Re: [squid-users] TCP_MISS only

On 28/09/22 07:56, Andy Armstrong wrote: Okay – but what happens if you are communicating with a non REST endpoint. You are still communicating over HTTP. To interact with and benefit from HTTP agents like caches you need to comply to the HTTP semantics they use. IMO, REST is just a useful

Re: [squid-users] TCP_MISS only

On 27/09/22 23:01, Andy Armstrong wrote: Hi Alex, That makes a lot of sense, I don’t know how I overlooked that – thank you. I also agree, logically caching a 201 response makes little sense, and it was just an example I had that was easy to try so I used that. I just altered the HTTP

Re: [squid-users] Missing squid 5.6 & 5.7 announcements

On 21/09/22 10:33, Dave Dykstra wrote: I tried sending this directly to Amos twice over the last week or so but it bounced each time. I noticed that 5.7 is on the website since 5 September, but I have not see a release announcement for that or for 5.6 from June. Mea culpa sorry. I am a bit

Re: [squid-users] Squid performance recommendation

On 21/09/22 07:52, Pintér Szabolcs wrote: Hi squid community, I need to find most best and sustainable way to build a stable High Availability squid cluster/solution for abou 40k user. Number of users is of low relevance to Squid. What matters is the rate of requests they are sending to

Re: [squid-users] squid-users Digest, Vol 97, Issue 20

On 13/09/22 00:39, Adiseshu Channasamudhram wrote: Hello Amos Thank you for looking in to this. Below is the configuration ... FYI, below is advice for Squid-4+, if you have an older version then please upgrade ASAP. Current stable Squid is v5.7. ### logformat

Re: [squid-users] Is there a way to ignore incoming If-Modified-Since request?

Sorry, No there is no option to ignore revalidations on incoming traffic. Cheers Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] [squid][v5.6] : problem with "slow" or "fast" acl

On 16/09/22 19:11, PERROT Eric DNUM SDCAST BST SSAIM wrote: Hello Elizer and David, Sorry for the delay, I have been monopolized by another subject... I am not sur to understand how note acl could help me. If the idear of "note acl" is similar to the one proposed by Amos (creating a group

Re: [squid-users] Howto make Squid config dependent on hostname?

On 16/09/22 15:26, Grant Taylor wrote: On 9/15/22 8:29 AM, Hildegard Meier wrote: Hello, Hi, we have two Squid servers (Linux hosts) and each shall have the very same config file /etc/squid/squid.conf which is versioned and deployed from a central deployment server.  So each host shall

Re: [squid-users] https on frontend

On 11/09/22 06:19, Adiseshu Channasamudhram wrote: Hello Squid experts I'm running in to an issue with the below setup frontend ---TLS-Squid-2WayTLS--Backend When frontend is sending the http request, i see the tls exchange

Re: [squid-users] Exchange server authentication via squid reverse proxy not working after upgrade from squid 4.15 to 5.6

On 8/09/22 19:40, Hannes Fasching wrote: Hello, A customer have an issue that after upgrading from squid 4.15 to actual 5.6 with reverse proxy mode for an exchange server. The authentication is not working anymore when the integrated Windows authentication is enabled (needed for SSO). When

Re: [squid-users] Unwanted authentication requests

On 9/09/22 07:22, Marek Greško wrote: Hello Alex, thanks for tip. I did not know about that directive. Is it possible to specify no method for others? I tried none, but squid complained. Not necessarily needed now, but I tried to specify no method for other vlans without success. I left

Re: [squid-users] Scaling concurrent TCP sessions beyond ephemeral port range

On 9/09/22 11:41, Praveen Ponakanti wrote: Hi Alex, Thanks for all the help from the squid dev group with upstreaming the enhancement to scale up outbound TCP sessions on Linux with the IP_BIND_ADDRESS_NO_PORT sockopt flag. Our canary instances have been doing great the last few weeks with

Re: [squid-users] [squid][v5.6] : problem with "slow" or "fast" acl

On 6/09/22 00:56, PERROT Eric DNUM SDCAST BST SSAIM wrote: Hello, We use directives "reply_body_max_size", "request_body_max_size" and "delay_access" to limit upload, download and passband in our infra. All of which are "fast" type. This configuration existes since a while, but we have

Re: [squid-users] Squid 5.2 TCP_MISS_ABORTED/100 erros when uploading

On 30/08/22 01:31, David Ferreira wrote: Hi Amos, Thank you for the reply, here's my squid.conf, by default our client's(localnet) do not have internet access and only match windows services acl's unless they are in authorizednet.conf, in this case that's the only match acl for the clients

Re: [squid-users] How to enable squid to use more server resources when using 500+ http_ports?

