well if you can send us your configuration file we can try to help you.
give us a list of sites you want to access and maybe we can help you
compose acls and the config file.
On 20/01/2011 19:05, Tristan Sexton wrote:
Hello,
I've had some issues trying to setup Squid through Webmin for a
On 24/01/2011 06:35, Max Feil wrote:
Already did use Wireshark. Here is some more info:
If you look through the traces you'll notice that at some point Squid
sends a TCP [FIN, ACK] right in the middle of a connection for seemingly
no reason. (Attempting to close the connection) The server
well i have found the problem..
it's not your proxy...
your proxy is doing fine cause it's identifying files mimes and stuff=20
like that.
have you ever heard of ZIP BOMB?
well it's not it but it's something like it.
the site itself working fine and the page is getting to your computer in=20
It's a small peace and most of the answers are not really suppose to there.
the first thing is that your cache is not just cache it's a store house..
it;'s not bad but you can try to change the ufs to aufs..
can get better performance.
what are the specification of the machine?
core i7
are you kdding me?
500 clients?
if most of the clients are just doing almost nothing just downloading
one page of 2 MB..
how much is your HD I\O ?? in this case?(in speed MBps) ?
so first.. change the UFS to AUFS you dont need to do anything to the
cache it self cause it the same system
set the squid settting on debug mode all 1 and then try to start it..
after this open the error log file.../cache log file.
it can be because of the cahce partition /dir or just settings..
On 24/01/2011 15:33, Tom B. wrote:
Hi to all,
i had installed squid as part of the webmin package
epoll for the IO loop
2011/01/24 15:23:49| Performing DNS Tests...
problem solved!
Thank you very much Eliezer! :)
Date: Mon, 24 Jan 2011 15:55:12 +0200
From: elie...@ec.hadorhabaac.com
To: squid-users@squid-cache.org
Subject: Re: [squid-users
i will try now
On 24/01/2011 22:01, Henrik Nordström wrote:
squid -k debug
it's not a dns problem...
you can make sure and test the round trip and check the problem..
if you will insert these servers into your squid host to the hosts file
you are done with DNS just make sure it's updated in every day with a
nice script or manualy.
this is one side of the problem we
did you really was reading about squid?
what is purpose of it?
as long as i know it can pass any SSL that i gave it.
if you need something else to be handled other then http and SSL just
use the iptables or what ever other firewall software of the OS it's
runing on.
On 25/01/2011 19:54,
does you clients are in lan?
what is you network topology?
it look like some thing is not quite configured well in your IPtables
and.. also you will might want to use the intercept option and not the
tproxy (for testing).
On 28/01/11 01:25, mbruell wrote:
Hi,
I'm trying to use squid as a
i had another problem with the stable version of ubuntu 10.04 that im
using..
that when listening to stream http music from aol(DI.FM) i was getting a
noise every 3-2 seconds cause of streaming speed problem.
i didn't had any of these on the 2.7 version so i compiled squid 3.1.10
and now in
i dont know how high performance your system is but i think you can try
the new version 3.1.10 on your system and after you will get real
performance
issues you can try to recompile it with less strick option.. or .. just
compile one with limit and one without limit and change the binary if
i dont now the log options well but..
i would take another approach and instead of making it not to be in the
log... i would make something to make these lines to not be shown when
analyzing the logs.
you can either use grep -v or some perl\python script that can do this
easily.
On
got almost the same thing but on forward proxy.
it's getting null and then the address like
nullhttp://...
i dont remember the exact line cause it was 5 times and then gone.
On 10/02/2011 22:38, Dean Weimer wrote:
I have a reverse proxy running 3.1.10, and noticed a few odd lines in the
to make it work for me.
Thanks
Eliezer
Thanks amos.
i will sit on this next week and when it will work i will give you some
info.
Regards Eliezer
On 21:59, Amos Jeffries wrote:
On Wed, 16 Feb 2011 15:20:10 +0200, Eliezer wrote:
im using now squid 3.1.10 and i dont have the store_url_rewrite
option and some of my network users
is there anything you can get using these settings?
have you tried using the squid mahcine on non transparent mode?
On 17/02/2011 17:07, Harald Dunkel wrote:
Hi Jeff,
On 02/17/11 14:24, jeffrey j donovan wrote:
greetings
im assuming your using ipfw on BSD, what does your redirect
got the null thing.
Thanks Eliezer
% 4320 override-expire
if you want me to do something to help find the bug or any information
just say it.
