Em 22/10/15 06:08, Amos Jeffries escreveu:
On 22/10/2015 7:13 a.m., Leonardo Rodrigues wrote:
It sounds to me that you are not so much wanting to cache only big
things, you are wanting to cache only certain sites which contain mostly
big things.
The best way to confgure that is with the cache
Hi,
I have a question regarding the SSL Server Certificate Validator.
In the Wiki is written:
"The helper will be optionally consulted after an internal OpenSSL validation
we do now, regardless of that validation results."
What checks does the internal validation include ?
Couldn't find any
On 22/10/2015 7:31 a.m., luizcasey wrote:
>
>
> Hello, So what I am trying to accomplish here is to basically have a
> whitelist of domains that is allowed via http/https.
What you have actually configured is a whitelist with MUCH narrower
criteria than that.
> If the UID is
> squid,apache,
On 22/10/2015 7:52 a.m., Sebastien.Boulianne wrote:
> Hi again,
>
> I would like to change the Squid'slogo that appear on an ccess denied page...
> I replace the picture /usr/share/squid/icons/SN.png but it didnt work.
>
> What did I miss ?
The other config files that sit next to squid.conf.
On 22/10/2015 8:21 a.m., Keith White wrote:
>
> I have squid running on Centos 7 and am trying to setup AD
> authentication. I have samba/winbindd installed and the system was added
> to the domain with authconfig. I have tested authentication with
> auth_ntlm and that works. I have also tested
On 23/10/15 07:47, SaRaVanAn wrote:
> There is always a ~2 second delay between the request coming to our
> system and going out of Squid. Suppose if a page has lot of embedded
> URL's it's taking more time with squid in place.Suppose If I disable
> squid the page loads very fast in client
Added the debug options and grabbed the following after the 407 message was
returned to the client. Is there anything specific I should be looking for?
Thanks,
Keith
2015/10/22 12:24:50.573 kid1| Starting new ntlmauthenticator helpers...
2015/10/22 12:24:50.574 kid1| 28,4| Acl.cc(70)
Hi ,
we have been using squid 3.1.20 comes with debian wheezy 7. We could see
there is a peformance hit in http traffic when we use Squid.
For each HTTP GET request coming from client to proxy server, Squid takes
nearly 2 seconds to generate HTTP GET in order to establish a connection
with
On 23/10/2015 12:01 a.m., Christophe Donatsch wrote:
> Dear squid-users,
>
> Our infrastructure rely on squid as a reverse-proxy to serve most of our web
> applications. Our tests show that squid won't correctly handle an HTTP
> request
> to initiate a WebSocket connection. We'd like to know
On 23/10/2015 12:02 a.m., Sebastian Kirschner wrote:
> Hi Amos ,
>
> thanks for your reply.
>
> Maybe we got an misunderstanding or I have an "false" opinion of the sentence
> I quoted before.
>
> I thought you could say to me what for checks would definitely performed in
> "standard"
Hi Amos ,
thanks for your reply.
Maybe we got an misunderstanding or I have an "false" opinion of the sentence I
quoted before.
I thought you could say to me what for checks would definitely performed in
"standard" installation with openssl,
not only that you believe that the X.509
22.10.15 15:58, Amos Jeffries пишет:
On 21/10/2015 4:53 p.m., Dan Charlesworth wrote:
I’m getting these very frequently for api.github.com and github.com
I’m using the same DNS servers as my intercepting squid 3.5.10 proxy and they
only return the one IP when I do an nslookup as well …
Any
On 22/10/2015 10:58 p.m., Athos Fiolo wrote:
> Hi, I'm facing a problem with the digest auth server responses.
>
> Client requests a page, server responds with 407 + nonce, client gets the
> page correctly.
The garbage interval is only about how often Squid attempts to discard
already obsolete
What version of squid are you using now?
Squid 3.1.20 is very old and it is recommended to use newer versions.
If you are having specific troubles I think you figure out the issues
pretty fast.
What hardware are you using for you squid? is it a VM? RAM? CPU?Disk?
How many clients? Have you used
Hello,
sometimes, for about half an hour, tour Squid becomes unstable and, by typing
"top -s", Squid is taking the 100% of the CPU.
In Squid's access.log, i see lots of entry like this:
Hi,
I'm using Squid 3.5. What I'm going to do is setting up a forward proxy that
inspect TLS handshake between client and server then allow the connection
only when following two requirements are met:
1. The server address must be in our whitelist, and the server must
provide a correct
I am using Squid version 3.1.20 running on Intel I7 processor with 16GB
RAM. Even on connecting a single client I could able to reproduce this
problem.
2015/10/22 20:34:23.146| ipcache_nbgethostbyname: Name 'mail.com'.
DNS start time
2015/10/22 20:34:23.146|
The simplest way is to use fail2ban.
What OS are you using?
it is possible an attack but it's not 100%.
What you can do is to also disable access using the proxy to this
destination IP and address.
100% CPU in many cases is not something odd but you can try fail2ban
with a special rule to block
On 22/10/2015 10:33 a.m., Alex Samad wrote:
> Would it be fair to say best practice is to get kerbose working in favour
> of ntlm ?
Best Practice is not to have NTLM at all. In the same way that its best
practice not to use 8-bit (1 letter) passwords.
NTLM was formally deprecated in 2006 by
On 21/10/2015 4:53 p.m., Dan Charlesworth wrote:
> I’m getting these very frequently for api.github.com and github.com
>
> I’m using the same DNS servers as my intercepting squid 3.5.10 proxy and they
> only return the one IP when I do an nslookup as well …
>
> Any updates from your end, Roel?