TL;DR this behaviour is expected when expanding beyond the default limit on http_port lines permitted in squid.conf. YMMV as to how much you can expand, but it will appear at some point. On 29/08/22 18:06, Marcelo wrote: Hello, I have a server with large resources ( RAM, CPU, etc) running

Re: [squid-users] Squid 5.2 TCP_MISS_ABORTED/100 erros when uploading

On 29/08/22 22:17, David Ferreira wrote: hi, First time using mailing lists, sorry about anything. Welcome, and thanks for using Squid. Do not worry about mistakes. Helping with that type of thing is what this list is here for whether expert or beginner. Squid 4.15:

Re: [squid-users] Programmatically fetch the latest stable version of squid

On 28/08/22 13:06, ngtech1ltd wrote: Hey Amos, The page really need an update and also if it's something that we can rely on then.. we need something a bit more "working". The only working http mirrors are: The FTP mirrors are unfortunately often hidden behind regional or country specific

Re: [squid-users] Programmatically fetch the latest stable version of squid

On 27/08/22 06:02, Justin Michael Schwartzbeck wrote: Hello, I want to create a build system that automatically fetches the latest stable version of squid, and builds a container with it. I know I can manually browse to the download page. But I was hoping there could be some way to link it,

Re: [squid-users] Capture incoming information from one squid (Marcelo)

On 25/08/22 09:02, Marcelo wrote: Thanks a lot Amos! It was just perfect! With your examples I did manage to implement almost all I need. A last thing to implement this already. Is it possible to change the below port for the same port that user connected to this child squid? This way I would

Re: [squid-users] Capture incoming information from one squid

On 20/08/22 11:20, Marcelo wrote: Thanks Alex, 1- Is it possible to provide me with an example of squid.conf of both parent and child squids? I am having very basic doubts about cache_peer and its very hard to find complete squid.confs over the internet. FWIW, *complete* squid.conf are

Re: [squid-users] forwarding TPROXY squid and multi-ISP

On 16/08/22 19:52, Vieri wrote: The only scenario that's failing is if I want to force LAN traffic through Squid for those hosts that need to access Internet via ISP2. How exactly is it failing? I'm guessing that it may be because the Squid process is fetching data via 172.16.0.2

Re: [squid-users] Questions about trouble

On 18/08/22 01:07, 茂木 良平 wrote: Dear Sir or Madam Please let me know if there is any unknown problem. I am using squid for windows 4. Suddenly the squid service stopped. When I checked the cache file, an error message was output. Could you please confirm it? 2022/08/17 09:25:02| oldAccept 

Re: [squid-users] Unsubscribe me please

Only you can unsubscribe your email. Use the web link you can find at the bottom of every list message... On 12/08/2022 3:52 am, Wade Gibson wrote: ___ squid-users mailing list squid-users@lists.squid-cache.org

Re: [squid-users] SQL DB squid.conf backend, who was it that asked about it?

On 8/08/22 03:16, ngtech1ltd wrote: Hey Everybody, I don’t remember who was it but I was asked about using a SQL DB backend for squid.conf. FWIW, "Marcello" asked on 10 July. He seems to have moved on to external ACL development (guessing from later thread topics). Cheers Amos

Re: [squid-users] Trying to recompile squid 4.13 with ./configure CXXFLAGS="-DMAXTCPLISTENPORTS=256"

On 4/08/22 10:16, marcelorodrigo wrote: Some important information. ... Then make and make install from /build/squid/squid-4.13/ folder, but nothin seems to change when squid -v is used. Please build with this command: make && ./src/squid -v ... to be sure the -v info is coming from the

