Re: [squid-users] Host header forgery policy in service provider environment

2016-01-06 Thread Garri Djavadyan
>On 2015-12-31 00:01, Garri Djavadyan wrote: >> Hello Squid members and developers! >> >> First of all, I wish you a Happy New Year 2016! >> >> The current Host header forgery policy effectively prevents a cache >> poisoning. But also, I noticed, it de

[squid-users] Host header forgery policy in service provider environment

2015-12-30 Thread Garri Djavadyan
different records. As I emphasized SP environment, it is not possible to control DNS settings on subscriber systems. Thank you for attention! -- Garri Djavadyan iPlus LLC, TM Comnet, Technical Department Phone: +99871 235 (ext. 27) http://comnet.uz

Re: [squid-users] Internet Browsing very slow after implementing Squid peek & splice + Access log not tracing full URL

2016-05-18 Thread Garri Djavadyan
On Thu, 2016-05-19 at 05:27 +1200, Amos Jeffries wrote: > On 19/05/2016 2:21 a.m., Garri Djavadyan wrote: > > > > On Thu, 2016-05-19 at 00:39 +1200, Amos Jeffries wrote: > > > > > > Using ignore-private and ignore-must-revalidate on the same > > > refr

Re: [squid-users] Getting the full file content on a range request, but not on EVERY get ...

2016-05-11 Thread Garri Djavadyan
On Wed, 2016-05-11 at 21:37 -0300, Heiler Bemerguy wrote: > > Hey guys, > First take a look at the log: > root@proxy:/var/log/squid# tail -f access.log |grep http://download.c > dn.mozilla.net/pub/firefox/releases/45.0.1/update/win32/pt- > BR/firefox-45.0.1.complete.mar > 1463011781.572   8776

[squid-users] Squid transfers much not requested data from uplink in specific cases

2016-05-17 Thread Garri Djavadyan
=4520 So, I want to ask community to share ideas, best practice to cope with the problem. Many thank in advance! -- Garri Djavadyan <gar...@comnet.uz> Comnet ISP ___ squid-users mailing list squid-users@lists.squid-cache.or

Re: [squid-users] Getting the full file content on a range request, but not on EVERY get ...

2016-05-13 Thread Garri Djavadyan
On Thu, 2016-05-12 at 14:02 -0300, Heiler Bemerguy wrote: >  > Hi Garri, > That bug report is mine.. lol Hi Heiler, Yes, I know it. I just tried to answer to the following question. > > > Is there a smart way to allow squid to download it from the > > > beginning > > > to the end (to actually

Re: [squid-users] Getting the full file content on a range request, but not on EVERY get ...

2016-05-13 Thread Garri Djavadyan
On Fri, 2016-05-13 at 08:36 +1200, Amos Jeffries wrote: > Have you given collapsed_forwarding a try? Its supposed to prevent > all > the duplicate requests making all those extra upstream connections > unti > at least the first one has finished getting the object. Amos, I believe that the above

Re: [squid-users] Getting the full file content on a range request, but not on EVERY get ...

2016-05-13 Thread Garri Djavadyan
On Sat, 2016-05-14 at 01:52 +1200, Amos Jeffries wrote: > The default action should be to fetch each range request separately > and > in parallel. Not caching the results. > > When admin has set only the range offset & quick-abort to force full > object retrieval the behaviour Heiler mentions

Re: [squid-users] Internet Browsing very slow after implementing Squid peek & splice + Access log not tracing full URL

2016-05-18 Thread Garri Djavadyan
On Thu, 2016-05-19 at 00:39 +1200, Amos Jeffries wrote: > Using ignore-private and ignore-must-revalidate on the same > refresh_pattern is *extremely* dangerous. Just asking to get your > cache pwned. I'm also using the both options on the same refresh_pattern for several years. Can you explain

Re: [squid-users] High utilization of CPU squid-3.5.23, squid-3.5.24

2017-02-01 Thread Garri Djavadyan
On Wed, 2017-02-01 at 23:55 +0300, Vitaly Lavrov wrote: > Periodically squid begins to linearly increase the use of the CPU. > Sometimes this process reaches 100%. At random moment of time the CPU > usage is reduced to 5-15%, > and in the presence of client requests can again start linearly >

