Hey Dan,
The basic rule of thumb in programming lands is script vs compiled code.
Where compiled code can be considered very reliable and in most cases
tested much more then scripts.
I am fearing that there is some race between all sorts of things on
runtime which might lead to this failed
the
result twice to alter the EXT_LOG and then have the result cached against the
altered EXT_LOG.
Cheers
Dan
On 11 Feb 2015, at 11:09 pm, Eliezer Croitoru elie...@ngtech.co.il wrote:
Hey Dan,
First I must admit that this squid.conf is quite complicated but kind of self
explanatory.
I have
Hey Anna,
Thanks for the links and the detailed comments and thoughts.
In most cases I am not a friend of countering others if not really needed.
I have yet to implement VARNISH or ATS in production and the blame for
this is strictly on me since I am a bit spoiled and a learning curve is
not
Hey,
There are couple ways to look at authentication and some would sometimes
trade authorization to authentication and vise versa.
In some environments there is a mix of both terms which is required to
build a logical service unit.
I do not have all my archives but I remember that someone
Hey Yuri,
I would try first ps -aux just to find out if this is the right way to
use ps in solaris.
If it works show me the details first and we will see what to do next.
Eliezer
On 16/02/2015 18:37, Yuri Voinov wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yes.
root @ cthulhu /
On 16/02/2015 17:27, Yuri Voinov wrote:
root @ cthulhu / # top -n 1 -b
last pid: 43244; load avg: 0.06, 0.07, 0.07; up 7+22:16:44
21:27:15
62 processes: 61 sleeping, 1 on cpu
CPU states: 99.3% idle, 0.5% user, 0.2% kernel, 0.0% iowait, 0.0% swap
Kernel: 510 ctxsw, 4 trap, 754 intr,
On 16/02/2015 21:10, Yuri Voinov wrote:
root @ cthulhu / # ps -e
Yuri,
Can you find the right ps command that will include user and memory
usage by each process?
Thanks,
Eliezer
___
squid-users mailing list
squid-users@lists.squid-cache.org
Hey Yuri,
I looked eventually at Solaris 11 man pages at:
http://docs.oracle.com/cd/E26502_01/html/E29030/ps-1.html#scrolltoc
Just to be sure the next command would run:
ps -e
There is no subject to the discussion yet since the issue is yet to be
defined as an issue.
You mentioned Android
Hey Yuri,
You missed the whole point.
I didn't wanted you to grep any output.
I wanted to see the whole server process list as a whole to understand
the issue you see.
If you see the server only with grep you might missing something since I
have yet to see your server do any swap what so ever
Hey,
Squid and any other HTTP proxy cannot support basic authentication when
it is being used as an intercept proxy.
The only options to do such a thing is to use some kind of a captive
portal or an external network system which will identify the user
directly in a webserver or another way
Hey Yuri,
There are couple sides and side-effects to the issue you describe.
If it's OK with you I will for a sec look aside squid and the helpers
code to another issue in Computer Science.
Let say we are running some server\software which it's purpose is to
calculate the distance from point
Hey Yuri,
OK I have seen something...
Now we might need also the virtual memory which might be vsz.
And the cachemgr output is not from squidview..
The last image I have seen from cachemgr was much helpful(with 10 helpers).
From what I have seen until now squidGuard uses about 13 MB of ram
On 16/02/2015 15:23, Yuri Voinov wrote:
http://i58.tinypic.com/rsqwxh.png
0 shutting down. Always.
During nights and weekends.
Are you talking about these 10? I am unsure I understand the issue
yet..(I need to understand a bit more), is this the situation which
stays forever?
Eliezer
Hey,
There are couple things to consider while using multiple IPs for the
same network\user.
It is possible to do what you want in the OS level and in a way using squid.
You should consider first what is the exact effect you want\need and if
it can meet reality in usability level.
It is not
On 15/02/2015 23:36, Alan Palmer wrote:
I'm trying to get squid 3.4.11 on openbsd 5.6 to act as a transparent
ssl proxy.
I've rebuilt squid with --enable-ssl-crtd, generated my own self signed
cert (ala http://www.akadia.com/services/ssh_test_certificate.html) and
have the following config
On 11/02/2015 12:17, Yuri Voinov wrote:
Fred, this is no matter. Millions of files can remove with one piped
command:
*find . |xargs rm
:)
*
And it should be used wisely!