Re: [squid-users] filedescriptors on debian/systemd

On 3/08/22 17:17, ngtech1ltd wrote: Hey Amos, I was under the impression that Systemd does impose a basic limit but I can test it to verify my doubts. From my point of view and testing until now systemd does impose a basic global limit. Squid looks up the limit on startup. With systemd

Re: [squid-users] filedescriptors on debian/systemd

On 3/08/22 01:54, Matus UHLAR - fantomas wrote: Hello, I have encountered Debian bug 934208: 2022/07/28 16:40:53 kid1| With 1024 file descriptors available 2022/07/29 06:50:18 kid1| WARNING! Your cache is running out of filedescriptors according to the bug report: "Under systemd the

Re: [squid-users] regex for normal websites

IMO, what you are looking for is actually this ACL definition: acl adobe ssl::server_name .adobe.com or its regex equivalent, acl adobe ssl::server_name_regex (^|\.)adobe\.com$ HTH Amos ___ squid-users mailing list

Re: [squid-users] regex for normal websites

On 3/08/22 05:01, robert k Wild wrote: Mmm, maybe I should try dstdom_regex Instead of ssl::server_name_regex But when you using ssl bump in your squid.conf, isn't it best to use ssl::server_name_regex Typically yes, or ssl::server_name. FYI, the two ACL types do exactly the same

Re: [squid-users] adding cache_control = nocache to http request using squid transparent proxy

On 29/07/22 23:39, muhanad wrote: Hi I apologize for my late reply. I guess I wasn't fully clear about my reason for why I need to stop the contents from being cached. First, here in Iraq the internet service is extremely expensive for ISP to provide services for home users. The ISP usually pay

Re: [squid-users] adding cache_control = nocache to http request using squid transparent proxy

On 28/07/22 19:41, ngtech1ltd wrote: Hey Amos, I support what you wrote and I do not know why the service provider wants this but there are some cases which there is a need to lower the cache ratio of the clients. Yes I know. This is a query where we could make things worse by jumping to

Re: [squid-users] Routing

On 27/07/22 20:03, Илья Дейс wrote: Hello, I ran into a problem when routing connections from a specific address. I need to use a dedicated channel for downloading video, and for everything else, a port-dependent channel. Routing is based on the receiving port of the proxy server. I am using

Re: [squid-users] regex for normal websites

On 27/07/22 21:54, robert k Wild wrote: hi all, think i got it right but just want to double check with you guys so in my "ssl::server_name" i had .adobe.com that worked but i want to mix normal website and regex websites together What do you mean "normal website" ? and "regex websites" ?

Re: [squid-users] adding cache_control = nocache to http request using squid transparent proxy

On 27/07/22 07:52, muhanad wrote: Hello I am trying to edit the header of http headers to set the cache_control option to " no-cache" to prevent users from being able to cache the contents This will not do what you think it does. The "no-cache" control actually *enables* caching by

Re: [squid-users] Fwd: Sqid uses all RAM / killed by OOM

On 25/07/22 17:59, Ronny Preiss wrote: Hello all, I have now compiled and installed squid 4.17 as a transition solution on ubuntu 22.04. Can someone support me regarding my question about compiling squid 5.6 on ubuntu 22.04? Since my previous attempts also have the "memory leak" on ubuntu

Re: [squid-users] slow TCP_TUNNEL

On 25/07/22 20:40, Katerina Bubenickova wrote: access.log of D1 1658483765.546 1622444 172.19.11.101 TCP_TUNNEL/200 3635 CONNECT epns.eset.com:443 - HIER_DIRECT/91.228.167.192 - Over a day to transfer 3KB of data. Given this proxy is exclusively relaying TCP_TUNNEL traffic this looks like

Re: [squid-users] how to put the destination ip to an external acl helper ?

On 20/07/22 10:02, NgTech LTD wrote: But which one of them? " %http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] how to put the destination ip to an external acl helper ?

