On 5/26/21 4:25 AM, Odhiambo Washington wrote:
>
> On Wed, May 26, 2021 at 10:18 AM Matus UHLAR wrote:
>
> >On 22/05/21 2:06 am, Odhiambo Washington wrote:
> >>I installed this on my Windows 10 but gave up when I could not make
> >>it to cache anything.
>
> On 26.05.21 12:57,
On 5/25/21 5:31 AM, Fabrizio Bartolomucci wrote:
> I configured squid on my centos web site and successfully tested an
> access by it with:
>
> curl -x http://taxiprofessional.net:3128 -L
> https://books.apple.com/it/book/bibbia-traduzione-letterale-genesi/id1276275493
> What should I use to
On 5/24/21 5:27 PM, jose.rodrig...@cenpalab.cu wrote:
> I cannot find anything related to this warning obtained with 'systemctl
> status squid'. What could it mean?
>
>
> May 24 17:22:57 proxynew squid[77148]: Starting Squid Cache version 5.0.6 for
> x86_64-pc-linux-gnu...
> May 24 17:22:57
y gitlab_package redirect location_openner
> http_access allow location_openner
The above sketch does not make sense to me because it uses response
information (e.g., % -Original Message-----
> From: squid-users On Behalf Of
> Alex Rousskov
> Sent: Wednesday, April 21, 2021 8:49 PM
On 5/23/21 2:05 AM, roie rachamim wrote:
> Patch seems to do the trick,
> When is it expected to be merged ?
It will be merged into master/v6 in a few hours AFAICT. You can track
status using the PR 795 link.
Alex.
> On Thu, May 20, 2021 at 12:53 AM Alex Rousskov wrote:
>
>
On 5/20/21 8:12 AM, Dieter Bloms wrote:
> I've a working setup with squid 4.14 and enabled sslbump under debian buster.
> But when I try destinations like https://1.1.1.1/ I get an error
> ERR_CERT_COMMON_NAME_INVALID
>
> The alternate DNS Names in the certificate of the original webserver is:
On 5/19/21 5:31 PM, roie rachamim wrote:
> 2021/05/12 12:27:24.209| 93,5| AsyncJob.cc(139) callEnd:
> AsyncJob::start() ends job [/ job31640]
To me, this looks like bug 4528:
https://bugs.squid-cache.org/show_bug.cgi?id=4528
That bug is being fixed in PR 795:
of
a browser?
> Or are you talking about turn the proxy off on Firefox and access the
> website normally?
That would give you the third certificate to compare.
Alex.
> On Wed, 19 May 2021, 21:05 Alex Rousskov,
> <mailto:rouss...@measurement-factory.com>> wrote:
>
>
ck this theory.
Alex.
> On Wed, 19 May 2021, 19:12 Alex Rousskov wrote:
>
> On 5/19/21 10:41 AM, robert k Wild wrote:
> > ok i found out what the error is
> >
> > its because in my squid.conf, i have a whitelist file
> >
> > #HTTP_HTT
On 5/19/21 10:41 AM, robert k Wild wrote:
> ok i found out what the error is
>
> its because in my squid.conf, i have a whitelist file
>
> #HTTP_HTTPS whitelist websites
> acl whitelist ssl::server_name "/usr/local/squid/etc/urlwhite.txt"
> http_access allow activation whitelist
> http_access
On 5/17/21 11:21 PM, Albretch Mueller wrote:
> I need to either use an existing open source implementation of RFC
> 3507 or write one myself.
>
> My main interest would be then connecting it to java using the JNI in
> order to do the deep content inspection and dynamic customization from
> events
On 5/7/21 10:22 PM, Justin Michael Schwartzbeck wrote:
> So I have written an external acl helper
> while(1) {
> string category, hostname;
> cin >> category >> hostname;
>
> // Perform REST API
> I have it all configured in my squid.conf:
> external_acl_type
versions. For Windows I see Squid
> versions 3.5, 3.3 and 2.7. Which ones are supported?
