-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/10/2014 07:41 PM,
Marcus Kool wrote:
Indeed but setting debug_options to ALL,9 does not work since the
log file already is too big and unmanageable even before Squid
begins to do thing that consumes CPU time.
I have suggested a full one
Hi
We have connected 3.5.0.2-20141121-r13666 with Active Directory.
It seems where there are spaces in login account squid use only the last
argument.
For example for an account Jhon smith squid use smith only
For example for an account Dr Jhon smith squid use smith only
In 3.3.13 there is
Le 26/11/2014 11:27, Amos Jeffries a écrit :
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 24/11/2014 12:01 a.m., David Touzeau wrote:
Hi
We have connected 3.5.0.2-20141121-r13666 with Active Directory. It
seems where there are spaces in login account squid use only the
last argument
Le 30/11/2014 09:08, Amos Jeffries a écrit :
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 30/11/2014 12:52 a.m., David Touzeau wrote:
Le 26/11/2014 11:27, Amos Jeffries a écrit : On 24/11/2014 12:01
a.m., David Touzeau wrote:
Hi
We have connected 3.5.0.2-20141121-r13666 with Active
Hi the best...
We using Youtube For School by adding Headers in HTTP protocol
Since Youtube force everybody to use SSL, using Youtube For School
trough squid is not possible.
Sure using ssl-bump can do the trick but dealing with certificates on
students computers is very difficult.
Did
Hi all,
I need to force squid to cache some websites only for one hour ( no more)
did this refresh_pattern directive is able to answerto this need ?
What is the best refresh_pattern value to force a website to be cached
only for one hour ?
best regards
We encounter the same issue with Squid 3.5.5
using diskd limit crashes but access to web pages are freezed trough squid
Le 12/04/2015 16:55, Monah Baki a écrit :
Hi all,
Compiled squid 3.5.2 on CentOS 6.6 as follows:
$ ./configure --prefix=/home/cache --enable-follow-x-forwarded-for
Thanks Amos,
i will test it!!
Le 06/07/2015 19:09, Amos Jeffries a écrit :
On 7/07/2015 4:49 a.m., David Touzeau wrote:
Dear
I'm using 3.5.5-20150528-r13841
After this error, the kid crash
How can fix this issue ?
Please try 3.5.6. If the problem persists you will need to run Squid
under
Dear
I'm using 3.5.5-20150528-r13841
After this error, the kid crash
How can fix this issue ?
2015/06/12 08:37:22 kid1| BUG 3279: HTTP reply without Date:
2015/06/12 08:37:22 kid1| StoreEntry-key: 9A3B8E1EFB517CD386A1CBF13E477C5B
2015/06/12 08:37:22 kid1| StoreEntry-next: 0
2015/06/12 08:37:22
Hi,
Windows Active Directory server ( such as LDAP too) allow to create
account using space : Jhon MacDoo
When using NTLM/Kerberos and when logged with an account contains space,
Only the first part of the account is displayed and sent to helpers
If an user is called Jhon[space]MacDoo then
Dear
My certificate and my own Root CA's that are already installed on all
computers and need to use it in Squid.
using
The Certificate :
--
openssl x509 -subject -issuer -enddate -noout -in
Thanks Amos, i have removed the generate-host-certificates
http_port 0.0.0.0:3128 ssl-bump dynamic_cert_mem_cache_size=4MB
cert=/etc/squid3/ssl/chain.pem
But Squid still not want load the couple of Ca and certificate.
2015/07/27 10:16:30| Using certificate in
Your are right fred,
It is is a difficult deal for us too...
aufs - good speed but more troubles ( assertion failed, empty(), HTTP
reply without date unstable rock system ) and must deal with squid
crashes ( watchdog)
diskd - more stable but slower...
Le 15/07/2015 12:46, FredB a
Hi all
We receive this error in cache.log
assertion failed: store.cc:850: store_status == STORE_PENDING
Just after browser sends ERR_PROXY_CONNECTION_FAILED
What does it means ?