On 20/07/22 00:05, Dieter Bloms wrote: Hello, I wrote a little external acl helper and want squid to put the destination fqdn _and_ the destination ip to it. I found the parameter %DST and this is filled with the destination fqdn. Is there also a parameter for the destination ip squid want's

Re: [squid-users] Squid stop sending icp after a random time

On 18/07/22 18:38, Théo BARRAGUE wrote:> Hello, After a random time ( seconds, minutes or even hours ) squid stop sending ICP to neighbours. Given that all traffic from squid-1 is forced to go through squid-2 why are you bothering with ICP? that is only useful when there are 2+ peers to

Re: [squid-users] Support for OAuth2 Authorization flow

On 16/07/22 08:46, Sood, Ritu wrote: Hi Currently Squid Bearer Authentication assumes that there is enough information in the HTTP CONNECT request headers to validate the user. But, in case, if there is no valid JWT,  in our use case we want to initiate OAuth2 authorization flow from Squid

Re: [squid-users] Upstream Proxy

On 16/07/22 04:05, Johnathan Hasty wrote: What HTTP authentication method(s) or scheme(s) does your upstream proxy support or require? They're very vague and not helpful. It was said they look for email, but in reality it would be u...@blah.company.com rather than u...@company.com. This is

Re: [squid-users] Squid white list

On 14/07/22 23:16, Ben Goz wrote: Can you please recommend on a programmatic way to list all links in case that domain A links media also from domain B but I added manually only domain A? For that you will need the list of domains to be in some dynamically generated database. Along with a

Re: [squid-users] How to allow users authenticated to access only their own ports.

On 8/07/22 11:13, Marcelo wrote: Hi everyone ;) I have a little bit complex task at hand. This is not particularly complex and comes up relatively often. What I must do: 1-Allow an user to access squid only through specific port. This same user can access 1 port or several ports,

Re: [squid-users] Squid white list

On 5/07/22 02:12, Ben Goz wrote: By the help of God. Hi, I want to use squid access list to implement white list of group of urls. If I want to while list domain example.com and this website invokes http requests to domain example-a.com which is not

Re: [squid-users] MS-SQL with squid helpers

On 26/06/22 23:27, ngtech1ltd wrote: Hey Everybody, I was wondering if someone wrote a set of helpers that works with MS-SQL server database? (I see you went ahead with this already, just responding for anyone in future). Squid ships with several DB helpers, for both authentication and

Re: [squid-users] Squid ACLs by DSCP

On 19/06/22 06:55, ngtech1ltd wrote: Hey, I have been marking different clients with DSCP and have managed to redirect traffic to different squid ports based on DSCP. I am trying to use a single squid port that will read the DSCP of the connection as an ACL, is this even possible? The

Re: [squid-users] Logrotate question

On 18/06/22 11:25, robert k Wild wrote: So what your saying is change the -k reconfigure to -k rotate Even tho I've configured squid from source Yes. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org

Re: [squid-users] Logrotate question

On 18/06/22 07:06, robert k Wild wrote:  i understand it now Er, no. cat /etc/logrotate.d/squid /usr/local/squid/var/logs/*.log { ... postrotate /usr/local/squid/sbin/squid -k reconfigure endscript } needed the sharedscripts to run the postrotate just once for all logs didnt need the

Re: [squid-users] The usage of extended SNMPD commands to monitor squid.

On 17/06/22 22:16, ngtech1ltd wrote: Hey Matus, The Squid-Cache project to my knowledge doesn't have a developer expert or have enough "free" time to maintain the SNMP parts of the code. Amos and Alex can correct me if I'm wrong. That is essentially correct. Squid SNMP is maintained in that

Re: [squid-users] How to make sure my Squid has no known vulnerabilities?

On 8/06/22 00:43, Matus UHLAR - fantomas wrote: nearly all debian versions of nearly all packages contain security patched backported to installed versions. you can check on https://security-tracker.debian.org/tracker/ FTR, the page there for Squid is:

Re: [squid-users] squid only partially working WHY ?