> Additionally, what are the supported versions for Linux?
>
> Jazmine
>
> On Thu, May 6, 2021 at 7:04 AM Alex Rousskov wrote:
>
> On 5/6/21 12:09 AM, Jazmine Redmond wr
TH,
Alex.
> On Thu, May 6, 2021 at 7:04 AM Alex Rousskov wrote:
>
> On 5/6/21 12:09 AM, Jazmine Redmond wrote:
> > Hi,
> >
> > I am having issues getting Squid to use the hosts file on the
> squid server.
> >
> > I added
On 5/6/21 12:09 AM, Jazmine Redmond wrote:
> Hi,
>
> I am having issues getting Squid to use the hosts file on the squid server.
>
> I added the hosts_file configuration directive to my squid config file
> as follows:
>
> hosts_file C:/Windows/System32/drivers/etc/hosts
>
> But, when my
On 5/4/21 1:16 AM, roie rachamim wrote:
> When trying to reach some times via https e.g. https://acadamy.atera.com
>
> Squid complains on missing Intermediate certificate.
> I see this in the logs:
>
> 2021/05/03 10:58:14.554| 83,4| support.cc(1147) untrustedToStoreCtx_cb:
> Try to use
Hello Vinod,
Squid does not support BoringSSL, and we will not add such support
in the foreseeable future. We have more than enough troubles with GnuTLS
support and not enough resources to support a yet another TLS library,
especially the one that is not meant for general use[1]!
[1]
On 4/30/21 4:40 AM, Neven Vrenko wrote:
> Hello Alex,
>
> thank you for your answer. I was little bit puzzled since I haven't got
> any error when using "clientca" with "http_port". I thought, maybe it
> was somehow possible, beyond my understanding. :)
>
> The reason why I didn't respond
ed to peek at TLS connections:
You should be able to keep client certificate authentication. If Squid
cannot keep that while peeking at the TLS client or the origin server,
then there is a Squid bug somewhere.
HTH,
Alex.
> On Tue, Apr 27, 2021 at 10:57 AM Alex Rousskov wrote:
>
>
On 4/27/21 1:33 PM, Justin Cook wrote:
> We are running into a situation where we are unable to fully
> authenticate our users to an internal tooling service that requires
> certificate authentication as part of its login process, when going
> through squid forward proxy with SSL bump enabled.
On 4/25/21 2:43 PM, Moti Berger wrote:
> Hi
>
> I'm occasionally having the following error (entire compressed cache.log
> is 150K, I'll attach it if required).
>
> 2021/04/25 09:42:36.226| 33,2| AsyncCallQueue.cc(55) fireNext: entering
> clientListenerConnectionOpened(local=0.0.0.0:3128
On 4/23/21 9:28 PM, Andy Frad wrote:
> I would like to know if there is a way to whitelist a users src address
> and tie it to a specific outgoing ip?
The two parts of the question are completely unrelated AFAICT. Since you
already know how to allow traffic, I will focus on the second part.
>
On 4/22/21 5:24 AM, Neven Vrenko wrote:
> Hello community,
>
> I have a problem which I'm coping with for some time now.
> I would like to use client certificate authentication with http_port
> command.
>
> As far as I understand the parameter "clientca" should be enough to
> request the browser
On 4/21/21 12:48 PM, Miroslaw Malinowski wrote:
> Is it possible to create a whitelist that allows cloudfront 302
> redirections, e.g. gitlab is using cloudfront as CDN and when we
> whitelist package.gitlab.com the URL is redirected (302) to
>
On 4/15/21 2:40 PM, Yosi Greenfield wrote:
> How can one view the current values of configuration paramters in a
> running squid? Is there a way to do so? Thanks!
The closest you can get is probably via the Cache Manager interface:
squidclient mgr:config
Alex.
On 4/15/21 4:37 AM, Eliezer Croitoru wrote:
> I don’t know your use case that well but maybe another proxy can do that for
> you.
