[squid-users] Squid 3.4.10 incorrectly configured on Solaris 10

2014-12-18 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi there, yesterday (and during last four day) I've try to build transparent caching proxy on Solaris 10 (x86_64) testing environment. Configuration options are: # Without SSL 64 bit GCC ./configure '--prefix=/usr/local/squid'

Re: [squid-users] Squid 3.4.10 incorrectly configured on Solaris 10

2014-12-19 Thread Yuri Voinov
dependency. Could you check if the manuals mention anything about ipfmutex_t ? If they do, at the beginning of the page they should include a list of #include ... lines. Could you copy-paste these lines here? Thanks On Thu, Dec 18, 2014 at 3:01 PM, Yuri Voinov yvoi...@gmail.com wrote: Hi

[squid-users] Is squid2/3 ufs/diskd cache formats compatible?

2014-12-20 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi gents, does enybody tell me, please, is squid2 and squid3 compatible or not by cache formats? Interested ufs/diskd format and dependency from squid binaries. I plan to migrate production server and want to keep warmed cache. ;) WBR, Yuri

[squid-users] Squid 3.4.10 startup/shutdown core dumps

2014-12-22 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi gents, I run subj on testing environment in transparent mode under Solaris 10 and have a bit questions. ;) 1. Squid 3 must absolutely run from root (and drops privilegies to user squid createrd first) under Solaris 10. It absolutely can't work

Re: [squid-users] Squid 3.4.10 startup/shutdown core dumps

2014-12-23 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Amos, this patch works partially. On startup cores gone, but on shutdown remains one: Dec 23 15:19:28 fhtagn genunix: [ID 603404 kern.notice] NOTICE: core_log: squid[58817] setid process, core not dumped: /var/core/core.squid.58817 Is patch not

Re: [squid-users] Squid 3.4.10 cachemgr.cgi permission denied

2014-12-27 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Smear in my hand... :)) I have forgotten to enable basic auth when build My stupid head : All ok now. -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBAgAGBQJUnx6/AAoJENNXIZxhPexGxIgH/AqTEHdtM2QJdhhGIHLFVsqc

Re: [squid-users] Squid 3 SSL bump: Google drive application could not connect

2014-12-30 Thread Yuri Voinov
on behalf of Yuri Voinov yvoi...@gmail.com Sent: Tuesday, December 30, 2014 2:12 PM To: squid-users@lists.squid-cache.org Subject: [squid-users] Squid 3 SSL bump: Google drive application could not connect Hi gents, I found strange issue. Squid 3.4.10. Intercept. HTTPS bumping. All

Re: [squid-users] Squid 3 SSL bump: Google drive application could not connect

2014-12-30 Thread Yuri Voinov
:*squid-users [mailto:squid-users-boun...@lists.squid-cache.org] *On Behalf Of *Rafael Akchurin *Sent:* Tuesday, December 30, 2014 4:23 PM *To:* Yuri Voinov; squid-users@lists.squid-cache.org *Subject:* Re: [squid-users] Squid 3 SSL bump: Google drive application could not connect ​Only

Re: [squid-users] Squid 3 SSL bump: Google drive application could not connect

2014-12-30 Thread Yuri Voinov
that it worked. May be useful to dump here your squid.conf to better understand how to configure squid to transparently work with wccp traffic coming from your Cisco router? Raf *From:*Yuri Voinov [mailto:yvoi...@gmail.com] *Sent:* Tuesday, December 30, 2014 8:48 PM *To:* Rafael Akchurin

Re: [squid-users] Squid 3 SSL bump: Google drive application could not connect

2015-01-03 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Term HTTPS often uses as Any connect over 443 port 03.01.2015 13:59, Jason Haar пишет: On 01/01/15 00:11, James Harper wrote: The helper connects to the IP:port and tries to obtain the certificate, and then caches the result (in an sqlite

Re: [squid-users] Squid versions and FreeBSD-10.1 headache

2015-01-23 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Amos, important not to break Solaris-IPFilter for me ;) WBR, Yuri 23.01.2015 22:17, Amos Jeffries пишет: On 24/01/2015 4:57 a.m., Odhiambo Washington wrote: On 23 January 2015 at 18:29, Odhiambo Washington wrote: To simplify: Suppose I

Re: [squid-users] FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

2015-01-23 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This issue not linux-specific, Mike. As a minimum for me - I'm never use Linux. :) 24.01.2015 2:08, Mike пишет: For a Red Hat/CentOS based OS, selinux causes that. The fix I found in this case: Before the below “audit2allow” command will

Re: [squid-users] Why 3.5.0.4 generates mimicked certs with server IP only when bumping?

