/09/2015 13:00, Yuri Voinov wrote:
>>
>> I'm getting a very high hit ratio in my cache.And I do not intend to
>> lower its with myself. Enough and that on the opposite side of the
>> thousands of webmasters counteract caching their content on its own
>> grounds. Beginning
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
And, finally, trackers is relatively easy to block ;) Simple. Against
caching and garbaging cache storage. With ufdbGuard, for example :)
02.09.15 0:00, Marcus Kool пишет:
>
>
> On 09/01/2015 05:14 AM, FredB wrote:
>> More precisely
>>
>> I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
02.09.15 0:16, Marcus Kool пишет:
>
>
> On 09/01/2015 03:08 PM, Yuri Voinov wrote:
>>
> Better to write store-id rule which cut off parameters and store gif.
>
> Something like this:
>
>
^https?:\/\/(.+?)\/(.+?)\
, you must cache all Internet and
all it variations. Yes, Vary is evil. But web-masters which is fight
against caching is more evil.
02.09.15 0:16, Marcus Kool пишет:
>
>
> On 09/01/2015 03:08 PM, Yuri Voinov wrote:
>>
> Better to write store-id rule which cut off parame
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Better to write store-id rule which cut off parameters and store gif.
Something like this:
^https?:\/\/(.+?)\/(.+?)\.(js|css|jp(?:e?g|e|2)|gif|png|bmp|ico|svg|web(p|m))
http://$1.squidinternal/$2.$3
And, of course, universal rule for
e: text/html; charset=utf-8
>
> <
> * Connection #0 to host wiki.squid-cache.org left intact
>
> But from an ABORT it seems like a client side issue.. Chrome?
>
> Eliezer
>
> On 31/08/2015 23:52, Yuri Voinov wrote:
>>
> I see this one?
>
> 1441054231.642 21
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
01.09.15 18:40, FredB пишет:
>
>
>> Hi Fred,
>> By keeping objects 30 days maxi, does it mean you expect to upgrade
>> all
>> windowsupdate objects in 30 days ?
>>
>> I'm still thinking we should have an option forcing some type of
>> objects
>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Check it.
This is ISP. They are hands-curved.
01.09.15 21:47, Amos Jeffries пишет:
> On 2/09/2015 1:06 a.m., Yuri Voinov wrote:
>>
>> Found it. My ISP can't pass ICMPv4/v6 to wiki.squid-cache.org . Here is
>> problem.
&g
to 77.93.254.178, timeout is 2 seconds:
.
Success rate is 0 percent (0/5)
And I thought this is my hand curves.
01.09.15 18:52, Amos Jeffries пишет:
> On 1/09/2015 10:42 p.m., Yuri Voinov wrote:
>>
>> Not available when IPv6 enabled on my outgoing interface.
>>
>> N
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Aha. And future of caching software too. With total HTTPS migration.
01.09.15 2:21, Jason Haar пишет:
> On 01/09/15 02:59, Shane King wrote:
>> Accessing via the browser may work but the sync clients that sit in
>> the system tray use certificate
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
But everything will very secure, is it? :)
01.09.15 2:21, Jason Haar пишет:
> On 01/09/15 02:59, Shane King wrote:
>> Accessing via the browser may work but the sync clients that sit in
>> the system tray use certificate pinning I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
BTW, GoogleDrive web application still works with bump. Use it, Luke ;)
01.09.15 2:21, Jason Haar пишет:
> On 01/09/15 02:59, Shane King wrote:
>> Accessing via the browser may work but the sync clients that sit in
>> the system tray use
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I see this one?
1441054231.642 21243 127.0.0.1 TCP_HIT_ABORTED/000 0 GET
http://wiki.squid-cache.org/wiki/squidtheme/js/kutils.js -
HIER_DIRECT/2001:4b78:2003::1 -
1441054231.642 21245 127.0.0.1 TCP_SWAPFAIL_MISS_ABORTED/000 0 GET
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
30.08.15 21:52, Amos Jeffries пишет:
On 29/08/2015 12:17 a.m., Oliver Webb wrote:
Thanks for your reply Amos. I will explain a bit more of my setup in
the hope it clarifies a few of the issues.
I have installed the certificate portion of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sure. This is a bit difficult, but possible. Excluding YT videos
(googlevideo), of course. Due to YT construction.
29.08.15 4:31, Gabriel Ordoñez пишет:
Hello, first of all this it is my first time here.