On 30/05/22 21:58, Ian A Taylor wrote: Good day I have install ubuntu 22.04 server on 4 machines The machines are spark compute-0-[0,1,2] spark has an internet connect plus a connection to a restricted (10.1.1.0/24) network compute-0-[0,1,2] are on the restricted network 2 of the three

Re: [squid-users] ssl-bump connect issues

On 23/05/22 17:41, Jernej Porenta wrote: The logs show that clients did issue a CONNECT, however the connections are stuck (and eventually timeout) and netstat is showing exactly 10 connections in SYN_SENT state towards npm registry. I am kinda puzzled, where this number comes from. This

Re: [squid-users] Regex for URL to include numbers special letters

On 21/05/22 19:20, robert k Wild wrote: Thanks Amos, What about if I wanted to put a normal URL in with the URL regex ones like ^zzz-iobuckets-io[0-9]+-[0-9a-z]+\.s3\.amazonaws\.com:[0-9]$ ^google\.com$ Would that work I'm not sure what you mean, neither of those match a URL. A *normal

Re: [squid-users] Squid 4.15 on FreeBSD 12.2 Stable - Kerberos helper issues

On 21/05/22 04:51, Suporte - Konntrol wrote: Hello everyone, Greetings. I got a strange situation with my SQUID 4.1 (FreeBSD 12.2 Stable environment). Everything was working fine with Kerberos configuration and suddenly it stopped with the following error: ==> /var/squid/logs/cache.log

Re: [squid-users] Put URLs and URL regex in one text file

On 20/05/22 23:26, robert k Wild wrote: Sorry I'm a bit thick Don't be. These things beyond plain-text HTTP are unfortunately a bit complex. The key thing to remember is that Squid is dealing with *layers* of protocols wrapped around each other. This wiki page

Re: [squid-users] Scaling concurrent TCP sessions beyond ephemeral port range

On 20/05/22 19:44, Praveen Ponakanti wrote: Hi Alex, Thanks for going through several steps to help mitigate src port exhaustion. We are looking to achieve 400-500% more concurrent connections if we could :) as there is a significant buffer on the available CPU. Then you require at least

Re: [squid-users] Regex for URL to include numbers special letters

Your solution may "works", but only partial. Diving back to your original request: On 20/05/22 02:25, robert k Wild wrote: > hi all, > > want to make the below into a regex as after the io..., could be any > number and letter, the - stays in the same position but to make it > simple i just

Re: [squid-users] OT: calamaris log parsing...

On 6/05/22 00:24, Ralf Hildebrandt wrote: Bit of an OT question here...I'm using calamaris and was wondering about the traffic direction: # Performance in 1 hour steps incominhitmiss direct sibling fetch date request Byte kB/sec kB/sec

Re: [squid-users] squid-6.0.0-20220412-rb706999c1 cannot be built

On 2/05/22 07:55, Eliezer Croitoru wrote: I have tried to build couple RPMs for the V6 beta but found that the current daily autogenerated releases cannot be built. Is there any specific git commit I should try to use? There is a new daily tarball out now. can you try wit that one please?

Re: [squid-users] Is Squid 5.5 considered stable?

On 26/04/22 06:41, Dave Dykstra wrote: On Thu, Apr 14, 2022 at 11:21:54PM +1200, Amos Jeffries wrote: Subject: [squid-announce] Squid 5.5 is available ... Users of Squid-4 holding back due to earlier release issues are encouraged to test this version for upgrade. This doesn't seem

Re: [squid-users] [squid-announce] Squid 5.5 is available

On 26/04/22 01:28, The Doctor wrote: When will Squid be openssl 3 compliant? When the upgrade support gets finished. We have RSA certificates working, but there are issues related to the API for using Elliptic-Curve ciphers. Amos ___ squid-users

Re: [squid-users] [squid-announce] Squid 5.5 is available

On 25/04/22 21:05, L.P.H. van Belle wrote: Hai Amos, Small question on this release. I saw in the changelog. 2.4 TrivialDB Support This release deprecates use of BerkleyDB in favour of TrivialDB. I also saw in https://packages.debian.org/bookworm/squid dep: libtdb1 (>= 1.2.7+git20101214) Now

Re: [squid-users] Cache Peer Connection

On 21/04/22 00:24, Garbacik, Joe wrote: When squid connects to an upstream cache peer, does it create a new tcp session between the peers for each request from a client on the original squid server or does it maintain the session between the peers for a period of time to allow other requests via

[squid-users] [squid-announce] Squid 5.5 is available

pub/archive/5/ or the mirrors. For a list of mirror sites see http://www.squid-cache.org/Download/http-mirrors.html http://www.squid-cache.org/Download/mirrors.html If you encounter any issues with this release please file a bug report. https://bugs.squid-cache.org/