2015-01-26 Thread Yuri Voinov
-users squid-users-boun...@lists.squid-cache.org mailto:squid-users-boun...@lists.squid-cache.org on behalf of Daniel Greenwald d...@digcorp.net mailto:d...@digcorp.net *Sent:* Monday, January 26, 2015 5:39 AM *To:* Yuri Voinov *Cc:* squid-users@lists.squid-cache.org mailto:squid-users

Re: [squid-users] FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

2015-01-26 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 http://bugs.squid-cache.org/index.cgi 26.01.2015 5:09, HackXBack пишет: Dear Yuri, how I open bug ? -- View this message in context:

Re: [squid-users] Why 3.5.0.4 generates mimicked certs with server IP only when bumping?

2015-01-26 Thread Yuri Voinov
acl net_bump src 192.168.101.0/24 ssl_bump peek step1 net_bump ssl_bump server-first step2 net_bump breaks configuration. 26.01.2015 22:14, Daniel Greenwald пишет: call it what you want, it works :) --- Daniel I Greenwald On Mon, Jan 26, 2015 at 10:51 AM, Yuri Voinov yvoi

Re: [squid-users] Why 3.5.0.4 generates mimicked certs with server IP only when bumping?

2015-01-26 Thread Yuri Voinov
- *From:* squid-users squid-users-boun...@lists.squid-cache.org mailto:squid-users-boun...@lists.squid-cache.org on behalf of Daniel Greenwald d...@digcorp.net mailto:d...@digcorp.net *Sent:* Monday, January 26, 2015 5:39 AM *To:* Yuri Voinov *Cc

Re: [squid-users] HTTPS intercept, simple configuration to avoid bank bumping

2015-01-26 Thread Yuri Voinov
acl step2 at_step SslBump2 ssl_bump splice domains_nobump ssl_bump peek step1 all ssl_bump bump step2 all --- Daniel I Greenwald On Mon, Jan 26, 2015 at 12:53 PM, Yuri Voinov yvoi...@gmail.com mailto:yvoi...@gmail.com wrote: You can't use dstdomain ACL for disable bumping

Re: [squid-users] Why 3.5.0.4 generates mimicked certs with server IP only when bumping?

2015-01-26 Thread Yuri Voinov
, Yuri Voinov yvoi...@gmail.com mailto:yvoi...@gmail.com wrote: It's mistype. :) Of course, I mean acl net_bump src 192.168.101.0/24 http://192.168.101.0/24 Yep, sure - when I change all to another ACL - row bungled. 26.01.2015 23:33, Amos Jeffries пишет: On 27/01/2015 5:37 a.m., Yuri

[squid-users] Error negotiating SSL connection on FD 20: error:00000000:lib(0):func(0):reason(0) (5/-1/131)

2015-01-26 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi gents, who know, what this log messages mean: 2015/01/26 22:02:34 kid1| fwdNegotiateSSL: Error negotiating SSL connection on FD 20: error::lib(0):func(0):reason(0) (5/-1/131) 2015/01/26 22:02:41 kid1| fwdNegotiateSSL: Error negotiating

Re: [squid-users] Why 3.5.0.4 generates mimicked certs with server IP only when bumping?

2015-01-26 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It's mistype. :) Of course, I mean acl net_bump src 192.168.101.0/24 Yep, sure - when I change all to another ACL - row bungled. 26.01.2015 23:33, Amos Jeffries пишет: On 27/01/2015 5:37 a.m., Yuri Voinov wrote: I'm not about it. server

Re: [squid-users] Error negotiating SSL connection on FD 20: error:00000000:lib(0):func(0):reason(0) (5/-1/131)

2015-01-26 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 After a bit Google-Fu ;) I found this: http://stackoverflow.com/questions/14770100/libssl-read-error-131-causing-an-application-crash Is that it? 26.01.2015 23:22, Yuri Voinov пишет: Hi gents, who know, what this log messages mean: 2015/01

Re: [squid-users] HTTPS intercept, simple configuration to avoid bank bumping

2015-01-26 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You can't use dstdomain ACL for disable bumping. Only dst with IP's. You don't know site FQDN before bump. :) 26.01.2015 23:48, Josep Borrell пишет: Hi all, Working on squid 3.5.1 with HTTPS interception. Trying to make a peek/splice

Re: [squid-users] Error negotiating SSL connection on FD 20: error:00000000:lib(0):func(0):reason(0) (5/-1/131)

2015-01-26 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I suggest we are asking in wrong place :) This is OpenSSL error stack, not squid. Also, man, which root CA bundle you are use in your installation? 27.01.2015 2:49, HackXBack пишет: when you know tell me because i asked this question before here

[squid-users] Host header forgery detected

2015-01-26 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi gents, who knows - what does it mean below? 2015/01/27 04:11:42.289 kid1| SECURITY ALERT: Host header forgery detected on local=192.168.200.3:80 remote=192.168.200.5:9909 FD 18 flags=33 (intercepted port does not match 443) 2015/01/27