Best regards
___
squid-users mailing list
ans
we must restart squid.
Le 14/07/2015 09:55, Amos Jeffries a écrit :
On 14/07/2015 12:09 p.m., David Touzeau wrote:
Hi all
We receive this error in cache.log
assertion failed: store.cc:850: store_status == STORE_PENDING
Means the store code has some data in-transit for the client
Le 25/10/2015 09:01, Amos Jeffries a écrit :
On 25/10/2015 5:47 a.m., David Touzeau wrote:
auth_param ntlm program /usr/bin/ntlm_auth --domain=TOUZEAU.BIZ
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 20 startup=5 idle=3
auth_param ntlm keep_alive on
authenticate_ttl 14400
Hi all.
I'm testing squid 4.x with Active Directory connection.
When there are spaces in logged accounts eg : "Jhon Rambo" squid use
only the last string in logon user "Rambo".
This corrupted account is used in all ACLS and events too and all acls
matches Rambo and not "Jhon Rambo"
This
Hi
I'm testing the new 4.0.2 version..
Now i'm receive many errors like this in cache.log
Whats wrong ?
2015/11/07 00:33:16 kid1| ALE missing URL
2015/11/07 00:33:16 kid1| ALE missing adapted HttpRequest object
2015/11/07 00:33:16 kid1| ALE missing URL
2015/11/07 00:33:16 kid1| ALE missing
Hi Alex,
I'm using extra token %>ha{X-Forwarded-For} in helper configuration
Is it help ?
Le 07/11/2015 01:15, Alex Rousskov a écrit :
On 11/06/2015 04:36 PM, David Touzeau wrote:
Hi
I'm testing the new 4.0.2 version..
Now i'm receive many errors like this in cache.log
Whats wrong ?
2
Le 07/11/2015 15:07, Amos Jeffries a écrit :
On 7/11/2015 11:55 p.m., David Touzeau wrote:
Hi Alex,
I'm using extra token %>ha{X-Forwarded-For} in helper configuration
Is it help ?
Where you are using that ACL is also needed.
Amos
___
sq
Dear
I would like to share a strange behavior.
We have servers that stores Citrix application.
Each Citrix server run about 10 users/session
Each session execute browsers connected to squid 3.5.6 or 3.3.13.
After opening 10 tabs, browsers generates error about Connections broken
or
Hi all
We using Squid 3.5.6 in transparent mode with SSL
With the following settings:
acl ssl_step1 at_step SslBump1
acl ssl_step2 at_step SslBump2
acl ssl_step3 at_step SslBump3
ssl_bump peek ssl_step1
ssl_bump splice all
We have many entries TAG_NONE/ in access.log when accessing to
a écrit :
On 11/07/2015 9:23 p.m., David Touzeau wrote:
Hi all
We using Squid 3.5.6 in transparent mode with SSL
With the following settings:
acl ssl_step1 at_step SslBump1
acl ssl_step2 at_step SslBump2
acl ssl_step3 at_step SslBump3
ssl_bump peek ssl_step1
ssl_bump splice all
We have many
Squid* can surf trough Internet
and open unlimited tabs without any issue.
Le 08/07/2015 20:48, Yuri Voinov a écrit :
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Looks like TCP/IP stack level issue.
09.07.15 0:26, David Touzeau пишет:
Dear
I would like to share a strange behavior.
We
Many thanks Amos
With your suggests, we have found that the issue is generated by Palo
Alto Client for Citrix
https://live.paloaltonetworks.com/docs/DOC-1321
And not from SQUID...
Le 08/07/2015 23:26, Amos Jeffries a écrit :
On 9/07/2015 7:01 a.m., David Touzeau wrote:
Thanks Yuri,
Any
., David Touzeau wrote:
Thanks Yuri,
Any tips how to increase TCP/IP stack ?