On 16/02/2011 23:56, Amos Jeffries wrote:
On Wed, 16 Feb 2011 15:20:10 +0200, Eliezer wrote:
im using now squid 3.1.10 and i dont have the store_url_rewrite
option and some of my network
/Iptables.gif
i would be glad to make one if there isn't.
- i am looking for a way to extend an object cache lease\life span based
on usage.
is there a way to mangle a single object cache validity without
releasing and reloading it into the cache?
thanks Eliezer
that there are situations that this is needed.
Thanks Eliezer
installation.
Regards Eliezer
On 23/02/2011 07:56, Amos Jeffries wrote:
On Wed, 23 Feb 2011 07:03:02 +0200, Eliezer wrote:
i have seen refresh_pattern with Age percentage more then 100% and
my question was:
does that percentage does an extending to the expiration time?
or squid has maximum
Well it depends on the protocol that is used on the video conference
and not necessarily related to the cache proxy.
Regards Eliezer
On 23/02/2011 09:17, Edmonds Namasenda wrote:
Dear all.
I would like to have a video conference call on my LAN using a
particular I.P Address. This is going
.
Regards Eliezer
On 23/02/2011 13:29, Edmonds Namasenda wrote:
Eliezer, these are general video calls; Skype, Sonix etc
On Wed, Feb 23, 2011 at 12:45 PM, Eliezerelie...@ec.hadorhabaac.com wrote:
Well it depends on the protocol that is used on the video conference
and not necessarily
im planning to compose a nice video tutorial on squid stable versions.
i would like to get some key points from users on information they would
like to get on squid.
any points will be greeted with a happy smile.
i have seen some videos but none of the where really more then basic
well it suppose to be a basic guide for dummies
how to install..
how to configure.
some live samples and site analysis.
and also this RFC to find what users will want to know or see.
On 03/03/2011 06:50, Amos Jeffries wrote:
On 03/02/11 15:58, Eliezer wrote:
im planning to compose
Markus,
Does ufdbGuard have a Debian package or build instructions?
The last time I tried to compile it on both Debian and Ubuntu I have
encountered couple issues.
Thanks,
Eliezer
<http://ngtech.co.il/main-en/> Eliezer Croitoru
Linux System Administrator
Mobile:
+1
If the certificate is still working do the updates step by step and when you
have successfully distributed the certificate make the switch.
Eliezer
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il
-Original Message-
From: squid
the right mime headers for the der(also cer) and pem formats.
(use curl...)
Eliezer
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il
-Original Message-
From: squid-users On Behalf Of FredB
Sent: Wednesday, January 16, 2019 17:48
To: squid
The DB of distro mirrors on the wiki is not up-to-date but it's a nice example.
Eliezer
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il
-Original Message-
From: squid-users On Behalf Of jimc
Sent: Thursday, January 3, 2019 21:40
.
Eliezer
* I have seen security companies( AV ) that updates their root ca
certificate using the AV or agent, if running an update file/service every
startup is an option we can try to find a nice solution.
<http://ngtech.co.il/main-en/> Eliezer Croitoru
Linux System Administrator
There should be a new acl names “certificate-fetching”
So I assume you can use something like:
acl certfetch transaction_initiator certificate-fetching
http_access allow certfetch
Eliezer
<http://ngtech.co.il/main-en/> Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28
It should return:
… page.
And it takes 100 ms.
Can you re-test it?
Also make sure what happens if you run the same command from within the proxy
host and not remotely.
Another option is that there is something else between you and the proxy but it
sound odd.
Eliezer
<h
I have seen that there is a very nice squid de-duplication helper at:
https://github.com/frispete/squid_dedup
I think it's worth adding into the squid-cache Related Software section.
Eliezer
<http://ngtech.co.il/main-en/> Eliezer Croitoru
Linux System Administrator
Mobile:
provide the:
- OS and distribution
- "squid -v" output
- some of the access.log that might provide more details on if the traffic is
passing or not thru the proxy
- if linux then iptables rules
- if possible the whole squid.conf (remove or obscure any private details)
Eliezer
----
Elieze
.
It's not the fastest connection ever but it's fast enough to mirror or
download from the service without any major issues.
All The Bests,
Eliezer
<http://ngtech.co.il/lmgtfy/> Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: <mailto:elie...@ngt
not trust Squid in general then I should probably
not entrust these netfilter socket to Squid)
Thanks,
Eliezer
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il
-Original Message-
From: squid-users On Behalf Of Amos
Jeffries
Sent
.
I might be able to write an example but only in a week or more.
