RE: [squid-users] Too many open files

2013-07-28 Thread Peter Retief
Peter: Do you mean you've patched the source code, and if so, how do I get that patch? Do I have to move from the stable trunk? Amos: Sorry yes that is what I meant and it can now be found here: http://www.squid-cache.org/Versions/v3/3.HEAD/changesets/squid-3-12957.patch It should apply

RE: [squid-users] Too many open files

2013-07-28 Thread Peter Retief
Eliezer: I would assume that you setup your WCCP correctly. DO you use them in tunnel or route mode? in route mode you can easily get into a complex situation that you have a routing endless loop(until X TTL). I think the wccp2 is set up correctly - I am using tunnel mode. Here is the output

Re: [squid-users] Too many open files

2013-07-28 Thread Amos Jeffries
On 28/07/2013 6:19 p.m., Peter Retief wrote: Peter: Do you mean you've patched the source code, and if so, how do I get that patch? Do I have to move from the stable trunk? Amos: Sorry yes that is what I meant and it can now be found here:

RE: [squid-users] Too many open files

2013-07-28 Thread Peter Retief
Amos: Squid starts with 16K of which 100 are reserved FD. When it changes that the 16K limit is still the total, but the reserved is raised to make N sockets reserved/unavailable. So 16384 - 15394 = 990 FD safe to use after adjustments caused by the error. Peter: I would have deduced that

[squid-users] Basic questions on transparent/intercept proxy

2013-07-28 Thread csn233
To intercept HTTPS traffic, is SSL-bump a must? Even when I only want to record the CONNECT traffic in access.log just like a normal forward proxy without decrypting anything? Is this any different with TPROXY?

Re: [squid-users] Basic questions on transparent/intercept proxy

2013-07-28 Thread Eliezer Croitoru
On 07/28/2013 03:37 PM, csn233 wrote: To intercept HTTPS traffic, is SSL-bump a must? Even when I only want to record the CONNECT traffic in access.log just like a normal forward proxy without decrypting anything? Is this any different with TPROXY? Indeed SSL-bump is a must.. You will be

Re: [squid-users] Basic questions on transparent/intercept proxy

2013-07-28 Thread Amos Jeffries
On 29/07/2013 2:30 a.m., Eliezer Croitoru wrote: On 07/28/2013 03:37 PM, csn233 wrote: To intercept HTTPS traffic, is SSL-bump a must? Even when I only want to record the CONNECT traffic in access.log just like a normal forward proxy without decrypting anything? Is this any different with

Re: [squid-users] Basic questions on transparent/intercept proxy

2013-07-28 Thread Alex Rousskov
On 07/28/2013 05:21 PM, Amos Jeffries wrote: On 29/07/2013 2:30 a.m., Eliezer Croitoru wrote: On 07/28/2013 03:37 PM, csn233 wrote: To intercept HTTPS traffic, is SSL-bump a must? Even when I only want to record the CONNECT traffic in access.log just like a normal forward proxy without