Did you means TCP/IP stack on the Citrix Server side or on the squid
box or both ?
I'm thinking its a problem related to TCP sockets.
A rough estimate calculatino of:
10 users x10 tabs x20 avg domains per page x 2
Hi ikna
This can be done, but you need to forget the ufdbgclient and create
yourself a new one that is able to connect to the ufdbguard server in
order to get ufdbguard results.
In this case, you have with your code to replace the OK status=302
url= sent by ufdbguard server by OK
Dear
I'm using Squid Cache: Version 3.5.9-20150922-r13918 in transparent mode
with SSL hooked
In my config, i did not bump any site ( just to pass SSL protocol to
squid in transparent mode)
I'm trying to connect to https://raj2796.wordpress.com
In cache.log
2015/10/02 00:07:05 kid1|
Hi
Since the 3.5.x branch allows FTP gateway, is there any plan to support
transparent FTP proxy ?
Best regards
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Hi
It seems that squid is not able to save in cache objects from CloudFlare
websites.
Here it is the header information:
Connecting to 127.0.0.1:8182... connected.
Proxy request sent, awaiting response...
HTTP/1.1 200 OK
Date: Thu, 19 Nov 2015 18:03:31 GMT
Content-Type: image/png
Thanks Alex
Any ACLs tips to avoid these warning ? or just assume it's normal in this
situation... ?
-Message d'origine-
De : Alex Rousskov [mailto:rouss...@measurement-factory.com]
Envoyé : vendredi 13 mai 2016 00:40
À : squid-users@lists.squid-cache.org
Cc : David Touzeau <
-cache.org
Objet : Re: [squid-users] ACL is used in context without an HTTP response.
Assuming mismatch
On 13/05/2016 7:06 p.m., David Touzeau wrote:
> Thanks Alex
>
> Any ACLs tips to avoid these warning ? or just assume it's normal in this
> situation... ?
>
Yes and n
Hi
I did not want squid to log it's TCP_DENIED/407 when sending authentication
to browsers
I think this acl should work
acl CODE_TCP_DENIED http_status 407
access_log none CODE_TCP_DENIED
But squid claim :
2016/05/12 23:44:07 kid1| WARNING: CODE_TCP_DENIED ACL is used in
We have the same issue when upgrading to 3.5.16
3.5.16 -> squid take 100% CPU
Back to 3.5.13 -> 12% CPU
-Message d'origine-
De : squid-users [mailto:squid-users-boun...@lists.squid-cache.org] De la part
de Amos Jeffries
Envoyé : vendredi 15 avril 2016 13:23
À :
Hi
I'm using SSL transparent method :
https_port 0.0.0.0:53695 intercept disable-pmtu-discovery=transparent
name=MyPortNameID22 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB
cert=/etc/squid3/ssl/cb623e9bfc65772f68b84393604cd6ea.dyn
sslproxy_foreign_intermediate_certs
Same issue with https://www.digitalocean.com/
is somebody did not encounter the issue using Squid in transparent mode with
SSL ??
-Message d'origine-
De : squid-users [mailto:squid-users-boun...@lists.squid-cache.org] De la part
de David Touzeau
Envoyé : dimanche 22 janvier 2017 19:49
/2017 12:28 p.m., David Touzeau wrote:
> Same issue with https://www.digitalocean.com/ is somebody did not
> encounter the issue using Squid in transparent mode with SSL ??
>
The TLS / HTTP Senvironment is in the process of stabilizing, but still
quite volatile.
Since the error mes
This is a different log trace from David's.