> I wrote a haproxy routing config by username sometime ago:
> https://gist.github.com/elico/405f0608e60910fc9ea119e22e1ffd07
Just to clarify: The above haproxy
hes fast.
>
>
> https://wiki.squid-cache.org/SquidFaq/AboutSquid#How_to_add_a_new_Squid_feature.2C_enhance.2C_of_fix_something.3F
>
> <https://wiki.squid-cache.org/SquidFaq/AboutSquid#How_to_add_a_new_Squid_feature.2C_enhance.2C_of_fix_something.3F>
>
> Ale
Alex.
> On Mon, Apr 12, 2021 at 6:03 PM Alex Rousskov wrote:
>
> On 4/10/21 5:03 PM, koshik moshik wrote:
>
> > I am trying to run a Squid proxy Server witth about 5000 cache
> peers. I
> > am running a dedicated server with
On 4/11/21 12:46 PM, Francois wrote:
> I am running my development tools and VMs in a dedicated network
> namespace on my laptop (through Linux "netns"), so they are fully
> isolated from the rest of my network. I would like to set-up a proxy
> so that if there is a need to connect to the
On 4/10/21 5:03 PM, koshik moshik wrote:
> I am trying to run a Squid proxy Server witth about 5000 cache peers. I
> am running a dedicated server with 6 cores and 32GB RAM on Ubuntu 16.
>
>
> Could you tell me what else is needed / not needed in my squid.config? I
> am encountering a high CPU
gation is unlikely to benefit you at
this point -- you will only be helping future others in your situation.
I am glad you have a working setup now!
Cheers,
Alex.
> -Original Message-
> From: Alex Rousskov [mailto:rouss...@measurement-factory.com]
> Sent: Friday, April
On 4/12/21 5:53 AM, roie rachamim wrote:
> Hi,
>
> Our setup includes squid that runs in docker container with several ICAP
> servers in additional containers.
>
> From time to time we see in cache.log the following messages:
> 2021/04/12 00:22:39| optional ICAP service is down after an options
on to explicitly allow for empty (hopefully
never matching) ACLs.
Alex.
> -Original Message-----
> From: Alex Rousskov [mailto:rouss...@measurement-factory.com]
> Sent: Friday, April 9, 2021 9:52 AM
> To: squid-users@lists.squid-cache.org
> Cc: Elliott Blake, Lisa Marie
> Su
On 4/8/21 3:11 PM, Elliott Blake, Lisa Marie wrote:
> I am trying to get squid to work with a text file for a whitelist. I
> get TCP_DENIED/403 on every url I try. I am using curl to test.
> curl -x https://libaux-prod.lib.uic.edu:3128 -I https://arl.org
Is that the exact curl command you are
On 4/8/21 7:12 PM, Ebed wrote:
> ssl_bump peek step1
> ssl_bump peek step2
> ssl_bump bump all
I cannot answer your original question, but, just FYI: The above
configuration is equivalent to:
ssl_bump peek all
ssl_bump splice all
and, as far as traffic on the wire is concerned, it is pretty
On 3/31/21 1:59 PM, Garbacik, Joe wrote:
> 3. Is there a way to generate an unique Id for each flow so, besides
> the data in flow0, once can easily link these logs together?
I could not spend enough time to grok the true meaning behind all those
logformat %codes and the corresponding
On 3/31/21 10:02 AM, Klaus Brandl wrote:
> is there a way to use more adaptation sets(for redundancy) combined in
> an adaptation chain?
Squid only supports chains of services and sets of services. There is
currently no support for nesting (e.g., chains of sets). Such support
would be generally
On 3/12/21 1:42 PM, Alex Rousskov wrote:
> I suspect you are suffering from Bug 4528:
> https://bugs.squid-cache.org/show_bug.cgi?id=4528
>
> Which has also been discussed earlier as Bug 3621:
> https://bugs.squid-cache.org/show_bug.cgi?id=3621
PR 795 fixes similar problems in
ious: If your feature is officially
accepted into Squid sources, then you would not have to keep adding it
manually (once the changes reach your Squid packaging source).