Re: [squid-users] Not all html objects are being cached

2017-01-27 Thread Garri Djavadyan
On Fri, 2017-01-27 at 15:47 +0600, Yuri wrote: > --2017-01-27 15:29:54--  https://www.microsoft.com/ru-kz/ > Connecting to 127.0.0.1:3128... connected. > Proxy request sent, awaiting response... >    HTTP/1.1 200 OK >    Cache-Control: no-cache, no-store >    Pragma: no-cache >    Content-Type:

Re: [squid-users] Not all html objects are being cached

2017-01-27 Thread Garri Djavadyan
On Fri, 2017-01-27 at 17:58 +0600, Yuri wrote: > > 27.01.2017 17:54, Garri Djavadyan пишет: > > On Fri, 2017-01-27 at 15:47 +0600, Yuri wrote: > > > --2017-01-27 15:29:54--  https://www.microsoft.com/ru-kz/ > > > Connecting to 127.0.0.1:3128... connected. >

Re: [squid-users] Not all html objects are being cached

2017-01-27 Thread Garri Djavadyan
On Fri, 2017-01-27 at 06:15 -0800, joseph wrote: > hi its not about https scheme its about evrything Hi, First of all, I can't brag about my English and writing style, but your writing style is _very_ offensive to other members. Please, try it better. First of all, it is very difficult to catch

[squid-users] Objects with values below 60 second for Cache-Control max-age are not cached

2016-08-22 Thread Garri Djavadyan
Hello Squid users, Can anyone explain, why Squid doesn't cache the objects with max-age values below 60 seconds? For example: $ http_proxy="127.0.0.1:3128" curl --head "http://sandbox.comnet.local/ cgi-bin/hello.cgi" && date HTTP/1.1 200 OK Date: Mon, 22 Aug 2016 11:31:16 GMT Server: Apache

Re: [squid-users] Objects with values below 60 second for Cache-Control max-age are not cached

2016-08-24 Thread Garri Djavadyan
On Mon, 2016-08-22 at 16:46 +0500, Garri Djavadyan wrote: > Hello Squid users, > > Can anyone explain, why Squid doesn't cache the objects with max-age > values below 60 seconds? For example: > > $ http_proxy="127.0.0.1:3128" curl --head "http://sandbox.com

Re: [squid-users] Objects with values below 60 second for Cache-Control max-age are not cached

2016-10-26 Thread Garri Djavadyan
Sorry, Amos, it seems my latest reply was ambiguous. I tried to inform, that while debugging the issue I have found the cause. It was default value for 'minimum_expire_time'. On Wed, 2016-10-26 at 23:58 +1300, Amos Jeffries wrote: > On 26/10/2016 7:21 p.m., Garri Djavadyan wrote: > > &

Re: [squid-users] Objects with values below 60 second for Cache-Control max-age are not cached

2016-10-26 Thread Garri Djavadyan
On Wed, 2016-08-24 at 19:09 +0500, Garri Djavadyan wrote: > On Mon, 2016-08-22 at 16:46 +0500, Garri Djavadyan wrote: > > > > Hello Squid users, > > > > Can anyone explain, why Squid doesn't cache the objects with max- > > age > > values below 60 seco

Re: [squid-users] Default state for the option generate-host-certificates

2016-10-28 Thread Garri Djavadyan
On 2016-10-28 18:39, Yuri Voinov wrote: It seems bug. On 2016-10-28 19:53, Alex Rousskov wrote: Is it a bug, documentation error or I simply missed something? It is a bug IMO. The documented intent sounds worth supporting to me. Thanks. I've opened the report [1]. [1]

Re: [squid-users] Squid communications proxy dilemma

2016-10-29 Thread Garri Djavadyan
On 2016-10-29 20:40, paul.greene...@verizon.net wrote: I've inherited a squid proxy at work; I'm new to squid, so this is still on the learning curve. Unfortunately no one else in the office is very good with squid either, so I'm attempting to be the resident guru. Our network is all in

[squid-users] flickr.com redirect error

2016-10-30 Thread Garri Djavadyan
>Can you test if the details at bug 4253: > >http://bugs.squid-cache.org/show_bug.cgi?id=4253#c13 > >Helps you to resolve the issue? > >Eliezer The above bug is not related to the issue. The issue is actually on origin servers side. Details can be found here:

[squid-users] Squid doesn't use domain name as a request URL in access.log when splice at step 3 occurs