I'm trying to use squid for content
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Here is my squidview screenshots:
http://i.imgur.com/svyWY6i.png
http://i.imgur.com/0ChSDql.png
H means TCP_HIT. :)
29.08.15 4:31, Gabriel Ordoñez пишет:
Hello, first of all this it is my first time here.
I'm trying to use squid for content
, which will not
be implemented neve because we do not want to do that. But you will
agree that my arguments are essential.
27.08.15 9:49, Amos Jeffries пишет:
On 27/08/2015 8:50 a.m., Yuri Voinov wrote:
Btw,
when Squid will directly support gzip, inflate compression itself?
Thats a tough question
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Btw,
when Squid will directly support gzip, inflate compression itself?
27.08.15 2:15, Amos Jeffries пишет:
On 27/08/2015 7:53 a.m., Sebastián Goicochea wrote:
After I sent you my previous email, I continued investigating the
subject .. I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Amos,
this issue looks like very similar to bug 4188, isn't it?
WBR, Yuri
26.08.15 11:36, Amos Jeffries пишет:
On 26/08/2015 6:51 a.m., Oliver Webb wrote:
TLDR Skip to --
I have squid 3.5.7 installed on linux with the following
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Eliezer,
how to take a look on sources?
25.08.15 20:25, Eliezer Croitoru пишет:
I am pleased to publicly release the first version of SquidBlocker which
considered by me stable
enough for production use.
SquidBlocker can replace squidguard
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I'll be interested in test redirector on my platform (this is Solaris),
this is why I asked about sources
I have databases. :) Need only code.
25.08.15 22:31, Eliezer Croitoru пишет:
On 25/08/2015 18:14, Yuri Voinov wrote:
Eliezer,
how
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Fred,
look ;)
http://i.imgur.com/UBu13g0.png
Store-ID rulez! :)
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQEcBAEBCAAGBQJV3LEfAAoJENNXIZxhPexGvhAH/2XZARm3G1ZA73ikAZAGo5h3
/EYrU+ZdZc0E4GxLhO8a49jD8gSQ4H/Wc8MMkbXT/+Dflhcpy70N0CQ8M8IBAL54
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
http://i.imgur.com/3jwftYC.png
Bytes ratio is a less, of course. But not so dramatically.
YT seems not cacheable now. I made some research and AFAIK we can't
cache YT now without VERY special store-ID rewriter.
Also, of course, I use SSL-bump.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Join to the wish. It would be very cool functionality.
24.08.15 18:29, Amos Jeffries пишет:
On 21/08/2015 2:56 a.m., Stakres wrote:
Hi All,
There is an existing case in the bugzilla
(http://bugs.squid-cache.org/show_bug.cgi?id=1913) speaking
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
18.08.15 23:57, adricustodio пишет:
Ok, last question
Squid is able to authenticate on mysql right ?
Yes.
If i create a mysql base and import all my oracle data there ? will
that be
possible ?
Yes. The only point is how you will
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Oracle has it's own LDAP server, named Oracle Internet Directory. With
Oracle RDBMS at backend.
Just go http://oracle.com.
Squid supports LDAP auth.
PS. BTW, you know how much does Oracle license's cost? Per CPU core? OID
and RDBMS licenses
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
18.08.15 19:20, Amos Jeffries пишет:
On 19/08/2015 12:20 a.m., adricustodio wrote:
Well the captive portal is not the importante here...
It is the most critical part of the system. Its very existence
determines whether the rest of your
filter, like DansGuardian and
E2Guardian are content filters which examine the content of web pages
looking for unwanted things.
On Sun, Aug 16, 2015 at 6:10 PM, Yuri Voinov yvoi...@gmail.com wrote:
O, really?
17.08.15 4:03, Stanford Prescott пишет:
ufdbGuard is not a content filter
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
O, really?
17.08.15 4:03, Stanford Prescott пишет:
ufdbGuard is not a content filter.
On Sun, Aug 16, 2015 at 4:07 PM, Yuri Voinov yvoi...@gmail.com wrote:
ufdbguard does.
16.08.15 20:27, Stanford Prescott пишет:
I have SquidClamAV
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
ufdbguard does.
16.08.15 20:27, Stanford Prescott пишет:
I have SquidClamAV implemented with the Smoothwall Express 3.1 firewall. It
works well and fast with ssl-bump, although the majority of our users only
have relatively small networks with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
14.08.15 2:02, Marko Cupać пишет:
On Fri, 14 Aug 2015 03:38:47 +1200
Amos Jeffries squ...@treenet.co.nz wrote:
On 14/08/2015 12:47 a.m., Marko Cupać wrote:
Hi,
a few years ago I had a working setup of squid + dansguardian which
was
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
14.08.15 2:56, Alex Rousskov пишет:
On 08/13/2015 09:38 AM, Amos Jeffries wrote:
On 14/08/2015 12:47 a.m., Marko Cupać wrote:
Is it possible - by means of squid's peek and splice feature - to
inspect file extensions and mime types of https
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi all.