Alex.
> On Wed, Mar 24, 2021 at 7:11 PM Alex Rousskov wrote:
>
> On 3/24/21 2:49 PM, Miroslaw Malinowski wrote:
On 3/25/21 9:06 AM, Moti Berger wrote:
> I want to be able to skip all subsequent ICAP servers defined in squid
> based on some logic I have in one of my ICAP servers.
> I used the X-Next-Services and it seems to control only the current ICAP
> chain.
> I also saw it while configuring two ICAP
external server we would like squid to cache the
> response and issue a cached version.
>
> 2021/03/24 18:00:54.867 kid1| 22,3| refresh.cc(351) refreshCheck:
> YES: Must revalidate stale object (origin set no-cache or private)
>
> Mirek
>
> On Wed, Ma
On 3/24/21 12:48 PM, Miroslaw Malinowski wrote:
> Probably, me missing on something silly or it can't be done but I don't
> know why but squid won't return the cached version even when I turn all
> override options ON in refresh_pattern.
AFAICT, no configuration options that can disable
>
> curl failed to verify the legitimacy of the server and therefore could not
> establish a secure connection to it. To learn more about this situation and
> how to fix it, please visit the web page mentioned above.
>
> Have attached the squid.conf file for your refe
On 3/23/21 2:10 AM, Vignesh Ramessh wrote:
> Currently am running squid version 4.14 on RPi3.
> Trying to cache https responses with cache-control:max-age headers
> available,
> using ssl bump - peek n splice feature with examples available in this
> link :-
On 3/15/21 12:49 PM, rsa.sro.c...@rsa.com wrote:
> Hi, is there any available information regarding the Solarwinds
> vulnerability on the Squid site?
AFAICT, Squid is unaffected by (and unrelated to) CVE-2020-14005 and
CVE-2020-13169, so I would not expect the Squid site to mention those
CVEs. If
ing.3F
Alex.
> -Original Message-
> From: squid-users On Behalf Of
> Alex Rousskov
> Sent: Friday, March 12, 2021 8:43 PM
> To: 橋本紘希 ; squid-users@lists.squid-cache.org
> Subject: Re: [squid-users] Squid 5 does not send ICAP request
>
> I suspect you
On 3/12/21 12:17 PM, Joshua Rogers wrote:
> I am hoping to allow access to all websites through squid except certain
> websites. Sites which are not allowed will require authentication.
>
> I tried this configuration:
> http_access allow all
Game over. The order of http_access rules matters.
I suspect you are suffering from Bug 4528:
https://bugs.squid-cache.org/show_bug.cgi?id=4528
Which has also been discussed earlier as Bug 3621:
https://bugs.squid-cache.org/show_bug.cgi?id=3621
Does adding icap5 to /etc/hosts (or whatever your hosts_file points to)
help?
Unfortunately, I
On 3/11/21 9:37 AM, Ben Goz wrote:
> End users machine using some client application while their system proxy
> points to the above squid proxy server.
Client certificate-based authentication may be the best option if their
system proxy supports it and you do not need to bump user traffic with
On 3/11/21 5:33 AM, Arjun K wrote:
> So can you assist me to include the custom log format which will provide
> further details.
If you still want to add these details after reading Amos response, then
please see logformat and access_log directives in squid.conf.documented:
* logformat
On 3/10/21 8:15 AM, Arjun K wrote:
> Can you please let us know what this error means - TAG_NONE/503 in the
> access logs.
Most likely, Squid generated an error response and sent that to the
client. The response was probably generated before Squid made the cache
hit/miss decision.