2016-11-05 Thread Garri Djavadyan
On 2016-11-05 09:22, Amos Jeffries wrote: On 5/11/2016 6:56 a.m., Garri Djavadyan wrote: On 2016-11-04 19:42, Amos Jeffries wrote: On 5/11/2016 1:43 a.m., Garri Djavadyan wrote: The configuration for splice at step 3: # diff etc/squid.conf.default etc/squid.conf 73a74,78 https_port 3129

[squid-users] Squid 4.0.16 still signed by old key

2016-11-05 Thread Garri Djavadyan
On 2016-11-02 06:43, Amos Jeffries wrote: On 2/11/2016 8:31 a.m., Garri Djavadyan wrote: According to the announce [1], Squid 4.0.16 and later should be signed by the new key B06884EDB779C89B044E64E3CD6DBF8EF3B17D3E, but it is still signed by the old Squid 3 key

Re: [squid-users] squid HIT and Cisco ACL

2016-11-07 Thread Garri Djavadyan
On 2016-11-07 20:11, Juan C. Crespo R. wrote: Hi, Thanks for your response and help 1. Cache: Version 3.5.19 Service Name: squid configure options: '--prefix=/usr/local/squid' '--enable-storeio=rock,diskd,ufs,aufs' '--enable-removal-policies=lru,heap' '--disable-pf-transparent'

Re: [squid-users] squid HIT and Cisco ACL

2016-11-07 Thread Garri Djavadyan
On Mon, 2016-11-07 at 06:25 -0400, Juan C. Crespo R. wrote: > Good Morning Guys > > >  I've been trying to make a few ACL to catch and then improve the > BW  > of the HITS sent from my Squid Box to my CMTS and I can't find any > way  > to doit > > > Squid.conf: qos_flows tos local-hit=0x30

Re: [squid-users] No valid signing SSL certificate configured for HTTPS_port

2016-11-05 Thread Garri Djavadyan
On 2016-11-05 21:24, Konrad Kaluszynski wrote: Hi All, My goal is to configure a reverse proxy for Outlook Anywhere clients using squid. http://wiki.squid-cache.org/ConfigExamples/Reverse/ExchangeRpc This will replace existing TMG that my client is currently using. However, when I run squid I

Re: [squid-users] No valid signing SSL certificate configured for HTTPS_port

2016-11-05 Thread Garri Djavadyan
On 2016-11-05 22:09, Garri Djavadyan wrote: 1. Does your certificate signed by StartSSL CA (/home/kk/ssl/cert-mail/mail.contoso.com.pem) corresponds to your private key (/home/kk/ssl/cert-mail/mail.contoso.com.key)? For the 'corresponds' I mean, does CSR for StartSSL was generated using

Re: [squid-users] No valid signing SSL certificate configured for HTTPS_port

2016-11-05 Thread Garri Djavadyan
On 2016-11-05 23:10, konradka wrote: Hi Garri, Thanks for your responses mate ! I did not realize that the squid was compiled with proxy user. Well spotted ! It looks like permission's issue but squid error message is not giving away any more details. I will configure debug_options to

Re: [squid-users] Error DiskThreadsDiskFile::openDone: (2) No such file or directory

2016-10-19 Thread Garri Djavadyan
On Tue, 2016-10-18 at 06:37 -0700, erdosain9 wrote: > Hi. > squid 3.5.20 > > Im having a lot of these in cache.log > > 2016/10/18 10:36:11 kid1| DiskThreadsDiskFile::openDone: (2) No such > file or > directory > 2016/10/18 10:36:11 kid1|   /var/spool/squid/00/92/92E9 > 2016/10/18

Re: [squid-users] CentOS 6.x and SELinux enforcing with Squid 3.5.x (thanks to Eliezer Croitoru for the RPM)

2016-10-18 Thread Garri Djavadyan
On Tue, 2016-10-18 at 13:02 +0200, Walter H. wrote: > Hello, > > just in case anybody wants to run Squid 3.5.x on CentOS > with SELinux enforcing, > > here is the semodule > > > module squid_update 1.0; > > require { > type squid_conf_t; > type squid_t; > type var_t; >

Re: [squid-users] Lots of "Vary object loop!"