Stupid question:
Which protocol uses when Stored-ID object returned by Squid?
I.e., when I use ssl bump, and use next rules:
squid.conf:
acl store_rewrite_list_web url_regex
^https?:\/\/(khms|mt)[0-9]+\.google\.[a-z\.]+\/.*
pages and I do not like the attitude!!
- Also on this specific case there is not man pages or something
similar and I encourage to ask.
On 12/08/2015 17:17, Yuri Voinov wrote:
I still see no problem, if the same content under HTTP/HTTPS will
deduplicated as one record.
12.08.15 20:06
?
12.08.15 18:51, Amos Jeffries пишет:
On 12/08/2015 11:13 p.m., Yuri Voinov wrote:
Hi all.
Stupid question:
Which protocol uses when Stored-ID object returned by Squid?
I.e., when I use ssl bump, and use next rules:
squid.conf:
acl store_rewrite_list_web url_regex
^https?:\/\/(khms
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
12.08.15 19:39, Eliezer Croitoru пишет:
On 12/08/2015 16:12, Yuri Voinov wrote:
Thank you, Amos, for explanation.
It is an exhaustive answer to my doubts.:)
So, finally, I can write Store-ID map rules without any protocol prefix,
or use
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Who knows anything about Vimeo caching? Any relevant and _actual_ info
are welcome.
WBR, Yuri
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQEcBAEBCAAGBQJVyNhDAAoJENNXIZxhPexGGRUH/jKW+F0y+dshSdMPj/f2yDBy
13:01 GMT-04:00 Benjamin E. Nichols
webmas...@squidblacklist.org
:
I am also interested in this thread.
On 8/10/2015 11:58 AM, Yuri Voinov wrote:
WBR, Yuri
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I would not do that. It is dangerously close to the illegal hacking.
Even the inclusion of GET query strings in the log is considered a
violation of privacy. And it has done solely for the purpose of
debugging caching.
05.08.15 18:38, tianchao
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Squid is 32 bit? And OS?
30.07.15 3:23, Sebastian Goicochea пишет:
Hello, I'm having a problem monitoring squid memory usage.
Using SNMP:
SQUID-MIB::cacheMemUsage.0 = INTEGER: -1355105
Using squid-client:
Memory accounted for:
Total
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Squid is 32 bit? And OS?
30.07.15 3:23, Sebastian Goicochea пишет:
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQEcBAEBCAAGBQJVuUW8AAoJENNXIZxhPexGDFoH/0i3JgkQYY40rnOuPBffv8H3
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Well, and so what? What exactly your doing with this adapter?
24.07.15 3:53, HackXBack пишет:
read the Documentation
http://www.e-cap.org/Documentation
--
View this message in context:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
No. He said that Squid does that itself. The only question - which Squid.
24.07.15 21:34, joe пишет:
tks amos so
doing replace beter as
reply_header_access Strict-Transport-Security deny all
request_header_replace Strict-Transport-Security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Firefox and Chrome use HSTS for yt and some other hardcoded sites, like
twitter. This means force use TLS. From client side.
24.07.15 18:01, joe пишет:
http bro no ssl no https
plain http any one know the way to force yt to use http
you can
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
BTW, it you are concern about user's privacy, you must not block neither
QUIC/SPDY nor HSTS. This all about user's privacy.
But in this case forget about caching yt or something. Completely.
24.07.15 18:22, joe пишет:
you can deny those
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
24.07.15 18:33, joe пишет:
i dont see Strict-Transport-Security in my log header
only alternate-protocol
can you post an example link pls
--
View this message in context:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Also your can disable HSTS ;)
24.07.15 10:33, d...@getbusi.com пишет:
Not to go off-topic here, but you folks are all SSL Bumping youtube.com /
googlevideo.com in order to
do this caching, right?
Want to make sure I’m not missing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Wrong. To block HSTS you need use
# Disable HSTS
reply_header_access Strict-Transport-Security deny all
alternate-protocol - this from another opera.
UDP/80 and UDP/443 - this about QUIC and SPDY protocol. It's nothing to
HSTS not.