All The Bests,
Eliezer
<http://ngtech.co.il/lmgtfy/> Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: <mailto:elie...@ngtech.co.il> elie...@ngtech.co.il
From: squid-user
So with 4.5 we are still waiting for openssl to advance into TLS 1.3, right?
Can the thread writer add a list of these domains which can help others?
Thanks,
Eliezer
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il
-Original Message
I wrote an example helper at:
http://gogs.ngtech.co.il/NgTech-LTD/storeid-helpers
which contains vimeo mp4 specific StoreID helper.
For their images there is no need for a StoreID helper they…. Want you to cache
it.
Eliezer
<http://ngtech.co.il/main-en/> Eliezer Croitoru
Linux
to the "too much user" mark and then he can download
and upload with a speed CAP/QOS.
Eliezer
----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il
-Original Message-
From: squid-users On Behalf Of
Heiler Bemerguy
Sent: Monday
tub-zone/
(look for dstdom_regex or download\.microsoft\.com )
Let me know if it helps.
Eliezer
* Try to upgrade from 3.1 if possible.
* I probably can compile a newer version for your OS.
<http://ngtech.co.il/main-en/> Eliezer Croitoru
Linux System Administrator
Mo
What would be the reason to replace haproxy eactly?
Eliezer
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il
-Original Message-
From: squid-users On Behalf Of
David Touzeau
Sent: Saturday, February 23, 2019 18:31
To: squid-users
..
Thanks,
Eliezer
<http://ngtech.co.il/main-en/> Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: <mailto:elie...@ngtech.co.il> elie...@ngtech.co.il
___
squid-users mailing list
squid-users@lists.squid-ca
I do not see any context, can you redirect me towards the last email?
Eliezer
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il
-Original Message-
From: squid-users On Behalf Of FredB
Sent: Sunday, February 24, 2019 12:33
Cc: squid
enies them with a 302 to another
server so it's hard
for me to see in the browser if the chain received is full.
Thanks,
Eliezer
----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il
-Original Message-
From: squid-users On Behalf Of Amos
Jef
It depends on the hardware in the server grade Windows.
It can take more then 3k conn's for 100%.
It's possible that squid was not designed for windows 2k16
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il
-Original Message-
From
A simple Forward proxy with a CONNECT right?
Thanks,
Eliezer
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il
-Original Message-
From: FredB
Sent: Monday, February 25, 2019 19:05
To: elie...@ngtech.co.il
Cc: squid-users@lists.squid
for windows out there? (just wondering what
and why have you choose Squid)
Thanks,
Eliezer
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il
-Original Message-
From: Van Order, Drew (US - Hermitage)
Sent: Wednesday, February 27, 2019 05
as
long as you have a working and properly configured firewall on the Server.
Let me know if something fit your needs.
If so you can try and test and maybe find the right culprit(ie windows or
linux).
Eliezer
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie
-proxy.tar.xz
You will need some software to make it a service but these are easy to find.
If you need a recommendation for one I will try to find.
All The Bests,
Eliezer
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il
-Original Message-
From
know if you wish to shed more details on the configuration so I can
take my time and understand if there is a solution else then Squid.
Eliezeer
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il
-Original Message-
From: squid-users
Others
If you are willing to share a set of domains that will be added to the wiki
as a "websocket" required for this service or set of domains wiki
I might be able to pull it off and write this ICAP service.
Eliezer
<http://ngtech.co.il/main-en/> Eliezer Croitoru
Linux
+1
The main issue is websockets.
Since Squid doesn't have websockets related code implemented in a public code
the Squid instance would break more then one connection.
Eliezer
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il
-Original
the if and else's but
it works much faster under heavy load.
Eliezer
<http://ngtech.co.il/main-en/> Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: <mailto:elie...@ngtech.co.il> elie...@ngtech.co.il
___
No need to compile and build it for AWS:
I already built it for both AWS 1 and 2:
http://ngtech.co.il/repo/amzn/
Can be downloaded and is tested to work very well on both OS.
Eliezer
* let me know if the package is good enough.
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5
You can replace them with dstdom_regex which will not trigger a PTR lookup.
Eliezer
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il
-Original Message-
From: squid-users On Behalf Of
Ahmad, Sarfaraz
Sent: Thursday, February 14, 2019
> http://ngtech.co.il/repo/amzn/
>
> Can be downloaded and is tested to work very well on both OS.
>
> Eliezer
Thanks, looks really good !
