Re: [squid-users] Squid and site ryanair.com

[Amos Jeffries]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 16/01/2015 4:58 a.m., masterx81 wrote:
> Hi! I have squid/3.3.13 on a centos 6.5, configured with ntlm and
> kerberos auth. I'm having throubles to get work the http site
> ryanair.com. The dynamic content of the page (the find flights
> button and the calendars, that as far i can see are js+css) are not
> working (the calendars does not open and the button doesn't
> highlight on mouse move). I've also tried to put an exception for
> the dstdomain ryanair.com before the auth, and i have the same
> problem. On access.log i get only DENIED on:
> 
> 1421337197.667  0 172.16.2.210 TCP_DENIED/407 3944 CONNECT 
> s-static.ak.facebook.com:443 - HIER_NONE/- text/html 1421337195.919
> 0 172.16.2.210 TCP_DENIED/407 3908 CONNECT apis.google.com:443 -
> HIER_NONE/- text/html

Notice how neither of those are "ryanair.com"...

> 
> there was also a DENIED on: 1421337020.420  0 172.16.2.210
> TCP_DENIED/407 4354 GET 
> http://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.3.6/slick.css
> - HIER_NONE/- text/html
> 
> I've tried to bypass also auth on dstdomain cloudflare.com, now i
> get a MISS on that instead of a DENIED, but the page still not
> work.
> 

As you may have noticed by now the "page" is composed of many very
different complicated pieces. Any one of the other pieces may be
breaking it.

As a whole it looks like whatever browser you are using not supporting
login to a proxy with the auth schemes you chose to use.

Note that Squid is part of the network, the buttons and JS/CSS not
working properly has nothing to do with Squid unless the UA is failing
to fetch the JS/CSS objects or XHR transactions themelves from the
network/Squid. Which will show up in the browser developer tools
"network" panel, and in traffic traces.

HTH
Amos

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUuIszAAoJELJo5wb/XPRjQUwH/Ah1DXFtVLteLQopqLX9hDKC
BaHpyntPruiNG/8kkXqHwZCvVPHMuJSOmbv7pYyyt9L374Nz9QoywfufgaWU8Juc
PSv2lPZwLKcYG6MyFeLSwfsSsDFR4h2zY8/itdEwi9p3DXmu8apsx2IoLsu5AVY7
BZpKwsXXqYMRGoEDnQoq2m0tlnsgpAxTr0CRrmYDS5DCydV3+asQiUUPijbL5i83
vUhEYYy9OfhFwy0Qo6YCMC0TfdC+PhejElU1ZK5tz9Bd5IBbOZH14KICzrCInwUT
i6uQ3m+8vHx89CMj9rG9IXjHQTubCglwBj8tSy/Hio+hKre63inMTHLkI+/zna8=
=tA2X
-END PGP SIGNATURE-
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Odp: Re: Odp: Re: Odp: Odp: Re: Only TCP_MISS

[Amos Jeffries]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 16/01/2015 10:35 a.m., Robert wrote:
> Dnia Czwartek, 15 Stycznia 2015 22:16 Yuri Voinov napisał(a)
>> Oh,
>> 
>> of course - you must to warm up cache first also.
>> 
>> :)
>> 
> 
> 1. warm up cache What the hell is that ? ;) , no Squid installation
> guide says about it, please give me link to some (simple) guide to
> warm up my swap to cache as much as possible
> 

Squid of course *does not* come bundled with an installed copy of the
entire Internet.

A freshly installed or restarted[1] proxy has a cache in state called
"cold". Each repeat fetch for a URL "warms" it.URL which are often
requested are called "hot".

You have to make one request where a MISS is guaranteed. That request
tells Squid whether to cache the reply for *future* use. All that
first request will tell you is whether the URL is possible to fetch.
Nothing about caching in access.log.

To know if a reply has been cached requires at least a second request.
That ones access.log details say whether *it* was a hit or miss or
refresh.


[1] disk cache persist across restart. So simply restarting Squid
resets to either cold or warm states depending on disk usage. Usually
the hottest objects will be exclusively in RAM and the latest copy
need fetching from the network on restart - this ensures that hot
objects are always up to date and accurate.


> 2. "First reason - HTTP headers. I.e, no cache. etc. You can
> override them with refresh_patterns violations. :)" Again, please
> tell me what refresh_patterns should I set to increase as most
> caching , also with headers caching if this is possible
> 

Please don't go that way. At least not now. So far it has been your
testing methodology which is broken, not the sites operation. (Except
that one doing Vary:User-Agent and nothing can be done in squid.conf
about that.)

Many of the refresh_pattern override/ignore options *break* HTTP and
are only to be used if you understand the impact of what that use
means, with a specific broken website that requires it. You need to
know exactly *what* is broken about the website to be able to
configure the overrides correctly for it.


If you want better caching, ensure that you have the latest Squid
available. We are constantly searching out ways to safely improve the
amount Squid can store and remove the need for those overrides to
exist at all.



> 3. I did next text with site pkp.pl: 1421356447.223193
> 10.59.1.9 TCP_MISS/200 4657 GET
> http://rozklad-pkp.pl/img/content/icons/disab.png -
> HIER_DIRECT/213.199.225.44 image/png 1421356447.270200
> 10.59.1.9 TCP_MISS/200 4505 GET
> http://rozklad-pkp.pl/img/content/icons/direct.png -
> HIER_DIRECT/213.199.225.44 image/png 1421356447.274961
> 10.59.1.9 TCP_MISS/200 80175 GET
> http://rozklad-pkp.pl/css/lato-bold-webfont.woff -
> HIER_DIRECT/213.199.225.44 text/plain 1421356447.297190
> 10.59.1.9 TCP_MISS/200 1683 GET
> http://rozklad-pkp.pl/img/content/icons/arrow-down-3.png -
> HIER_DIRECT/213.199.225.44 image/png 1421356447.442198
> 10.59.1.9 TCP_MISS/200 1732 GET
> http://rozklad-pkp.pl/img/content/icons/main/plus.png -
> HIER_DIRECT/213.199.225.44 image/png 1421356447.455193
> 10.59.1.9 TCP_MISS/200 1834 GET
> http://rozklad-pkp.pl/img/header/search.png -
> HIER_DIRECT/213.199.225.44 image/png 1421356447.476209
> 10.59.1.9 TCP_MISS/200 1665 GET
> http://rozklad-pkp.pl/img/content/icons/main/from.png -
> HIER_DIRECT/213.199.225.44 image/png 1421356447.502228
> 10.59.1.9 TCP_MISS/200 1641 GET
> http://rozklad-pkp.pl/img/content/icons/main/cal.png -
> HIER_DIRECT/213.199.225.44 image/png 1421356447.525  2
> 10.59.1.9 TCP_MEM_HIT/200 46701 GET
> http://rozklad-pkp.pl/img/content/icons/map/mapa3.png - HIER_NONE/-
> image/png 1421356447.530246 10.59.1.9 TCP_MISS/200 1666 GET
> http://rozklad-pkp.pl/img/content/icons/main/to.png -
> HIER_DIRECT/213.199.225.44 image/png 1421356447.569266
> 10.59.1.9 TCP_MISS/200 1735 GET
> http://rozklad-pkp.pl/img/content/icons/arrow-up-2.png -
> HIER_DIRECT/213.199.225.44 image/png 1421356447.901445
> 10.59.1.9 TCP_MISS/200 8944 GET
> http://rozklad-pkp.pl/img/content/bg/bn-na.png -
> HIER_DIRECT/213.199.225.44 image/png 1421356447.932471
> 10.59.1.9 TCP_MISS/200 7638 GET
> http://rozklad-pkp.pl/img/content/bg/bn-na_780.png -
> HIER_DIRECT/213.199.225.44 image/png 1421356447.959478
> 10.59.1.9 TCP_MISS/200 6506 GET
> http://rozklad-pkp.pl/img/content/bg/bn-na_480.png -
> HIER_DIRECT/213.199.225.44 image/png 1421356448.457916
> 10.59.1.9 TCP_MISS/200 1573 GET
> http://rozklad-pkp.pl/img/content/icons/main/minus.png -
> HIER_DIRECT/213.199.225.44 image/png 1421356448.477932
> 10.59.1.9 TCP_MISS/200 1786 GET
> http://rozklad-pkp.pl/hafas-res/img/sel_prod_ice.gif -
> HIER_DIRECT/213.199.225.44 image/gif 1421356448.552979
> 10.59.1.9 TCP_MISS/200 1771 GET
> http://rozklad-pkp.pl/hafas-res/img/sel_prod_ic.gif -
> HIER_DIRECT/213.199.225.44 image/gif 1421356448.586   

Re: [squid-users] Odp: Re: Odp: Odp: Re: Only TCP_MISS

[Amos Jeffries]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 16/01/2015 10:07 a.m., Robert wrote:
> Dnia Czwartek, 15 Stycznia 2015 12:54 Yuri Voinov
>  napisał(a)
>> 
> This URL
> 
> http://www.squid-cache.org/Images/img4.jpg
> 
> produces HIT on second query.
> 
> 
> 
>> Ok, this is working - give TCP_MEM_HIT/200
> 
>> But can anybody explain me why such a images are not cached ? 
>> 1421355736.332 341144 10.59.1.9 TCP_MISS/200 9228 CONNECT
>> api.instagram.com:443 - HIER_DIRECT/107.23.224.121 - 
>> 1421355736.332  14042 10.59.1.9 TCP_MISS/200 255 CONNECT
>> www.facebook.com:443 - HIER_DIRECT/2a03:2880:f000:1:face:b00c:0:1
>> - 1421355736.577   1980 10.59.1.9 TCP_MISS/200 62566 GET
>> http://www.blogojciec.pl/wp-content/uploads/2014/11/8334168249_1b5c1a6e7a_k-726x400.jpg
>> - HIER_DIRECT/185.23.21.14 image/jpeg 1421355736.828738
>> 10.59.1.9 TCP_MISS/200 48321 GET
>> http://www.blogojciec.pl/wp-content/uploads/2014/11/2335080161_6c96f831b1_b-726x400.jpg
>> - HIER_DIRECT/185.23.21.14 image/jpeg 1421355737.010   3036
>> 10.59.1.9 TCP_MISS/200 124617 GET
>> http://www.blogojciec.pl/wp-content/uploads/2014/11/277485096_a64e491f09_o-726x400.jpg
>> - HIER_DIRECT/185.23.21.14 image/jpeg 1421355737.461376
>> 10.59.1.9 TCP_MISS/200 627 GET
>> http://www.blogojciec.pl/wp-content/themes/rigel/images/main_slider_bg.png
>> - HIER_DIRECT/185.23.21.14 image/png 1421355737.842357
>> 10.59.1.9 TCP_MISS/200 447 GET
>> http://www.blogojciec.pl/wp-content/plugins/facebook-page-promoter-lightbox/includes/front/scs/blank.gif
>> - HIER_DIRECT/185.23.21.14 image/gif 1421355738.547   1695
>> 10.59.1.9 TCP_MISS/200 138449 GET
>> http://www.blogojciec.pl/wp-content/uploads/2013/09/DSC_1397.jpg
>> - HIER_DIRECT/185.23.21.14 image/jpeg 1421355738.819   2937
>> 10.59.1.9 TCP_MISS/200 143772 GET
>> http://www.blogojciec.pl/wp-content/uploads/2014/11/6947435171_465587a2d4_k-726x400.jpg
>> - HIER_DIRECT/185.23.21.14 image/jpeg 1421355741.078   7149
>> 10.59.1.9 TCP_MISS/200 384465 GET
>> http://www.blogojciec.pl/wp-content/uploads/2014/11/AMNESTY_STOP_1-716x400.png
>> - HIER_DIRECT/185.23.21.14 image/png 1421355741.339 240241
>> 10.59.1.9 TCP_MISS/200 5106 CONNECT clients2.google.com:443 -
>> HIER_DIRECT/2607:f8b0:4002:c07::8a - 1421355744.032   7405
>> 10.59.1.9 TCP_MISS/200 538419 GET
>> http://www.blogojciec.pl/wp-content/uploads/2014/11/Rachels-header-with-Ben-added-and-name-726x400.png
>> - HIER_DIRECT/185.23.21.14 image/png 1421355744.092   8379
>> 10.59.1.9 TCP_MISS/200 470427 GET
>> http://www.blogojciec.pl/wp-content/uploads/2014/11/poland-726x400.png
>> - HIER_DIRECT/185.23.21.14 image/png 1421355746.084   1964
>> 10.59.1.9 TCP_MISS/200 60489 GET
>> http://www.blogojciec.pl/wp-content/uploads/2015/01/4815760850_4b06e8e3d1_b-960x430.jpg
>> - HIER_DIRECT/185.23.21.14 image/jpeg 1421355746.333 351147
>> 10.59.1.9 TCP_MISS/200 9257 CONNECT api.instagram.com:443 -
>> HIER_DIRECT/107.23.224.121 - 1421355746.333  20041 10.59.1.9
>> TCP_MISS/200 173 CONNECT fbstatic-a.akamaihd.net:443 -
>> HIER_DIRECT/2600:1404:14::17dc:64b3 - 1421355746.333  20039
>> 10.59.1.9 TCP_MISS/200 173 CONNECT fbstatic-a.akamaihd.net:443 -
>> HIER_DIRECT/2600:1404:14::17dc:64b3 - 1421355746.507   2373
>> 10.59.1.9 TCP_MISS/200 152416 GET
>> http://www.blogojciec.pl/wp-content/uploads/2014/03/4957524690_62271cbc0f_o-e1409310201525-960x430.jpg
>> - HIER_DIRECT/185.23.21.14 image/jpeg 1421355747.597   3462
>> 10.59.1.9 TCP_MISS/200 207217 GET
>> http://www.blogojciec.pl/wp-content/uploads/2014/05/sad.jpg -
>> HIER_DIRECT/185.23.21.14 image/jpeg 1421355747.698   1184
>> 10.59.1.9 TCP_MISS/200 61353 GET
>> http://www.blogojciec.pl/wp-content/uploads/2014/12/6697132255_2ddb665dd7_o-800x430.jpg
>> - HIER_DIRECT/185.23.21.14 image/jpeg 1421355748.101   2006
>> 10.59.1.9 TCP_MISS/200 62702 GET
>> http://www.blogojciec.pl/wp-content/uploads/2015/01/1902628132_1dc03a6544_b-960x430.jpg
>> - HIER_DIRECT/185.23.21.14 image/jpeg 1421355750.199   6060
>> 10.59.1.9 TCP_MISS/200 87128 GET
>> http://www.blogojciec.pl/wp-content/uploads/2014/06/kitchenok.jpg
>> - HIER_DIRECT/185.23.21.14 image/jpeg 1421355750.357   2745
>> 10.59.1.9 TCP_MISS/200 91760 GET
>> http://www.blogojciec.pl/wp-content/uploads/2014/12/14296826765_557697dc2a_k-960x430.jpg
>> - HIER_DIRECT/185.23.21.14 image/jpeg 1421355750.542   6399
>> 10.59.1.9 TCP_MISS/200 174792 GET
>> http://www.blogojciec.pl/wp-content/uploads/2014/05/spiderman.jpg
>> - HIER_DIRECT/185.23.21.14 image/jpeg ^C
> 
>> My testing was: - first I opened this blog site in Chrome - then
>> I opened it in IE
> 
>> so why ?