Re: [squid-users] Alert unknown CA

2015-02-04 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 04.02.2015 9:16, Amos Jeffries пишет: On 4/02/2015 7:50 a.m., Yuri Voinov wrote: Now I have: root @ cthulhu /etc/opt/csw/ssl/certs # ls -al *.pem|wc -l 210 root and intermediate CA's. Most known I can found. Note: all of them was wound

Re: [squid-users] Alert unknown CA

2015-02-04 Thread Yuri Voinov
Greenwald On Wed, Feb 4, 2015 at 1:03 PM, Yuri Voinov yvoi...@gmail.com mailto:yvoi...@gmail.com wrote: 04.02.2015 21:39, Amos Jeffries пишет: On 4/02/2015 7:32 p.m., Jason Haar wrote: On 04/02/15 18:47, Daniel Greenwald wrote: And happens to be one that squid desperately needs to remain

Re: [squid-users] Alert unknown CA

2015-02-04 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 04.02.2015 21:39, Amos Jeffries пишет: On 4/02/2015 7:32 p.m., Jason Haar wrote: On 04/02/15 18:47, Daniel Greenwald wrote: And happens to be one that squid desperately needs to remain in order to continue ssl bumping.. ...and is one that

Re: [squid-users] Squid Authentication

2015-02-02 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Harry up, Raf :) I'm waiting for 3.5 Win64 for my notebook :) And don't forget SSL Bump ! :) 02.02.2015 20:47, Rafael Akchurin пишет: Eldar will send soon as we finish some initial testing. Raf From:

Re: [squid-users] R: Blocking hotshield vpn

2015-02-06 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm not using linux. :) Layer 7 filtering requires application-level proxy or DPI. We talking about filtering, isn't it? On Cisco this task requires a bit investigation (sniffing and tcpiputils.com) and simple add some ACL's: ip access-list

Re: [squid-users] SSL-bump certificate issues (mostly on Chrome, when accessing Google websites)

2015-02-06 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 First. Where is you cache can found openssl public CA certs? To validate connection from cache to server Squid must see root authority CA's. I.e (from my configuration. Note: all google services bumped and works perfectly): https_port 3129

Re: [squid-users] Default CA file

2015-02-07 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You need openssl CA's bundle. Which can be specify with capath= parameter. 08.02.2015 2:28, Hector Chan пишет: Hi all, I have a question about the CA file for SSL certificates. If I don't specify anything for CA, what is default CA certs that

[squid-users] Alert unknown CA

2015-02-03 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi gents, I think, will be good to add advanced debug options to ssl_crtd to avoid this: 2015/02/03 20:21:37 kid1| clientNegotiateSSL: Error negotiating SSL connection on FD 28: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca

Re: [squid-users] Alert unknown CA

2015-02-03 Thread Yuri Voinov
errors is makes correct bump much difficult. 04.02.2015 0:31, Amos Jeffries пишет: On 4/02/2015 3:26 a.m., Yuri Voinov wrote: Hi gents, I think, will be good to add advanced debug options to ssl_crtd to avoid this: 2015/02/03 20:21:37 kid1| clientNegotiateSSL: Error negotiating SSL connection

Re: [squid-users] Alert unknown CA

2015-02-03 Thread Yuri Voinov
found, which is absent? And how to support this heap? In practice? Manually with CLI openssl? Ok, but how to identify problem URL, when Squid's load over 100 requests per second? 04.02.2015 0:31, Amos Jeffries пишет: On 4/02/2015 3:26 a.m., Yuri Voinov wrote: Hi gents, I think, will be good

Re: [squid-users] Antwort: Re: Antwort: Re: Order of http_access allow/deny

2015-02-04 Thread Yuri Voinov
: Von: Yuri Voinov yvoi...@gmail.com An: squid-users@lists.squid-cache.org Datum: 04.02.2015 13:41 Betreff: Re: [squid-users] Antwort: Re: Order of http_access allow/deny Gesendet von: squid-users squid-users-boun...@lists.squid-cache.org As you can see (and warning your get shown

Re: [squid-users] Custom requirement from Squid proxy logs

2015-02-05 Thread Yuri Voinov
6 2015 2:20 AM, Yuri Voinov yvoi...@gmail.com mailto:%22Yuri%20Voinov%22%20yvoi...@gmail.com wrote: I think, you can't. The single alternative I see - using Web-application capabilities. 06.02.2015 2:01, l...@technomicssolutions.com mailto:l...@technomicssolutions.com пишет: Hi all

Re: [squid-users] Custom requirement from Squid proxy logs

2015-02-05 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I think, you can't. The single alternative I see - using Web-application capabilities. 06.02.2015 2:01, l...@technomicssolutions.com пишет: Hi all, I am having a custom requirement. I am monitoring my websites Google Analytics from proxy logs.

