Re: [squid-users] Basic config file

On 15/11/2013 10:32 p.m., alamb200 wrote: > Hi, > I am looking at Squid as a proxy server on our network to try and have some > degree of control over internet access and eventually to tag other software > such as Internet Access Monitor for Squid. > I am running Squid on a Windows 2008 Server so I

Re: [squid-users] Re: acl defined with rep_header used to deny cache is not working

On 15/11/2013 7:24 p.m., susu wrote: > Hi, > > I have another question. Does squid support caching decision based on any > request header? I am using version 2.7 of squid. > Yes. Amos

Re: [squid-users] Android has issue with transparent proxy

On 15/11/2013 8:19 a.m., WorkingMan wrote: > I have a weird problem. SQUID is configured as a transparent proxy. > client<-->VPN <-> SQUID <--> internet > > squid.conf > cache deny all > forwarded_for on > strip_query_terms off > > cache_effective_user proxy > cache_effective_group proxy > client

Re: [squid-users] Re: Ubuntu Server 13.10. Squid 3.3.8. WARNING: external ACL 'memberof' queue overload

On 2013-11-15 09:12, Eliezer Croitoru wrote: OK, I think I know what you are talking about Amos(hope you slept well). http://bazaar.launchpad.net/~squid/squid/3.4/view/head:/helpers/external_acl/LDAP_group/ext_ldap_group_acl.cc#L577 The above line can cause this specific issue. And since the h

Re: [squid-users] Ubuntu Server 13.10. Squid 3.3.8. WARNING: external ACL 'memberof' queue overload

On 2013-11-14 20:55, Eliezer Croitoru wrote: On 11/14/2013 03:42 AM, Amos Jeffries wrote: On 2013-11-14 11:29, Eliezer Croitoru wrote: Eliezer, two pieces of information that should get you back on track with understanding this one: 1) The connection between Squid and external_acl_type

Re: [squid-users] Re: acl defined with rep_header used to deny cache is not working

On 14/11/2013 1:13 a.m., susu wrote: > I am posting the headers of three request and responses. Last request starts > video streaming, Pragma: xPlayStrm=1 asks the server to start video > streaming. Thank you. These look like they should be working without problems, even if a cache is present. Th

Re: [squid-users] squid 3.3.9 and complains for some in error-details.txt (X509_V_ERR_SUBTREE_MINMAX or similar)

On 14/11/2013 9:47 a.m., Eliezer Croitoru wrote: > On 11/13/2013 10:30 PM, Amos Jeffries wrote: >> On 2013-11-14 02:21, Eliezer Croitoru wrote: >>> On 11/13/2013 02:27 PM, Josef Karliak wrote: >>>>Good morning, >>>>what are the following com

Re: [squid-users] Ubuntu Server 13.10. Squid 3.3.8. WARNING: external ACL 'memberof' queue overload

On 2013-11-14 11:29, Eliezer Croitoru wrote: Eliezer, two pieces of information that should get you back on track with understanding this one: 1) The connection between Squid and external_acl_type helpers uses TCP. 2) Preventing the kernel assigning IPv6 addresse to its NIC does not actuall

Re: [squid-users] squid 3.3.9 and complains for some in error-details.txt (X509_V_ERR_SUBTREE_MINMAX or similar)

On 2013-11-14 02:21, Eliezer Croitoru wrote: On 11/13/2013 02:27 PM, Josef Karliak wrote: Good morning, what are the following complains (warnings) ?>> Nov 13 13:16:21 kostold squid[4377]: WARNING! invalid error detail name: X509_V_ERR_SUBTREE_MINMAX The basic assumption is that it rel

Re: [squid-users] Re: acl defined with rep_header used to deny cache is not working

On 14/11/2013 12:44 a.m., susu wrote: > Hi Amos, > > Thank you for your reply. > > This is required because when a video is hosted in windows media server and > fetched from client using windows media player it uses Windows media HTTP > streaming protocol for video streaming. > > In this protoc

Re: [squid-users] how to upgrade to 3.3.10 from3.3.8

On 14/11/2013 12:17 a.m., Eliezer Croitoru wrote: > Hey, > > (notes inside) > > On 11/13/2013 09:08 AM, Ding Guigeng wrote: >> now squid 3.3.8 running on server ,i want to upgrade to 3.3.10 >> how to upgrade it? But the most important question is: What OS? How did you install 3.3.8? The answ

Re: [squid-users] acl defined with rep_header used to deny cache is not working

On 13/11/2013 10:42 p.m., susu wrote: > Hi All, > > I am using squid as a cache and I don't want to cache anything coming from a > windows media server. > So I have put following rules in squid.conf : > > acl windows_server rep_header -i Server -i ^Cougar > cache deny windows_server > > But it i