We are using CentOS release 6.6 (Final) 64bit.
Squid Cache: Version 3.5.10
Service Name: squid
configure options: '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/sbin'
'--sbindir=/usr/sbin' '--sysconfdir=/etc/squid' '--datadir=/usr/share/squid'
'--includedir=/usr/include'
On 22/10/2015 7:43 a.m., Sebastien.Boulianne wrote:
> Hi all,
>
> Im looking to use my Remote Desktop Gateway with my Squid.
> I tried this config but it didnt work.
>
> ### SITE
> cache_peer site.domain.qc.ca parent 443 0 no-query originserver ssl
> sslflags=DONT_VERIFY_PEER name=site
> acl
On 22/10/2015 10:00 a.m., HackXBack wrote:
> sorry not deny but make it miss and not hit
> with
> store_miss
> send_hit
>
Then you are wanting the same as what kinkie provided, but with
store_miss instead of http_reply_access.
You know it really helps if you read the documentation. Which is
On 22/10/2015 7:22 p.m., Sebastian Kirschner wrote:
> Hi,
>
> I have a question regarding the SSL Server Certificate Validator.
>
> In the Wiki is written:
> "The helper will be optionally consulted after an internal OpenSSL validation
> we do now, regardless of that validation results."
>
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
BTW - you omit many important settings from squid.conf.default. You
configuration is so dangerous.
22.10.15 20:01, luizca...@gmail.com пишет:
> Here is the config I am currently using based on your suggestion earlier.
> However it does not
On 23/10/2015 3:08 a.m., Athos Fiolo wrote:
> Hi Amos.
>
>> Please check if a helper lookup is being performed on each request as well
>> as new nonce generated.
>
> I guess you are right, but I don't know how to solve it.
> cache.log doesn’t show restarts for the heelper, even if only 1/5
On 23/10/2015 3:01 a.m., luizca...@gmail.com wrote:
> Here is the config I am currently using based on your suggestion earlier.
> However it does not start. I have also added some questions to each for
> verification purposes to make sure I am understanding what is actually going
> on.
>
>
I tried by disabling internal dns in squid. Still i am seeing the same
problem.
What else can be looked at ? Its really makes user experience bad if he
tries URL for the first time.
Regards,
Saravanan N
On Thu, Oct 22, 2015 at 7:34 PM, SaRaVanAn
wrote:
> I
On 23/10/2015 8:33 a.m., Keith White wrote:
> Added the debug options and grabbed the following after the 407 message was
> returned to the client. Is there anything specific I should be looking for?
>
> Thanks,
>
> Keith
>
>
> 2015/10/22 12:24:50.573 kid1| Starting new ntlmauthenticator
On 23/10/2015 10:43 a.m., Job wrote:
> Hello,
>
> sometimes, for about half an hour, tour Squid becomes unstable and, by typing
> "top -s", Squid is taking the 100% of the CPU.
>
> In Squid's access.log, i see lots of entry like this:
>
>
On 23/10/2015 4:21 p.m., SaRaVanAn wrote:
> I tried by disabling internal dns in squid. Still i am seeing the same
> problem.
> What else can be looked at ? Its really makes user experience bad if he
> tries URL for the first time.
Internal DNS in Suqid has very little to do with this. The DNS
did any one try range_offset_limit with https url's ?
squid crash and restart with assertion error ...
same as ...
http://squid-web-proxy-cache.1019090.n4.nabble.com/assertion-failed-comm-cc-178-quot-fd-table-conn-gt-fd-halfClosedReader-NULL-quot-tt4670979.html
--
View this message in
Hi Amos.
Thanks for your reply.
Squid Cache: Version 3.4.8
On:
Linux version 3.16.0-4-amd64 (debian-ker...@lists.debian.org) (gcc version
4.8.4 (Debian 4.8.4-1) ) #1 SMP Debian 3.16.7-ckt9-3~deb8u1 (2015-04-24)
Maybe a known and solved bug?
Athos Fiolo
Software Engineer
afi...@came.com
CAME
Here is the config I am currently using based on your suggestion earlier.
However it does not start. I have also added some questions to each for
verification purposes to make sure I am understanding what is actually going on.
https_port 4827 intercept ssl-bump generate-host-certificates=on
acl yt-loop dstdomain .googlevideo.com
acl type-yt rep_mime_type text/plain
store_miss deny yt-loop type-yt
send_hit deny yt-loop type-yt
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/deny-rep-mime-type-tp4673816p4673857.html
Sent from the Squid - Users
On 23/10/2015 1:43 a.m., Athos Fiolo wrote:
> Hi Amos.
> Thanks for your reply.
>
> Squid Cache: Version 3.4.8
>
> On:
> Linux version 3.16.0-4-amd64 (debian-ker...@lists.debian.org) (gcc version
> 4.8.4 (Debian 4.8.4-1) ) #1 SMP Debian 3.16.7-ckt9-3~deb8u1 (2015-04-24)
>
> Maybe a known and
I was able to confirm that ntlm_auth worked for the squid user. We currently
use BlueCoat proxies so IE is definitely configured to use integrated
authentication. No cache_effective* in the config. I will enable debugging and
see what is happening as well as enable Kerberos.
Thanks,
Keith
On 22/10/2015 7:13 a.m., Leonardo Rodrigues wrote:
>
> Hi,
>
> I have a running setup for proxying only 'big' files, like Windows
> Update, Apple Updates and some other very specific URLs. That's working
> just fine, no problem on that.
>
> For avoiding caching small things on the
38 matches
Mail list logo