The site is using HTTP header "Vary: User-Agent".

So each time you change browser Squid has to discard its content and
fetch new ones. There is nothing that can be done about that short of
getting the website itself fixed.

FYI: I checked these URLs with the tool you can find at
http://redbot.org/. Simply pick a URL you think should be cached, and
paste it into the redbot tool. It runs a series of tests and lists all
th

Re: [squid-users] Squid and site ryanair.com

[Amos Jeffries]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 16/01/2015 6:36 a.m., masterx81 wrote:
> I've also tried to add the domain ryanair.com to the domains that
> return DIRECT on the wpad file (for bypass squid), but also in this
> way that things on the site doesn't work.

I guess that means that your PAC file is broken,
 or your client is not using the PAC bypass like you think it was,
 or maybe not using the updated PAC.

DIRECT means not to even send the request to the proxy. Squid has
absolutely nothing to do with traffic going DIRECT in PAC.

> They work only if i disable totally the proxy. Any ideas? Thanks!
> 

Amos

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUuG+iAAoJELJo5wb/XPRj7ngH/3TALe/KhpLz7k9mWiZiTFyR
SMrQ2Wg+9o7TT15HmU9muGCpbUhlfgc1W5jp7Kt+ExmJxdyKOLjuqGhAhLOHalB/
U/xnd09JQP83j13IyPveEu3393o8wEASfnBFWvzKTekENdtale6ZY2paQHusgXra
d8JYNiKQwfP3CkQdbFkUwSnryVb8YFf+lyGYv2gJLq5vvX6eqmxCCS6dD8PdB4Y3
t0IH6JIxGxF8XWEZu8C5JJK4qzK5NCFxXW7wLcuuHUJbeyywfvgYHyJyOYRdPDL8
o1O5TX39U17CNJujYBSEXfrojxju1P+zsxrsD14PW4I2kCG3woi/qMWVl9KjuW0=
=14/t
-END PGP SIGNATURE-
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Odp: Re: Odp: Re: Odp: Odp: Re: Only TCP_MISS

[Robert]

Dnia Czwartek, 15 Stycznia 2015 22:16 Yuri Voinov  napisał(a)
>  -BEGIN PGP SIGNED MESSAGE- 
>  Hash: SHA1 
>   
>  Oh,
>  
>  of course - you must to warm up cache first also.
>  
>  :)
>  

1. warm up cache
What the hell is that ? ;) , no Squid installation guide says about it, please 
give me link to some (simple) guide to warm up my swap to cache as much as 
possible

2. "First reason - HTTP headers. I.e, no cache. etc. You can override them with 
refresh_patterns violations. :)"
Again, please tell me what refresh_patterns should I set to increase as most 
caching , also with headers caching if this is possible

3. I did next text with site pkp.pl:
1421356447.223193 10.59.1.9 TCP_MISS/200 4657 GET 
http://rozklad-pkp.pl/img/content/icons/disab.png - HIER_DIRECT/213.199.225.44 
image/png
1421356447.270200 10.59.1.9 TCP_MISS/200 4505 GET 
http://rozklad-pkp.pl/img/content/icons/direct.png - HIER_DIRECT/213.199.225.44 
image/png
1421356447.274961 10.59.1.9 TCP_MISS/200 80175 GET 
http://rozklad-pkp.pl/css/lato-bold-webfont.woff - HIER_DIRECT/213.199.225.44 
text/plain
1421356447.297190 10.59.1.9 TCP_MISS/200 1683 GET 
http://rozklad-pkp.pl/img/content/icons/arrow-down-3.png - 
HIER_DIRECT/213.199.225.44 image/png
1421356447.442198 10.59.1.9 TCP_MISS/200 1732 GET 
http://rozklad-pkp.pl/img/content/icons/main/plus.png - 
HIER_DIRECT/213.199.225.44 image/png
1421356447.455193 10.59.1.9 TCP_MISS/200 1834 GET 
http://rozklad-pkp.pl/img/header/search.png - HIER_DIRECT/213.199.225.44 
image/png
1421356447.476209 10.59.1.9 TCP_MISS/200 1665 GET 
http://rozklad-pkp.pl/img/content/icons/main/from.png - 
HIER_DIRECT/213.199.225.44 image/png
1421356447.502228 10.59.1.9 TCP_MISS/200 1641 GET 
http://rozklad-pkp.pl/img/content/icons/main/cal.png - 
HIER_DIRECT/213.199.225.44 image/png
1421356447.525  2 10.59.1.9 TCP_MEM_HIT/200 46701 GET 
http://rozklad-pkp.pl/img/content/icons/map/mapa3.png - HIER_NONE/- image/png
1421356447.530246 10.59.1.9 TCP_MISS/200 1666 GET 
http://rozklad-pkp.pl/img/content/icons/main/to.png - 
HIER_DIRECT/213.199.225.44 image/png
1421356447.569266 10.59.1.9 TCP_MISS/200 1735 GET 
http://rozklad-pkp.pl/img/content/icons/arrow-up-2.png - 
HIER_DIRECT/213.199.225.44 image/png
1421356447.901445 10.59.1.9 TCP_MISS/200 8944 GET 
http://rozklad-pkp.pl/img/content/bg/bn-na.png - HIER_DIRECT/213.199.225.44 
image/png
1421356447.932471 10.59.1.9 TCP_MISS/200 7638 GET 
http://rozklad-pkp.pl/img/content/bg/bn-na_780.png - HIER_DIRECT/213.199.225.44 
image/png
1421356447.959478 10.59.1.9 TCP_MISS/200 6506 GET 
http://rozklad-pkp.pl/img/content/bg/bn-na_480.png - HIER_DIRECT/213.199.225.44 
image/png
1421356448.457916 10.59.1.9 TCP_MISS/200 1573 GET 
http://rozklad-pkp.pl/img/content/icons/main/minus.png - 
HIER_DIRECT/213.199.225.44 image/png
1421356448.477932 10.59.1.9 TCP_MISS/200 1786 GET 
http://rozklad-pkp.pl/hafas-res/img/sel_prod_ice.gif - 
HIER_DIRECT/213.199.225.44 image/gif
1421356448.552979 10.59.1.9 TCP_MISS/200 1771 GET 
http://rozklad-pkp.pl/hafas-res/img/sel_prod_ic.gif - 
HIER_DIRECT/213.199.225.44 image/gif
1421356448.586   1281 10.59.1.9 TCP_MISS/200 672 GET 
http://bbcdn-bbnaut.ibillboard.com/server-static-files/bbnaut-b.swf - 
HIER_DIRECT/194.213.222.30 application/x-shockwave-flash
1421356448.668741 10.59.1.9 TCP_MISS/200 1823 GET 
http://rozklad-pkp.pl/hafas-res/img/sel_prod_ir-d.gif - 
HIER_DIRECT/213.199.225.44 image/gif
1421356448.694757 10.59.1.9 TCP_MISS/200 1868 GET 
http://rozklad-pkp.pl/hafas-res/img/sel_prod_re-rb.gif - 
HIER_DIRECT/213.199.225.44 image/gif
1421356448.956467 10.59.1.9 TCP_MISS/200 9284 GET 
http://rozklad-pkp.pl/img/content/banners/banner3.jpg - 
HIER_DIRECT/213.199.225.44 image/jpeg
1421356448.973477 10.59.1.9 TCP_MISS/200 4047 GET 
http://rozklad-pkp.pl/img/content/icons/arrow-up-4.png - 
HIER_DIRECT/213.199.225.44 image/png
1421356448.976417 10.59.1.9 TCP_MISS/200 636 GET 
http://rozklad-pkp.pl/css/images/ui-bg_flat_75_ff_40x100.png - 
HIER_DIRECT/213.199.225.44 image/png
1421356449.045324 10.59.1.9 TCP_MISS/200 5414 GET 
http://rozklad-pkp.pl/img/content/icons/bullet-active.png - 
HIER_DIRECT/213.199.225.44 image/png
1421356449.064338 10.59.1.9 TCP_MISS/200 4736 GET 
http://rozklad-pkp.pl/img/content/icons/bullet.png - HIER_DIRECT/213.199.225.44 
image/png
1421356449.110917 10.59.1.9 TCP_MISS/200 16451 GET 
http://rozklad-pkp.pl/img/content/banners/banner2.jpg - 
HIER_DIRECT/213.199.225.44 image/jpeg
1421356449.321179 10.59.1.9 TCP_MISS/200 1594 GET 
http://rozklad-pkp.pl/favicon.ico - HIER_DIRECT/213.199.225.44 
image/vnd.microsoft.icon
1421356449.658348 10.59.1.9 TCP_MISS/304 167 GET 
http://bbnaut.ibillboard.com/g/ca2 - HIER_DIRECT/62.209.227.210 -


.. and once again I see many picture files not cached , why ? 