Here Squid is setting up a TUNNEL to the clients original dst-IP,
successfully. Any TLS funky stuff going on for this transaction is done
directly between server and client. Squid's only involvement is to peek at
the Hello messages and record them for
-Message d'origine-
De : squid-users [mailto:squid-users-boun...@lists.squid-cache.org] De la part
de David Touzeau
Envoyé : mardi 24 janvier 2017 11:42
À : squid-users@lists.squid-cache.org
Objet : Re: [squid-users] [3.5.23]: mozilla.org failed using SSL transparent
On 17/11/2016 1:50 a.m., David Touzeau wrote:
>
>
> Hi,
>
> I have my own redirector and i want to play with the clt_conn_tag but
> i encounter some issues ( perhaps for misunderstanding )
>
> url_rewrite_program /usr/share/artica-postfix/filter.py
> url_rewrite_c
Hi,
I have my own redirector and i want to play with the clt_conn_tag but i
encounter some issues ( perhaps for misunderstanding )
url_rewrite_program /usr/share/artica-postfix/filter.py
url_rewrite_children 10 startup=1 idle=1 concurrency=4
url_rewrite_extras "%>a/%>A %un %>rm myip=%la
Hi
I have created an external helper that return OK a=note1
By adding tags in logs I see correctly that squid writes in log,
"a:%20note1"
But I cannot match this note in acls both test1 and test2 test3 not matches
the added tag
Acl test1 note a:note1
Acl test2 note a=note1
Acl test3
> I have created an external helper that return OK a=note1
>
> What is the correct line to retrieve the correct note ?
acl annotatedWithANote1 note a note1
http_access deny annotatedWithANote1
Alex.
> acl aclname note [-m[=delimiters]] name [value ...]
> # match transaction
Hi,
We need to use ident daemon in order to authenticate users.
Squid works fine when computers are directly connected to the proxy.
We have added HaProxy * * * Load-balancer * * * using *proxy_protocol*
between users and 2 Squid proxies
With the load balancer, squid want to query identd port
[help]
On 2017-01-06 22:12, David Touzeau wrote:
> Added in bugtrack
>
> http://bugs.squid-cache.org/show_bug.cgi?id=4657
>
>
> -Message d'origine-
> De : David Touzeau
>
> Hi,
>
> We need to use ident daemon in order to authenticate users.
>
> Squid
:42, David Touzeau wrote:
> Is there any way to disabling Cache digest without need to recompile
> squid ?
Hi,
Use "digest_generation off".
http://www.squid-cache.org/Doc/config/digest_generation/
Garri
___
squid-users mailing
using ssl-bump? --> No
Are you using it with multiple cores? --> Only one core
Can you attach the squid.conf( removing the confidential details) to this
email?
-Message d'origine-
De : Eliezer Croitoru [mailto:elie...@ngtech.co.il]
Envoyé : mardi 20 décembre 2016 14:30
À : 'David
SH_EXPIRES
2016/12/20 15:27:41.533 kid1| 71,6| store_digest.cc(288) storeDigestAdd:
storeDigestAdd: added entry, key: A1F5E4243AA2BD14C147D180CBD5022F
-Message d'origine-
De : Eliezer Croitoru [mailto:elie...@ngtech.co.il]
Envoyé : mardi 20 décembre 2016 14:30
À : 'David Touzeau' <d
Hi
I'm using the 3.5.23, each hour, the proxy port did not respond for 3 to 10
minutes.
During the freeze have made a -k debug to see whats happening.
Here a piece of log of the log during the freeze:
Is there something relevant ?:
2016/12/20 12:09:09.072 kid1| 71,6| store_digest.cc(226)
ponsor on it... >>
-Message d'origine-
De : squid-users [mailto:squid-users-boun...@lists.squid-cache.org] De la
part de Amos Jeffries
Envoyé : lundi 19 décembre 2016 13:20
À : squid-users@lists.squid-cache.org
Objet : Re: [squid-users] cache_peer and PROXY protocol
On 20/12/2016 12:44 a.m., David T
Hi
Squid accept "Proxy protocol" in http_port, is there a chance to see "PROXY
Protocol" supported in cache_peer if you need to link 2 squid ?