In modern
On 3/8/21 10:10 AM, Niels Hofmans wrote:
> During testing sslbump + icap I noticed that websockets (ws + was) are
> not supported by squid. (Even if using on_unsupported_protocol)
> Are there any plans for supporting this with sslbump?
Your question can be misinterpreted in many different ways.
daptation, but, IMO,
it is best to get the basics working before adding support for
experimental protocol extensions.
Alex.
> On 6 Mar 2021, at 23:22, Alex Rousskov
> wrote:
>
> On 3/6/21 3:33 PM, Niels Hofmans wrote:
>
>> I fixed a bug in the go-icap/icap library, see
nding ICAP 100 Continue control
> message first.
>
>
> HTH,
>
> Alex.
>
>
>> On 5 Mar 2021, at 23:32, Alex Rousskov wrote:
>>
>> On 3/5/21 5:21 PM, Niels Hofmans wrote:
>>
>>> I receive that large payload right after an OPTIONS call to my I
If your ICAP service does not want to see an HTTP body, then it should
not ask for it. It should respond (usually with ICAP 200 or ICAP 204)
based on the Preview alone, without sending ICAP 100 Continue control
message first.
HTH,
Alex.
> On 5 Mar 2021, at 23:32, Alex Rousskov wrote:
>
&
st body. You can get the latter from a
packet capture if your ICAP server does not report it in a convenient
form. In fact, sharing (a pointer to) the packet capture of the whole
problematic ICAP request is probably a good idea!
Alex.
> On 5 Mar 2021, at 17:21, Alex Rousskov wrote:
>
>
On 3/5/21 2:55 AM, Niels Hofmans wrote:
> One more: I believe ICAP is not respecting the Preview header for REQMOD
> nor RESPMOD.
> For the REQMOD OPTIONS requests, I respond with:
>
> ICAP/1.0 200 OK
> Allow: 200,204
> Connection: close
> Date: Fri, 05 Mar 2021 07:34:56 GMT
> Encapsulated:
cted simultaneously while only the first
> one is blocking.
> ..just thinking aloud tough.
Sorry, I cannot evaluate this design because I do not know what you want
to optimize and what your logging requirements/limitations are.
Good luck,
Alex.
> On 4 Mar 2021, at 22:23, Alex Rous
On 3/4/21 2:52 PM, Niels Hofmans wrote:
> is it possible to do full request/response logging?
Squid can log HTTP headers with %>h and % I do not see the appropriate log_format directive in the docs.
> I was hoping not having to do this in my ICAP service since this slows
> down approval of the
ure it out.
* If not, then perhaps I misunderstood what your zabbix_proxy ACL means
to you. You may need a different ACL.
[1]
https://wiki.squid-cache.org/SquidFaq/BugReporting#Debugging_a_single_transaction
Alex.
> El vie., 26 feb. 2021 17:14, Alex Rousskov
> <mailto:rouss...@measurement
On 3/1/21 2:07 AM, Majed Zouhairy wrote:
> i tried this, but neither the https download bandwidth restriction nor
> caching seems to be working as expected
Squid cannot cache HTTP responses without bumping HTTPS traffic. This is
a protocol-level limitation, not a bug.
There are known delay pools
d you confirm it ?
The problem is considered "confirmed" from Bugzilla point of view. I am
not aware of any volunteers addressing the suspected FreeBSD-specific
"warnings due to double drop" problems or triaging non-FreeBSD warnings.
Alex.
> Le 28/02/2021 à 01:58, Alex Roussk
On 2/27/21 7:22 PM, David Touzeau wrote:
> Hi, regulary i have this error :
>
> 2021/02/28 01:18:43 kid1| helperOpenServers: Starting 5/32
> 'security_file_certgen' processes
> 2021/02/28 01:18:43 kid1| WARNING: no_suid: setuid(0): (1) Operation not
> permitted
>
> i have set the setuid
n/here
You can see the default access_log configuration specific to your Squid
build in squid.conf.documented.
HTH,
Alex.