Re: [squid-users] Need help on Squid Setup

On 13/11/2013 6:21 p.m., Durga Prasath wrote: > Thanks for your email amos. is there any other way that we can get > this done other than SSL_bump. any URL redirector program can help > us... ( I did check here and usage of ssl_bump is illegal.) Unfortunately no, that is the only way. Amos

Re: [squid-users] Ubuntu Server 13.10. Squid 3.3.8. WARNING: external ACL 'memberof' queue overload

On 2013-11-13 09:19, Andrey ‪ wrote: On 11/12/2013 06:33 PM, Andrey ‪ wrote: Hi everyone During configuration of LDAP basic and group authentication methods by Squid, a came across this error (/var/log/squid3/cache.log): Code: WARNING: external ACL 'memberof' queue overload. Request rejected

RE: [squid-users] Re: WARNING: unparseable HTTP header field {:: }

On 2013-11-13 07:45, Jenny Lee wrote: They generate huge log files. We turn them off. Here it a patch for 3.3.10 if you need to suppress them. Some of the cache log options should have config entries as they generate clutter and hide more important issues. We remove the following as well: * "Us

Re: [squid-users] Squid 27 vs 33

On 2013-11-13 09:40, Luis Daniel Lucio Quiroz wrote: Hello, talking only on memory hungry, same configuration (or equivalent), who needs more ram? LD Huh? Amos

Re: [squid-users] squid cache manager question and snmp with smp question

On 12/11/2013 9:21 p.m., Dr.x wrote: > hi , > from cache manager : > Cache information for squid: > Hits as % of all requests: 5min: 11.7%, 60min: 11.0% > Hits as % of bytes sent:5min: 0.6%, 60min: -0.3% > Memory hits as % of hit requests: 5min: 20.0%, 60min: 1

Re: [squid-users] WARNING: unparseable HTTP header field {:: }

On 12/11/2013 9:08 p.m., Dr.x wrote: > hi , > is that harmfull log ?? > > 2013/11/11 02:20:12 kid2| WARNING: unparseable HTTP header field {:: } > 2013/11/11 02:20:13 kid1| ctx: exit level 0 > 2013/11/11 02:20:13 kid1| ctx: enter

Re: [squid-users] Re: RPM for Squid 3.3.10 is OUT.

On 12/11/2013 8:22 p.m., Dr.x wrote: > Eliezer Croitoru-2 wrote >> I am happy to release the new RPM for squid version 3.3.10.(links at the >> bottom of the article) >> >> The new release includes the big addition of cache_dir type *rock*, big >> thanks for Alex Rousskov work on rock ssl-bump and

Re: [squid-users] Need help on Squid Setup

On 12/11/2013 8:19 p.m., Durga Prasath wrote: > Hello All, > > I am trying to setup Squid Proxy for our internal users. we want to > restrict access to only a few domains and URLs. > > the requirement i have is, i should allow > https://www.google.co.in/search and other URLs should be banned. Lik

Re: [squid-users] install error on Squid 3.1.6

On 12/11/2013 6:54 p.m., Peipei Wang wrote: > Hi all, > > Please help me with this installation problem. Firstly, this is a build/compile problem. > > I got a problem whiling installing Squid 3.1.6. The configure works > well, but it reports the error message from "make" as follows. > > User

Re: [squid-users] Re: is there any thing wrong from cache manager logs ?!!

On 12/11/2013 3:10 a.m., Eliezer Croitoru wrote: > On 11/11/2013 01:16 PM, Amos Jeffries wrote: >> On 11/11/2013 10:08 p.m., Dr.x wrote: > > Amos just a tiny question at the end.. > >>> hi amos , thanks alot . >>> >>> im trying to understand the calc

Re: [squid-users] Squid Doesn't show CAPTCHA

On 2013-11-12 02:22, emerson.carpes wrote: Gentlemen When I set my browser proxy does not display the images "CAPTCHA", even releasing my ip by proxy remains the same. When put P2P firewall on my machine works in the same browser, so I believe it is a problem in squid. Below the contents of acess

Re: [squid-users] Re: is there any thing wrong from cache manager logs ?!!

On 11/11/2013 10:08 p.m., Dr.x wrote: > Amos Jeffries-2 wrote >> The full calculation is: >> >>bytes from client >> - bytes to server >> >> + bytes to client >> - bytes from server >> >> = bandwidth saving/loss. >> >>

Re: [squid-users] Re: is there any thing wrong from cache manager logs ?!!