I guess those Amazon Linux 1 packages come from there :
http://gogs.ngtech.co.il/NgTech-LTD/squid-amzn1-squid4-rpms ?
Right ^^
> The clos
naries can be downloaded securely on a HTTPS url that contains the
certificate with SHA-256 signature:
F0:CF:CD:71:0D:A5:E0:9E:7A:6B:D8:1D:09:5E:56:AB:AD:B1:39:5F:0B:9B:63:E5:A8:B
7:88:E0:DC:5B:61:9A
Eliezer
<http://ngtech.co.il/main-en/> Eliezer Croitoru
Linux System Administrato
Can we change the default from "startup=0" to "startup=1" ?
Thanks,
Eliezer
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il
-Original Message-
From: squid-users On Behalf Of Amos
Jeffries
Sent: Saturday, Fe
On 05/03/2011 06:16, christ...@wanxp.com wrote:
Dear,
i installed and run 2 squid2.7 in same machine for balance CPU load
(quadcore proc). my question are can i do sibling between 2 squid in
same machine for sharing cache ? will it cause any problem in future ?
any1 have experience bout
On 05/03/2011 06:40, christ...@wanxp.com wrote:
On 2/5/2011 11:26 AM, Eliezer Croitoru wrote:
On 05/03/2011 06:16, christ...@wanxp.com wrote:
Dear,
i installed and run 2 squid2.7 in same machine for balance CPU load
(quadcore proc). my question are can i do sibling between 2 squid in
same
exit 0
end#
Thanks Eliezer
-essential package i needed to use
aptitute install build-essential
and then you are getting a nice menu that shows the problems and the
ways to resolve the issues.
Hope it will help someone
Regards
Eliezer
On 07/04/2011 11:52, Linda Walsh wrote:
Amos Jeffries wrote:
Marked explicitly as private - aka cannot be cached by any
middleware proxy (such as Squid) which may send it to other users.
May be cached by a personal cache such as the browser storage.
---
But I don't have to log in.
More
On 07/04/2011 16:16, Linda Walsh wrote:
Eliezer Croitoru wrote:
On 07/04/2011 11:52, Linda Walsh wrote:
Amos Jeffries wrote:
Marked explicitly as private - aka cannot be cached by any
middleware proxy (such as Squid) which may send it to other users.
May be cached by a personal cache
ratio of about 80%.
(the refresh patterns are costumed and im using some helpers i have built).
Eliezer
2011/4/8 Amos Jeffriessqu...@treenet.co.nz:
On 09/04/11 02:49, igor rocha wrote:
?
2011/4/8 igor rochaigorlo...@gmail.com:
Hello,
I know that does not formulate the right question, I am
it.
Eliezer
Regards,
Yomi.
On 12/04/2011 06:15, Amos Jeffries wrote:
On Mon, 11 Apr 2011 22:34:02 +0300, Eliezer Croitoru wrote:
On 11/04/2011 20:53, sq...@sourcesystemsonline.com wrote:
Good day,
Some times when i check my ESET Antivirus LogFile, it shows that some
activities of clients in my network are attacking my
On 12/04/2011 19:14, Marcello Romani wrote:
Il 12/04/2011 17:46, yogii ha scritto:
thank you Mr.jeffrey, this link very useful for me, i have read about
installation which is better, automatic install with apt-get squid or
i do
compile squid?
thanks Mr.
--
View this message in context:
traffic
interrogation.
Eliezer
The easier way though is with a pcap/tcpdump packet dump.
Amos
On 13/04/2011 17:45, Klaus Darilion wrote:
Am 13.04.2011 12:23, schrieb Eliezer Croitoru:
but if it certain clients you can might setup specific parent proxy for
this purpose as parosproxy.
it's not suppose to be as fast as squid but built for http\s traffic
interrogation.
Thanks
works on one server with a log of traffic with
only 2 child and works much more efficient then many others.
Eliezer
Okey one Day later: DNS Error, and at this Time, no prob with the
url_rewrite_children.
now i added some dns Server and the google dns Server (8.8.8.8) which should be
up, and what
On 12/04/2011 08:37, Amos Jeffries wrote:
On 12/04/11 15:51, Eliezer Croitoru wrote:
On 12/04/2011 06:15, Amos Jeffries wrote:
On Mon, 11 Apr 2011 22:34:02 +0300, Eliezer Croitoru wrote:
On 11/04/2011 20:53, sq...@sourcesystemsonline.com wrote:
Good day,
Some times when i check my ESET
parts i would run the squid as a dedicated
machine and wiht a cache dns server on it.