> El vie., 26 feb. 2021 16:21, Alex Rousskov escribió:
>
> On 2/26/21 12:36 PM, Service MV wrote:
>
> > NONE/000 0 NONE error:transaction-end-be
is stored right there in the cache.
The IP may be stored, but it cannot be looked up using DNS.
Alex.
> On Fri, Feb 26, 2021 at 9:44 AM Alex Rousskov wrote:
>
> On 2/26/21 7:35 AM, Justin Michael Schwartzbeck wrote:
> >> Yes, many HTTPS transactions do not expose de
On 2/26/21 12:36 PM, Service MV wrote:
> NONE/000 0 NONE error:transaction-end-before-headers - HIER_NONE/- -
>
> I know that this is not an error. But I want to exclude this log when
> the Zabbix server checks the port status of SQUID. Zabbix server does
> not use the SQUID as a proxy.
If you
ith.
HTH,
Alex.
> So we would have the IP already, and the hostname that was
> looked up already in the DNS cache, right? Why wouldn't squid just be
> able to reach in there, match the IP that DNS returned, and then pull
> that hostname out to compare against the ACLs?
>
>
ontrol the browser).
Alex.
> On Thu, Feb 25, 2021, 23:33 Alex Rousskov wrote:
>
> On 2/24/21 11:51 PM, Raj Nagar wrote:
>
> > I am using squid as forward proxy and want to restrict upload of files
> > larger than 1 MB. I have used following configuration for
>
On 2/25/21 2:07 PM, Justin Michael Schwartzbeck wrote:
> I have thus far used dstdomain acl for bypassing ssl bump on sites that
> we don't want to decrypt, like banking sites. It seems to work for some
> sites, but not for others.
Yes, many HTTPS transactions do not expose destination domain
On 2/24/21 11:51 PM, Raj Nagar wrote:
> I am using squid as forward proxy and want to restrict upload of files
> larger than 1 MB. I have used following configuration for
> same: *request_body_max_size 1 MB*.
> But this is not working for me and I am able to upload larger files.
> Can someone
On 2/24/21 10:45 AM, Señor J Onion wrote:
> I don’t understand why my code behaves differently when it is
> receiving the image for the first time, and when it is receiving the
> cached image.
What you see is a result of two bugs.
* An origin server bug: During the second transaction, when
essage-
> From: Alex Rousskov
> Sent: Tuesday, February 16, 2021 9:57 PM
> To: Eliezer Croitoru
> Cc: squid-users@lists.squid-cache.org
> Subject: Re: [squid-users] Started testing squid-6.0.0-20210204-r5f37a71ac
>
> On 2/16/21 2:40 AM, Eliezer Croitoru wrote:
>> Google ho
On 2/18/21 1:52 AM, John Zhu wrote:
> On 2/17/21, 10:28 PM, "Alex Rousskov" wrote:
>
> On 2/18/21 12:36 AM, John Zhu wrote:
>
> > I have a wired issue. I setup the Squid and ICAP. When ICAP (in
> > RespMod) sends response body (any file types, m
On 2/18/21 12:36 AM, John Zhu wrote:
> I have a wired issue. I setup the Squid and ICAP. When ICAP (in
> RespMod) sends response body (any file types, most of time are large
> size files) in a relative slow speed to squid, if the time elapses
> longer than 1 minute, the browser will close the
On 2/15/21 4:42 PM, Marek Greško wrote:
> Hello,
>
> most probably the problem is on the server side:
>
> openssl s_client -connect www.p-mat.sk:443 -tls1
> CONNECTED(0003)
> depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
> verify return:1
> depth=1 C = US, O = Let's Encrypt,
uidFaq/BugReporting#Debugging_a_single_transaction
Alex.
> -Original Message-
> From: Alex Rousskov
> Sent: Monday, February 15, 2021 9:03 PM
> To: Eliezer Croitoru ; squid-users@lists.squid-cache.org
> Subject: Re: [squid-users] Started testing squid-6.0.0-20210204-r5f37a71ac
&
On 2/16/21 2:29 AM, Kevin Shell wrote:
> What requirements are needed for smtps imaps pop3s nntps client programs
> to tunnel thru squid proxy?