___
squid-users mailing list
squid-users@lists.squid-cache.org
http://list

Re: [squid-users] Odp: Re: Odp: Odp: Re: Only TCP_MISS

[Yuri Voinov]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Oh,

of course - you must to warm up cache first also.

:)

16.01.2015 3:07, Robert ?:
> Dnia Czwartek, 15 Stycznia 2015 12:54 Yuri Voinov  
> napisał(a)
>> 
> This URL
> 
> http://www.squid-cache.org/Images/img4.jpg
> 
> produces HIT on second query.
> 
> 
>
> > Ok, this is working - give TCP_MEM_HIT/200
>
> > But can anybody explain me why such a images are not cached ?
> > 1421355736.332 341144 10.59.1.9 TCP_MISS/200 9228 CONNECT
api.instagram.com:443 - HIER_DIRECT/107.23.224.121 -
> > 1421355736.332  14042 10.59.1.9 TCP_MISS/200 255 CONNECT
www.facebook.com:443 - HIER_DIRECT/2a03:2880:f000:1:face:b00c:0:1 -
> > 1421355736.577   1980 10.59.1.9 TCP_MISS/200 62566 GET
http://www.blogojciec.pl/wp-content/uploads/2014/11/8334168249_1b5c1a6e7a_k-726x400.jpg
- HIER_DIRECT/185.23.21.14 image/jpeg
> > 1421355736.828738 10.59.1.9 TCP_MISS/200 48321 GET
http://www.blogojciec.pl/wp-content/uploads/2014/11/2335080161_6c96f831b1_b-726x400.jpg
- HIER_DIRECT/185.23.21.14 image/jpeg
> > 1421355737.010   3036 10.59.1.9 TCP_MISS/200 124617 GET
http://www.blogojciec.pl/wp-content/uploads/2014/11/277485096_a64e491f09_o-726x400.jpg
- HIER_DIRECT/185.23.21.14 image/jpeg
> > 1421355737.461376 10.59.1.9 TCP_MISS/200 627 GET
http://www.blogojciec.pl/wp-content/themes/rigel/images/main_slider_bg.png
- HIER_DIRECT/185.23.21.14 image/png
> > 1421355737.842357 10.59.1.9 TCP_MISS/200 447 GET
http://www.blogojciec.pl/wp-content/plugins/facebook-page-promoter-lightbox/includes/front/scs/blank.gif
- HIER_DIRECT/185.23.21.14 image/gif
> > 1421355738.547   1695 10.59.1.9 TCP_MISS/200 138449 GET
http://www.blogojciec.pl/wp-content/uploads/2013/09/DSC_1397.jpg -
HIER_DIRECT/185.23.21.14 image/jpeg
> > 1421355738.819   2937 10.59.1.9 TCP_MISS/200 143772 GET
http://www.blogojciec.pl/wp-content/uploads/2014/11/6947435171_465587a2d4_k-726x400.jpg
- HIER_DIRECT/185.23.21.14 image/jpeg
> > 1421355741.078   7149 10.59.1.9 TCP_MISS/200 384465 GET
http://www.blogojciec.pl/wp-content/uploads/2014/11/AMNESTY_STOP_1-716x400.png
- HIER_DIRECT/185.23.21.14 image/png
> > 1421355741.339 240241 10.59.1.9 TCP_MISS/200 5106 CONNECT
clients2.google.com:443 - HIER_DIRECT/2607:f8b0:4002:c07::8a -
> > 1421355744.032   7405 10.59.1.9 TCP_MISS/200 538419 GET
http://www.blogojciec.pl/wp-content/uploads/2014/11/Rachels-header-with-Ben-added-and-name-726x400.png
- HIER_DIRECT/185.23.21.14 image/png
> > 1421355744.092   8379 10.59.1.9 TCP_MISS/200 470427 GET
http://www.blogojciec.pl/wp-content/uploads/2014/11/poland-726x400.png -
HIER_DIRECT/185.23.21.14 image/png
> > 1421355746.084   1964 10.59.1.9 TCP_MISS/200 60489 GET
http://www.blogojciec.pl/wp-content/uploads/2015/01/4815760850_4b06e8e3d1_b-960x430.jpg
- HIER_DIRECT/185.23.21.14 image/jpeg
> > 1421355746.333 351147 10.59.1.9 TCP_MISS/200 9257 CONNECT
api.instagram.com:443 - HIER_DIRECT/107.23.224.121 -
> > 1421355746.333  20041 10.59.1.9 TCP_MISS/200 173 CONNECT
fbstatic-a.akamaihd.net:443 - HIER_DIRECT/2600:1404:14::17dc:64b3 -
> > 1421355746.333  20039 10.59.1.9 TCP_MISS/200 173 CONNECT
fbstatic-a.akamaihd.net:443 - HIER_DIRECT/2600:1404:14::17dc:64b3 -
> > 1421355746.507   2373 10.59.1.9 TCP_MISS/200 152416 GET
http://www.blogojciec.pl/wp-content/uploads/2014/03/4957524690_62271cbc0f_o-e1409310201525-960x430.jpg
- HIER_DIRECT/185.23.21.14 image/jpeg
> > 1421355747.597   3462 10.59.1.9 TCP_MISS/200 207217 GET
http://www.blogojciec.pl/wp-content/uploads/2014/05/sad.jpg -
HIER_DIRECT/185.23.21.14 image/jpeg
> > 1421355747.698   1184 10.59.1.9 TCP_MISS/200 61353 GET
http://www.blogojciec.pl/wp-content/uploads/2014/12/6697132255_2ddb665dd7_o-800x430.jpg
- HIER_DIRECT/185.23.21.14 image/jpeg
> > 1421355748.101   2006 10.59.1.9 TCP_MISS/200 62702 GET
http://www.blogojciec.pl/wp-content/uploads/2015/01/1902628132_1dc03a6544_b-960x430.jpg
- HIER_DIRECT/185.23.21.14 image/jpeg
> > 1421355750.199   6060 10.59.1.9 TCP_MISS/200 87128 GET
http://www.blogojciec.pl/wp-content/uploads/2014/06/kitchenok.jpg -
HIER_DIRECT/185.23.21.14 image/jpeg
> > 1421355750.357   2745 10.59.1.9 TCP_MISS/200 91760 GET
http://www.blogojciec.pl/wp-content/uploads/2014/12/14296826765_557697dc2a_k-960x430.jpg
- HIER_DIRECT/185.23.21.14 image/jpeg
> > 1421355750.542   6399 10.59.1.9 TCP_MISS/200 174792 GET
http://www.blogojciec.pl/wp-content/uploads/2014/05/spiderman.jpg -
HIER_DIRECT/185.23.21.14 image/jpeg
> > ^C
>
> > My testing was:
> > - first I opened this blog site in Chrome
> > - then I opened it in IE
>
> > so why ?
>
>
>
> 
> 15.01.2015 17:44, Robert пишет:
> >>> [...]
> >>>
> > 1421183413.322185 10.59.1.9 TCP_MISS_ABORTED/503 1541 GET
> >> http://www.amazon.com/gp/am/metro/application/livetileRedirect? -
> >> HIER_DIRECT/205.251.242.103 text/html
> >> 1421183415.611132 10.59.1.9 TCP_MISS/206 8526 GET
> >> http://img.stb.s-msn.com/usappex/tenant/amp/entityid/AA87i9P.jpg? -
> >> HIER_DIRECT/23.220.133.211 image/jpeg 1421183416.619 34
> >>>

Re: [squid-users] Odp: Re: Odp: Odp: Re: Only TCP_MISS

[Yuri Voinov]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
:)

First reason - HTTP headers. I.e, no cache. etc. You can override them
with refresh_patterns violations. :)

Second - dynamic generated content required some special works to be cached.
Note: not all dynamic content can be easy cached.
 
:)

16.01.2015 3:07, Robert ?:
> Dnia Czwartek, 15 Stycznia 2015 12:54 Yuri Voinov  
> napisał(a)
>> 
> This URL
> 
> http://www.squid-cache.org/Images/img4.jpg
> 
> produces HIT on second query.
> 
> 
>
> > Ok, this is working - give TCP_MEM_HIT/200
>
> > But can anybody explain me why such a images are not cached ?
> > 1421355736.332 341144 10.59.1.9 TCP_MISS/200 9228 CONNECT
api.instagram.com:443 - HIER_DIRECT/107.23.224.121 -
> > 1421355736.332  14042 10.59.1.9 TCP_MISS/200 255 CONNECT
www.facebook.com:443 - HIER_DIRECT/2a03:2880:f000:1:face:b00c:0:1 -
> > 1421355736.577   1980 10.59.1.9 TCP_MISS/200 62566 GET
http://www.blogojciec.pl/wp-content/uploads/2014/11/8334168249_1b5c1a6e7a_k-726x400.jpg
- HIER_DIRECT/185.23.21.14 image/jpeg
> > 1421355736.828738 10.59.1.9 TCP_MISS/200 48321 GET
http://www.blogojciec.pl/wp-content/uploads/2014/11/2335080161_6c96f831b1_b-726x400.jpg
- HIER_DIRECT/185.23.21.14 image/jpeg
> > 1421355737.010   3036 10.59.1.9 TCP_MISS/200 124617 GET
http://www.blogojciec.pl/wp-content/uploads/2014/11/277485096_a64e491f09_o-726x400.jpg
- HIER_DIRECT/185.23.21.14 image/jpeg
> > 1421355737.461376 10.59.1.9 TCP_MISS/200 627 GET
http://www.blogojciec.pl/wp-content/themes/rigel/images/main_slider_bg.png
- HIER_DIRECT/185.23.21.14 image/png
> > 1421355737.842357 10.59.1.9 TCP_MISS/200 447 GET
http://www.blogojciec.pl/wp-content/plugins/facebook-page-promoter-lightbox/includes/front/scs/blank.gif
- HIER_DIRECT/185.23.21.14 image/gif
> > 1421355738.547   1695 10.59.1.9 TCP_MISS/200 138449 GET
http://www.blogojciec.pl/wp-content/uploads/2013/09/DSC_1397.jpg -
HIER_DIRECT/185.23.21.14 image/jpeg
> > 1421355738.819   2937 10.59.1.9 TCP_MISS/200 143772 GET
http://www.blogojciec.pl/wp-content/uploads/2014/11/6947435171_465587a2d4_k-726x400.jpg
- HIER_DIRECT/185.23.21.14 image/jpeg
> > 1421355741.078   7149 10.59.1.9 TCP_MISS/200 384465 GET
http://www.blogojciec.pl/wp-content/uploads/2014/11/AMNESTY_STOP_1-716x400.png
- HIER_DIRECT/185.23.21.14 image/png
> > 1421355741.339 240241 10.59.1.9 TCP_MISS/200 5106 CONNECT
clients2.google.com:443 - HIER_DIRECT/2607:f8b0:4002:c07::8a -
> > 1421355744.032   7405 10.59.1.9 TCP_MISS/200 538419 GET
http://www.blogojciec.pl/wp-content/uploads/2014/11/Rachels-header-with-Ben-added-and-name-726x400.png
- HIER_DIRECT/185.23.21.14 image/png
> > 1421355744.092   8379 10.59.1.9 TCP_MISS/200 470427 GET
http://www.blogojciec.pl/wp-content/uploads/2014/11/poland-726x400.png -
HIER_DIRECT/185.23.21.14 image/png
> > 1421355746.084   1964 10.59.1.9 TCP_MISS/200 60489 GET
http://www.blogojciec.pl/wp-content/uploads/2015/01/4815760850_4b06e8e3d1_b-960x430.jpg
- HIER_DIRECT/185.23.21.14 image/jpeg
> > 1421355746.333 351147 10.59.1.9 TCP_MISS/200 9257 CONNECT
api.instagram.com:443 - HIER_DIRECT/107.23.224.121 -
> > 1421355746.333  20041 10.59.1.9 TCP_MISS/200 173 CONNECT
fbstatic-a.akamaihd.net:443 - HIER_DIRECT/2600:1404:14::17dc:64b3 -
> > 1421355746.333  20039 10.59.1.9 TCP_MISS/200 173 CONNECT
fbstatic-a.akamaihd.net:443 - HIER_DIRECT/2600:1404:14::17dc:64b3 -
> > 1421355746.507   2373 10.59.1.9 TCP_MISS/200 152416 GET
http://www.blogojciec.pl/wp-content/uploads/2014/03/4957524690_62271cbc0f_o-e1409310201525-960x430.jpg
- HIER_DIRECT/185.23.21.14 image/jpeg
> > 1421355747.597   3462 10.59.1.9 TCP_MISS/200 207217 GET
http://www.blogojciec.pl/wp-content/uploads/2014/05/sad.jpg -
HIER_DIRECT/185.23.21.14 image/jpeg
> > 1421355747.698   1184 10.59.1.9 TCP_MISS/200 61353 GET
http://www.blogojciec.pl/wp-content/uploads/2014/12/6697132255_2ddb665dd7_o-800x430.jpg
- HIER_DIRECT/185.23.21.14 image/jpeg
> > 1421355748.101   2006 10.59.1.9 TCP_MISS/200 62702 GET
http://www.blogojciec.pl/wp-content/uploads/2015/01/1902628132_1dc03a6544_b-960x430.jpg
- HIER_DIRECT/185.23.21.14 image/jpeg
> > 1421355750.199   6060 10.59.1.9 TCP_MISS/200 87128 GET
http://www.blogojciec.pl/wp-content/uploads/2014/06/kitchenok.jpg -
HIER_DIRECT/185.23.21.14 image/jpeg
> > 1421355750.357   2745 10.59.1.9 TCP_MISS/200 91760 GET
http://www.blogojciec.pl/wp-content/uploads/2014/12/14296826765_557697dc2a_k-960x430.jpg
- HIER_DIRECT/185.23.21.14 image/jpeg
> > 1421355750.542   6399 10.59.1.9 TCP_MISS/200 174792 GET
http://www.blogojciec.pl/wp-content/uploads/2014/05/spiderman.jpg -
HIER_DIRECT/185.23.21.14 image/jpeg
> > ^C
>
> > My testing was:
> > - first I opened this blog site in Chrome
> > - then I opened it in IE
>
> > so why ?
>
>
>
> 
> 15.01.2015 17:44, Robert пишет:
> >>> [...]
> >>>
> > 1421183413.322185 10.59.1.9 TCP_MISS_ABORTED/503 1541 GET
> >> http://www.amazon.com/gp/am/metro/application/livetileRedirect? -
> >> HIER_DIRECT/205.251.242.103 text/html
> >> 1421183415.6111