2016-10-20 Thread Garri Djavadyan
On Thu, 2016-10-20 at 13:07 +0200, Anton Kornexl wrote: > Hello, >   > i also had many of these messages in cache.log >   > we do filtering with squidguard (redirect http://www..xx ) >   > It is possible that the same url is redirected for one user but not > for another (different filter

Re: [squid-users] Caching Google Chrome googlechromestandaloneenterprise64.msi

2016-10-24 Thread Garri Djavadyan
On Mon, 2016-10-24 at 19:03 +1300, Amos Jeffries wrote: > On 24/10/2016 6:28 a.m., gar...@comnet.uz wrote: > > > > On 2016-10-23 18:31, Amos Jeffries wrote: > > > > > > On 23/10/2016 2:32 a.m., garryd wrote: > > > > > > > > Since I started use Squid, it's configuration always RFC > > > >

Re: [squid-users] CentOS 6.x and SELinux enforcing with Squid 3.5.x (thanks to Eliezer Croitoru for the RPM)

2016-10-18 Thread Garri Djavadyan
On Tue, 2016-10-18 at 14:56 +0200, Walter H. wrote: > with the 3.1.x there is no problem with > > url_rewrite_program /etc/squid/url-rewrite-program.pl > url_rewrite_children 8 > url_rewrite_host_header on > url_rewrite_access allow all > > but with the 3.5.x there is access denied (shown in >

Re: [squid-users] Caching Google Chrome googlechromestandaloneenterprise64.msi

2016-10-24 Thread Garri Djavadyan
On Mon, 2016-10-24 at 21:05 +0500, Garri Djavadyan wrote: > On 2016-10-24 19:40, Garri Djavadyan wrote: > > > > So, the big G sends 304 only to HEAD requests, although it is a > > violation [1], AIUI: > > > > curl --head -H 'If-Modified-Since: Thu, 20 Oct 2016

Re: [squid-users] Caching Google Chrome googlechromestandaloneenterprise64.msi

2016-10-24 Thread Garri Djavadyan
On Mon, 2016-10-24 at 23:51 +1300, Amos Jeffries wrote: > On 24/10/2016 9:59 p.m., Garri Djavadyan wrote: > > Nevertheless, the topic surfaced new details regarding the Vary and > > I > > tried conditional requests on same URL (Google Chrome) from > > different >

Re: [squid-users] Caching Google Chrome googlechromestandaloneenterprise64.msi

2016-10-24 Thread Garri Djavadyan
On Tue, 2016-10-25 at 01:22 +1300, Amos Jeffries wrote: > On 25/10/2016 12:32 a.m., Garri Djavadyan wrote: > > > > On Mon, 2016-10-24 at 23:51 +1300, Amos Jeffries wrote: > > > > > > On 24/10/2016 9:59 p.m., Garri Djavadyan wrote: > > > > > &g

Re: [squid-users] Caching Google Chrome googlechromestandaloneenterprise64.msi

2016-10-24 Thread Garri Djavadyan
On 2016-10-24 19:40, Garri Djavadyan wrote: So, the big G sends 304 only to HEAD requests, although it is a violation [1], AIUI: curl --head -H 'If-Modified-Since: Thu, 20 Oct 2016 08:29:09 GMT' -H 'If-None-Match: "101395"' http://dl.google.com/linux/direct/google-chro me-stable_cur

Re: [squid-users] FTP : Squid sending private IP in PASV response

2016-10-20 Thread Garri Djavadyan
On Thu, 2016-10-20 at 14:07 +, Gael Ancelin wrote: > Hello, >   > I have searched in maillist archives but have not seen so far someone > with the > same problem. >   > My Squid's objective is to foward FTP & HTTP requests to a distant > server. >   > Squid is running on CentOS 7.2. > uname -r

Re: [squid-users] TCP Outgoing Address ACL Problem

2016-11-11 Thread Garri Djavadyan
On 2016-11-11 21:51, jarrett+squid-us...@jarrettgraham.com wrote: Can anyone point out what I'm doing wrong in my config? Squid config: https://bpaste.net/show/796dda70860d I'm trying to use ACLs to direct incoming traffic on assigned ports to assigned outgoing addresses. But, squid uses the

Re: [squid-users] TCP Outgoing Address ACL Problem

2016-11-11 Thread Garri Djavadyan
On 2016-11-11 22:28, Antony Stone wrote: On Friday 11 November 2016 at 17:51:04, jarrett+squid-us...@jarrettgraham.com wrote: I'm trying to use ACLs to direct incoming traffic on assigned ports to assigned outgoing addresses. But, squid uses the first IP address assigned to the interface not