If your Squid is a forward proxy, then those clients have to support
HTTP (and/or HTTPS) forward proxies. In other words, they should
establish a
etail/explain the problem
you are asking about.
Alex.
> -Original Message-
> From: Alex Rousskov
> Sent: Thursday, February 11, 2021 7:02 PM
> To: Eliezer Croitoru ; squid-users@lists.squid-cache.org
> Subject: Re: [squid-users] Started testing squid-6.0.0-20210204-r5f37a71ac
>
&g
On 2/12/21 5:44 AM, roee klinger wrote:
> I am trying to serve custom error pages in Squid 4.10, this is my
> squid.comf:
>
> error_directory /etc/squid/pages/
> icon_directory /etc/squid/pages/images/
> The custom error page loads, but the images are missing. In my HTML file
> I simply
On 2/12/21 4:31 AM, Vieri wrote:
> I've had a c-icap/squid failure and noticed that it was because my tmpfs on
> /var/tmp was full (12 GB).
>
> It was filled with files such as these:
>
> # lsof +D /var/tmp/
> COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
> c-icap 773
the general "What can we do about host forgery
errors?" question answered already. If you disagree with those answers,
we can discuss further, but, to make progress, you need to say
explicitly which answer you disagree with and why.
Alex.
> -Original Message-
> From: Al
On 2/7/21 12:47 PM, Eliezer Croitoru wrote:
> I move on to testing squid-6.0.0-20210204-r5f37a71ac
>
> Most of the issues I see are related to Host header forgery detection.
>
> I do see that the main issue with TLS is similar to:
>
> 2021/02/07 19:46:07 kid1| ERROR: failure while accepting a
On 2/9/21 11:35 AM, Chris wrote:
> This is what I'm seeing in peer_select in cache_log with 44,3 debug
> options:
Add (at least) "15,3" to your debug_options and then look for
getWeightedRoundRobinParent lines. Looking at mgr:server_list Cache
Manager page may also be useful.
> Does the
On 2/4/21 10:32 AM, Prem Chand wrote:
> I'm running SSL squid 5 on Centos 8 and I could see Cipher Suites order
> changes when I access the below website through Squid and without using
> squid I'm getting correct order.
>
> https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html
>
> I
sensitive data in shared tests and test configurations!
Thank you,
Alex.
> On Fri, Jan 29, 2021 at 8:57 PM Alex Rousskov wrote:
>
> On 1/29/21 12:56 PM, Milos Dodic wrote:
>
> > Here are the logs, but first to mention, from the server that is going
> > th
Stream.cc(267) sendStartOfMessage:
> HTTP Client REPLY:
> -
> HTTP/1.1 200 OK
> x-amz-id-2:
> z//C9o0g1wI5ep44MaSBbU7ptfDlvOjTZLIBYSpaI8+h8oxt607nyA9zumm8eEk+wTJb3jRD7wU=
> x-amz-request-id: A6E14CC59FE63894
> Date: Fri, 29 Jan 2021 17:42:33 GMT
> Last-Modified: Fri,
On 1/29/21 11:55 AM, Andrea Venturoli wrote:
> I see Squid connections to C-ICAP starting to time out:
> when the number of errors reach 10, Squid marks squidclamav service as
> "suspended".
> No big surprise.
IIRC, you did not disclose timeout suspicions before. This explanation
is news to me,
; <http://amazonaws.com>
>
> ssl_bump stare all
> ssl_bump bump allowed_https_sites
> ssl_bump terminate all
> On Tue, Jan 26, 2021 at 9:14 PM Alex Rousskov wrote:
>
> On 1/26/21 1:54 PM, Milos Dodic wrote:
>
> > when the test server goes for a pictur
an HTTP response, and whether to terminate a
TLS connection.