Any recommendation to run rm should take in account that the rm can in a
way wipe out files which you might not
On 05/02/2015 11:17, FredB wrote:
Squid Cache: Version 3.5.1-20150201-r13744
Service Name: squid
configure options: '--build=x86_64-linux-gnu' '--prefix=/'
'--includedir=${prefix}/include' '--mandir=${prefix}/share/man'
'--infodir=${prefix}/share/info' '--sysconfdir=/etc'
Hey Dan,
First I must admit that this squid.conf is quite complicated but kind of
self explanatory.
I have tried to understand the next lines:
# File size (download) restrictions
acl response_size_100 external response_size_type 100 192.168.0.10
http_access allow response_size_100
On 08/02/2015 01:32, Alfredo Rezinovsky wrote:
Specially in servers with 6 workers and 6 cache discs (Each worker has a
cache_dir in each disc for IO balancing)
What cache_dir settings are you using there?
Eliezer
___
squid-users mailing list
Hey Stefano,
Can you get some access.log output from the time the issue appears\happens?
Eliezer
On 06/02/2015 15:01, Stefano Ansaloni wrote:
Tested with icap disabled: the issue still there.
___
squid-users mailing list
Hey Omid,
Before buying any NAS or SAN solution you will need to take in account
couple things.
Squid has an in memory objects index which requires ram and reduces the
amount of in memory objects you can store.
You will need to first verify that your current machine memory usage can
allow you
Is it happening on all websites? or a specific one?
I am using 3.4.11 for most of my daily uses now.
In order to reproduce it I will need the OS and version, and if I assume
it is a self compiled so the squid -v details.
Eliezer
On 04/02/2015 12:22, FredB wrote:
I have some issue with
Hey Omid,
I do not have benchmarks.
I was actually in the past looking at GlusterFS and NFS for couple purposes.
The Gigabit and 10Gb have their difference.
The main big thing is that a simple SATA\SAS jack\connector\port
supports up to 6Gb and in most cases the machine will not utilize even
Hey Rich,
I am yet unsure about the issue you are having and even if squid 3.3.8
is not the latest most of these sites should work fine for you throw squid.
I believe that this is the place where we can take a look at the squid
access.log output while surfing to understand the issue better.
If
Hey Anton,
If you use https_port with ssl certificate it will be for one of two
options:
- interception of ssl traffic
- reverse proxy with ssl
For both cases the connection between the server and the client in the
end will be encrypted while non of them is in a forward proxy mode and
there
On 03/02/2015 17:14, Anton Radkevich wrote:
so just to be clear the connection flow will look like:
browser Encrypted Tunnel Server HTTP or HTTPS connection Destination
where Encrypted Tunnel is probably some form of HTTPS connection for
support with the browser PAC
Hey Anton,
Squid do not
Hey Steve,
On what OS are you running squid? is it self compiled one?
Eliezer
On 02/02/2015 14:09, Steve Hill wrote:
I'm pretty sure this is incorrect - I'm running Squid 3.4 without
ssl_crtd, configured to bump server-first. The cert= parameter to the
http_port line points at a CA
Hey Raju,
For how many users?
Eliezer
On 02/02/2015 06:27, Raju M K wrote:
Need squid Authentication syntax for local users in Windows 7/8 workgroup
Presently using squid 2.7 stable 8
-- Regards, M K Raju.
___
squid-users mailing list
Hey Dan,
Just to get around the environment, can you share your
squid.conf?(censuring confidential data)
Thanks,
Eliezer
On 02/02/2015 01:14, Dan Charlesworth wrote:
Bumping this one for the new year 'cause I still don't understand squid
traces and because it's still happening with v3.4.11.
Hey Bobby,
It is not true.
Squid3 in debian is newer then 3.1 as far as I remember and if it's not
in the main repos then use the backports for it.
It is recommended that you will use a newer version of squid.
If for your environment 3.1 works fine then I guess you can say that it
works and
Hey Daniel,
If it was not mentioned anywhere else then this thread is the place:
CentOS 7 packages are in the Testing phase and will might not be stable
enough for production.
If you may look at the RPMs my packaging of squid is a bit different
then the mainstream.
One of the main differences
On 21/01/2015 11:21, Steve Hill wrote:
but not using ssl_crtd
What are using if not ssl_crtd?