Re: [squid-users] squid compilation error in Docker

On 14/04/22 14:59, Ivan Larionov wrote: There were no errors earlier. Seems like installing openldap-devel fixes the issue. There were other dependencies installed together with it, not sure if they also affected the build or not. I suspect one or more of those other components is indeed

Re: [squid-users] Squid-Cache VS PHP, put some things in perspective

On 13/04/22 10:30, Eliezer Croitoru wrote: I am looking for adventurous Squid Users which wants to help me test if PHP 7.4+ still possess the same old 5.x STDIN bugs. Hi Eliezer, Thanks for taking on a re-investingation. FTR, the old problem was not stdin itself. The issue was that PHP

Re: [squid-users] Squid 3-5 CPU optimization and best practise .

FYI; CPU in Squid is primarily consumed by two things: 1) parsing and processing HTTP message headers. The only thing you can do about this is detect and reject unwanted traffic as early as possible. Your OS firewall is obviously the early line of defense. Preventing unwanted network

Re: [squid-users] squid with OAuth2.0

On 29/03/22 06:29, Pintér Szabolcs wrote: Hi Could I get plus information about the merging problem and the solution. The recent merge from master; failed due to an extra CI spellcheck, and C++11 syntax master started using since the branch previous update. The fixes were all trivial and

Re: [squid-users] Difference between cache manager http request count and access.log entries

On 23/03/22 09:04, admin wrote: Hi! I’ve recently stumbled across all the information that is returned from the squid cache manager. Now after analysing the request count data a bit on the cache manager information responses I noticed that they do not match up with the amount of logs in

Re: [squid-users] version 5.4.1 aborts squid process (SIGABRT)

On 22/03/22 22:27, Eugene Grosbein wrote: #5 0x009b2300 in comm_openex (sock_type=1, proto=6, addr=..., flags=1, note=0x84cd1b040 "[fe80::30be:e84c:67b2:d2c2]") at comm.cc:347 This is Amos

Re: [squid-users] Reconfiguring Squid every few seconds

On 19/03/22 13:48, roee klinger wrote: Hello, I have a server with multiple 4G modems with Squid running on it, the 4G modems get an internal private IP that is dynamic (unfortunately this can't be changed), I set up Squid to use the interfaces as follows: tcp_outgoing_address The

Re: [squid-users] Dynamic delay pools in squid?

On 17/03/22 03:37, Alberto Montes de Oca wrote: Hi guys, I´d like to implement some bandwidth management using squid delay pools, but so far I can´t find any solution/example to do it dynamically, in my case what I want to accomplish is this: I have a 10Mb/s Internet connection, I want to use

Re: [squid-users] Domain fronting detection

On 16/03/22 08:09, Jason Spashett wrote: Hello squid-users, I wonder if there is a set of workable acls at present that can detect and/or block domain fronting. Unfortunately no. By way of my understanding, that would be comparing the TLS SNI during a client connecting to squid and

Re: [squid-users] happy eyeball broken for dual homed hosts ?

On 16/03/22 22:40, Dieter Bloms wrote: Hello, while using squid 4.17 my ipv4/ipv6 ratio is about 56/44. Squid-4 traditional networking strictly favours IPv6 per BCP17 specification. When i use squid 5.3 my ipv4/ipv6 ratio is about 98/2. Squid-5 "Happy Eyeballs" uses the fastest

Re: [squid-users] Openssl 3 compliance

On 15/03/22 03:45, The Doctor wrote: I just read that opensssl 1.X will be end of life. When will Squid comply with both openssl 1.X and openssl 3.x? We have a PR with initial support that can be used if you really need it. FWIW, Ubuntu

Re: [squid-users] Bug: 'squid -k interrupt' quits on config file error, fails to kill process

On 14/03/22 08:48, Dave Blanchard wrote: OK. Would there be any harm in using 'kill -9 '? 'kill ' seems to be interpreted as 'take your time, then quit whenever you're ready.' Indeed. Busy proxy may have many clients to finish talking to, so there is a delay. Sending the SIGHUP ('kill ') a

Re: [squid-users] squid with OAuth2.0

On 11/03/22 05:38, Pintér Szabolcs wrote: Hi I'm Szabolcs and I want to use your proxy with an OAuth2 solution. I think I have tou use this part of the Documentiation: https://wiki.squid-cache.org/Features/BearerAuthentication But I didn't find more information about this, can I use it if

Re: [squid-users] auto-generated release on http://www.squid-cache.org/Versions/v6/ somewhat stale?