[squid-users] Odp: Re: Odp: Odp: Re: Only TCP_MISS

[Robert]

Dnia Czwartek, 15 Stycznia 2015 12:54 Yuri Voinov  napisał(a)
>  
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>  
> This URL
>  
> http://www.squid-cache.org/Images/img4.jpg
>  
> produces HIT on second query.
>  
>  

Ok, this is working - give TCP_MEM_HIT/200

But can anybody explain me why such a images are not cached ?
1421355736.332 341144 10.59.1.9 TCP_MISS/200 9228 CONNECT api.instagram.com:443 
- HIER_DIRECT/107.23.224.121 -
1421355736.332  14042 10.59.1.9 TCP_MISS/200 255 CONNECT www.facebook.com:443 - 
HIER_DIRECT/2a03:2880:f000:1:face:b00c:0:1 -
1421355736.577   1980 10.59.1.9 TCP_MISS/200 62566 GET 
http://www.blogojciec.pl/wp-content/uploads/2014/11/8334168249_1b5c1a6e7a_k-726x400.jpg
 - HIER_DIRECT/185.23.21.14 image/jpeg
1421355736.828738 10.59.1.9 TCP_MISS/200 48321 GET 
http://www.blogojciec.pl/wp-content/uploads/2014/11/2335080161_6c96f831b1_b-726x400.jpg
 - HIER_DIRECT/185.23.21.14 image/jpeg
1421355737.010   3036 10.59.1.9 TCP_MISS/200 124617 GET 
http://www.blogojciec.pl/wp-content/uploads/2014/11/277485096_a64e491f09_o-726x400.jpg
 - HIER_DIRECT/185.23.21.14 image/jpeg
1421355737.461376 10.59.1.9 TCP_MISS/200 627 GET 
http://www.blogojciec.pl/wp-content/themes/rigel/images/main_slider_bg.png - 
HIER_DIRECT/185.23.21.14 image/png
1421355737.842357 10.59.1.9 TCP_MISS/200 447 GET 
http://www.blogojciec.pl/wp-content/plugins/facebook-page-promoter-lightbox/includes/front/scs/blank.gif
 - HIER_DIRECT/185.23.21.14 image/gif
1421355738.547   1695 10.59.1.9 TCP_MISS/200 138449 GET 
http://www.blogojciec.pl/wp-content/uploads/2013/09/DSC_1397.jpg - 
HIER_DIRECT/185.23.21.14 image/jpeg
1421355738.819   2937 10.59.1.9 TCP_MISS/200 143772 GET 
http://www.blogojciec.pl/wp-content/uploads/2014/11/6947435171_465587a2d4_k-726x400.jpg
 - HIER_DIRECT/185.23.21.14 image/jpeg
1421355741.078   7149 10.59.1.9 TCP_MISS/200 384465 GET 
http://www.blogojciec.pl/wp-content/uploads/2014/11/AMNESTY_STOP_1-716x400.png 
- HIER_DIRECT/185.23.21.14 image/png
1421355741.339 240241 10.59.1.9 TCP_MISS/200 5106 CONNECT 
clients2.google.com:443 - HIER_DIRECT/2607:f8b0:4002:c07::8a -
1421355744.032   7405 10.59.1.9 TCP_MISS/200 538419 GET 
http://www.blogojciec.pl/wp-content/uploads/2014/11/Rachels-header-with-Ben-added-and-name-726x400.png
 - HIER_DIRECT/185.23.21.14 image/png
1421355744.092   8379 10.59.1.9 TCP_MISS/200 470427 GET 
http://www.blogojciec.pl/wp-content/uploads/2014/11/poland-726x400.png - 
HIER_DIRECT/185.23.21.14 image/png
1421355746.084   1964 10.59.1.9 TCP_MISS/200 60489 GET 
http://www.blogojciec.pl/wp-content/uploads/2015/01/4815760850_4b06e8e3d1_b-960x430.jpg
 - HIER_DIRECT/185.23.21.14 image/jpeg
1421355746.333 351147 10.59.1.9 TCP_MISS/200 9257 CONNECT api.instagram.com:443 
- HIER_DIRECT/107.23.224.121 -
1421355746.333  20041 10.59.1.9 TCP_MISS/200 173 CONNECT 
fbstatic-a.akamaihd.net:443 - HIER_DIRECT/2600:1404:14::17dc:64b3 -
1421355746.333  20039 10.59.1.9 TCP_MISS/200 173 CONNECT 
fbstatic-a.akamaihd.net:443 - HIER_DIRECT/2600:1404:14::17dc:64b3 -
1421355746.507   2373 10.59.1.9 TCP_MISS/200 152416 GET 
http://www.blogojciec.pl/wp-content/uploads/2014/03/4957524690_62271cbc0f_o-e1409310201525-960x430.jpg
 - HIER_DIRECT/185.23.21.14 image/jpeg
1421355747.597   3462 10.59.1.9 TCP_MISS/200 207217 GET 
http://www.blogojciec.pl/wp-content/uploads/2014/05/sad.jpg - 
HIER_DIRECT/185.23.21.14 image/jpeg
1421355747.698   1184 10.59.1.9 TCP_MISS/200 61353 GET 
http://www.blogojciec.pl/wp-content/uploads/2014/12/6697132255_2ddb665dd7_o-800x430.jpg
 - HIER_DIRECT/185.23.21.14 image/jpeg
1421355748.101   2006 10.59.1.9 TCP_MISS/200 62702 GET 
http://www.blogojciec.pl/wp-content/uploads/2015/01/1902628132_1dc03a6544_b-960x430.jpg
 - HIER_DIRECT/185.23.21.14 image/jpeg
1421355750.199   6060 10.59.1.9 TCP_MISS/200 87128 GET 
http://www.blogojciec.pl/wp-content/uploads/2014/06/kitchenok.jpg - 
HIER_DIRECT/185.23.21.14 image/jpeg
1421355750.357   2745 10.59.1.9 TCP_MISS/200 91760 GET 
http://www.blogojciec.pl/wp-content/uploads/2014/12/14296826765_557697dc2a_k-960x430.jpg
 - HIER_DIRECT/185.23.21.14 image/jpeg
1421355750.542   6399 10.59.1.9 TCP_MISS/200 174792 GET 
http://www.blogojciec.pl/wp-content/uploads/2014/05/spiderman.jpg - 
HIER_DIRECT/185.23.21.14 image/jpeg
^C

My testing was:
- first I opened this blog site in Chrome
- then I opened it in IE

so why ?



>  
> 15.01.2015 17:44, Robert пишет:
> > [...]
> >
> >>> 1421183413.322185 10.59.1.9 TCP_MISS_ABORTED/503 1541 GET
>  http://www.amazon.com/gp/am/metro/application/livetileRedirect? -
>  HIER_DIRECT/205.251.242.103 text/html
>  1421183415.611132 10.59.1.9 TCP_MISS/206 8526 GET
>  http://img.stb.s-msn.com/usappex/tenant/amp/entityid/AA87i9P.jpg? -
>  HIER_DIRECT/23.220.133.211 image/jpeg 1421183416.619 34
>  10.59.1.9 TCP_MISS/206 834 GET
>  http://img.stb.s-msn.com/usappex/tenant/amp/entityid/AA87i9P.jpg? -
>  HIER_DIRECT/23.220.133.211 image/jpeg 1421183417.094 76
>  10.59.1.9

Re: [squid-users] Squid and site ryanair.com

[Yuri Voinov]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Just tested on my proxy.

All works like charm.

May be, you block some JS?

15.01.2015 23:36, masterx81 пишет:
> I've also tried to add the domain ryanair.com to the domains that return
> DIRECT on the wpad file (for bypass squid), but also in this way that
things
> on the site doesn't work.
> They work only if i disable totally the proxy.
> Any ideas? Thanks!
>
>
>
> --
> View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-and-site-ryanair-com-tp4669105p4669108.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBAgAGBQJUuBAXAAoJENNXIZxhPexGK1YH/RG2lLAf+6/r3Qbkby4Ny3O6
9xZ05W7J2hGBh2Ew37iHTCxiQ7pJq5bnl53L5TlQzQCYcpudv6icdYa8gfMSi4tX
bdKZCIClLO9j1uQ3Cd76L35oigzzJOgqZIAqyfFuqCDVXKdNWPLKul4GEGaS0Scb
+BOW9n3rstZaximkP56oDRCjZzOgnfPcukKoccMYvDCPX4Yd8lWGu20vsIaYQ6OT
X+HtvkeQheLONijRrngxIqBCjpiTruv/JtO669HDaEhELRohkhzYSRSCL8gutY2j
2aKV0pAVk9wcfW8iNa3qT4UUvpTkq4ywvu6IgogQ73PxqTHy5zxIVWq9mikXvzw=
=X3XR
-END PGP SIGNATURE-

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid and site ryanair.com

[masterx81]

I've also tried to add the domain ryanair.com to the domains that return
DIRECT on the wpad file (for bypass squid), but also in this way that things
on the site doesn't work.
They work only if i disable totally the proxy.
Any ideas? Thanks!



--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-and-site-ryanair-com-tp4669105p4669108.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid 3.4.10 sometimes catch assertion without core

[Yuri Voinov]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
It's opened already,

we need only details and confirmation.

http://bugs.squid-cache.org/show_bug.cgi?id=3775

Amos believe this is the same bug.

Will explore.
 