Eliezer
or leave an option
for some openings cause people today are addicted to internet.
Regards
Eliezer
/index.php/Configure_options_-_squid
Regards
Eliezer
Thank Amos and all the team.
what testing re we talking about the 3.HEAD version?
I will be happy to start testings
Eliezer
On 18/04/2011 04:14, Amos Jeffries wrote:
On Sun, 17 Apr 2011 19:57:11 +0300, Eliezer Croitoru wrote:
On 17/04/2011 19:44, Jenny Lee wrote:
Sorry for not answering. There was just had nothing I could be sure
about until now...
3.2.0.7 will be out early (and very soon) with fixes
What is your network setup?
What is the position of each device related to the other on the network?
both of them on the same network?
Eliezer
On 22/04/2011 11:43, bmm-mailinglist wrote:
Hi all,
I am a new Squid user. I like Squid's ease of setup and -use. Unfortunately,
I've hit
.
it's not a solution for soft reconfigure but it's better then anything
else i could think of to make sure that my clients wont have problems
while i'm doing a reconfigure.
Regards
Eliezer
.
Regards
Eliezer
packet.
and if you have specific problem other then SYN packets them self's you
should take care of them and not the SYN packets.
Jim kind of gave you most of the settings you will need to lookup for
and understand their meanings.
Regards
Eliezer
edit /etc/sysctl.conf
change net.ipv4
environment and capabilities.
Regards
Eliezer
.
it will use a second running and configure instance of squid to make the
reconfiguring less painful for the users.
Eliezer
will be
glad.
Regards
Eliezer
the snapshot of the headers and content. The simple server could
fetch files not in the cache as requested. I could redirect traffic to
the simple server using iptables.
Cheers,
Dan
if you will write this piece i would like to get a piece of it's code.
Thank
Eliezer
proxies wouldn't resolve?
by resolve you mean dns lookup?
And how can that be prevented?
it depends on how the chain is built.
if you can picture for me the infrastructure and some url examples i can
try to help you with it.
Eliezer
Thanks
Eliezer
http_access allow localhost
#http_access deny msn_messenger
#http_access deny msn_method msn_url
http_access deny all
http_reply_access allow all
icp_access allow all
error_directory /usr/share/squid/errors/Spanish
client_db off
log_fqdn off
On 28/04/2011 18:05, Amos Jeffries wrote:
On 29/04/11 00:49, Eliezer Croitoru wrote:
On 27/04/2011 22:53, Oscar Andrés Eraso Moncayo wrote:
Hi,
squid.conf:
**
http_port
On 28/04/2011 17:18, Amos Jeffries wrote:
proxy was psychic
my proxy was psychic good name for a TV show :)
for close_wait and others but
they are way too much for any usage i know.
also the udp ones are way to high for dns and other services and a
faster network then a 5 MB.
Eliezer
searching for a solution.
Regards
Eliezer
On Fri, Jan 7, 2011 at 7:39 PM, Mohsen Saeedimohsen.sae...@gmail.com wrote:
Dea Hasanen
which setting is better than for it? can you give me some helps?
On Fri, Jan 7, 2011 at 7:36 PM, Hasanen AL-Banahasa...@gmail.com wrote:
This will cause a bigger
it works for a lot
more then what you have.
Regrads
Eliezer
you can increase
the dns cache leases\ttl\timeout\validation on squid or you dns caching
server.
it will be much more efficient in many cases rather using
unreadable\understanble acls\rules.
Regards
Eliezer
Yes, we have a local caching dns.
- Ursprüngliche Mail
Von: Eliezer
disable the NTLM auth for the exchange and local servers..
if they are protected with passwords already and they are
internal\specific use you can disable for these servers
the need for squid AUTHENTICATION.
On 18/05/2011 11:05, Stefanos Vizikidis wrote:
Hi!
I have recently set up a
Eliezer
and server i will try to use my squid if you want.
also we will benefit if one of the squid-users have exchange server and
can help us with it.
Eliezer
On Wed, May 18, 2011 at 8:22 PM, Chad Nauglechad.nau...@travimp.com wrote:
What version of Squid3 are you using? Because 3.1.X has
on this server.
Regards
Eliezer
On 24/05/2011 21:20, Alfonso Alejandro Reyes Jimenez wrote:
Hi list.
We would like to know whats the best practice when we have more than 3000 rules
on our squid. Right now squid takes more than 15 minutes to start or restart,
we think that's because we have
1 - 100 of 2394 matches
Mail list logo