On 11/11/2013 5:04 p.m., Dr.x wrote: > Amos Jeffries-2 wrote >> On 2013-11-08 12:29, Dr.x wrote: >>> Amos Jeffries-2 wrote >>>> On 2013-11-08 11:26, Dr.x wrote: >>>>> . >>>>> >>>>> >>>>>> Select loops: >

[squid-users] Squid 3.3.10 is available

id/ ftp://ftp.squid-cache.org/pub/archive/3.3/ or the mirrors. For a list of mirror sites see http://www.squid-cache.org/Download/http-mirrors.html http://www.squid-cache.org/Download/mirrors.html If you encounter any issues with this release please file a bug report. http://bugs.squid-cache.org/ Amos Jeffries

Re: [squid-users] Re: is there any thing wrong from cache manager logs ?!!

On 2013-11-08 12:29, Dr.x wrote: Amos Jeffries-2 wrote On 2013-11-08 11:26, Dr.x wrote: . Select loops: * 1K/sec under the fast traffic period * relaying 3.5MB/sec * 7K/sec and 9K/sec in the periods you indicate as slow * relaying 4.7MB/sec => hints that Squid is looping once per pac

Re: [squid-users] cachemgr.cgi - "Persistent Connection Utilization Histogramms"

On 2013-11-10 08:34, babajaga wrote: cachemgr.cgi for squid 3.3.10: Why are no client side persistent connection counts displayed in "Persistent Connection Utilization Histogramms", although client persistent conns enabled in squid.conf ? At present the "pconn" report only lists peer, origin

Re: [squid-users] Re: is there any thing wrong from cache manager logs ?!!

On 2013-11-08 11:26, Dr.x wrote: . Select loops: * 1K/sec under the fast traffic period * relaying 3.5MB/sec * 7K/sec and 9K/sec in the periods you indicate as slow * relaying 4.7MB/sec => hints that Squid is looping once per packet or so. Amos something not being understood , if u look

Re: [squid-users] Re: is there any thing wrong from cache manager logs ?!!

I notice several things in the data below: Throughput: * you have persistent connections disabled => thus each request requires a new set of TCP sockets * TIME_WAIT lasts for between 5-15 minutes (after 250 users mark) * you are receiving 57 req/sec => thus 114 sockets/sec are being used and set

Re: [squid-users] URL rewrite and POST body

On 6/11/2013 12:37 p.m., WorkingMan wrote: 1) Is the POST body request preserved when using url_rewrite_program? Based on my test it seems to be lost. If it's lost is it easy to modify SQUID to preserve that (or maybe an option to enable that)? It should be preserved. Only headers portion shoul

Re: [squid-users] cache_peer question

On 2013-11-06 03:43, Brendan Kearney wrote: I use: cache_peer peer.domain.tld sibling 31284827htcp=no-clr cache_peer 127.0.0.1parent 80807 no-query no-digest login=PASSTHRU ... always_direct allow ThisACL always_direct deny all ... never_direct deny ThisACL never_direct al

Re: [squid-users] parent proxy setup

On 4/11/2013 1:40 a.m., Monah Baki wrote: Hi all, I have 2 servers a CentOS 6.4 and FreeBSD 9.2, both running squid 3.3.8. The CentOS however is configured as follows: cache_peer x.x.x.x parent 80 0 no-query no-digest never_direct allow all x.x.x.x is the IP address of my FreeBSD I can browse

Re: [squid-users] Re: load tpoxy wccp on multiple interfaces by smp ?

On 3/11/2013 11:24 p.m., Dr.x wrote: Amos Jeffries-2 wrote On 3/11/2013 5:22 p.m., Dr.x wrote: hi , its just an updating idea , we have 6000 users and we have 96 G ram and 24 CPU cores and DELR720 hardware , actually i want to use smp and want to handle them by squid Q1-from the user

Re: [squid-users] load tpoxy wccp on multiple interfaces by smp ?

On 3/11/2013 5:22 p.m., Dr.x wrote: hi , its just an updating idea , we have 6000 users and we have 96 G ram and 24 CPU cores and DELR720 hardware , actually i want to use smp and want to handle them by squid Q1-from the user experience who tried squid smp , can my hardware handle the 6000 users

Re: [squid-users] Re: frequent "TCP_MISS_ABORTED" is it harmfull ???