Re: [squid-users] Tunnelled devices losing access to squid

2015-02-06 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have one ;) http://i.imgur.com/VaPu6pq.png 06.02.2015 21:15, Amos Jeffries пишет: On 7/02/2015 3:37 a.m., Raymond Norton wrote: I have the following scenario: We have a number of Verizon Aps configured to run associated devices through

Re: [squid-users] SQUID3 HTTPs forward proxy and sha256/512 authentication

2015-02-03 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Eliezer, Squid can be cascaded with Privoxy+Tor. :) And then - we can route users into it using ACL's ;) Yep, not Squid itself. But with external services. ;) 04.02.2015 2:23, Eliezer Croitoru пишет: On 03/02/2015 17:14, Anton

Re: [squid-users] SQUID3 HTTPs forward proxy and sha256/512 authentication

2015-02-03 Thread Yuri Voinov
. 2015 г. 22:58 пользователь Yuri Voinov yvoi...@gmail.com mailto:yvoi...@gmail.com написал: http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit 04.02.2015 1:03, Anton Radkevich пишет: Hi everyone, Could you please help me with configuration Squid3 as forward HTTPs proxy

Re: [squid-users] SQUID3 HTTPs forward proxy and sha256/512 authentication

2015-02-03 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 No. It will be encrypted to both directions. 04.02.2015 2:41, Anton Radkevich пишет: Hey Eliezer, Thank you for your explanation, just want to clarify. Does it mean that if I configure squid to listen https_port on port 3129 with ssl

Re: [squid-users] Alert unknown CA

2015-02-03 Thread Yuri Voinov
to ssl_crtd and it's not how it works. This is no matter. I want to find only easy way to catch problem SSL connections through Squid. All The Bests, Eliezer On 03/02/2015 16:26, Yuri Voinov wrote: Hi gents, I think, will be good to add advanced debug options to ssl_crtd to avoid this: 2015/02

Re: [squid-users] SQUID3 HTTPs forward proxy and sha256/512 authentication

2015-02-03 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 04.02.2015 3:30, Anton Radkevich пишет: Guys, I just need an HTTPS proxy that can handle both http and https connections for authorised clients only. I tried to configure something like it's described here

Re: [squid-users] SQUID3 HTTPs forward proxy and sha256/512 authentication

2015-02-03 Thread Yuri Voinov
any configuration examples? ;) 03 февр. 2015 г. 23:27 пользователь Yuri Voinov yvoi...@gmail.com mailto:yvoi...@gmail.com написал: Eliezer, Squid can be cascaded with Privoxy+Tor. :) And then - we can route users into it using ACL's ;) Yep, not Squid itself. But with external

Re: [squid-users] Squid 3.4.10 sometimes catch assertion without core

2015-01-15 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 What I observed myself: This event correlates with users network activity and massive cached content output during peak hours. In other hours it does not occurs. I've checked all network infrastructure, configurations and see no stranges. I

Re: [squid-users] Squid 3.4.10 sometimes catch assertion without core

2015-01-15 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This is not core file size issue, Fred. In SunOS core dumps produces by kernel, with uid=0. Root has unlimited limits set by default. On this server was running Squid 2 over three years and problems with dumps never occurred. So, the problem not

Re: [squid-users] Squid 3.4.10 sometimes catch assertion without core

2015-01-15 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Solaris 10. Initially squid runs by root. Squid 3 cannot be run via su - squid -c . root @ proxyhost /var/core # ulimit unlimited In /var mountpoint I have 13 Gb free space: rpool/ROOT/s10x_u11wos_24a/var 571M 13.3G 571M /var :) I'm

Re: [squid-users] Squid 3.4.10 sometimes catch assertion without core

2015-01-15 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 He does not even attempt to write the dump. Just restarts, write to /var/adm/messages and squid.log and restarts. 15.01.2015 21:29, FredB пишет: Squid not required unlimited limits to startup and normal work. In my SMF startup method uses 128K

Re: [squid-users] Squid and site ryanair.com

2015-01-15 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Just tested on my proxy. All works like charm. May be, you block some JS? 15.01.2015 23:36, masterx81 пишет: I've also tried to add the domain ryanair.com to the domains that return DIRECT on the wpad file (for bypass squid), but also in this

Re: [squid-users] Squid 3.4.11 crashing on FreeBSD 10 (64-bit)

2015-01-20 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 20.01.2015 23:11, Odhiambo Washington пишет: On 20 January 2015 at 16:16, Odhiambo Washington odhia...@gmail.com mailto:odhia...@gmail.com wrote: On 20 January 2015 at 15:17, Amos Jeffries squ...@treenet.co.nz mailto:squ...@treenet.co.nz