Re: [squid-users] Error negotiating SSL

2016-11-14 Thread Garri Djavadyan
On Mon, 2016-11-14 at 16:12 +, piequiex wrote: > What mean this error and how to fix it? > Error negotiating SSL on FD 29: > error::lib(0):func(0):reason(0) (5/-1/104) > Error negotiating SSL on FD 30: > error::lib(0):func(0):reason(0) (5/-1/104) Hi, Please provide more

Re: [squid-users] is ACL conditional directive possible ?

2016-11-15 Thread Garri Djavadyan
On Tue, 2016-11-15 at 22:48 +1300, Amos Jeffries wrote: > Then you integrate Squid with those system QoS controls by using the > tcp_outgoing_tos directive with ACLs to send the appropriate TOS > label for the client IP. Hi Amos, AFAIK, the directive 'tcp_outgoing_tos' is applied only for

Re: [squid-users] FTP interrupted

2016-11-22 Thread Garri Djavadyan
On Wed, 2016-11-23 at 07:17 +0100, ludek_coufal wrote: > Hello Garri, > client FTP - Total Commander (I test WinSCP, FileZilla with same > result - after 15 min connection interrupted) with proxy server - > proxy server HTTP with FTP support: > part of squid.conf: >

Re: [squid-users] squid restarts too often.

2016-11-26 Thread Garri Djavadyan
On 2016-11-26 22:28, piequiex wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In cache.log I have found "assertion failed: support.cc:1781: "0"" Squid Cache: Version 3.5.22 AIUI, your Squid binary was build against buggy openssl library (1.0.1d or 1.0.1e). How did you get the binary?

Re: [squid-users] CentOS 6, Squid 3.5.20, Error message in /var/log/squid/cache.log

2016-11-23 Thread Garri Djavadyan
On 2016-11-23 23:20, Walter H. wrote: Hello, can someone tell me, especially the maintainer of the binary packages for CentOS what this message 2016/11/23 19:08:58 kid1| Error negotiating SSL on FD 39: error::lib(0):func(0):reason(0) (5/0/0) should say to me ... Hi, It was

Re: [squid-users] Bad Connection & Round Robin DNS

2016-11-22 Thread Garri Djavadyan
On 2016-11-22 21:07, Jiann-Ming Su wrote: Is there a way to set the timeout on a bad connection? Yes, you can use 'connect_timeout' [1] directive. When watching tcpdump on the two IPs, I did not see my squid instance try the other IP automatically. I had to refresh my web browser

Re: [squid-users] FTP interrupted

2016-11-22 Thread Garri Djavadyan
On 2016-11-22 17:05, ludek_coufal wrote: Hello, Squid Cache ver. 3.3.8 on CentOs Linux 7.2.1511 FTP connection from local net over linux server CentOs firewall with Squid proxy to internet FTP server is interrupted every 15 min (900 sec). Large file upload is interrupted. Direct connection

Re: [squid-users] Squid logs TCP_MISS/200 for a served cached object requested with If-None-Match

2016-11-28 Thread Garri Djavadyan
On Sat, 2016-11-19 at 01:12 +0500, Garri Djavadyan wrote: > Hello, > > I noticed that Squid logs TCP_MISS/200 when it serves previously > cached  > object in return to non-matched conditional request with If-None- > Match.  > For example: > > 1. Non-conditional reque

Re: [squid-users] squid restarts too often.

2016-11-27 Thread Garri Djavadyan
On 2016-11-27 19:44, piequiex wrote: > In cache.log I have found "assertion failed: support.cc:1781: "0"" > Squid Cache: Version 3.5.22 AIUI, your Squid binary was build against buggy openssl library (1.0.1d or 1.0.1e). How did you get the binary? I build them with libressl. The configure

Re: [squid-users] Squid logs TCP_MISS/200 for a served cached object requested with If-None-Match

2016-11-28 Thread Garri Djavadyan
On 2016-11-28 17:39, Garri Djavadyan wrote: On Sat, 2016-11-19 at 01:12 +0500, Garri Djavadyan wrote: Hello, I noticed that Squid logs TCP_MISS/200 when it serves previously cached  object in return to non-matched conditional request with If-None- Match.  For example: 1. Non-conditional

Re: [squid-users] squid restarts too often.