On 3/11/2013 5:34 p.m., Dr.x wrote: Amos Jeffries-2 wrote It is bad for user experience, since it means they had some reason to abort. It also wastes one socket FD on your proxy server, including the memory resources necessary to track that connection on your machine and every router along the

Re: [squid-users] Re: transparent proxy on remote box issue

On 2/11/2013 9:46 p.m., WorkingMan wrote: I have confidence that we can get to the bottom of this with this level of details. I am currently stuck at this step: VPN Server - > Web Site (SQUID's mac) This was also where I was stuck before. At this point I am simply issuing a curl www.cnn.com

Re: [squid-users] Re: transparent proxy on remote box issue

On 2/11/2013 9:17 p.m., WorkingMan wrote: One hint I had was that the traffic are not marked correctly. This line if added (I got it from somewhere online) will change the mac address of the web site to be the one of SQUID: iptables -t mangle -A OUTPUT -o eth0 -p tcp --dport 80 -j MARK --set-

Re: [squid-users] Re: transparent proxy on remote box issue

On 2/11/2013 7:24 p.m., WorkingMan wrote: There is a very specific order of packet flow required to get these things working. And an equally specific order of configuration and testing needed to ensure that it is all working. I have taken the liberty of re-arranging the details you posted

Re: [squid-users] Re: IPv6 + Intercept proxy

On 1/11/2013 6:30 a.m., WorkingMan wrote: TPROXY is not routing. It is packet interception, taking a packet from the kernel TCP stack and delivering it to a local process running on that machine. Taking packets from that same local process marked with a special TPROXY flag and allowing them to be

Re: [squid-users] Re: WARNING: Could not determine this machines public hostname. Please configure one or set 'visible_hostname'.

On 2/11/2013 1:42 p.m., Dr.x wrote: Alex Rousskov wrote On 11/01/2013 02:39 PM, Dr.x wrote: in smp , im trying to let the acl load on a specific process , i mean that the acl verification watse alot of cpu , ACL verification _wastes_ CPU only if you do not need those ACLs to be verified. If t

Re: [squid-users] Re: how enhance browsing quality for top ten sites on my squid ??!!

On 2/11/2013 1:36 p.m., Dr.x wrote: Alex Rousskov wrote On 11/01/2013 01:26 PM, Dr.x wrote: from cache manager we have top ten sites , my question is how to let squid optimize those sites ?? as an example , i mean how to let squid use cache mem for cahcing them not use cache dir ??? You

Re: [squid-users] Re: transparent proxy on remote box issue

On 2/11/2013 9:42 a.m., WorkingMan wrote: Eliezer Croitoru ngtech.co.il> writes: On 11/01/2013 10:30 AM, WorkingMan wrote: I am not using TPROXY. VPN/SQUID are two different servers. OK now you mangled everything!! try to start from scratch which means design. Put the VPN on the same squid s

Re: [squid-users] WARNING: Could not determine this machines public hostname. Please configure one or set 'visible_hostname'.

On 2/11/2013 9:39 a.m., Dr.x wrote: hi , in smp , im trying to let the acl load on a specific process , i mean that the acl verification watse alot of cpu , and i think that if i use a specific process for acl verification will make a loabd balance of squid.conf on my multi process. ACL do no

Re: [squid-users] Re: squid dstdom_regex not working as expected

On 1/11/2013 11:36 p.m., Sachin Gupta wrote: We want to block URLs like mail.yahoo.com, but not yahoo.com. Using dstdom_regex acl for this. Regards On Fri, Nov 1, 2013 at 4:01 PM, Sachin Gupta wrote: Hi All, I have configured a list of blacklist URLs. One of these is set to (\.*)\.yahoo\.c

Re: [squid-users] Zeroed SNMP statistic after reload

On 1/11/2013 9:32 p.m., Kirill Kamyshnikov wrote: I experiment with use SNMP for limited client traffic in real time. I have problem with zeroed values SNMP after /etc/init.d/squid3 -k reload (time to time). Before reload I do "/usr/sbin/squid -k check" and do not have any errors or warnings. I u

Re: [squid-users] frequent "TCP_MISS_ABORTED" is it harmfull ???

On 1/11/2013 10:36 a.m., Dr.x wrote: 1383254455.257 4846 x.x.x.x TCP_MISS_ABORTED/000 0 GET http://imgcdn.ptvcdn.net/pan_img/appDownload/PandoraService/Service_Info.xml hi , i use rock with smp and i a have very low hit ratio !!! also i have logs of : TCP_MISS_ABORTED as an example : 138325

Re: [squid-users] dynamic ssl certificate generation - ip addresses

On 1/11/2013 5:11 p.m., Lennert Rienau wrote: Hi, i want squid to create dynamic ssl certificates in intercept mode, which works, but squid uses ip-addresses for the certificates of the site, not the host name. Does anybody know why this happens? Because you use client-first bumping on inte

Re: [squid-users] Problem with negotiate_wrapper and ntlm authentication

On 1/11/2013 2:45 a.m., Matteo De Lazzari wrote: Uhm, I cannot understand. The user and computer that you found is the current logged in windows user . It's a local user. If I want to use the browser, a login box appear. So i try to insert the domain credential in the form domain\username and th

Re: [squid-users] invalid request

On 31/10/2013 4:17 a.m., Cheikhou Dramé wrote: Hi everybody , I'm a newbie in squid .I have many "clientProcessRequest: Invalid request" errors in my cache.log file . Is there a way to identify the client which sending those requests ? my transparent squid server is running on centos 6.4.