On 7/03/22 21:25, Ralf Hildebrandt wrote: Are the auto-generated releases on http://www.squid-cache.org/Versions/v6/ simply broken or is there another reason for a recent tarball since 07.02.2022? The snapshots only publish if our CI system confirms the code as working on a range of popular

Re: [squid-users] Squid 5.4 : ERR_PROTOCOL_UNKNOWN and exception=18686e4e

On 6/03/22 09:24, Amos Jeffries wrote: On 6/03/22 05:50, David Touzeau wrote: Hi added  exterr="%err_code|%err_detail" in logging and result return some request with ERR_PROTOCOL_UNKNOWN|exception=18686e4e 1646498399.887 46 176.12.1.2 NONE_NONE/000 0 CONNECT 62.67.238.138:443 -

Re: [squid-users] Squid 5.4 : ERR_PROTOCOL_UNKNOWN and exception=18686e4e

On 6/03/22 05:50, David Touzeau wrote: Hi added  exterr="%err_code|%err_detail" in logging and result return some request with ERR_PROTOCOL_UNKNOWN|exception=18686e4e 1646498399.887 46 176.12.1.2 NONE_NONE/000 0 CONNECT 62.67.238.138:443 - HIER_NONE/-:-

Re: [squid-users] SQUID refuses to listen on any TCP Port

On 5/03/22 00:11, ben wrote: Hi, I've done this and uploaded the log. Please take a look at it. Thank you https://www.dropbox.com/s/k8nwdjs7bly4exw/squid.log.gz This log shows port 3128 being opened, right at the end. 2022/03/04 18:12:54.537| 33,2| AsyncCall.cc(25) AsyncCall: The

Re: [squid-users] SQUID refuses to listen on any TCP Port

On 4/03/22 00:50, Eliezer Croitoru wrote: Should "squid -kparse" be of help for such a scenario? Ideally, but it depends on what the exact cause is. The purpose of "-kparse" is to find errors that a startup would show anyway, but without actually needing a running proxy. Nothing being

Re: [squid-users] SQUID refuses to listen on any TCP Port

On 3/03/22 14:48, ben wrote: Hi,Alex, Thanks for your help. I run squid with the option d1 and its output is as followings 2022/03/03 09:17:39 kid1| Current Directory is /root 2022/03/03 09:17:39 kid1| Starting Squid Cache version 4.17 for x86_64-pc-linux-gnu... 2022/03/03 09:17:39 kid1|

Re: [squid-users] slow down response to broken clients ?

On 25/02/22 20:47, Dieter Bloms wrote: Hello, Sometimes a client tries to reach a destination that is blocked at the proxy. The proxy responds with a 403 and the client then immediately tries again and again, making hundreds of requests per second. Is it possible to add an artificial delay here

Re: [squid-users] Random trouble with image downloads

On 25/02/22 18:14, Dave Blanchard wrote: OK, I've got Squid mostly working fine, but have noticed a problem with certain image downloads, which in at least one case are coming from storage.googleapis.com. (Profile images for a forum.) It's as if Squid sometimes randomly fails to download and

Re: [squid-users] Trying to set up SSL cache - solved!

On 25/02/22 10:49, Dave Blanchard wrote: On Thu, 24 Feb 2022 15:07:53 -0500 Alex Rousskov wrote: What is the replacement for client-first? A "good" answer depends on what exactly you are trying to achieve; details matter. A "dumb" answer (i.e. a direct replacement without considering your

Re: [squid-users] Trying to set up SSL cache - solved!