Best regards.
___
squid-users mailing list
squid-users@lists.squid-cache.org
Hi Alex,
Is there any way to disabling Cache digest without need to recompile squid ?
-Message d'origine-
De : Alex Rousskov [mailto:rouss...@measurement-factory.com]
Envoyé : mardi 20 décembre 2016 17:21
À : squid-users@lists.squid-cache.org
Cc : David Touzeau <da...@articatech.
Hi,
I'm unable to access to https://www.boutique.afnor.org website.
I would like to know if this issue cannot be fixed and must deny bump
website to fix it.
Without Squid the website is correctly displayed
Squid claim an error page with "(71) Protocol error (TLS code:
SQUID_ERR_SSL_HANDSHAKE)"
@lists.squid-cache.org
Objet : Re: [squid-users] 3.5.25: (71) Protocol error (TLS code:
SQUID_ERR_SSL_HANDSHAKE)
Look. It can be intermediate certificates issue.
Does Squid have Symantec intermediate certificates?
27.04.2017 22:47, David Touzeau пишет:
> Hi,
> I'm unable to access to
you do not need to add any intermediate certificates to system storage -
> site seems to be sending the whole chain as it should...
>
> BUT the overall site SSL rating is so bad..
>
> Raf
>
> -Original Message-
> From: squid-users [mailto:squid-users-boun...@lists.sq
Voinov [mailto:yvoi...@gmail.com]
Envoyé : jeudi 27 avril 2017 23:26
À : David Touzeau <da...@articatech.com>; squid-users@lists.squid-cache.org
Objet : Re: [squid-users] 3.5.25: (71) Protocol error (TLS code:
SQUID_ERR_SSL_HANDSHAKE)
Be careful with intermediate CA's you grabbed.
: jeudi 27 avril 2017 22:52
À : David Touzeau <da...@articatech.com>; squid-users@lists.squid-cache.org
Objet : Re: [squid-users] 3.5.25: (71) Protocol error (TLS code:
SQUID_ERR_SSL_HANDSHAKE)
Squid can't have any intermediate certificates. As by as root CA's.
You can u
Thanks Amos for the tips.
The error was a python helper that works on 3.5 but freeze on v4.
Forward code to php fix the issue
Thanks again !
___
squid-users mailing list
squid-users@lists.squid-cache.org
Hi,
I have written my own url_rewrite helper
On SSL sites, the helper answering a redirect to a remote denied php page.
With HTTP, no issue but on SSL there is a different behavior
My helper return
rewrite-url= https://192.168.1.122:443/myguard.php?rule-id=0
sers] v4.2 url_rewrite Uri.cc line 371 bad URL parsing on
SSL
On 16/08/18 11:58, David Touzeau wrote:
> Hi,
>
>
>
> I have written my own url_rewrite helper
>
>
>
> On SSL sites, the helper answering a redirect to a remote denied php page.
>
No your helper *rew
Hi
Hi,
Ipv6 is not enabled on this Debian 9 system.
sysctl -a |grep ipv6|grep disable
sysctl: reading key "net.ipv6.conf.all.stable_secret"
sysctl: reading key "net.ipv6.conf.default.stable_secret"
sysctl: reading key "net.ipv6.conf.eth0.stable_secret"
11:40, David Touzeau wrote:
> Hi
>
>
>
> Hi,
>
>
>
> Ipv6 is not enabled on this Debian 9 system.
>
Nod. That would be why is cannot open IPv6 sockets.
Squid is designed to comply with RFC 6540 (aka BCP 177), and to assume the
machine it is running on als
Hi
We have 2 ways to make the squid in < transparent mode. >
The standard Transparent method and (with modern kernels) the use of <
Tproxy > method
I would like to know which is the best according to the performance ?
Or is it the same ?
Best regards.
an
Tproxy...
But you confirm that this is not relevant...