Learn more
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
No such file or directory
means No such file or directory exactly. :)
Your squid can't find libecap.
Simple.
23.07.15 21:18, HackXBack пишет:
No
such file or directory
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Heh. Looks like images is less than:
minimum_object_size 512 bytes
this parameter. :)
23.07.15 22:02, Ulises Nicolini пишет:
minimum_object_size 512 bytes
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
23.07.15 23:57, Amos Jeffries пишет:
On 24/07/2015 4:02 a.m., Ulises Nicolini wrote:
Hello,
I have a basic squid 3.5 configuration with
maximum_object_size_in_memory 64 KB
maximum_object_size 10 KB
minimum_object_size 512 bytes
Jul 20 12:36 imagen1.gif
-rw-r--r-- 1 rootroot130K Jul 21 19:27 imagen3.jpg
I don't think tahat the size is the problem.
Thanks
Ulises
El 23/07/15 13:04, Yuri Voinov escribió:
minimum_object_size 512 bytes
this parameter. :)
23.07.15 22:02, Ulises Nicolini
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
HHh. what this module does?
And - for what you deny Accept-Encoding header?!
23.07.15 23:56, HackXBack пишет:
request_header_access Accept-Encoding deny all
loadable_modules /usr/local/lib/ecap_adapter_modifying.so
ecap_enable on
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Heh,
too much unknown options are dangerous. :)
19.07.15 16:03, HackXBack пишет:
removing lines from my configure option make it work,
now i have
./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin
--libexecdir=/usr/lib/squid
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
In my case diskd only choice. On my platform aufs does not work at all.
And diskd gives the best result after careful tuning.
As I said earlier, the result is highly dependent on the platform,
hardware, and configuration. diskd was designed for a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
The key question: which OS using?
15.07.15 12:56, Stakres пишет:
Hi All,
I face a weird issue regarding DISKS cache-dir model and I would like to
have your expertise here
Here is the result of a cache object with an AUFS cache_dir:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
DIskd works perfectly on some OS'es, like Solaris, BSD.
Linux-based OS, AFAIK, works with diskd so slow. And AUFS is the best
choise in this case. Depending system settings, of course.
AFAIK, on some OS (like.h. Windows) aufs leads
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Are you surprised that the IO modules may be specific for different
operating systems? :)
15.07.15 15:59, Stakres пишет:
Yury,
you mean that having the DISKD 52 times slower then AUFS with linux OS is
normal ?
I cannot believe that,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Also - did you read this:
http://wiki.squid-cache.org/Features/DiskDaemon
?
Your seen, for which OS this feature designed? ;)
15.07.15 15:59, Stakres пишет:
Yury,
you mean that having the DISKD 52 times slower then AUFS with linux OS is
.
;) I know it too. ;)
15.07.15 22:20, Eliezer Croitoru пишет:
On 15/07/2015 16:36, Yuri Voinov wrote:
SSD as squid cache?! You are really rich, man!
Please do separate two things Enterprise level SSD and Desktop SSD.
They are different by nature and they do not tend to break easily.
They do
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I think, that using datacenter (not consumer) class HDD is more
preferrable than SSD.
Cache content lost means cached traffic and money loss. And this is not
acceptable for big caches.
15.07.15 19:57, FredB пишет:
-BEGIN PGP SIGNED
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
This test means nothing. Only very approximate overall IO performance
for IO subsystem.
15.07.15 19:58, FredB пишет:
Objet: Re: [squid-users] AUFS vs. DISKS
Hi Fred,
tests from my side:
DISKD with TCP_HIT objects: 564KB/s with wget, the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Just remember: performance tuning is complex problem, especially for
high load installations. And must be solved as complex.
15.07.15 19:58, FredB пишет:
Objet: Re: [squid-users] AUFS vs. DISKS
Hi Fred,
tests from my side:
DISKD with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
And note this: TCP_HIT generally flows with other network traffic. We
don't know, how it handles during peak hours in network equipment, right?
To be sure, we must prioritizing TCP_HITS on network level, well?
15.07.15 19:58, FredB пишет:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
SSD as squid cache?! You are really rich, man!
15.07.15 19:33, Eliezer Croitoru пишет:
Just adding something to the subject.
HDD vs SSD speeds are quite something.
I have tried to test the benefits of a SSD in the past and in many
cases it was
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Look:
root @ cthulhu / # zpool status data
pool: data
state: ONLINE
scan: scrub repaired 0 in 1h49m with 0 errors on Sat Jul 11 07:49:01 2015
config:
NAME STATE READ WRITE CKSUM
data ONLINE 0 0
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
It depends from your squid settings (memory cache size, etc), your OS
(as expected), your fs.