Re: [squid-users] BUG 3279: HTTP reply without Date

2015-01-19 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I think, now 3.5.1 is not ready for production use yet. Just for testing. 19.01.2015 20:36, HackXBack пишет: I think the solution is to go back to 3.4 Thanks -- View this message in context:

Re: [squid-users] BUG 3279: HTTP reply without Date

2015-01-19 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wow, 3.4.x and 3.5 has incompatible cache format??? 19.01.2015 20:59, FredB пишет: - Mail original - De: HackXBack hack.b...@hotmail.com À: squid-users@lists.squid-cache.org Envoyé: Lundi 19 Janvier 2015 15:53:20 Objet: Re:

Re: [squid-users] BUG 3279: HTTP reply without Date

2015-01-19 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yep, agreed. It is possible. 19.01.2015 21:14, FredB пишет: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wow, 3.4.x and 3.5 has incompatible cache format??? No, I'm just thinking about cache corruption, this could explain that the

[squid-users] In what condition are the prospects GZip/deflate runtime support in Squid?

2015-01-16 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi gents, anybody knows - In what condition are the prospects GZip/deflate runtime support in Squid? eCAP is so problematic solution, squid 3.4.x cannot build with libecap and gzip module (seems abandoned). The headers manipulation is dirty hack

Re: [squid-users] proxy pac files issues

2015-01-17 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Simon. This is my working configuration. On proxy web server: # To httpd.conf # Add WPAD type AddType application/x-ns-proxy-autoconfig .dat # Or to mime.types application/x-ns-proxy-autoconfig dat WPAD file must be placed in

Re: [squid-users] How to know, which CA certificate is absent?

2015-01-15 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Is it possible to know though URL, wich is got an error? Because of messsage not informative itself. 15.01.2015 17:10, Amos Jeffries пишет: On 16/01/2015 12:00 a.m., Yuri Voinov wrote: Hi gents, I have question. Look: 2015/01/15 16:48

Re: [squid-users] Odp: Odp: Re: Only TCP_MISS

2015-01-15 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This URL http://www.squid-cache.org/Images/img4.jpg produces HIT on second query. 15.01.2015 17:44, Robert пишет: [...] 1421183413.322185 10.59.1.9 TCP_MISS_ABORTED/503 1541 GET

Re: [squid-users] How to know, which CA certificate is absent?

2015-01-15 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I.e, easy way to identify problem URL does not exists. Excluding user complaints. Right? I thinking about correllation analyses between access.log and cache.log. ;) 15.01.2015 17:23, Amos Jeffries пишет: On 16/01/2015 12:14 a.m., Yuri Voinov

[squid-users] Too much assertion failed: comm.cc:178: fd_table[conn-fd].halfClosedReader != NULL

2015-01-15 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi gents, Sometimes I have too much assertions: 2015/01/08 09:40:39 kid1| assertion failed: comm.cc:178: fd_table[conn-fd].halfClosedReader != NULL Core dump not produced but Squid restarts. So, I can't get stack trace. When I set

[squid-users] Squid project site not available

2015-01-21 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 http://i.imgur.com/j7oeNyV.png -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBAgAGBQJUv2S+AAoJENNXIZxhPexGWg8H/3vpf9mQdV60eX5ot5m0zSwZ +5bmQmv7+Z8hf4n7Sy/6NGuaDv3bTU9xvp4Kjod6OZn2itNjhOTFKHtc2FV6n6PJ

[squid-users] Squid project site not available

2015-01-21 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 http://i.imgur.com/j7oeNyV.png -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBAgAGBQJUv2S4AAoJENNXIZxhPexGVXoH/jiJnsC3eqmwExFwmZTxZ9Jc 6zslBmW9FUsaEJ6zp4XLhGJieTF63BMAjiBEtB00ctEpfwc7fRU7bnVw+O08gfYF

Re: [squid-users] Squid 3.5.1 Install

2015-01-18 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've fight errors with specify '--with-openssl=/opt/csw' and also 'LIBOPENSSL_CFLAGS=-I/opt/csw/include/openssl', 'CPPFLAGS=-I/opt/csw/include' options. To specify right path to my OpenSSL with correct 32/64 bit. :) 19.01.2015 1:28, Matthew

Re: [squid-users] Squid 3.5.1 Install

2015-01-18 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yep. Show us compilation options and provide details your build environment. 19.01.2015 1:28, Matthew Bowman пишет: Hey guys, I just tried compiling the latest version of squid 3.5.1 with OpenSSL enabled and am receiving compile errors. Has

Re: [squid-users] light weight ICAP server that isn't dead :o)

2015-02-10 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 http://i.imgur.com/fKAUq66.png 5 c-icap processes is good enough to all office building. On squid box you can see above. 10.02.15 22:56, Luis Miguel Silva пишет: I've already installed it and took a look at it but I didn't want to waste time

Re: [squid-users] Is Squid can shutdown unused idle redirector's children?