15.01.2015 22:07, FredB пишет:
>
>
>> This is not core file size issue, Fred.
>>
>> In SunOS core dumps produces by kernel, with uid=0.
>>
>> Root has unlimited limits set by default.
>>
>> On this server was running Squid 2 over three years and problems with
>> dumps never occurred.
>>
>> So, the problem not in system settings.
>>
>> I'll try to catch problem tommorrow, using DTrace, diring peak hours.
>>
>> Let's see on this.
>>
>
>
> Ok no problem, this was just to say that there are some different
ulimit parameters
> and "unlimited limits" is not specific enough (as you can see with
ulimit -a)
> I'm thinking about that because in my bug report, half_closed_client
on, I have a core and this core was only generated with this ulimit
command in startup script.
>
> After Dtrace return, maybe you should open a bug report.
>
> Fred
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBAgAGBQJUt+Z/AAoJENNXIZxhPexG2NkIAMFgJtahJybtaUNCKtG3nkjX
6vpV4nY6YfPLmaSlEfwzF6omE48F7lJ8Vm5VA5mFL+vtuqtsGAsa+d+paf/+2/Gy
nW1sxMGfGuGBxs5IAe1EwVXqSYkif3KhMxin7BCoZDtJep6CHU2cW4RhqULXlWao
I5E6N4w5tfUQ5YS6hFwbwJn+ZlZ0Q9VoJojkloPcvxZuBjx4E+/rbtircuZ1b8+s
mCFKpx5UmJy4pWA7u7jJJG+2lTvpliWotVtBUmjHnaKMrEHIazEAjXkeTECUDMSY
C+9/Z2wgIPCSmwOh8pD2MmpnosVwb2MFQTymxMCVi8Z57m5vG2sduqHeyGbJl4U=
=usGj
-END PGP SIGNATURE-

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid 3.4.10 sometimes catch assertion without core

[FredB]

> This is not core file size issue, Fred.
> 
> In SunOS core dumps produces by kernel, with uid=0.
> 
> Root has unlimited limits set by default.
> 
> On this server was running Squid 2 over three years and problems with
> dumps never occurred.
> 
> So, the problem not in system settings.
> 
> I'll try to catch problem tommorrow, using DTrace, diring peak hours.
> 
> Let's see on this.
> 


Ok no problem, this was just to say that there are some different ulimit 
parameters
and "unlimited limits" is not specific enough (as you can see with ulimit -a)
I'm thinking about that because in my bug report, half_closed_client on, I have 
a core and this core was only generated with this ulimit command in startup 
script.

After Dtrace return, maybe you should open a bug report.

Fred
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Squid and site ryanair.com

[masterx81]

Hi!
I have squid/3.3.13 on a centos 6.5, configured with ntlm and kerberos auth.
I'm having throubles to get work the http site ryanair.com.
The dynamic content of the page (the find flights button and the calendars,
that as far i can see are js+css) are not working (the calendars does not
open and the button doesn't highlight on mouse move). I've also tried to put
an exception for the dstdomain ryanair.com before the auth, and i have the
same problem.
On access.log i get only DENIED on:

1421337197.667  0 172.16.2.210 TCP_DENIED/407 3944 CONNECT
s-static.ak.facebook.com:443 - HIER_NONE/- text/html
1421337195.919  0 172.16.2.210 TCP_DENIED/407 3908 CONNECT
apis.google.com:443 - HIER_NONE/- text/html

there was also a DENIED on:
1421337020.420  0 172.16.2.210 TCP_DENIED/407 4354 GET
http://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.3.6/slick.css -
HIER_NONE/- text/html

I've tried to bypass also auth on dstdomain cloudflare.com, now i get a MISS
on that instead of a DENIED, but the page still not work.

If i bypass totally the proxy the site works. 

Can someone explain me how to get around this?
Really thanks!



--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-and-site-ryanair-com-tp4669105.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid 3.4.10 sometimes catch assertion without core

[Yuri Voinov]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
This is not core file size issue, Fred.

In SunOS core dumps produces by kernel, with uid=0.

Root has unlimited limits set by default.

On this server was running Squid 2 over three years and problems with
dumps never occurred.

So, the problem not in system settings.

I'll try to catch problem tommorrow, using DTrace, diring peak hours.

Let's see on this.

15.01.2015 21:41, FredB пишет:
>
>
>> root @ proxyhost /var/core # ulimit
>> unlimited
>>
>
> This is not related with ulimit -c , please take a look at ulimit -a
> "ulimit -c ulimited" in statupt script only set your core file size to
unlimited
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBAgAGBQJUt+EZAAoJENNXIZxhPexG9MwH/RjQZnXKlJ+ypKieOPkEzgrI
TnCsPyPWEN+fgXDfkKCcNp3Vrn00MSnMUIBByVS7OoJLYOOdsol0ekuqOmDhPIyx
NfTPWCWu/vJe2bRmPbB8YmbvfrC5cTSYWzcF4vb+Lc91F1md1Cq88PKsvwesz1sA
gEOmcpHIiPcreFUXC/gulIKUzb9QZ8NFJHqyHkiKOVejVpOXrhA6s8H48RR1xczp
nMA1x2RaaZNOZjVP7d6eTqvHcn+lq67mqC+yVwFr7dANGoz6yn6ylFKUFB9LSHw/
nGO8vS8FQNetk9U/Qw5ePL0Cl7+DYdV6VNMkuiakDWSzTtoL5XxX21pJVVnsPxM=
=Sdvj
-END PGP SIGNATURE-

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid 3.4.10 sometimes catch assertion without core

[Yuri Voinov]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
What I observed myself:

This event correlates with users network activity and massive cached
content output during peak hours.

In other hours it does not occurs.

I've checked all network infrastructure, configurations and see no stranges.

I can't see any direct correlations with other system behaviour.

15.01.2015 21:29, FredB пишет:
>
>> Squid not required unlimited limits to startup and normal work. In my
>> SMF startup method uses 128K values to limit filedescriptors during
>> startup. System hard limits are above this value.
>>
>
> ulimit -c is only about core
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBAgAGBQJUt+AiAAoJENNXIZxhPexGOZkH+gJvSymRiq8Ib/S5xo/FFN+1
TMBgtTl3jBB5SLOSwG0A99dpEoMo4lZgM8KuMcFHC4uZN5vYt09zafMejyvCV4A3
G5aR3JmHJBGhEBOBBNbAEwWN1wk9nOMZl1ylHEHyhAzyra6i8xUnIwvfqJkcHbWi
FJeQjnJOgVDcuGDU3w36A37WNyKEZmBEHC0XAyBGAOJxBxG+MeriRp8sgDmhboZW
v+pIVedL5lzH0SABUnHFKJhlwHfX+mFP/LkptdWXVY7iIyQJD5Vmupf2VHvgNQBf
UVuYoujI3oJGSUnoXxHwNUS6OVUSVTS2+0L0Y7i/Z89oNFeu9O3EPBFsUiMfDlc=
=n3qS
-END PGP SIGNATURE-

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid 3.4.10 sometimes catch assertion without core

[FredB]

> root @ proxyhost /var/core # ulimit
> unlimited
> 

This is not related with ulimit -c , please take a look at ulimit -a 
"ulimit -c ulimited" in statupt script only set your core file size to 
unlimited 
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid 3.4.10 sometimes catch assertion without core

[Yuri Voinov]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
He does not even attempt to write the dump.

Just restarts, write to /var/adm/messages and squid.log and restarts.

15.01.2015 21:29, FredB пишет:
>
>> Squid not required unlimited limits to startup and normal work. In my
>> SMF startup method uses 128K values to limit filedescriptors during
>> startup. System hard limits are above this value.
>>
>
> ulimit -c is only about core
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBAgAGBQJUt91SAAoJENNXIZxhPexGweAH/1TWBRoWiczKuSPcDhgsIZpt
DLOuYP4Oy8P2Fgk6yYJzok+sCWvsO2pgkawCJVZa2fzowUxQIqIL4oYBLjFR12Dt
caOmLZ8+oIDxQNuUFBOdGsGaRu8KAH7yCoT70LJRCUNPEFRrSwMblORZBViENQCd
6T6xywK51gAgLkoXdIYgN1ZcJf3NhHlfiE2ARdV4V6pIxwZk9giTwl01sYjQ4rK6
bZMu/XJ2B58ReX0qX43gcjUfJJLEPJKN/0DdiijtCf/qDj4DlQl35Nc1LYC5vhxt
SKdUs97h2nHeizZWNraJfrdrcewH7iEWrGsnuVVOrlikTR14Rjp/xh6ocxeVf5g=
=QRb/
-END PGP SIGNATURE-

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid 3.4.10 sometimes catch assertion without core

[Yuri Voinov]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Solaris 10. Initially squid runs by root. Squid 3 cannot be run via su -
squid -c "".

root @ proxyhost /var/core # ulimit
unlimited

In /var mountpoint I have 13 Gb free space:

rpool/ROOT/s10x_u11wos_24a/var   571M  13.3G   571M  /var

:)

I'm neither idiot nor newbi. :)

These obvious things I can't be seen. :)

15.01.2015 21:26, FredB пишет:
>
>>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>> 
>> Absolutely sure.
>>
>> root @ proxyhost /var/core # coreadm
>>  global core file pattern: /var/core/core.%f.%p
>>  global core file content: default
>>init core file pattern: /var/core/core.%f.%p
>>init core file content: default
>> global core dumps: enabled
>>per-process core dumps: enabled
>>   global setid core dumps: disabled
>>  per-process setid core dumps: disabled
>>  global core dump logging: enabled
>>
>> As I said, other processes produces core dumps without any problems.
>>
>
> Sun OS ? processes running as root or with user account ?
> And about ulimit ? the core size could be huge
>
> 
>
> Regards,
>
> Fred
>
> http://numsys.eu
> http://e2guardian.org
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBAgAGBQJUt9z3AAoJENNXIZxhPexGr40H/2zHOswwS3q6CStwcHLP/saS
jeXb/b5exIFHjeyDNeFcABHiUzoTNvGgNA57h4YCjD+S5MVUXNL9yfurWDsFZ4j0
lEA2O7jj4hDh2vPKPnraTS1VbyUf3jXvHa7fAU0Qjwpu5r3lZ6pwxnZ0vRuxSUU1
tVPbKricoI6IqosE7XZqTCG86Nfuawvoz3jgXaJwAfHrOz7Bgeu5qKbbjwuWq6fH
+ajjd5BMdgdfY54RLhUflwa7EGeCiEmEGiBDqlmOrJOZ3/90GtBDnb4alZkduUM2
Q1UfbV+TKQ7LGGubVWxi25tcMlnZayfpHmLyiErUZTyNE48R2EZRIBKSaKY8nlw=
=c/rk
-END PGP SIGNATURE-

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid 3.4.10 sometimes catch assertion without core

[FredB]

> Squid not required unlimited limits to startup and normal work. In my
> SMF startup method uses 128K values to limit filedescriptors during
> startup. System hard limits are above this value.
> 

ulimit -c is only about core 

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid 3.4.10 sometimes catch assertion without core

[FredB]

> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>  
> Absolutely sure.
> 
> root @ proxyhost /var/core # coreadm
>  global core file pattern: /var/core/core.%f.%p
>  global core file content: default
>init core file pattern: /var/core/core.%f.%p
>init core file content: default
> global core dumps: enabled
>per-process core dumps: enabled
>   global setid core dumps: disabled
>  per-process setid core dumps: disabled
>  global core dump logging: enabled
> 
> As I said, other processes produces core dumps without any problems.
> 

Sun OS ? processes running as root or with user account ?
And about ulimit ? the core size could be huge



Regards,

Fred

http://numsys.eu
http://e2guardian.org
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid 3.4.10 sometimes catch assertion without core

[Yuri Voinov]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 

15.01.2015 21:15, FredB пишет:
>
>
>
>> 2015/01/06 15:52:10 kid1| storeLateRelease: released 0 objects
>> 2015/01/06 15:52:11 kid1| assertion failed: comm.cc:178:
>> "fd_table[conn->fd].halfClosedReader != NULL"
>> 2015/01/06 15:52:15 kid1| Set Current Directory to /var/core
>>
>> Core dump not produced.
>>
>
> Are you sure about the rights/path of /var/core ? Squid user can write
in this directory ?
> If needed you can change the path with coredump_dir /something in
squid.conf
>
> Also take care at ulimit
>
> http://wiki.squid-cache.org/SquidFaq/BugReporting
>
> Personally, I'm using ulimit -c unlimited in (squid) start up script
Squid not required unlimited limits to startup and normal work. In my
SMF startup method uses 128K values to limit filedescriptors during
startup. System hard limits are above this value.

