html

Re: [squid-users] distinguish between IPv4 and IPv6

The detection of an IPV6 available DST can be determined by DNS and external ACL helper. It will “slow” down the first couple bytes of the connection but can be much more reliable then the basic “dst” acl. The basic test would be something like: nslookup -type= www.squid-cache.org

Re: [squid-users] distinguish between IPv4 and IPv6

The dst ACL type accepts the special value of "ipv4". You can use that and the "!" operator to split traffic. However, please be aware dst is not very reliable until *after* the outgoing connection has been created, and we are still finding some access checks that do not use it correctly.

Re: [squid-users] no src IP in access log for locally generated requests

On 1/11/21 9:16 AM, Eliezer Croitoru wrote: > I have in my logs: > 1610372657.529  0 - TCP_DENIED/403 3638 GET > http://crl.kaspersky.com/aia/KSNGlobalRootCAECC.crt - HIER_NONE/- > text/html – > And it means probably that squid is generating these requests. > What ACL can I use to allow

[squid-users] distinguish between IPv4 and IPv6

Hello, is there a way, that I can do something like if ( dst is IPv4 ) go direct if ( dst is IPv6 ) use parent proxy xxx The reason for my question, I'm using a IPv6-in-IPv4 tunnel, and it would make sense to forward all traffic going to IPv6 to squid running on tunnel end; Thanks, Walter

[squid-users] no src IP in access log for locally generated requests

I have in my logs: 1610372657.529 0 - TCP_DENIED/403 3638 GET http://crl.kaspersky.com/aia/KSNGlobalRootCAECC.crt - HIER_NONE/- text/html - And it means probably that squid is generating these requests. What ACL can I use to allow this? Eliezer Eliezer Croitoru Tech

Re: [squid-users] What is the state of V5 branch? Can I try to publish some RPMS?

We are now less one bug then before, just 3 to go: Eliezer Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email:

Re: [squid-users] cache_peer selection based on username

In the next example I wrote a whole setup: https://github.com/elico/vagrant-squid-outgoing-addresses Specifically it would look something like: https://github.com/elico/vagrant-squid-outgoing-addresses/blob/master/shared/note.rb#L82 it’s as a line like: echo “OK x_note=100 ip=100”