Eliezer
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
On 20/01/2015 21:39, Odhiambo Washington wrote:
I know this. I was just mentioning. I think I believe Yuri that IPFilter
isn't in FreeBSD.
I think I am going to have to suck it in, because I am happy with it in
many servers, working nicely with Squid.
Hey,
From the FreeBSD handbook a list of
On 19/01/2015 15:56, HackXBack wrote:
after upgrading to 3.5.1 i have bug
BUG 3279: HTTP reply without Date
how to solve it ??
To make sure I understand the issue:
Is it crashing squid? or just shows a warning in the logs?
Thanks,
Eliezer
___
Hey Christopher,
The email looks a bit messy and so I and I assume others couldn't
understand it.
You can paste the config file content at:
http://pastie.org/
And please first describe the issue and later add more technical data
such as config and dumps.
All The Bests,
Eliezer
On
Hey,
Since you provided the pac file I had the chance to convert it into a
more suitable format to my flavor.
Can you try the wpad file at:
http://www1.ngtech.co.il/tests/wpad.dat
Eliezer
On 13/01/2015 06:22, Simon Dcunha wrote:
Dear Sarfraz,
appreciate your immediate reply
Heres attached
Can you try to use openssl s_client?
an exapmple:
openssl s_client -connect facebook.com:443
Eliezer
On 12/01/2015 11:41, HackXBack wrote:
hello,
according to this chapter
http://wiki.squid-cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate
i bought signed certificate
but no one
Are you using the command with facebook.com???
You should use your own server...
Eliezer
On 12/01/2015 13:02, HackXBack wrote:
openssl s_client -connect facebook.com:443 -CApath /var/squid/ssl_db/certs
CONNECTED(0003)
depth=2 C = US, O = DigiCert Inc, OU =www.digicert.com, CN = DigiCert
Just to make sure I understand it right.
The certificate is for a reverse proxy?
Eliezer
On 12/01/2015 11:41, HackXBack wrote:
hello,
according to this chapter
http://wiki.squid-cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate
i bought signed certificate
but no one accept rsa:1024
Hey,
This is not a reverse proxy...
It's a ssl-bump server and which you cannot use any bought certificate
for it.
Eliezer
On 12/01/2015 13:20, HackXBack wrote:
https_port 3127 intercept ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/CA.pem
Hey hack,
From the comments in the past I am unsure what you are after...
If you are using ssl-bump you should first learn about how ssl works and
about the differences between encrypted traffic to verification of a
public key.
I must admit that these topic are not marked as an easy one.
Hey,
Did you had the chance to see this page:
http://findproxyforurl.com/example-pac-file/
Eliezer
On 13/01/2015 06:22, Simon Dcunha wrote:
Dear Sarfraz,
appreciate your immediate reply
Heres attached is my pac file
i am accessing the 10.101.101.10 server
regards
simon
Hey Steve,
First of all thanks for all the notes.
You made it possible to look at the bug before I understood how to
reproduce it.
I would like for the record to make sure we can reproduce it just for
the tests list that I will add later to newer releases.
Can you give me the details about
Hey (Is it Jerome? or Vernet?),
Is there a chance you can test it with a newer version of squid?
What OS are you using?
Can you share your squid.conf?
Eliezer
On 06/01/2015 14:38, Vernet Jerome wrote:
Hi,
Since yesterday, my Squid cache.log grow very fast, about 250Mb per hour. Lot
of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/05/2015 05:18 PM, Yuri Voinov wrote:
We haven't filtering non_HTTP over port-443. Just recognize and
pass.
So let's separate security which is one of the goals of squid and
which some like and other don't.
For now squid 3.4 is stable and 3.5
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey Steve,
Can you share the squid -v output and the OS you are using?
Eliezer
On 01/05/2015 06:29 PM, Steve Hill wrote:
On 10.12.14 17:09, Amos Jeffries wrote:
I'm looking for advice on figuring out what is causing
intermittent high CPU
it as the source.
If you can add the new details about the issue in the bug report it
will help a lot.
Eliezer
On 01/05/2015 07:48 PM, Steve Hill wrote:
On 05.01.15 16:35, Eliezer Croitoru wrote:
Can you share the squid -v output and the OS you are using?
Scientific Linux 6.6, see below for the squid -v
but... a NFQUEUE helper that can verify if to
FORWARD or BUMP the connection would be a better suited solution to my
opinion.