>
>
> 
>
> Regards,
>
> Fred
>
> http://numsys.eu
> http://e2guardian.org
>
>
>
>
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBAgAGBQJUt9s/AAoJENNXIZxhPexG7j0H/3Yv14bF0N701fOnCtJir0xS
otaZRCmEUSS1q8TkpGNaWGnCSRXhtnnOStT6Z9yjdy1Pm6diiz2Qoamme8mVyUSb
JyJS7urB3jbFC/UG48dg+tSBsA3jQdNdqpMGRGk1yIDVGLLTlfthK25nQleXGpUX
JGJGC3cuah766gD0ycMNfjWNpDdI8U6/Wl/UlWAtC0yR0Ihu6cArJQT61JLG54ki
0yeMr4fhFz3g3Sjhk2WRMiWFh0EDO9vQCJ9NPoDV5s9pFoL5hyaMgvnsBBydQhrk
6RUUMnINX+DRFJQdk2bC65jlpPGLtm35fvjXnKX9v9PBE8YRjU8Eo3IpLI+QLow=
=P7t/
-END PGP SIGNATURE-

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid 3.4.10 sometimes catch assertion without core

[Yuri Voinov]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Absolutely sure.

root @ proxyhost /var/core # coreadm
 global core file pattern: /var/core/core.%f.%p
 global core file content: default
   init core file pattern: /var/core/core.%f.%p
   init core file content: default
global core dumps: enabled
   per-process core dumps: enabled
  global setid core dumps: disabled
 per-process setid core dumps: disabled
 global core dump logging: enabled

As I said, other processes produces core dumps without any problems.

15.01.2015 21:15, FredB пишет:
>
>
>
>> 2015/01/06 15:52:10 kid1| storeLateRelease: released 0 objects
>> 2015/01/06 15:52:11 kid1| assertion failed: comm.cc:178:
>> "fd_table[conn->fd].halfClosedReader != NULL"
>> 2015/01/06 15:52:15 kid1| Set Current Directory to /var/core
>>
>> Core dump not produced.
>>
>
> Are you sure about the rights/path of /var/core ? Squid user can write
in this directory ?
> If needed you can change the path with coredump_dir /something in
squid.conf
>
> Also take care at ulimit
>
> http://wiki.squid-cache.org/SquidFaq/BugReporting
>
> Personally, I'm using ulimit -c unlimited in (squid) start up script
>
> 
>
> Regards,
>
> Fred
>
> http://numsys.eu
> http://e2guardian.org
>
>
>
>
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBAgAGBQJUt9rVAAoJENNXIZxhPexG+BcIAK/gu0MDZLwiflbyLrN959Xx
YnxcWBK6wuP6L9PC9trEIwsT9dgENsEQauX0a9OG25qihaXjA5qKIv9WPtuANUaY
29N6Ak93Vqq3WK1CvgzdcUSExq/H3Imc24JnDxsEXk9M899HbobHqyf2A5evLosL
NR75lYhMaJuGBOr5dA5D2VYJRrFhl263fZOkC3KJ+pleswkjgDPnjsmMysTZ1P/x
Mc7SeHb2dqOigPq8ZjDXmxF2t9czRL/dQyWzY2H66LB9Z5ij+Fo/pLOIJu36qiV5
cJsepLyeWBQxBiiCsAHSoGCAmkfW3d1MWvBi2pr1hRepHyccUYbySHiKBPeP+Cs=
=n8pd
-END PGP SIGNATURE-

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid 3.4.10 sometimes catch assertion without core

[FredB]

> 2015/01/06 15:52:10 kid1| storeLateRelease: released 0 objects
> 2015/01/06 15:52:11 kid1| assertion failed: comm.cc:178:
> "fd_table[conn->fd].halfClosedReader != NULL"
> 2015/01/06 15:52:15 kid1| Set Current Directory to /var/core
> 
> Core dump not produced.
> 

Are you sure about the rights/path of /var/core ? Squid user can write in this 
directory ?
If needed you can change the path with coredump_dir /something in squid.conf

Also take care at ulimit 

http://wiki.squid-cache.org/SquidFaq/BugReporting

Personally, I'm using ulimit -c unlimited in (squid) start up script



Regards,

Fred

http://numsys.eu
http://e2guardian.org





___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Too much assertion failed: comm.cc:178: "fd_table[conn->fd].halfClosedReader != NULL"

[FredB]

> 
> FI, I noticed a change between 3.3.x and 3.4
> 
>  fd_table[io.conn->fd].flags.socket_eof = 1;
> 
> Becomes
> 
>   fd_table[io.conn->fd].flags.socket_eof = true;
> 
> But as I said I haven't taken a look deeply


Sorry I forgot: in client_side.cc just before commMarkHalfClosed(io.conn->fd);




Regards,

Fred

http://numsys.eu
http://e2guardian.org
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Too much assertion failed: comm.cc:178: "fd_table[conn->fd].halfClosedReader != NULL"

[FredB]

> Hash: SHA1
>  
> With half_closed_clients by default (.i.e. off), the problem presist,
> but catch a bit another assertion.
> 

FI, I noticed a change between 3.3.x and 3.4

 fd_table[io.conn->fd].flags.socket_eof = 1;

Becomes 

  fd_table[io.conn->fd].flags.socket_eof = true;

But as I said I haven't taken a look deeply



Regards,

Fred

http://numsys.eu
http://e2guardian.org


___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Too much assertion failed: comm.cc:178: "fd_table[conn->fd].halfClosedReader != NULL"

[Yuri Voinov]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
With half_closed_clients by default (.i.e. off), the problem presist,
but catch a bit another assertion.

15.01.2015 19:30, FredB пишет:
>>
>> When I set hals_closed_clients to on, I've got much more assertions:
>>
>> 2015/01/15 18:41:31 kid1| assertion failed: comm.cc:1823: "isOpen(fd)
>> &&
>> !commHasHalfClosedMonitor(fd)"
>>
>
> There is a problem with one assertion (or both) 
> Bug: http://bugs.squid-cache.org/show_bug.cgi?id=4156
> Without half_closed_clients no crash for me
> Perhaps a problem in client_side.cc with the call
commMarkHalfClosed(io.conn->fd), but I don't know I didn't take time to
investigate.
>
> Quickly (very quickly I'm not sure) tested in 3.5 and the bug seems gone
>
>
>
> 
>
> Regards,
>
> Fred
>
> http://numsys.eu
> http://e2guardian.org
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBAgAGBQJUt8HJAAoJENNXIZxhPexGHKwIAKM2FJTQwZ/LLTr8qfmqzefO
ACrMNhJK5uIYcpeZa/9O4qtGn7Fm54sN5g1+KiY3CqwQXD3VnFPOCW7saHNUHK8+
jQmZHFL0Nta2TkIDthX24Oy6WOrUOQ06UO2V43eBorh8CZj7ns5iZVAhjgYWOqPC
hchsxPkYfbgx/iCFGPSkTfwRM4Jh3R0E+U6tH3hwqTAObXy9AYWhOCIt/ZnOJhvQ
oGPxJAwINxZ6QMkMuI5S5BJLv0pzBD+oltdvKE/aHxC+61AZhp1KtH7qk1EZ1yMe
p5iqQkEE0i4UeDkIwdChNWPms8VvrJ9W291AdZhcVSea41jOctaV4eOiUUuEPdc=
=XtOP
-END PGP SIGNATURE-

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Memory Leak Squid 3.4.9 on FreeBSD 10.0 x64

[Eugene M. Zheganin]

Hi.

On 12.01.2015 19:06, Amos Jeffries wrote:
>
> I am confident that those types of leaks do not exist at al in Squid 3.4.
>
> These rounds of mmory exhaustion problems are caused by pseudo-leaks,
> where Squid incorrectly holds onto memory (has not forgotten it
> though) far longer than it should be.
>
Could you please clarify for me what is the "Long Strings" pool and how
can I manage it's size ?
After start the largest consuming pool is the mem_node one, but it
usually stops increasing after a few days (somewhere around the
cache_memory border - don't know if it's it, or just a coincedence).
"Long Strings", however, keep raising and raising, and after some days
it becomes the largest one.

I'm using the following settings:
cache_mem 512 MB
cache_dir diskd /var/squid/cache 1100 16 256

after few days SNMP reports that the clients amount is around 1700.

Thanks.
Eugene.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Too much assertion failed: comm.cc:178: "fd_table[conn->fd].halfClosedReader != NULL"

[FredB]

> 
> When I set hals_closed_clients to on, I've got much more assertions:
> 
> 2015/01/15 18:41:31 kid1| assertion failed: comm.cc:1823: "isOpen(fd)
> &&
> !commHasHalfClosedMonitor(fd)"
> 

There is a problem with one assertion (or both)  
Bug: http://bugs.squid-cache.org/show_bug.cgi?id=4156
Without half_closed_clients no crash for me 
Perhaps a problem in client_side.cc with the call 
commMarkHalfClosed(io.conn->fd), but I don't know I didn't take time to 
investigate.

Quickly (very quickly I'm not sure) tested in 3.5 and the bug seems gone





Regards,

Fred

http://numsys.eu
http://e2guardian.org

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Too much assertion failed: comm.cc:178: "fd_table[conn->fd].halfClosedReader != NULL"

[Yuri Voinov]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Core dumps is configured after OS installation - over 4 years ago. For
another processes they produces ok.

System has modular mebugger (MDB), but this is production system and
undesirable to run key service under debugger.

The same time this case is difficult to reproduce on test system.

Looks like assertion produces one of clients within irregular intervals.

I'll try to use DTrace to catch assertion live.

15.01.2015 19:14, Amos Jeffries пишет:
> On 16/01/2015 1:50 a.m., Yuri Voinov wrote:
>
> > Hi gents,
>
> > Sometimes I have too much assertions:
>
> > 2015/01/08 09:40:39 kid1| assertion failed: comm.cc:178:
> > "fd_table[conn->fd].halfClosedReader != NULL"
>
> > Core dump not produced but Squid restarts. So, I can't get stack
> > trace.
>
> > When I set hals_closed_clients to on, I've got much more
> > assertions:
>
> > 2015/01/15 18:41:31 kid1| assertion failed: comm.cc:1823:
> > "isOpen(fd) && !commHasHalfClosedMonitor(fd)"
>
> > What can be wrong? This is very annoying behaviour. Also memory
> > cache is often cold after restarts and hit ratio is degrades.
>
> > This looks similar adaptation bug 4057, but it is closed in 3.4.11.
> > This behaviour depends half-closed connections, but how?
>
> > And how to troubleshoot?
>
> A) running Squid under GDB. There are instructions in
>  on how to do that
> even if you are debugging a production server that needs no downtime.
>
> OR,
>
> B) finding out how to enable core dumps in your OS. The assertion
> handling calls abort() which will generate a core file if the OS
> allows them to be created.
>
> Amos
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBAgAGBQJUt79kAAoJENNXIZxhPexGu3wH/28qhMz9SRRdv4M/NnZascGH
J2pgn03D7RI7C/rHY0fn9TeojoTFE1WLNEBkj+n3ufU7jp44eBZ1X1ZImS1Of/jc
5qmKaWc9vAIfRjX1J5Wvyn0Z6p5P0HqBO7WLE6kSBK6M+s9JkcCC49zZS0qp+pOd
U5tuNT1CqX3B1VkdDLbBMDxxGDKTTTt76CRhiF5bn/8GfdTL2/aPrhEpiKzRBK3W
b0azWyIKs39QzWwPTbkFk47Xidz3xFFXAl0bGuWnJg38fgRW/S6tlHUu8J0n+PCO
e4rXODf/X1EADWIZJMe7tUoKgk5o3AUSm4ZgnggMQj4y+MQFw//xrkczSVoJCOM=
=RvbX
-END PGP SIGNATURE-

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Too much assertion failed: comm.cc:178: "fd_table[conn->fd].halfClosedReader != NULL"

[Amos Jeffries]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 16/01/2015 1:50 a.m., Yuri Voinov wrote:
> 
> Hi gents,
> 
> Sometimes I have too much assertions:
> 
> 2015/01/08 09:40:39 kid1| assertion failed: comm.cc:178: 
> "fd_table[conn->fd].halfClosedReader != NULL"
> 
> Core dump not produced but Squid restarts. So, I can't get stack
> trace.
> 
> When I set hals_closed_clients to on, I've got much more
> assertions:
> 
> 2015/01/15 18:41:31 kid1| assertion failed: comm.cc:1823:
> "isOpen(fd) && !commHasHalfClosedMonitor(fd)"
> 
> What can be wrong? This is very annoying behaviour. Also memory
> cache is often cold after restarts and hit ratio is degrades.
> 
> This looks similar adaptation bug 4057, but it is closed in 3.4.11.
> This behaviour depends half-closed connections, but how?
> 
> And how to troubleshoot?