2015-02-16 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yes. root @ cthulhu / # uname -a SunOS cthulhu 5.10 Generic_150401-16 i86pc i386 i86pc Solaris Are you an expert in it? 16.02.15 22:35, Antony Stone пишет: On Monday 16 Feb 2015 at 16:20, Yuri Voinov wrote: root @ cthulhu / # ps axuf usage: ps

Re: [squid-users] Is Squid can shutdown unused idle redirector's children?

2015-02-16 Thread Yuri Voinov
to use ps in solaris. If it works show me the details first and we will see what to do next. Eliezer On 16/02/2015 18:37, Yuri Voinov wrote: Yes. root @ cthulhu / # uname -a SunOS cthulhu 5.10 Generic_150401-16 i86pc i386 i86pc Solaris Are you an expert in it? 16.02.15 22:35

Re: [squid-users] Is Squid can shutdown unused idle redirector's children?

2015-02-16 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 root @ cthulhu / # ps axuf usage: ps [ -aAdeflcjLPyZ ] [ -o format ] [ -t termlist ] [ -u userlist ] [ -U userlist ] [ -G grouplist ] [ -p proclist ] [ -g pgrplist ] [ -s sidlist ] [ -z zonelist ] 'format' is one or more of:

Re: [squid-users] Is Squid can shutdown unused idle redirector's children?

2015-02-16 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 root @ cthulhu / # ps -aux ps: unknown user x Really, I don't understand subject of discussion. I think, will good to have possibility to autoclose idle Squid redirectors after time specified. Regardless of the operating system. Like autoclose

Re: [squid-users] Is Squid can shutdown unused idle redirector's children?

2015-02-16 Thread Yuri Voinov
, Eliezer Croitoru пишет: Hey Yuri, I would try first ps -aux just to find out if this is the right way to use ps in solaris. If it works show me the details first and we will see what to do next. Eliezer On 16/02/2015 18:37, Yuri Voinov wrote: Yes. root @ cthulhu / # uname -a SunOS

Re: [squid-users] Is Squid can shutdown unused idle redirector's children?

2015-02-16 Thread Yuri Voinov
the technical issue you see and understand it. All The Bests, Eliezer * Waiting for the ps output. On 16/02/2015 18:55, Yuri Voinov wrote: root @ cthulhu / # ps -aux ps: unknown user x Really, I don't understand subject of discussion. I think, will good to have possibility to autoclose

Re: [squid-users] Is Squid can shutdown unused idle redirector's children?

2015-02-16 Thread Yuri Voinov
then some might imagine. Now I think is the right place to stop the actual lookup for one solution or other and simply understand the technical issue you see and understand it. All The Bests, Eliezer * Waiting for the ps output. On 16/02/2015 18:55, Yuri Voinov wrote: root @ cthulhu

Re: [squid-users] Is Squid can shutdown unused idle redirector's children?

2015-02-16 Thread Yuri Voinov
: On 16/02/2015 21:10, Yuri Voinov wrote: root @ cthulhu / # ps -e Yuri, Can you find the right ps command that will include user and memory usage by each process? Thanks, Eliezer ___ squid-users mailing list squid-users@lists.squid-cache.org

Re: [squid-users] Latest squid for Windows

2015-02-18 Thread Yuri Voinov
two more days please :) Raf From: squid-users squid-users-boun...@lists.squid-cache.org on behalf of Yuri Voinov yvoi...@gmail.com Sent: Wednesday, February 18, 2015 9:40 AM To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] Latest squid

Re: [squid-users] Is Squid can shutdown unused idle redirector's children?

2015-02-12 Thread Yuri Voinov
- where each process has a database cache of 10% or 15% of the database - so 64 processes means that ufdbguard uses 640% of the size of the database. Marcus On 02/12/2015 05:01 PM, Yuri Voinov wrote: 13.02.15 0:49, Amos Jeffries пишет: On 13/02/2015 7:01 a.m., Yuri Voinov wrote: Hi

Re: [squid-users] Is Squid can shutdown unused idle redirector's children?

2015-02-12 Thread Yuri Voinov
children after configured timeout and starts them up when required. Also, OS cache also still exists. and can hold rewriter ELF near CPU did you remember? ;) 13.02.15 0:49, Amos Jeffries пишет: On 13/02/2015 7:01 a.m., Yuri Voinov wrote: Hi gents, subj. And, of course - question. How

Re: [squid-users] Is Squid can shutdown unused idle redirector's children?