HTH,
Alex.
> -----Original Message-
> From: Alex Rousskov
> Sent: Wednesday, January 27, 2021 8:43 PM
> To: squid-users@lists.squid-cache.org
> Cc: Eliezer Croitoru
> Subject: Re: [squid-users] acl aclname server_cer
e server certificate
is still not yet available during that step.
* step3 is unreachable for a "splice" action because the only non-final
action during step2 is "stare". Starting precludes splicing.
HTH,
Alex.
> -Original Message-
> From: Alex Rousskov
&g
On 1/27/21 11:01 AM, Andrea Venturoli wrote:
>> 2021/01/04 14:24:24 kid1| suspending ICAP service for too many failures
>> 2021/01/04 14:24:24 kid1| essential ICAP service is suspended:
>> icap://127.0.0.1:1344/squidclamav [down,susp,fail11]
> This happens usually once a day, always at the same
rules and access log
records containing additional %error_code/%err_detail fields.
Alex.
> -Original Message-
> From: Alex Rousskov
> Sent: Tuesday, January 26, 2021 6:22 AM
> To: Eliezer Croitoru ; squid-users@lists.squid-cache.org
> Subject: Re: [squ
On 1/26/21 1:54 PM, Milos Dodic wrote:
> when the test server goes for a picture I have stored somewhere in
> the cloud, the squid access log shows "TCP_TUNNEL/200". But when I
> try from the proxy itself with squidclient tool, I get
> "TCP_MEM_HIT/200"
Given the very limited information you
On 1/25/21 6:03 AM, Eliezer Croitoru wrote:
> I'm trying to use:
> acl aclname server_cert_fingerprint [-sha1] fingerprint
>
>
> I have cerated the next file:
> /etc/squid/no-ssl-bump-server-fingerprint.list
>
> And trying to use the next line:
> acl NoBump_certificate_fingerprint
On 1/24/21 5:00 PM, Amos Jeffries wrote:
> On 25/01/21 10:42 am, Vieri wrote:
>>
>> After the assertion failure Squid tries to restart a few times
>> (assertion failures seen again) and finally exits.
>> A manual restart works, but I don't know for how long.
>>
>> The external script "bllookup" is
On 1/24/21 4:42 PM, Vieri wrote:
> 2021/01/24 13:18:13 kid1| helperHandleRead: unexpected reply on channel 0
> from bllookup #Hlpr21 '43 ERR message=[...]
> current master transaction: master65
> 2021/01/24 13:18:13 kid1| assertion failed: helper.cc:1066: "skip == 0 && eom
> == NULL"
>
On 1/22/21 3:10 PM, Walter H. wrote:
> https://www.ssllabs.com/ssltest/analyze.html?d=wiki.squid-cache.org
> there is an invalid certificate as the intermediate
FWIW, I see nothing marked as "invalid" on that page, even after
clicking on one of the two servers and expanding the "Certification
On 1/20/21 3:21 PM, John Zhu wrote:
> I implemented ICAP in java. I have questions regarding the “data
> trickling” to handle slow response for large file scanning from ICAP.
> 1) Java libraries available for data trickling at ICAP side, if any?
FWIW, implementing a production ICAP server from
On 1/16/21 7:52 AM, roee klinger wrote:
> I am using Squid to route users to different peers based on their
> usernames, I was asked to add support for IP whitelisting recently but I
> ran into an issue.
>
> If one IP wants to access to different peers, I will have to do it based
> on on the
On 1/18/21 12:45 PM, Eliezer Croitoru wrote:
> While testing 5.0.4 I am seeing this line:
>
> 1610991736.039 0 192.168.189.48 NONE_NONE/400 3798 CNT
> error:invalid-request - HIER_NONE/- text/html –
>
> What is the CNT means?
If you see CNT where the request method usually is, then these
501 - 600 of 1899 matches
Mail list logo