Re: [squid-users] Re: Squid 3.3.2 SMP Problem

On 31/10/2013 6:02 a.m., Dr.x wrote: hi all , ive tried that on kernel of centos 6.4 last one but it give me : [root@squid ~]# sysctl -w net.local.dgram.recvspace=262144 error: "net.local.dgram.recvspace" is an unknown key wt does that mean ? It means the system control toggle fro datagram

Re: [squid-users] Re: IPv6 + Intercept proxy

On 31/10/2013 9:18 a.m., WorkingMan wrote: Mike Cardwell lists.grepular.com> writes: * on the Wed, Oct 23, 2013 at 05:14:00PM +1300, Amos Jeffries wrote: For starters NAT has never been "transparent proxy". NAT is the lazy admins replacement, using the proxy IP on outb

Re: [squid-users] Re: transparent proxy on remote box issue

On 31/10/2013 7:38 a.m., WorkingMan wrote: I hope I can refocus this question to the real problem. I am currently have a working VPN setup but once I add my policy routing rules it breaks the client's port 80 connection (everything else still good, apps still work. I don't any traffic going to m

Re: [squid-users] Re: squid_kerb_auth: Unspecified GSS failure (W2K8)

On 31/10/2013 5:54 p.m., Mihail Lukin wrote: I don't know why access-time is not being updated, but strace has shown that keytab is being read successfully by squid_kerb_auth process. This tool may help you identify whether the tokens being sent to Squid are the ones you are expecting: http

Re: [squid-users] squid url_rewrite_program

On 31/10/2013 6:14 p.m., Sachin Gupta wrote: Thanks John. does url_rewrite_access solve this? Sample below. I tried but doesnt seem to work. url_rewrite_program acl allow_port myportname xxx4 xxx5 url_rewrite_access allow allow_port That looks right. Ensure that your http_port / https_port

Re: [squid-users] Re: SQUID in TPROXY - do not resolve

On 31/10/2013 7:52 a.m., Dr.x wrote: hi amos , my request is , i dont want to install squidguar don my machine , i want to use dns of squid except of that i mean i want to direct squid to norton dns , and in this case if the dns of clients and squid didnt match , the website or the request of c

Re: [squid-users] decode kerberos messages

On 31/10/2013 6:02 a.m., Carlos Defoe wrote: Hi, It is possible to decode those "negotiate_kerberos_auth" debug messages? I tried "base64 -d", but it shows a lot of garbage and almost nothing readable. It is a binary NTLMSSPI packet. I have put a simple decoder together for debugging purposes

Re: [squid-users] caching problem in squid 3.2 vs 3.1

behaviour ??? any one has a solution to this problem... Regards On 10/29/2013 11:38 PM, Amos Jeffries wrote: The big caching related changes: * 3.2 version is now HTTP/1.1 - with extended cacheability and revalidation behaviour. - In some cases HTTP/1.0-based savings calculation can show a

Re: [squid-users] Re: SQUID in TPROXY - do not resolve

On 30/10/2013 8:28 p.m., Dr.x wrote: hi amos , is there a method that let squid force its dns reply and ignore the client dns reply ??? = i mean if client x got 1.1.1.1 and squid got 2.2.2.2 i want client to go to 2.2.2.2 not to 1.1.1.1 ===

Re: [squid-users] Problem with negotiate_wrapper and ntlm authentication

On 30/10/2013 3:49 a.m., Matteo De Lazzari wrote: Now I have squid Version 3.3.9, but the problem still persist. This if from cache.log 2013/10/29 15:07:49| negotiate_wrapper: Got 'YR TlRMTVNTUAABB4IIogAFASgKDw==' from squid (length: 59). 2013/10/29 15:07:49| negot

Re: [squid-users] caching problem in squid 3.2 vs 3.1

On 30/10/2013 2:51 a.m., Ayham Abou Afach wrote: Hi i have the folloing problem after moving from squid 3.1 to ( 3.2 or 3.3 ) with same config bandwidth saving decreases to about 50% what is the deffirance between versions related to caching behaviour ??? any one has a solution to this problem.