2016-11-26 Thread Garri Djavadyan
On 2016-11-26 23:42, Ralf Hildebrandt wrote: * piequiex : > In cache.log I have found "assertion failed: support.cc:1781: "0"" > Squid Cache: Version 3.5.22 After rebuild: assertion failed: Read.cc:69: "fd_table[conn->fd].halfClosedReader != NULL"

Re: [squid-users] Bad Connection & Round Robin DNS

2016-11-21 Thread Garri Djavadyan
On Tue, 2016-11-22 at 03:59 +, Jiann-Ming Su wrote: > If a website has two (or more) IP addresses, and the TCP connection > to one of them fails, can squid3 be configured to try the other IP > address(es)? Hi, The behavior you described is default for Squid. For example, you can set

Re: [squid-users] FTP interrupted

2016-11-22 Thread Garri Djavadyan
On 2016-11-22 22:24, Garri Djavadyan wrote: On 2016-11-22 17:05, ludek_coufal wrote: Hello, Squid Cache ver. 3.3.8 on CentOs Linux 7.2.1511 FTP connection from local net over linux server CentOs firewall with Squid proxy to internet FTP server is interrupted every 15 min (900 sec). Large file

Re: [squid-users] is ACL conditional directive possible ?

2016-11-15 Thread Garri Djavadyan
On 2016-11-15 22:31, AUBERT Thibaud wrote: Hi Guys, Ok, QoS might help to control traffic on the internet access side, but it won't help between the source, client on a small remote office/output, and the proxy. It might also be difficult to split this traffic between what is intended to

Re: [squid-users] unexpected debug output

2016-11-18 Thread Garri Djavadyan
On 2016-11-17 22:01, Alex Rousskov wrote: On 11/17/2016 12:15 AM, senor wrote: I discovered that 'squid -k rotate' toggles cache.log output into full debug mode as if I had done 'squid -k debug'. Execute a second rotate and it toggles debug off. This only happens when I have an ecap adapter

[squid-users] Squid logs TCP_MISS/200 for a served cached object requested with If-None-Match

2016-11-18 Thread Garri Djavadyan
Hello, I noticed that Squid logs TCP_MISS/200 when it serves previously cached object in return to non-matched conditional request with If-None-Match. For example: 1. Non-conditional request to the previously cached object. $ curl -v -x http://127.0.0.1:3128

Re: [squid-users] [SOLVED] Re: TCP Outgoing Address ACL Problem

2016-11-13 Thread Garri Djavadyan
On 2016-11-13 23:09, jarrett+squid-us...@jarrettgraham.com wrote: My problem is solved. The solution may be useful for other users also. Please, post the solution, if possible. Thanks! Garri ___ squid-users mailing list

Re: [squid-users] TCP Outgoing Address ACL Problem

2016-11-11 Thread Garri Djavadyan
On 2016-11-12 07:55, Amos Jeffries wrote: On 12/11/2016 7:44 a.m., Garri Djavadyan wrote: 2. I added second http_port, ACL for the second http_port and the rule to use second IP address if connection is for second http_port. # diff -u etc/squid.conf.default etc/squid.conf --- etc

Re: [squid-users] NCSA-auth don't work for file contain too many passswords

2016-11-11 Thread Garri Djavadyan
Hi Amos, Thanks for the comments! On 2016-11-12 07:48, Amos Jeffries wrote: I can't reproduce the problem using Squid 3.5.22. I used following method to verify the case: Unfortunately your test uses the 'openssl' tool below instead of htpasswd to create the password file. There are some big

[squid-users] Squid 4.0.16 still signed by old key

2016-11-01 Thread Garri Djavadyan
According to the announce [1], Squid 4.0.16 and later should be signed by the new key B06884EDB779C89B044E64E3CD6DBF8EF3B17D3E, but it is still signed by the old Squid 3 key EA31CC5E9488E5168D2DCC5EB268E706FF5CF463: $ gpg2 --verify squid-4.0.16.tar.xz.asc squid-4.0.16.tar.xz gpg: Signature

[squid-users] Default state for the option generate-host-certificates

2016-10-28 Thread Garri Djavadyan
Hello list, The last sentence for generate-host-certificates[=] option paragraph states:   This option is enabled by default when ssl-bump is used. See the   ssl-bump option above for more information. But a client can't negotiate secure connection and times out when the option is not