Best regards,
-Message d'origine-
De : squid-users De la part de Amos
Jeffries
Envoyé : samedi 1 septembre 2018 17:07
À : squid-users@lists.squid-cache.org
Objet : Re: [squid-users] Transparent vs Tproxy: performance ?
On 1/09/18 9:33 PM, David To
Notice, it appears on both http/https ports, not only SSL
De : squid-users [mailto:squid-users-boun...@lists.squid-cache.org] De la
part de David Touzeau
Envoyé : lundi 22 janvier 2018 23:39
À : squid-users@lists.squid-cache.org
Objet : [squid-users] v4.0.22 error:transaction-end-before
Hi
I'm using Squid Cache: Version 4.0.22 in transparent method
After several times the SSL port going into < freeze mode > and write in
logs
1516660011.849 00 192.168.1.214 NONE/000 0 NONE
error:transaction-end-before-headers -
Doing a squid -k reconfigure release all freeze
Notice, it appears on both http/https ports
Transparent Ports are freezing each 10 minutes.
I mention that in normal port there is no issue, the issue can be generated
only on transparent mode.
De : squid-users [mailto:squid-users-boun...@lists.squid-cache.org] De la
part de David
Hi all
Did anyone have encountered and fixed this issue :
Make failed with the following error :
/bin/bash ../../libtool --tag=CXX --mode=compile g++ -DHAVE_CONFIG_H
-I../.. -I../../include -I../../lib -I../../src -I../../include -isystem
/usr/include/mit-krb5
-Message d'origine-
De : squid-users [mailto:squid-users-boun...@lists.squid-cache.org] De la
part de Amos Jeffries
Envoyé : mercredi 24 janvier 2018 01:21
À : squid-users@lists.squid-cache.org
Objet : Re: [squid-users] 3.5.27: Compilation failed CRYPTO_LOCK_X509 on
Debian 9
Squid-3 on
Le 01/04/2019 à 23:22, Alex Rousskov a écrit :
On 4/1/19 3:17 AM, David Touzeau wrote:
On 30.03.19 10:22, David Touzeau wrote:
* Debian 9 net install + Squid compiled
* CentOS 7 minimal + Squid compiled
Same version, same compilation parameters, same Squid settings.
It seems that Squid
Le 02/04/2019 à 07:43, L A Walsh a écrit :
On 4/1/2019 2:17 AM, David Touzeau wrote:
We have recompiled same squid version on 2 systems
https://github.com/dtouzeau/1.6.x/blob/Tempfiles/centos7-config.log?raw=true
---
Result was CentOS 44
Le 02/04/2019 à 18:06, Alex Rousskov a écrit :
On 4/2/19 1:23 AM, David Touzeau wrote:
Le 01/04/2019 à 23:22, Alex Rousskov a écrit :
Do your Squids use shared memory for the memory cache? See
memory_cache_shared (even if you do not set it explicitly).
http://www.squid-cache.org/Doc/config
Hi all,
Did you have perform squid stress on Debian against CentOS ?
I have installed:
* Debian 9 net install + Squid compiled
* CentOS 7 minimal + Squid compiled
Same version, same compilation parameters, same Squid settings.
It seems that Squid on CentOS is 10 times faster than squid on
On 30.03.19 10:22, David Touzeau wrote:
Did you have perform squid stress on Debian against CentOS ?
I have installed:
* Debian 9 net install + Squid compiled
* CentOS 7 minimal + Squid compiled
Same version, same compilation parameters, same Squid settings.
It seems that Squid on CentOS
Le 01/04/2019 à 00:23, David Touzeau a écrit :
Le 31/03/2019 à 05:50, Amos Jeffries a écrit :
On 31/03/19 3:41 am, David Touzeau wrote:
On 30.03.19 10:22, David Touzeau wrote:
Did you have perform squid stress on Debian against CentOS ?