Re: [squid-users] Re: does rock type deny being dedicated to specific process ??

e particular combination of (No, Yes, No). Amos === Amos Jeffries-2 wrote PS: if you want to experiment, you could try given the frontend and backend config two slightly different cache_dir lines. So the frontend has a "read-only" flag but otherwise

Re: [squid-users] Problem with negotiate_wrapper and ntlm authentication

On 29/10/2013 6:19 a.m., Matteo De Lazzari wrote: Dear all, I have a little problem trying to configure a fall back authentication via negotiate_wrapper I'm using a precompiled 3.1.10 squid version on centos 6.4. Please try a current Squid version (3.3 or later). There seems to be an iss

Re: AW: [squid-users] Vary object loop

On 29/10/2013 12:23 a.m., Ahmad wrote: oh , it seems bad news for me ! Not too bad. Squid is self-correcting since we (devs) know exactly what state is happening and can detect it. But how Squid got into that state in the first place is still a mystery. What it means for production traffic i

Re: AW: [squid-users] Vary object loop

On 28/10/2013 11:37 p.m., Ahmad wrote: hi , could this be harmfull problem , ?? i mean can i ignore it and deal with my suqid as it works normally ? regards If it is happening often that probably should be looked into. It happens from time to time though anyway. Amos

Re: [squid-users] Re: something not being understood in ,workers , squid proces , cores mapping

On 28/10/2013 10:18 p.m., Ahmad wrote: hi , alex & amos , thanks very much for clarification , but im wondering why this info you posted here is not found on the wiki !!! The features are new and volatile, not everything is documented yet. Most of these details are in the wiki, just hidden

Re: [squid-users] Re: SQUID in TPROXY - do not resolve

On 25/10/2013 2:44 a.m., Plamen wrote: Amos Jeffries-2 wrote On 24/10/2013 6:44 a.m., Plamen wrote: Yes, this is one of the problems I'm also experiencing, the customer is using different DNS than the Squid, and he complains because he says - without your SQUID I can open web page

Re: [squid-users] Re: SQUID in TPROXY - do not resolve

On 28/10/2013 9:46 p.m., Ahmad wrote: @plamen , regards to 1st discussion now i tried trpoxy squid i pointed squid to dns1 and put on my pc dns2 my pc resolved the site aaa.com with 1.1.1.1 and squid resolved aaa.com with 2.2.2.2 but my pc see the site with 1.1.1.1 not with 2.2.2.2 ??

Re: [squid-users] why wccp config with smp must be put in backend.conf ???

On 28/10/2013 8:10 p.m., Ahmad wrote: hi , all im wondering , i have followed example of : http://wiki.squid-cache.org/ConfigExamples/SmpCarpCluster my question is , why the wccp config dont work if it was put in fronted.conf why it only work if i put it in backed.conf ??? Same reason

Re: [squid-users] Re: Why are we getting bad percentage of hits in Squid3.3 compared with Squid2.6 ?

On 28/10/2013 1:29 p.m., Manuel wrote: Hi Eliezer, thank you for your answer The origin servers are the same in 2.6 and in 3.3 (in both cases Squid connect to the same origin remote servers) and the squid.conf is exactly the same except in the very first lines (since acl manager proto cache_obje

Re: [squid-users] about netdb?

On 28/10/2013 8:27 a.m., Beto Moreno wrote: Hi. Reading my config file squid-3.1.x, I found a parameter called netdb, googling a little a found a site, what I understand is that. netdb is used when u have a bunch of squid cache servers and u use icp/htcp stuff. In a company where u used a sing

Re: [squid-users] Re: Squid naps each 3600 seconds !

On 27/10/2013 10:51 p.m., Omid Kosari wrote: Following grabbed from cachemgr.cgi when digest is enabled . May i be sure that digest is not choosed by squid itself and is it safe for me to "digest_generation off"? That looks okay. Digests are not being generated or received. Amos Peer Select

Re: [squid-users] something not being understood in ,workers , squid proces , cores mapping

On 27/10/2013 9:58 p.m., Ahmad wrote: hi , about smp and workers , just want to understand 1- i want an equation that equal the number of instances for squid relative with cache dir and worker number ??? ex: With 3 workers and 1 rock cache = 5 processes running: i want general fourm for

Re: [squid-users] Re: does rock type deny being dedicated to specific process ??