2015-02-12 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 13.02.15 0:49, Amos Jeffries пишет: On 13/02/2015 7:01 a.m., Yuri Voinov wrote: Hi gents, subj. And, of course - question. How to do that? I've don't seen this, if it exists. For example, for this config stub: url_rewrite_program /usr

Re: [squid-users] Is Squid can shutdown unused idle redirector's children?

2015-02-12 Thread Yuri Voinov
. Otherwise idle= parameter for children just do not make sense. SQUID decides for me, it's better for my system. I want to have better control over rewriter's children and memory consumption. Did you agree? 13.02.15 0:49, Amos Jeffries пишет: On 13/02/2015 7:01 a.m., Yuri Voinov wrote: Hi gents

Re: [squid-users] Is Squid can shutdown unused idle redirector's children?

2015-02-12 Thread Yuri Voinov
for memory and occupies less memory than all those squidguard processes - where each process has a database cache of 10% or 15% of the database - so 64 processes means that ufdbguard uses 640% of the size of the database. Marcus On 02/12/2015 05:01 PM, Yuri Voinov wrote: 13.02.15 0:49

Re: [squid-users] Is Squid can shutdown unused idle redirector's children?

2015-02-12 Thread Yuri Voinov
. The database is optimised for memory and occupies less memory than all those squidguard processes - where each process has a database cache of 10% or 15% of the database - so 64 processes means that ufdbguard uses 640% of the size of the database. Marcus On 02/12/2015 05:01 PM, Yuri Voinov

Re: [squid-users] Is Squid can shutdown unused idle redirector's children?

2015-02-13 Thread Yuri Voinov
I am ready to sponsor the development of such a patch - but only as a basic redirector's functional and subject to the inclusion in the upstream. 13.02.15 6:34, Amos Jeffries пишет: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 13/02/2015 8:54 a.m., Yuri Voinov wrote: So simple. I want

Re: [squid-users] Is Squid can shutdown unused idle redirector's children?

2015-02-13 Thread Yuri Voinov
On 13/02/2015 8:54 a.m., Yuri Voinov wrote: So simple. I want to see only one additional parameter. idle_timeout. When I specify it to 0 - by default - all started rewriter processess remains after user requests, but! it I specify it over 0 in seconds - all idle rewriters after timeout must dies

Re: [squid-users] Squid and site ryanair.com

2015-02-19 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 https://www.google.com/search?q=ipv4+to+ipv6 19.02.15 23:35, masterx81 пишет: After futher search seem that the webpage now is trying to get files from cdnjs.cloudflare.com, but it resolves as an ipv6 address. My network is not ready for ipv6.

Re: [squid-users] Is Squid can shutdown unused idle redirector's children?

2015-02-16 Thread Yuri Voinov
root @ cthulhu / # top -n1 -b top: illegal option -- 1 Top version 3.7 Usage: top [-ISTabcinqu] [-d x] [-s x] [-o field] [-U username] [number] root @ cthulhu / # top -n -b last pid: 7353; load avg: 0.16, 0.14, 0.13; up 7+20:05:37 19:16:08 72 processes: 71 sleeping, 1 on cpu CPU

Re: [squid-users] Is Squid can shutdown unused idle redirector's children?

2015-02-16 Thread Yuri Voinov
seen until today. Do you have access to this squid machine cache manager interface? Eliezer On 12/02/2015 20:01, Yuri Voinov wrote: Hi gents, subj. And, of course - question. How to do that? I've don't seen this, if it exists. For example, for this config stub: url_rewrite_program /usr

Re: [squid-users] Is Squid can shutdown unused idle redirector's children?

2015-02-16 Thread Yuri Voinov
, Yuri Voinov wrote: root @ cthulhu / # top -n1 -b top: illegal option -- 1 Top version 3.7 Hey Yuri, Since top is missing couple details.. You can try -n 1 instead of -n1 and it will might show more details. If it's not working then a simple ps might shed some more light. In linux I can use ps

Re: [squid-users] Is Squid can shutdown unused idle redirector's children?

2015-02-16 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yep. 16.02.15 20:58, Eliezer Croitoru пишет: On 16/02/2015 15:23, Yuri Voinov wrote: http://i58.tinypic.com/rsqwxh.png 0 shutting down. Always. During nights and weekends. Are you talking about these 10? I am unsure I understand the issue

Re: [squid-users] Mutual authentication managed by Squid

2015-02-20 Thread Yuri Voinov
Transparent SSL Bump interception, eh? 20.02.15 15:14, Ilya Karpov пишет: Hi guys, can anyone suggest solution to make following scenario work using squid: step1. Client(actually server application) calls HTTP://example http://example.org squid via proxy. | V step2. Proxy(Squid) understands

Re: [squid-users] Mutual authentication managed by Squid

2015-02-20 Thread Yuri Voinov
февр. 2015 г., в 12:24, Yuri Voinov yvoi...@gmail.com mailto:yvoi...@gmail.com написал(а): Transparent SSL Bump interception, eh? 20.02.15 15:14, Ilya Karpov пишет: Hi guys, can anyone suggest solution to make following scenario work using squid: step1. Client(actually server application) calls

Re: [squid-users] How to cache everything with an Etag HTTP header?