I have installed:
* Debian 9 net install + Squid
Le 31/03/2019 à 05:50, Amos Jeffries a écrit :
On 31/03/19 3:41 am, David Touzeau wrote:
On 30.03.19 10:22, David Touzeau wrote:
Did you have perform squid stress on Debian against CentOS ?
I have installed:
* Debian 9 net install + Squid compiled
* CentOS 7 minimal + Squid compiled
Same
ers] squid 4.x: decided: do not cache but share because
the entry has been released
On 2/23/19 10:17 AM, Amos Jeffries wrote:
> On 24/02/19 5:33 am, David Touzeau wrote:
>> http.cc(982) haveParsedReplyHeaders: decided: do not cache but share
>> because the entry has been released;
] Squid 4.x: cache_peer PROXY_PROTOCOL support with
squid parents
On 23/02/19 2:45 am, David Touzeau wrote:
> Hi,
>
>
>
> We would like to use this infrastructure:
>
>
>
> Squid-cache client authentication 1
>
>
>| > Squid Parent with
Hi
I'm trying to store in cache an Internet file
Run the squid in debug mode says:
http.cc(982) haveParsedReplyHeaders: decided: do not cache but share because
the entry has been released; HTTP status 200
What "but share because the entry has been released" event means ?
Hi
Is it possible, sometimes to better understand a bunch of ACLs to log
the last matches or a set of matched acls objects:
example
192.168.1.235 - - [15/Apr/2019:15:59:30 +0200] "GET
http://www.msftncsi.com/ncsi.txt HTTP/1.1" 200 211 "-" "curl/7.52.1"
TCP_MISS:HIER_DIRECT text/plain
Le 02/04/2019 à 10:39, Amos Jeffries a écrit :
On 2/04/19 8:53 pm, L.P.H. van Belle wrote:
I suggest start compairing the logs you posted, the builds are really different.
Differences in
- kernel
- needed packages
- build paramaters due to missing or different packages.
Etc.
Just diff you
Le 15/04/2019 à 22:41, Alex Rousskov a écrit :
On 4/15/19 8:01 AM, David Touzeau wrote:
Is it possible, sometimes to better understand a bunch of ACLs to log
the last matches or a set of matched acls objects:
192.168.1.235 - - [15/Apr/2019:15:59:30 +0200] "GET
http://www.msftncsi.com/ncs
Hi
Is Squid handle TCP Fast open on modern kernel ?
Has anyone tried to implement this directive and noticed a performance
improvement ?
Best regards.
___
squid-users mailing list
squid-users@lists.squid-cache.org
Hi, i'm trying to play with acl "server_cert_fingerprint" for splicing
websites.
First, get the fingerprint :
openssl s_client -host www.clubic.com -port 443 2> /dev/null | openssl
x509 -fingerprint -noout
# Build the acl
acl TestFinger server_cert_fingerprint
Hi we want to use squid as * * * Secure Proxy * * * using https_port
We have tested major browsers and it seems working good.
To make it work, we need to deploy the proxy certificate on all browsers
to make the secure connection running.
In this case, squid forward requests without
TestFinger
ssl_bump stare ssl_step2 all
ssl_bump bump all
But no luck, website still decrypted.
Le 13/05/2020 à 21:33, Alex Rousskov a écrit :
On 5/12/20 7:42 AM, David Touzeau wrote:
ssl_bump peek ssl_step1
ssl_bump splice TestFinger
ssl_bump stare ssl_step2 all
ssl_bump bump all
Seems TestFinger
Thanks for the answer details
How to be a sponsor ? ( cost ) of such feature
Could you think it can be planned for 5.x ?
I think it should be a "future" "standard" in the same way of DNS over SSL
Le 19/05/2020 à 16:46, Alex Rousskov a écrit :
On 18/05/20 10:15 am, David T
Thanks Amos
You means using "login=PASS" in peer settings and in Proxy parent B and
C use the "basic_fake_auth" helper to "simulate" the requested auth ?