On 27/10/2013 8:01 p.m., Ahmad wrote: hi amos , i read bad news about rock when rock shared between process , i read that it reduce hit ratio ! i read form http://wiki.squid-cache.org/Features/RockStore it says : /Objects larger than 32,000 bytes cannot be cached when cache_dirs are shared among

Re: [squid-users] Re: question in "cpu_affinity_map" directive

On 27/10/2013 7:53 p.m., Ahmad wrote: well , but again , why we cant use core 0 in mapping ? IIRC, 0 has some special meaning on the interface we use with the kernel or how Squid handles whether to set the affinity for that process. It is also best to reserve one CPU core for kernel and oth

Re: [squid-users] Re: Squid3 on CentOS 6 and tproxy

On 27/10/2013 7:52 p.m., Ahmad wrote: hi , ls -laR /lib/modules/`uname -r`/ | grep tproxy -rwxr--r--. 1 root root 5632 Oct 16 21:38 nf_tproxy_core.ko this module which i found !! , did u mean it ??!! but i think this is a good step from centos , because compiling kernel get a hard work and

Re: [squid-users] Re: 3x cpu usage after upgrade 3.1.20 to 3.3.8

On 27/10/2013 7:28 p.m., Omid Kosari wrote: No SMP is not enabled . I tried to change minimum configs to easier debugging . Forgot to say this graph is taken from squid SNMP CPU usage . I am using rock store for past 4~5 days but the CPU usage grows right after upgrading to new version . also t

Re: [squid-users] Re: question in "cpu_affinity_map" directive

On 27/10/2013 6:40 p.m., Eliezer Croitoru wrote: On 10/27/2013 12:35 AM, Ahmad wrote: another question , can i map a 1 squid process to more than one core No squid is 1 to 1 instances\process daemon. The SMP scale is doing couple things using a Disker and a Coordinator as assisting proc

Re: [squid-users] does rock type deny being dedicated to specific process ??

On 27/10/2013 11:34 a.m., Ahmad wrote: hi , im trying smp and rock , i followed example of http://wiki.squid-cache.org/ConfigExamples/SmpCarpCluster == the issue is , in squid.conf i have == dns_v4_first on # 3 workers, us

Re: [squid-users] Re: Squid naps each 3600 seconds !

On 26/10/2013 4:28 a.m., Omid Kosari wrote: Alex Rousskov wrote On 10/24/2013 07:43 AM, Omid Kosari wrote: "digest_generation off" temporary solved problem but needs restart . I have tested with reload before . Sounds like you have detected the source of the blocking Squid problem and confirm

Re: [squid-users] Re: how distribute squid loads to cpus and memories using SMP feature??

On 27/10/2013 5:51 a.m., Ahmad wrote: well , actually i dont use squid -k restart but i do 1- /usr/sbin/squid -k shutdown /usr/sbin/squid -k shutdown /usr/sbin/squid -k shutdown to make sure it This schedules 3x signals for shutdown in the kernel. It does take some time for Squid to shutdown

Re: [squid-users] Re: squid with muliwan

On 27/10/2013 3:43 a.m., adamso wrote: Thanks for the replies, Marcello Romani i tried it. But le problème, when i broke eth0:1 on the pfsense gateway, i still have connexion. E.g : on my squid, yahoo mail go to eth0:1 par tcp_outgoing_ address. But when i broke eth0:1, i can go to yahoo mail.

Re: [squid-users] Re: how distribute squid loads to cpus and memories using SMP feature??

On 27/10/2013 5:24 a.m., Ahmad wrote: wt do u do when you want to restart your squid with smp configs ?? squid -k restart Amos

Re: [squid-users] 3x cpu usage after upgrade 3.1.20 to 3.3.8

On 27/10/2013 2:54 a.m., Omid Kosari wrote: After upgrade to 3.3.8 from 3.1.20 the cpu usage of squid grows triple times without change to config . Please look at attached image of cacti graph my configs are availa

Re: [squid-users] Re: how distribute squid loads to cpus and memories using SMP feature??

On 26/10/2013 7:21 a.m., firecold wrote: Mi squid.conf lo tengo de esta manera: #== Squid 3.x Conf ===# #-- # Opciones de SQUID 3.x #---

Re: [squid-users] Re: transparent proxy on remote box issue

On 26/10/2013 8:46 a.m., WorkingMan wrote: What I tried: 1)with clean.rules I can connect to VPN and access internet without any issue 1b)On SQUID or VPN server curl -x http://localhost:3130 www.nba.com works 2) with proxy.rules VPN client get invalid URL (previously mentioned error). proxy is n

Re: [squid-users] squid 3.4.0.2 + smp + rock storage error

On 26/10/2013 1:13 p.m., Ricardo Klein wrote: I am trying to run latest squid (for test purposes) and even on 3.3.9 I always get: Squid Cache (Version 3.4.0.2): Terminated abnormally. CPU Usage: 0.015 seconds = 0.012 user + 0.003 sys Maximum Resident Size: 24864 KB Page faults with physical i/o:

Re: [squid-users] Re: Windows 7 + Firefox + Squid + Kerberos

On 26/10/2013 2:37 a.m., Allan Carvalho wrote: Well, looking wireshark carefully, i have identified some behaviours: 1- Firefox sends a GET with Kerberos auth; 2- Squid server reply with "HTTP/1.0 407 Proxy Authentication Required (text/html)"; 3- Firefox sends a new request, but with basic au

Re: [squid-users] Re: transparent proxy on remote box issue

On 24/10/2013 3:45 p.m., WorkingMan wrote: 1) why intercept mode fails (do I need any special rule on my remote SQUID box?) with access denied for all requests Where is the NAT/TPROXY interception happening for (1)? It is required to be done directly on the Squid machine, with packets sent to

Re: [squid-users] Access Denied using Squid as reverse proxy

On 24/10/2013 3:17 p.m., juan_fla wrote: I'm trying to set up squid as reverse proxy/cache for a mediawiki website. At this time, http requests to the website give me an Access denied message. Looks like I need to map requests to port 80 somehow to the port 3129 (where Squid is listening right no

Re: [squid-users] Caching large files (i.e .ipsw)

On 24/10/2013 2:36 p.m., Archer wrote: Before i start, please forgive my ignorance (I'm still pretty new to this). What I'm using: Ubuntu Server 12.04.3 Webmin 1.660 Squid 3.1 What I'm trying to achieve: I want to have a transparent bridged squid proxy server for caching large, frequently used

Re: [squid-users] Re: transparent proxy on remote box issue

On 24/10/2013 9:45 a.m., WorkingMan wrote: It appears that one of the test I was doing is not correct so it can yield some hint to the problem. "-k reconfigure" didn't take effect when I made the change. So for the browser with direct proxy setting. I am able to browse correctly if not using "int

Re: [squid-users] Re: SQUID in TPROXY - do not resolve

On 24/10/2013 6:44 a.m., Plamen wrote: Yes, this is one of the problems I'm also experiencing, the customer is using different DNS than the Squid, and he complains because he says - without your SQUID I can open web page, but with your SQUID it's not opening. Ah. So the real problem is "

Re: [squid-users] SQUID in TPROXY - do not resolve

On 24/10/2013 1:47 a.m., Plamen wrote: Hi, how to disable squid resolving every request if it is running in TPROXY mode? Why are you asking in particular? If you are planning to use cache storage at all this is not a good choice. The hidden underbelly of CVE-2009-0801 is malicious cache cor

Re: [squid-users] rock questions ?

On 23/10/2013 10:56 p.m., Omid Kosari wrote: I am using rock on one of SSD drives to check its performance . before choosing rock the filesystem was reiserfs because it shows good performance in huge number of little files but i read somewhere the rock uses one big file . so i choose ext4 with

Re: [squid-users] Squid naps each 3600 seconds !

On 23/10/2013 9:07 p.m., Omid Kosari wrote: I have 2 squid boxes with the name cache1 and cache2 . the config is available in this post

Re: [squid-users] Intercepting with iptables: DNAT vs REDIRECT

On 23/10/2013 7:34 p.m., Amos Jeffries wrote: On 23/10/2013 7:22 p.m., Dan Charlesworth wrote: Very edifying. Thanks so much for that Amos. While the thread’s going, would you be able to elaborate at all on the “trickery with multiple rules and IPs”? Well, normally you cant use more than

Re: [squid-users] Intercepting with iptables: DNAT vs REDIRECT

On 23/10/2013 7:22 p.m., Dan Charlesworth wrote: Very edifying. Thanks so much for that Amos. While the thread’s going, would you be able to elaborate at all on the “trickery with multiple rules and IPs”? Well, normally you cant use more than 64K ports on one IP address. But you can setup mu

Re: [squid-users] Need Some Help

On 20/10/2013 8:13 a.m., Jermster wrote: I need some help plz. - I'm running Windows XP Home Edition - I have a SMC8014WN Modem - I'm assigned a WAN address from my SP - I currently have Squid 2.5.4.0 NP: squid-2. is extremely old. Please get a squid-2.7 version from http://squid.acmeconsulti

Re: [squid-users] Intercepting with iptables: DNAT vs REDIRECT

On 22/10/2013 2:56 p.m., Dan Charlesworth wrote: Hi folks I've been testing these interception methods (as outlined in the Config Examples) and don't really understand the difference between the two, other than DNAT requiring sysctl changes. What's the actual functional difference? Iptable

<    4   5   6   7   8   9   10   11   12   13   >