All The Bests,
Eliezer Croitoru
On 01/05/2015 03:07 AM, Douglas Davenport wrote:
Seems to me it would be more useful as an external ACL so that a
decision could be made based
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/26/2014 02:22 PM, HackXBack wrote:
Hello squid , after using 3.5.0.4 on fresh debian system i see many
errors in cache.log
Hey There,
(leaving aside these errors)
As a part of a cache proxy integration I am generally recommending to
do it in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/24/2014 01:52 PM, HackXBack wrote:
the problem is not from my squid.conf because i try minimal
squid.conf with https and the same problems
Hey,
A minimal squid and https interception or bumping doesn't stand in the
same place.
A minimal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/24/2014 02:42 AM, HackXBack wrote:
so now we have 2 bug 1st one : when upgrading from 3.4.x to 3.5.0.4
squid crash and always restart automatically 2nd one : browsing on
https slow = packet dropped and stop loading until refresh in 3.4.x
and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey Derek,
To verify that these boxes has the same settings I would start running
the basic_data.sh script at:
http://www1.ngtech.co.il/squid/basic_data.sh
This script will might find the culprit with the issue pretty fast.
I assume you have used
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/23/2014 12:26 AM, Derek Cole wrote:
Hello,
Yes it is true I am using the RPM repository to do the install. I
have downloaded your script and I will see if I can find any
differences that may be the culprit. In the meantime I thought I
may
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/23/2014 12:49 AM, Derek Cole wrote:
Ok - thanks for saving me from chasing that issue down.
I am not currently using selinux:
Then make sure that selinux is on not on enforced mode and if so the
issue might be because of a missing directory
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OK Amos gave you a suggestion which will cover everything but from
reading the squid.conf I would first try to understand:
What do you want squid to do for you?
You need to remove the all acl line and change the http_port from
what it is to the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey Alex,
I am not sure what you mean by your question.
I am using latest 6.6 as a build node and am trying to use the most
up-to-date CentOS version and libs.
Downsides? If someone has a 6.5 or older 6 branch system without
enough updates to work
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
If you have access to the apache server it's very simple to remove the
headers.
I do have a question about the docs:
http://www.squid-cache.org/Versions/v3/3.4/cfgman/reply_header_access.html
Will the reply_header_access will affect the stored cache
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
If you have access to the apache server it's very simple to remove the
headers.
I do have a question about the docs:
http://www.squid-cache.org/Versions/v3/3.4/cfgman/reply_header_access.html
Will the reply_header_access will affect the stored cache
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/11/2014 05:41 PM, Siva Prakash wrote:
Squid configuration - For authentication, it is integrated with AD
and lots of ACLs(1000) to block sites.
Hey,
The acls should not be too much of an effect unless they are binded to
an external helper.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey Glen,
Since openssls_client is showing you this error I assume squid
received the same response.
We do need to verify why the connection is being hangs.
For now it seems like not 100% squid related issue.
Eliezer
On 12/09/2014 01:57 AM,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/10/2014 09:25 PM, HaxNobody wrote:
The proxy runs on Linux (Ubuntu, I believe), and I'm doing my
testing from multiple browsers on Windows 8.1. I have been unable
to find a way to use openssl s_client via a proxy, although I was
able to run
for the public list.
Eliezer Croitoru
On 12/08/2014 01:30 PM, Stakres wrote:
Hi All,
New build 2.05
https://sourceforge.net/projects/squidvideosbooster
- New option -g to enable the Global Generic Patterns acting
with not-yet identified websites. This option will do its best to
de-duplicate all
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The answer to your question can be answered by ldd
##START
$ ldd ut-squidbooster
linux-vdso.so.1 = (0x7fffc5e0)
libdl.so.2 = /lib/x86_64-linux-gnu/libdl.so.2 (0x7f176d3f)
libm.so.6 =
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey Glenn,
I noticed that in the mean while you have upgraded the system to
latest 3.4.9 stable.
As Amos mentioned there are couple options about the tunneling issues.
I am unsure about the issue since in my environment squid seems to not
have any
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/24/2014 10:06 PM, Jason Haar wrote:
I think you are confusing proxy authentication with WPAD/PAC files.