2015-02-18 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 18.02.15 20:32, Amos Jeffries пишет: On 19/02/2015 2:22 a.m., Karl-Philipp Richter wrote: Hi, I'm quite new to advanced squid configuration and want to enhance my HTTP cache expensive-bandwidth-cheap-storage setup where I'm mostly interested in

Re: [squid-users] about negotiate_kerb_auth helper

2015-02-19 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos 19.02.15 21:44, Mail_Agent пишет: Hello, can you tell me where can i find detailed instruction about negotiate_kerb_auth_helper, please, I've configured squid.conf, checked

Re: [squid-users] Is Squid can shutdown unused idle redirector's children?

2015-02-17 Thread Yuri Voinov
As I said - never. I use external log rotation facility. Squid log rotation is completely off in my installation. 17.02.15 8:26, Amos Jeffries пишет: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 17/02/2015 7:38 a.m., Yuri Voinov wrote: We are talking not about the differences between any

Re: [squid-users] Is Squid can shutdown unused idle redirector's children?

2015-02-17 Thread Yuri Voinov
17.02.15 5:01, Amos Jeffries пишет: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 17/02/2015 4:27 a.m., Yuri Voinov wrote: Yep. 16.02.15 20:58, Eliezer Croitoru пишет: On 16/02/2015 15:23, Yuri Voinov wrote: http://i58.tinypic.com/rsqwxh.png 0 shutting down. Always. During nights

[squid-users] WARNING: Error Pages Missing Language: en-gb

2015-01-27 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Squid 3.4.11. Translation enabled. All error pages and directories exists. But sometimes: 2015/01/27 15:56:48 kid1| WARNING: Error Pages Missing Language: en-gb 2015/01/27 15:56:48 kid1| WARNING: Error Pages Missing Language: en Why? -BEGIN

Re: [squid-users] Host header forgery detected

2015-01-27 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oh, shi.. It can't be on proxy host or other infrastructure. It can be on these client.. Let's check. 27.01.2015 10:41, Amos Jeffries пишет: -BEGIN PGP SIGNATURE- Version: GnuPG v2

Re: [squid-users] Host header forgery detected

2015-01-27 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oh, shi.. It can't be on proxy host or other infrastructure. It can be on these client.. Let's check. 27.01.2015 10:41, Amos Jeffries пишет: On 27/01/2015 11:13 a.m., Yuri Voinov wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1

Re: [squid-users] how long object size can squid 3.5.2 handle ?

2015-01-27 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm waiting for working transparent interception bumping ;) yet sit on 3.4.11 ;) 28.01.2015 3:30, Amos Jeffries пишет: On 28/01/2015 9:29 a.m., Yuri Voinov wrote: In 3.5.2? :) It already released? :) Aye, if that was meant to say 3.5.0.2

Re: [squid-users] how long object size can squid 3.5.2 handle ?

2015-01-27 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In 3.5.2? :) It already released? :) But really - with 64 bit build with enough RAM under 64 bit OS on 64 bit (or 128 bit) filesystem you can save as big object your want with any Squid. :) 28.01.2015 12:10, Ahmad пишет: Hi dev , how long

Re: [squid-users] how long object size can squid 3.5.2 handle ?

2015-01-27 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In 3.5.2? :) It already released? :) But really - with 64 bit build with enough RAM under 64 bit OS on 64 bit (or 128 bit) filesystem you can save as big object your want with any Squid. :) 28.01.2015 12:10, Ahmad пишет: -BEGIN PGP

Re: [squid-users] squid3

2015-01-27 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hmm.. Why so ancient Squid version? 3.1.x is legacy. Now Amos says: Upgrade to last version. ;) Which is 3.5.1 (wow! :)) 28.01.2015 3:48, Bobby пишет: Sorry if you’re seeing this twice… I think I sent it to the wrong address the first

Re: [squid-users] Error negotiating SSL connection on FD 20: error:00000000:lib(0):func(0):reason(0) (5/-1/131)

2015-01-27 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 131 error means: CONNECTED(0003) write:errno=131 - --- no peer certificate available - --- No client certificate CA names sent - --- SSL handshake has read 0 bytes and written 148 bytes - --- New, (NONE), Cipher is (NONE) Looks like something

  1   2   3   4   5   6   7   8   9   10   >