A) running Squid under GDB. There are instructions in
 on how to do that
even if you are debugging a production server that needs no downtime.

OR,

B) finding out how to enable core dumps in your OS. The assertion
handling calls abort() which will generate a core file if the OS
allows them to be created.

Amos
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQEbBAEBAgAGBQJUt71IAAoJELJo5wb/XPRjVJEH+OPwizmwffDGN4nrKW/OwfI3
X4Pu15cXgie+6WWBsVBuz7FHlOv846oL6B2oSGHWTcAy2iR9E1+BZc/BtcIR+hZ+
vxjSmisDT7h9NvynVelrA4yqw2hrZeVVSNyuaaLk1ks2tvTYb6ms7EldGN2TKDUg
Q1aXgofE4p+5mXrZB8vEnJrU4CrXp/8pGJ6+YM4tQhDcI+fvcy4rSi7lTxbbxXnL
jsSLSnq9rNXKtBB3Ig6gVF3nQhwhl0IpGw571ORAuRQ7uvDC5d/fT/uNOpWfOFA5
4H1VR8RY/IddxEkhqdbnkYn6fGzk6qyOV3ZQKQi8p2mcyuNGfpAKbD9ZC+v28A==
=uSQr
-END PGP SIGNATURE-
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] ntlm: No such file or directory

[Amos Jeffries]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 16/01/2015 1:43 a.m., gehrer.a wrote:
> Try on a pfsense with squid 3.4.10 an ntlm-authentication. In my
> suid.conf: /auth_param ntlm program /usr/local/bin/ntlm_auth 
> --helper-protocol=squid-2.5-ntlmssp/ When I restart squid I always
> see this in my syslog:
> 
> Jan 15 13:38:35 pf4322 squid: auth_param ntlm program 
> /usr/local/bin/ntlm_auth: (2) No such file or directory
> 
> But the path to ntlm_auth is right! I can start
> /usr/local/bin/ntlm_auth from the shell. So what file or directory
> does he means?

It means what you thought it did. However there are a few reasons why
Squid may be unable to see a file there:

Is Squid running within a chroot? that including if squid.conf
contains the "chroot_dir" config directive. The path must exist inside
the chroot area.

Are there SELinux or Apparmor running on this machine? Several OS
distros enable those system protectinos by default, and with settings
that forbid Squid to access anywhere outside its own directories.

Amos

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUt7qvAAoJELJo5wb/XPRjuWYIALWCKyqOHvLamz04kfQ79uje
50W4dp5koUGPo20LTcbIe+v25GEsWN5DQHSxRwcmdrLScri8wQFXyMqgUdKwvQW9
20ob368S99vt65RCiWHvI0GZTL8ynrzNEgoayzPGXyK+2kYbbF5wLvuK8i+6n47k
qknAZF1C84MyRiJW32GE111muL3yfWJnKMB2viiicvgs8rQUe1Et5eqyC50RvdFZ
kFpcSSoziaQY5VZ9Uscyx2h+eY7Jnn9TVXVaOC2hJNX5zf9SvygXckp0rt0Xk8ET
gFZVX0HJWSCIqry/8vX+bdL4TqMSs9eKWOeaAP7ewbsZ0z0IqK70V15hv908yHM=
=PdPY
-END PGP SIGNATURE-
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Too much assertion failed: comm.cc:178: "fd_table[conn->fd].halfClosedReader != NULL"

[Yuri Voinov]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Hi gents,

Sometimes I have too much assertions:

2015/01/08 09:40:39 kid1| assertion failed: comm.cc:178:
"fd_table[conn->fd].halfClosedReader != NULL"

Core dump not produced but Squid restarts. So, I can't get stack trace.

When I set hals_closed_clients to on, I've got much more assertions:

2015/01/15 18:41:31 kid1| assertion failed: comm.cc:1823: "isOpen(fd) &&
!commHasHalfClosedMonitor(fd)"

What can be wrong? This is very annoying behaviour. Also memory cache is
often cold after restarts and hit ratio is degrades.

This looks similar adaptation bug 4057, but it is closed in 3.4.11. This
behaviour depends half-closed connections, but how?

And how to troubleshoot?

WBR, Yuri


-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBAgAGBQJUt7eXAAoJENNXIZxhPexGGTsH/0QbaUVC+HY9+Czd1EkGKkBE
2iZSk6pmRZkV+1NlRJeaVKCAuBrRADEqKoCEYFqJD9IAFcXYa9fNDfYP5jeOrbb9
fKZ3cGqWjDuWx4jm0Y/gu/knamHtSSD3ZFIEOpUUCzEMcRVnQNjQ2K+5zgFr/aIA
QX6huBLl5MZR+TE7k1gLrAFw8Y0EZG1UGsolo4hX/h3tpqDQGazIr+5M6xmIotXT
k1jJmaa06cfMR6nYwjPNPjWo+CvLLjpsGcgRyJ9qs2FCODpEyR09QXs7a64sD7fI
KTtge3BSz5+Wbz4vePO/o4IoP3nJk1GBSzRfiJLNXef5VWAXFr89ykjErVPFb2w=
=HuN3
-END PGP SIGNATURE-


___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] ntlm: No such file or directory

[gehrer.a]

Try on a pfsense with squid 3.4.10 an ntlm-authentication.
In my suid.conf:
/auth_param ntlm program /usr/local/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp/
When I restart squid I always see this in my syslog:

Jan 15 13:38:35 pf4322 squid: auth_param ntlm program
/usr/local/bin/ntlm_auth: (2) No such file or directory

But the path to ntlm_auth is right! I can start /usr/local/bin/ntlm_auth
from the shell. So what file or directory does he means?

Thanks very much in advance

Alex



--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/ntlm-No-such-file-or-directory-tp4669085.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Traffic prioritizing

[Amos Jeffries]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 14/01/2015 3:44 a.m., Dr. Lars Hanke wrote:
> Hi Eliezer:
> 
>> There are couple aspects to the issue. The options are: - TOS
>> marking of specific connections - TPROXY(leaving the src IP the
>> same) - delay_pools
>> 
>> If you have a shaping setup in place or device that is capable
>> of traffic shaping based on TOS marking you can take a look at
>> this option.
> 
> TOS marking essentially will mark the GET/POST requests, right?
> However, the size/number of these requests does not correlate well
> with the download bandwidth. 100 AJAX requests may be much less
> than a single GET for some PDF.

The TOS marking is *set* when the request starts. But it remains in
use until the transaction finishes and the next begins. QoS policy
should be able to do things like associate incoming packets on the
connection to the assigned flow.

> 
> Setting up a TPROXY configuration might be interesting, since my
> current transparent proxy appears to have issues with some special
> devices.
> 
> However, it all boils down to limit the outgoing bandwidth. Of
> course I could police incoming packets, but when they arrive the
> bandwidth is wasted already. If dropped, the server will resend and
> eat my bandwidth again.
> 
> So my idea was that Squid should have all data required about
> streams any may be the most suitable instance to take action, e.g.
> delay ACK and new requests. delay_pools in general look like the
> right choice, but I could not see a function similar to HTB or
> HFSC, which both would do the trick.

Squid knows only what is at the HTTP level and some IP:port etc
details that TCP provides. All of the overheads are unknown to Squid.

The delay pools in Squid are a mix of both HTB and HFSC. The
delay_pool_access directive does HFSC-like selection of what pool to
apply each transaction to. Then the pool bandwidth is managed with HTB
algorithm using delay_parameters and a fixed 1 second refresh cycle,
and applied only to the HTTP reply messages. Thus only a *speed*
limiter, they slow download traffic but do not quota control it nor
account for uploads.

> 
> So it could be that I think too complicated, or that I miss
> something, or that there is simply no solution, yet.
> 
> If the latter is true, I'll try experimenting with the TOS
> solution. Joined with outgoing ACK throtteling it might work.
> 

I realy do think that is better, as it manages both request and reply
packets. More importantly its applied to the actual *packets* instead
of just the reply/download payload segments.

Amos

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUt6xCAAoJELJo5wb/XPRj10QH/i4oc83HAvtx2/r3zVlU5TW5
Pjh9T5hmiZnVh+wyfYFpJplyi5n1u0MrW12WyUOltDo/Wfyn4Ae/ZaqV9tG50uaY
VPaQCGTpHhXvWS51tc9CUWlmfzkBGbqgQo8Re3gLpi++GjrgCyts4m0hzu/7/mhA
frv0UEY7/3+JEe7jevWJ5w25VRORPvfaVWRwDYNtuKWTZZFxRA8qt0EQWc9cYuSS
inSgOFvxvVvNOc1RKPmeud2RSFt/zGPoUZtzCSFDNabCLKYuzK33v60nd4EgX4cm
3/WXYlJhUjXvNCThNZjZca2eTrPT3lbBWTd265j9pi43AosBf9Cnrw+vHwB2iSw=
=FuaY
-END PGP SIGNATURE-
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] How to know, which CA certificate is absent?

[Yuri Voinov]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
I.e,

easy way to identify problem URL does not exists. Excluding user complaints.

Right?

I thinking about correllation analyses between access.log and cache.log. ;)


15.01.2015 17:23, Amos Jeffries пишет:
> On 16/01/2015 12:14 a.m., Yuri Voinov wrote:
>
> > Is it possible to know though URL, wich is got an error?
>
>
> There is no URL involved.
>
> All that has happened is that the client opened a TCP connection to
> Squid then the TLS started happening on that connection ... and fails.
>
> Which is why I recommend the openssl command line tool, use it to
> connect to Squid and it should report whats going on.
>
> Amos
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBAgAGBQJUt6rdAAoJENNXIZxhPexGaagH/1hSevSrH9QsTm+N8TGgjz/Z
oMxWzhbsGYBjwQpk91lkqxl9V8vJkeXPTloSPjo3tEUqWq03KW1wkh7+4ImqwQ2x
hvNmtkRntnJDYDyHvQQZeA+98kUoJKCp70Ac/Z2Ap7Dforz9Rd+PlYT18iru86D3
LyyqQ0zYtbH8qLipGy8VV8m0SttU826OVHDzCO+8JJv7pjmrge7RvkkLpLtCu3wJ
j6GYWQzz9P8rUNEOBMcy6filthcAAOiXiIWcT452lhzpAabA4FsNxgIbW8mOrfNo
Fmbg1c/JE/7H+XQ/yIgs+UCQU2OY+Z+uQczUuToYvWvcGzCKJUUPJExl+gBaabU=
=OSul
-END PGP SIGNATURE-

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Odp: Odp: Re: Only TCP_MISS

[Yuri Voinov]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
This URL

http://www.squid-cache.org/Images/img4.jpg

produces HIT on second query.