WPAD knows nothing about proxy authentication: browsers do
ie you use WPAD to tell browsers where/if they need to use a proxy
and under
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I do know that pac files contains some form of JS and in the past I
have seen couple complex PAC files but unsure about the options.
I want to know if a PAC file can be used for
Authentication\Authorization, maybe even working against another
external
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/24/2014 03:24 PM, Kinkie wrote:
But what if multiple users share the same IP (e.g. Citrix, X11)?
This is another situation which requires authentication...
Two users can use the same pac files and be authorized as another
user(a regular forward
research about it.
All The Bests,
Eliezer Croitoru
On 11/24/2014 10:42 PM, James Harper wrote:
Seems like the sort of thing you could test with a minimum of
effort...
James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQEcBAEBAgAGBQJUc7NcAAoJENxnfXtQ8ZQUb0AH/j1b5RjHNRDVWrLyaItl0Xh0
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey Frank,
To understand the issue better I am missing couple things.
I filtered the squid.conf (which is a basic thing to do) and the
content can be seen here:
http://www1.ngtech.co.il/paste/1216/
It seems like you do not understand what and how.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/18/2014 12:09 AM, Eliezer Croitoru wrote:
HTML version at: http://www1.ngtech.co.il/repo/release-3.4.9.html I
am happy to release the new RPMs of squid 3.4.9 and 3.5.0.2 beta
for Centos 6.6 64bit.
All The Bests, Eliezer Croitoru
Addition
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey,
Your configuration seems to not include any iptables and other
relevant details.
What is this machine details?
Eliezer
On 11/11/2014 04:20 PM, Job wrote:
Hello,
i initialize correctly SSL Bump with Squid 3.4.4, following some
guides. In
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Can you send all ssl_bump related settings?
There are some missing parts in the settings.
If there is a bug\error the full details are needed to analyze the
subject.
I need:
- - OS details
- - machine details
- - network topology
- - cache logs
- -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Two things,
- - What cisco device? what IOS?
- - What docs in cisco have you tried to use?
Eliezer
On 11/08/2014 10:18 PM, Ahmed Allzaeem wrote:
Hi ,
Im trying to implemnte wccp/tproxy between squid cisco
I have :
wccp2HandleUdp: fatal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/05/2014 11:56 AM, Odhiambo Washington wrote:
Hi Eliezer,
That link should be fine, although my system is actually PC-BSD.
The version is the same though an old version. My exact version
is:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey,
What is the network load? how many users?
Have you been using workers at all in the past?
Can you see the avg requests per second on the cache manager page?
Eliezer
On 10/22/2014 09:02 AM, Eugene M. Zheganin wrote:
Hi.
I was using the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/23/2014 02:40 AM, Amos Jeffries wrote:
If you are seeing this old content constantly or round-robin style
between page loads you can use west.squid-cache.org temporarily in
the URLs instead of www.
Amos
It's the same issue for me:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/22/2014 12:38 PM, Yassin CHOUCHANE wrote:
i have added on my squid.conf this ACL :
acl NoCachedSites dstdomain srv-java.e.t acl our_servers src
2.10.3.1
i have added the ip of server and the dstdomain, but squid continue
to block
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/08/2014 06:29 AM, Victor Sudakov wrote:
Markus,
I could find the said script neither in the source nor in the
binary package. However I think I can guess what could be inside.
Could you look below if that makes sense?
Or you can just look
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/30/2014 05:11 AM, Victor Sudakov wrote:
Can you share the basic cache manager requests statistics and the
up time for the service? (mgr:info)
This would give us a basic idea of the load\requests needed to
reproduce it.
I am not Steve
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey Alejandro,
Can I ask where in the site have you taken this code from?
Using php as a helper is not such a good choice due to couple issues
it has with squid stdin\stdout emulation.
You'd better use perl\python\ruby\other then php unless you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Indeed using SSL-BUMP it's possible but(a bit but)..
It will not be able to handle non http\https traffic just like that.
It will require more then just squid setup and it might be a better
idea to find a better solution for you rather then using
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/30/2014 08:30 PM, Leonardo Rodrigues wrote:
Other protocols, SMTP, IMAP, POP3, etc etc etc, cannot be handled
by squid.
They cannot be interpreted but can be handled with a none rule for
ssl bump.
Eliezer
-BEGIN PGP SIGNATURE-
901 - 982 of 982 matches
Mail list logo