My installation works 4 years 24x7 with shipped HDD.
15.07.15 19:41, FredB пишет:
I agree, but what about the life time ? I change every two years
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
queue congestion means IO bottleneck. This will appears on regular
basis. With client delays, of course.
15.07.15 19:51, Stakres пишет:
Hi Fred,
tests from my side:
DISKD with TCP_HIT objects: 564KB/s with wget, the same url you have
tested.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Here is my stats:
client_http.all_median_svc_time = 0.097357 seconds
client_http.miss_median_svc_time = 0.097357 seconds
client_http.nm_median_svc_time = 0.00 seconds
client_http.nh_median_svc_time = 0.00 seconds
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Speaking in essence: Performance depends strongly on the process model
used by the operating system, from settings, the hardware configuration
and the actual configuration of the operating system. And it can not be
considered in isolation from all
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Amos,
I think, auds queue must be buffered more better and smoother. On some
OS (I've tested) peak loads leads performance degradation. Periodically.
That is why I'm not using aufs.
15.07.15 20:39, Amos Jeffries пишет:
On 16/07/2015 1:51 a.m.,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Confirm.
ufdbguard is great redirector. It has a bit small problem with some
reporting tools (like SARG), but nothing important.
15.07.15 20:57, Amos Jeffries пишет:
On 16/07/2015 2:42 a.m., Michael Monette wrote:
Hello,
This might be a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
15.07.15 20:45, Amos Jeffries пишет:
On 16/07/2015 2:27 a.m., FredB wrote:
At this moment your user got partially loaded web page.
Yes bad experience for me, I guess I reach some limitations about aufs,
That is the SWAPFAIL part of
Wireless AP.
I don't mind it being complex, do you have any suggestions on
getting Internet --- Squid --- Router (NAT) working ?
Thanks!
On Mon, Jul 13, 2015 at 1:26 PM, Yuri Voinov yvoi...@gmail.com
mailto:yvoi...@gmail.com wrote:
-BEGIN PGP SIGNED MESSAGE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Ah,
forgot about:
Your squid in scheme I wrote will have static gray IP. And this IP must
be excluded from DHCP pool on router.
14.07.15 2:15, John Pearson пишет:
Hi Everyone,
My setup is: Internet -- Squid-eth0 -- Squid-eth1 -- Router --
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Too complex setup for simple task.
You can simple re-connect squid box before router and configure it as
gateway for devices. And setup NAT redirection directly onto squid box.
Something like this:
Internet - Router + DHCP + NAT --
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Note:
If you want to use two NIC onto Squid box, you need to configure this
box TCP stack as a static router.
But more better to aggregate both NIC and connect router and squid box
with switch.
14.07.15 2:15, John Pearson пишет:
Hi Everyone,
Man,
3.5.x don't work with server-first. It must be for backward
compatibility - but don't be.
Also, AFAIK, 3.5.x series don't work with transparent NAT interception
in bump mode. Fake certs are generated, but with IP against hostnames
(in all my test installations).
So, if you strictly
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Looks like TCP/IP stack level issue.
09.07.15 0:26, David Touzeau пишет:
Dear
I would like to share a strange behavior.
We have servers that stores Citrix application.
Each Citrix server run about 10 users/session
Each session execute
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Zzz... Still using 3.5.1 on my Win...
07.07.15 21:47, Rafael Akchurin пишет:
Then it is still open ☹
From: Yuri Voinov [mailto:yvoi...@gmail.com]
Sent: Tuesday, July 7, 2015 5:28 PM
To: Rafael Akchurin
Cc: squid-users
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I think,
we must forgot about SSL Bump as a feature and caching HTTPS. Due to all
world;s developer position.
Sad, but true.
This feature dead now.
WBR, Yuri
07.07.15 19:57, Jasper Van Der Westhuizen пишет:
Hi list
I have a problem with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I think so.
07.07.15 21:23, Rafael Akchurin пишет:
Hello Yuri,
Is it - https://github.com/diladele/squid3-windows/issues/40?
Raf
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org]
On Behalf Of Yuri Voinov
Sent: Tuesday
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
06.07.15 18:06, Amos Jeffries пишет:
On 6/07/2015 9:30 p.m., adam900710 wrote:
Here is some of my experiments:
1) Remove never_direct
Then ssl_bump works as expected, but all traffic doesn't goes through
the SOCKS5 proxy. So a lot of sites
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
And also:
As long as you stay in the white robes, the whole world supports the
illusion of security HTTPS. The world has changed in the eyes of the
past three years. And by the way, your branch 3.4 has long been used in
commercial solutions.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
And finally:
HTTPS is used for malware transmission - and we can't scan it!, for porn
viewing, for illegal P2P traffic and others.