On 25/02/22 05:41, Grant Taylor wrote: On 2/24/22 9:08 AM, Alex Rousskov wrote: "more examples" is hardly the answer. I believe that "more examples" can be additional data that someone can derive information ~> knowledge from. Or said another way, it's a step in the proper direction. At

Re: [squid-users] Squid Question regarding tcp handshake

On 25/02/22 04:03, Felipe Polanco wrote: Hi, A question Regarding TCP handshake. Does squid first complete the tcp handshake on its users and then a second handshake on the destination IP or as soon as it receives the TCP SYN flag it does the same with the destination. The TCP

Re: [squid-users] Trying to set up SSL cache

On 24/02/22 15:26, Dave Blanchard wrote: Hello, I'm trying to configure Squid as a HTTPS cache on my local computer, using ssl-bump. I've got it working as a basic proxy, but the traffic seems to just be tunneling through and not being cached. Do you actually get at least *2* (maybe 3) Squid

Re: [squid-users] getsockopt failures, although direct access to intercept ports is blocked

On 24/02/22 12:05, Andreas Weigel wrote: Hi everyone, I had the following issue with Squid in Transparent Mode (and SSL Interception in mode splice). It is working as expected, however after multiple long-running (talking about several seconds) anti-virus ecap-Processes have finished, I

Re: [squid-users] Squid and Certificates

On 23/02/22 07:11, Garbacik, Joe wrote: When the squid proxy validates a certificate of a destination, does it cache that certificate's status for a period of time or does it validate the certificate each time? Would it log when it makes calls to a CRL or OCSP server to validate the

Re: [squid-users] Splice certain SNIs which served by the same IP

On 23/02/22 01:05, Ben Goz wrote: By the help of God. If I'm using the self signed certificate that I created for the ssl bump, then the browser considers it as the same certificate for any domain I'm connecting to? Key thing to remember is that TLS server certificate validates the

Re: [squid-users] Vulnerabilities with squid 4.15

On 11/02/22 23:04, robert k Wild wrote: thanks Amos and Eliezer! tbh i dont know if im using WCCP with my squid version, sorry, how do i find that out? If this produces any config lines: squid -k parse 2>&1 | grep wccp Cheers Amos ___

Re: [squid-users] Vulnerabilities with squid 4.15

On 11/02/22 07:55, robert k Wild wrote: Hi all, Is there any security vulnerabilities with squid 4.15, should I update to 4.17 or is it OK to still use as my squid proxy server Sorry for silly question Not silly. There is this one for WCCP:

Re: [squid-users] Squid plugin sponsor

On 10/02/22 01:43, David Touzeau wrote: Hi I would like to sponsor the improvement of ntlm_fake_auth to support new protocols ntlm_* helpers are specific to NTLM authentication. All LanManager (LM) protocols should already be supported as well as currently possible. NTLM is formally

[squid-users] [squid-announce] Squid 5.4 is available

d-cache.org/Download/mirrors.html If you encounter any issues with this release please file a bug report. https://bugs.squid-cache.org/ Amos Jeffries ___ squid-announce mailing list squid-annou...@lists.squid-cache.org http://lists.squid-cache.org/lis

Re: [squid-users] The status of AIA ie: TLS code: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY ?

On 26/01/22 06:12, Eliezer Croitoru wrote: Hey, I have recently seen more then one site that doesn't provide the full CA bundle chain. An example: https://www.ssllabs.com/ssltest/analyze.html?d=www.cloudschool.org https://www.ssllabs.com/ssltest/analyze.html?d= certificatechain.io I wanted to

Re: [squid-users] Base64 encoding of X-Authenticated-User Request Header

On 4/02/22 21:43, Nolan wrote: Hi All! I'm using a Squid proxy instance to authenticate users on the local LAN and then forward requests to an upstream proxy. I'm trying to figure out a way to do a base64 encoding of the X-Authenticated-User request header. Right now I have the following

Re: [squid-users] squid url_rewrite_program how to return a kind of TCP reset

On 31/01/22 21:53, David Touzeau wrote: Is adapted_http_access supporting url_rewrite_program  ? It seems only supports ecap/icap All the request adaptors (ICAP, eCAP, rewrite helper) can either respond with an adapted request or a response to the client. If they respond with a changed

Re: [squid-users] squid url_rewrite_program how to return a kind of TCP reset

On 31/01/22 13:20, David Touzeau wrote: But it makes 2 connections to the squid for just stopping queries. It seems not really optimized. The joys of using URL modification to decide security access. I notice that for several reasons i cannot switch to an external_acl :( Is there a

<    1   2   3   4   5   6   7   8   9   10   >