Le 17/11/2020 à 11:43, Amos Jeffries a écrit :
On 17/11/20 9:27 pm, David Touzeau wrote:
Hi,
W
Hi,
We a first Squid using Kerberos + Active Directory authentication.
This first squid is used to limit access using ACls and Active Directory
groups.
This first squid using parents as peer in order to access to internet in
this way:
| > SQUID B
When having several *_access http_access,reply_access...
In a stressed environment, it is difficult to hunt an issue or a wrong rule.
The debug mode is impossible because the proxy in production mode write too
many logs..
But if we can identify the rule and add pointer to the log, it is
/squid.pid'
'--with-swapdir=/var/cache/squid' 'build_alias=x86_64-linux-gnu'
Le 14/01/2021 à 05:43, Amos Jeffries a écrit :
On 14/01/21 3:17 am, David Touzeau wrote:
Hi
This error is generated every 15 minutes when using any authenticator
helper (ntlm, kerberos...)
Is there a way to investigate
Hi
This error is generated every 15 minutes when using any authenticator
helper (ntlm, kerberos...)
Is there a way to investigate on this issue ?
kidxx| WARNING: no_suid: setuid(0): (1) Operation not permitted
Sometimes, after rebooting the system, issue is fixed for an
undetermined
Hi Eiezer,
I can help you by giving a list but
Just by using "main domains":
* Banking/transcations : 27 646 websites.
* AV sofwtare and updates sites (fw, routers...) : 133 295 websites
I can give it to you the lists , they are incomplete and it should
decrease squid performance by
Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: ngtech1...@gmail.com <mailto:ngtech1...@gmail.com>
Zoom: Coming soon
*From:*squid-users *On
Behalf Of *David Touzeau
*Sent:* Monday, January 4, 2021 10:23 AM
*To:* squid-users@lists.squid-cache.org
*Subject:* Re: [squid-user
Support
Mobile: +972-5-28704261
Email: ngtech1...@gmail.com <mailto:ngtech1...@gmail.com>
Zoom: Coming soon
*From:*David Touzeau
*Sent:* Monday, January 4, 2021 3:25 PM
*To:* ngtech1...@gmail.com; squid-users@lists.squid-cache.org
*Subject:* Re: [squid-users] PCI Certification compliance
Hi, regulary i have this error :
2021/02/28 01:18:43 kid1| helperOpenServers: Starting 5/32
'security_file_certgen' processes
2021/02/28 01:18:43 kid1| WARNING: no_suid: setuid(0): (1) Operation not
permitted
i have set the setuid permission
chown root:squid security_file_certgen
chmod
ml
Many users says there is no impact on helpers and performance as it is
just a warning...
Did you confirm it ?
Le 28/02/2021 à 01:58, Alex Rousskov a écrit :
On 2/27/21 7:22 PM, David Touzeau wrote:
Hi, regulary i have this error :
2021/02/28 01:18:43 kid1| helperOpenSe
0922
Tel (Intl) : +44 1305 898033
https://www.lubefinder.com
*From:* squid-users on
behalf of David Touzeau
*Sent:* Wednesday, September 15, 2021 11:40:04 AM
*To:* squid-users@lists.squid-cache.org
*Subject:* [squid
:
On 16/09/21 10:09 pm, David Touzeau wrote:
Hi comunity, Squid fans
I would like to use an external acl process for Geoip processing
i have tried to setup squid to send the remote peer address using %code but it always reply with a "-"
external_acl_type MyGeopip ttl=3600 negativ
Thanks, i will try in this way
Le 16/09/2021 à 21:03, Alex Rousskov a écrit :
On 9/16/21 2:52 PM, David Touzeau wrote:
It is true that it would be possible to use an external_acl in the
http_reply_access.
Do you think that adding it in this position I would be able to use
squid's resolution
1 - 100 of 165 matches
Mail list logo