[squid-users] Squid doesn't use domain name as a request URL in access.log when splice at step 3 occurs

2016-11-04 Thread Garri Djavadyan
On Fri, 2016-11-04 at 17:43 +0500, Garri Djavadyan wrote: > I noticed that Squid doesn't use gathered domain name information for > %ru in access.log when splice action is performed at step 3 for > intercepted traffic. The format code ssl::>sni is available at both > steps. Below ar

[squid-users] Squid doesn't use domain name as a request URL in access.log when splice at step 3 occurs

2016-11-04 Thread Garri Djavadyan
I noticed that Squid doesn't use gathered domain name information for %ru in access.log when splice action is performed at step 3 for intercepted traffic. The format code ssl::>sni is available at both steps. Below are examples used to verify the behavior using Squid 3.5.22, but the results are

[squid-users] Squid doesn't use domain name as a request URL in access.log when splice at step 3 occurs

2016-11-04 Thread Garri Djavadyan
On 2016-11-04 19:42, Amos Jeffries wrote: On 5/11/2016 1:43 a.m., Garri Djavadyan wrote: The configuration for splice at step 3: # diff etc/squid.conf.default etc/squid.conf 73a74,78 https_port 3129 intercept ssl-bump cert=etc/ssl_cert/myCA.pem generate-host-certificates acl StepSplice

Re: [squid-users] r14088 crash on FreeBSD 11

2016-12-16 Thread Garri Djavadyan
On Fri, 2016-12-16 at 06:34 +, k simon wrote: > Hi,lists, >    r14087 is quite stable on FB 11. But r14088 crashed frequently > with  > "2016/12/16 09:00:59 kid1| assertion failed: MemBuf.cc:216: "0 <=  > tailSize && tailSize <= cSize" ". The config file is almost the > default  > except

Re: [squid-users] r14088 crash on FreeBSD 11

2016-12-16 Thread Garri Djavadyan
On Fri, 2016-12-16 at 14:38 +0500, Garri Djavadyan wrote: > On Fri, 2016-12-16 at 06:34 +, k simon wrote: > > Hi,lists, > >    r14087 is quite stable on FB 11. But r14088 crashed frequently > > with  > > "2016/12/16 09:00:59 kid1| assertion failed: Me

Re: [squid-users] URL too large??

2016-12-13 Thread Garri Djavadyan
On 2016-12-13 22:03, Alex Rousskov wrote: On 12/13/2016 09:51 AM, Eliezer Croitoru wrote: I think that the maximum size was 64k The maximum appears to be 8KB: v3.5/src/defines.h:#define MAX_URL 8192 v4/src/defines.h:#define MAX_URL 8192 v5/src/defines.h:#define MAX_URL 8192 IIRC,

Re: [squid-users] Missing cache files

2016-12-17 Thread Garri Djavadyan
On 2016-12-17 15:41, Odhiambo Washington wrote: Hi, I keep seeing something that I think is odd. Squid has been exiting on signal 6, and I keep seeing this: root@gw:/usr/local/openssl # tail -f /opt/squid-3.5/var/logs/cache.log 2016/12/17 13:38:32| DiskThreadsDiskFile::openDone: (2) No such

Re: [squid-users] Missing cache files

2016-12-17 Thread Garri Djavadyan
On 2016-12-17 18:39, Odhiambo Washington wrote: Also whether swap.state for that cache_dir is being correctly and completely written out to disk on shutdown or restart. Using an outdated swap.state file can also lead to these warnings. The last paragraph explains your issue. The signal 6

Re: [squid-users] ssl_bump with intermediate CA

2017-01-05 Thread Garri Djavadyan
On Thu, 2017-01-05 at 23:40 +, senor wrote: > Hello All. > I'd like clarification of the documentation at > http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpWithInter > mediateCA > > In section "CA certificate preparation" it is stated that a file > should > be created with

Re: [squid-users] Squid freeze each hour.

2016-12-20 Thread Garri Djavadyan
On 2016-12-20 21:42, David Touzeau wrote: Is there any way to disabling Cache digest without need to recompile squid ? Hi, Use "digest_generation off". http://www.squid-cache.org/Doc/config/digest_generation/ Garri ___ squid-users mailing list