And we are the paladines in white robes.
06.07.15 19:34, adam900710 пишет:
2015-07-06 20:06 GMT+08:00 Amos
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
My own solution in conjunction with Tor + Privoxy looks like this (Note:
for Squid 3.4.13):
# Tor acl
acl tor_url url_regex -i /usr/local/squid/etc/url.tor
# SSL bump rules
sslproxy_cert_error allow all
ssl_bump none localhost
ssl_bump none
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I use 3.4 version. Yes, this is old directives.
3.5.x, on my opinion, don't do SSL Bump in NAT transparent interception
environment.
06.07.15 20:21, adam900710 пишет:
2015-07-06 22:05 GMT+08:00 Yuri Voinov yvoi...@gmail.com:
My own solution
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Fred,
I'm talkin not about localhost installation.
My squid serves business-center. With hundreds of users.
In this environment, we use also transparent DNS interception onto DNS
cache. DNS cache itself uses clean sources for resolving, using
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Fred,
I'm talkin not about localhost installation.
My squid serves business-center. With hundreds of users.
In this environment, we use also transparent DNS interception onto DNS
cache. DNS cache itself uses clean sources for resolving, using
Means exactly your seen. You acl contains two lines with this
subnetwork. Check and correct.
29.06.15 14:55, Fiorenza Meini пишет:
Hi,
I see this error when I restart squid service:
please, what does it mean:
WARNING: because of this '192.168.100.164' is ignored to keep splay
tree searching
Better to use:
# Adobe/Java and other updates
acl adobe_java_updates urlpath_regex /usr/local/squid/etc/urlregex.updates
# Youtube CDN store rewrite ACLs
acl store_rewrite_list urlpath_regex
\/(watch\?|get_video|videoplayback\?)
\.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|webp|flv|f4f|mp4)\?
Squid 3.5.x?
24.06.15 17:59, Dalmar пишет:
Hi,
For over two weeks i am having a really headache in configuring squid
transparent/intercept.
I have tried different options and configurations but i couldn't get
it to work.
i think the problems lies in the Iptables / NAT but i really couldn't
Squid 3.5.x?
24.06.15 18:03, Dalmar пишет:
Hi,
For over two weeks i am having a really headache in configuring squid
transparent/intercept.
I have tried different options and configurations but i couldn't get
it to work.
i think the problems lies in the Iptables / NAT but i really couldn't
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Never mind, Tom. I have own cockroaches in my head. Just only for
content filtering, I would not put a caching proxy. Once that's it.
24.06.15 22:22, Tom Mowbray пишет:
Yuri,
The proxy is being used as a content filter, i.e. domain and URL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Tom,
one simple question.
Soon, all or almost all the Internet go into HTTPS. Why do you then need
caching proxy? The tunnel connection and process ACLs?
My second question to Amos. Amos, what the hell do we under these
conditions caching
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Amos,
we are don't care about experts in the IETF.
What is the Squid Team position about SSL bumping and caching? Will
Squid be only content filtering proxy or remains caheable? What will be
next milestone?
3.5. now less used to cache SSL, only
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
In other words, Amos, the new version is almost never be able to perform
a bump, I understand you correctly?
And there is no full configuration that will work in the same way as 3.4?
21.06.15 18:40, Amos Jeffries пишет:
*some* issues that Squid
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
http://bugs.squid-cache.org/attachment.cgi?id=3162
21.06.15 15:57, HackXBack пишет:
Yes sure,
can you give me the link to download chudy patch ?
--
View this message in context:
I use this configuration parameters to build 64 bit 3.5.x Squid on Solaris:
'--prefix=/usr/local/squid' '--enable-translation'
'--enable-external-acl-helpers=none' '--enable-ecap'
'--enable-ipf-transparent' '--enable-storeio=diskd'
'--enable-removal-policies=lru,heap' '--disable-wccp'
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
This is the best solution in many cases. ;)
09.06.15 0:11, Jonathan Filogna пишет:
ty yuki, but i finally decided to block whatsapp with pfSense via firewall
rules and aliases
El 08/06/15 a las 12:32, Yuri Voinov escibió:
Feel free
801 - 900 of 1174 matches
Mail list logo