15.01.2015 17:44, Robert пишет:
> [...]
> 
>>> 1421183413.322185 10.59.1.9 TCP_MISS_ABORTED/503 1541 GET
 http://www.amazon.com/gp/am/metro/application/livetileRedirect? -
 HIER_DIRECT/205.251.242.103 text/html
 1421183415.611132 10.59.1.9 TCP_MISS/206 8526 GET
 http://img.stb.s-msn.com/usappex/tenant/amp/entityid/AA87i9P.jpg? -
 HIER_DIRECT/23.220.133.211 image/jpeg 1421183416.619 34
 10.59.1.9 TCP_MISS/206 834 GET
 http://img.stb.s-msn.com/usappex/tenant/amp/entityid/AA87i9P.jpg? -
 HIER_DIRECT/23.220.133.211 image/jpeg 1421183417.094 76
 10.59.1.9 TCP_MISS/206 11123 GET
 http://img.stb.s-msn.com/usappex/tenant/amp/entityid/AA86gtq.jpg? -
 HIER_DIRECT/23.220.133.211 image/jpeg 1421183418.269 52
 10.59.1.9 TCP_MISS/206 4882 GET
>>> http://img.stb.s-msn.com/usappex/tenant/amp/entityid/AA87zJF.jpg? -
 HIER_DIRECT/23.220.133.211 image/jpeg
>>> Partial messages (206) from servers are not cacheable by Squid. And
>>> again the non-logged query parameters may make what appears to be
>>> identical requests actually quite different.
 I don't have any TCP_HIT :( , so what is going on ? why Squid
 doesn't work ? :(

>>> For testing configure:
>>>   strip_query_terms off
>>> Also, how are you doing the testing?
>>> HTTP clients are able to send explicit instructions to proxies
>>> forbidding the use of cache. The curl tools do that by default, and
>>> also the browser "Refresh" or "Reload" buttons.
>>>
>> 
>> 1. ok , so testing I do by surfing on two sites wp.pl and kosmos.pl ,
if you think they are wrong please give me samples of sites which will
be good for testing
>> 2. I'm testing by going few time through the same links and also
using refresh , and I get most :
>> TCP_MISS/200
>> sometimes:
>> TCP_REFRESH_UNMODIFIED/304
>> 
>> 
>> 
>
>
> Could somebody help me and answer ?
>
> Best question in my situation now is: on which sites I can test Squid
to see TCP_HIT messages in log?
>
>
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBAgAGBQJUt6pYAAoJENNXIZxhPexGDzMIAKZLfHQ4PGAjra7yNar8zB98
FZyMh+45N+HHHrhAvf0+7XOH2Vpfd76AW94oDRLXPxkAtVbVgFhLv1e9N3NXrnzE
eGiC7SdkJxCqr0Yp26FFPokWxloNmvCiIcJxN3dSCGAiwULbt3+XqDZqszFD6eS7
Ha7RCcyZhzq3USxzs+9g3zJ6HobMSp8v/wCK59OZclBGLf7qZ9naa8yuCnIt4OB/
yqo82vv57+fAzu5WUGmxE2kRRFiyCv3QncWmRStrHoR40VJLNPoKqMVA7i2vmFlg
06btRQrtGEx870uMW89H8Ip0PwMNEgvfYT4FcRKDj1hGekD4/4OvsQF5zk3SXbM=
=zdvp
-END PGP SIGNATURE-

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Odp: Odp: Re: Only TCP_MISS

[Robert]

[...]
 
> > 1421183413.322185 10.59.1.9 TCP_MISS_ABORTED/503 1541 GET
> > > http://www.amazon.com/gp/am/metro/application/livetileRedirect? -
> > > HIER_DIRECT/205.251.242.103 text/html
> > > 1421183415.611132 10.59.1.9 TCP_MISS/206 8526 GET
> > > http://img.stb.s-msn.com/usappex/tenant/amp/entityid/AA87i9P.jpg? -
> > > HIER_DIRECT/23.220.133.211 image/jpeg 1421183416.619 34
> > > 10.59.1.9 TCP_MISS/206 834 GET
> > > http://img.stb.s-msn.com/usappex/tenant/amp/entityid/AA87i9P.jpg? -
> > > HIER_DIRECT/23.220.133.211 image/jpeg 1421183417.094 76
> > > 10.59.1.9 TCP_MISS/206 11123 GET
> > > http://img.stb.s-msn.com/usappex/tenant/amp/entityid/AA86gtq.jpg? -
> > > HIER_DIRECT/23.220.133.211 image/jpeg 1421183418.269 52
> > > 10.59.1.9 TCP_MISS/206 4882 GET
> > http://img.stb.s-msn.com/usappex/tenant/amp/entityid/AA87zJF.jpg? -
> > > HIER_DIRECT/23.220.133.211 image/jpeg
> > Partial messages (206) from servers are not cacheable by Squid. And
> > again the non-logged query parameters may make what appears to be
> > identical requests actually quite different.
> > > I don't have any TCP_HIT :( , so what is going on ? why Squid
> > > doesn't work ? :(
> > >
> > For testing configure:
> >   strip_query_terms off
> > Also, how are you doing the testing?
> > HTTP clients are able to send explicit instructions to proxies
> > forbidding the use of cache. The curl tools do that by default, and
> > also the browser "Refresh" or "Reload" buttons.
> > 
>  
> 1. ok , so testing I do by surfing on two sites wp.pl and kosmos.pl , if you 
> think they are wrong please give me samples of sites which will be good for 
> testing
> 2. I'm testing by going few time through the same links and also using 
> refresh , and I get most :
> TCP_MISS/200
> sometimes:
> TCP_REFRESH_UNMODIFIED/304
>  
>  
>  


Could somebody help me and answer ? 

Best question in my situation now is: on which sites I can test Squid to see 
TCP_HIT messages in log?



___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] How to know, which CA certificate is absent?

[Amos Jeffries]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 16/01/2015 12:14 a.m., Yuri Voinov wrote:
> 
> Is it possible to know though URL, wich is got an error?
> 

There is no URL involved.

All that has happened is that the client opened a TCP connection to
Squid then the TLS started happening on that connection ... and fails.

Which is why I recommend the openssl command line tool, use it to
connect to Squid and it should report whats going on.

Amos
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUt6MtAAoJELJo5wb/XPRj54YIAJbbFZd2uRdai4yuW1KEhFZm
6k5ufzoDSXdxTluv+pnBfVK6rM3bAnZ0WxZLk5Ml1ysuAbFrCyJ9th+dkqQoDdpx
x56TgFSP9INEdnAbEajH6tmWKFiumI0YnWfA++me3kZYKvR0143a0ZQIpQ7T3G1C
oru7SPob5/Y9lFeS2DgETEeaPtYr46xdIqZN4p6bVHrWvd0QBuIwGfG3HAyms7mW
ueo0FkdFb06Vq+HhgLPv4796lcWct/o85+9wU0yU4UsM6Gu/zHvB3UgA++lDnVax
FziVemEakheG+vyGRpcApUoGKxRWs22Q5a4bmJRbOT9VpiamLdbdpU0chhbyzJs=
=NR3D
-END PGP SIGNATURE-
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] How to know, which CA certificate is absent?

[Yuri Voinov]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Is it possible to know though URL, wich is got an error?

Because of messsage not informative itself.

15.01.2015 17:10, Amos Jeffries пишет:
> On 16/01/2015 12:00 a.m., Yuri Voinov wrote:
>
> > Hi gents,
>
> > I have question.
>
> > Look:
>
> > 2015/01/15 16:48:50 kid1| clientNegotiateSSL: Error negotiating
> > SSL connection on FD 209: error:14094418:SSL
> > routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (1/0) 2015/01/15
> > 16:50:50 kid1| clientNegotiateSSL: Error negotiating SSL connection
> > on FD 216: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
> > unknown ca (1/0) 2015/01/15 16:52:51 kid1| clientNegotiateSSL:
> > Error negotiating SSL connection on FD 42: error:14094418:SSL
> > routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (1/0) 2015/01/15
> > 16:54:54 kid1| clientNegotiateSSL: Error negotiating SSL connection
> > on FD 107: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
> > unknown ca (1/0)
>
> > Question is: How to debug SSL bump to know, which intermediate
> > certificate is absent in capath to get and install it to avoid
> > this annoying messages?
>
> The message is generated by OpenSSL and is all we get given.
>
> AFAIK a manual test using the openssl command line tool is needed to
> find out more.
>
> Amos
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBAgAGBQJUt6ELAAoJENNXIZxhPexGHi0IALp9w7bNWyXZ2dlaK4/Gxx2R
4l/FkP54lYhP6IASFbUqBFTdIL6HqRorlnrB0+Dk2FfaR6T316OMmC6fBXMCE3WO
gbpdFwp5hX3EE3IqV4pSzYW0EWkVQ9oJ/NIBVj3NzHm1S4UQqGuGi+3NwbMuH1hX
YfZCYgEJrrpSQrcy908VyAKqbjeiSxRdtKMpu4MUPP9y+Z/iQ3HJYIff5clLbS+c
TaWr17Epk/Mhg+YzFG+2isLlzXakhVcyHx13sJtY8dzaRhk8yav5Fo0qroRKlYzA
QPsy2BcBziah6XV2E5Dk+Hfevir01gGijXy0MCDVXJds8rAGcLPO1AXlm6PedlE=
=Bn++
-END PGP SIGNATURE-

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] How to know, which CA certificate is absent?

[Amos Jeffries]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 16/01/2015 12:00 a.m., Yuri Voinov wrote:
> 
> Hi gents,
> 
> I have question.
> 
> Look:
> 
> 2015/01/15 16:48:50 kid1| clientNegotiateSSL: Error negotiating
> SSL connection on FD 209: error:14094418:SSL
> routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (1/0) 2015/01/15
> 16:50:50 kid1| clientNegotiateSSL: Error negotiating SSL connection
> on FD 216: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
> unknown ca (1/0) 2015/01/15 16:52:51 kid1| clientNegotiateSSL:
> Error negotiating SSL connection on FD 42: error:14094418:SSL
> routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (1/0) 2015/01/15
> 16:54:54 kid1| clientNegotiateSSL: Error negotiating SSL connection
> on FD 107: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
> unknown ca (1/0)
> 
> Question is: How to debug SSL bump to know, which intermediate 
> certificate is absent in capath to get and install it to avoid
> this annoying messages?

The message is generated by OpenSSL and is all we get given.

AFAIK a manual test using the openssl command line tool is needed to
find out more.

Amos
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUt6AOAAoJELJo5wb/XPRjcAIH/15EyfBYzgVQMjDRo2tcopuK
fs/gxnizA0ZMgcZrbszbqJpnFyLgwX1FPpJRYcJNVDrEk5XTUee4bwPcMEj9UgzD
oHHt2yLWIBC3kXVFlCiA1U49PStkF6zfs9hkVG6FZ5FBCUJFwIBaUouSwOcK+P48
v92KeMjtdfw8PuVGXKTeZXWpJ4tW+68KRdSrqEkdKxoaMIn/JrzzPBD56ageE852
ekRLCp1Mpq1okEvjbQK9UubpT5mJ4o31WZ+ayEStDqosqe4EYj+w+uPRE8Pi/uGl
XdZTOlEBrWlQ0Lc1vKa7AWMcvB21GuZvIWeq+9sgKoNB+bKgzApmSDVWSKd3sZI=
=o8wN
-END PGP SIGNATURE-
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] How to know, which CA certificate is absent?

[Yuri Voinov]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Hi gents,

I have question.

Look:

2015/01/15 16:48:50 kid1| clientNegotiateSSL: Error negotiating SSL
connection on FD 209: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca (1/0)
2015/01/15 16:50:50 kid1| clientNegotiateSSL: Error negotiating SSL
connection on FD 216: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca (1/0)
2015/01/15 16:52:51 kid1| clientNegotiateSSL: Error negotiating SSL
connection on FD 42: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca (1/0)
2015/01/15 16:54:54 kid1| clientNegotiateSSL: Error negotiating SSL
connection on FD 107: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca (1/0)

Question is: How to debug SSL bump to know, which intermediate
certificate is absent in capath to get and install it to avoid this
annoying messages?

WBR, Yuri
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBAgAGBQJUt53TAAoJENNXIZxhPexGOjQIALajScJu2Q0yItmB+tyeo8rn
sSslibis5GiMrUaN/KlAMD8IN9g8AMPi9NIZKOR8BUqFJFvhcUZknFUpWkWu6Ceb
eQPO3qTBZUUjsNch/eILaXTaq+eOhWBsrHi639vvyxTz+uwzHVMTgA8K3OH62bJ9
L9Ew/dI+mgkRMBKMgakr6J4IdyrjNSBQN2ln8fiKyRJFygej0VFLjfUllYb4OC9i
QsgXLPBYo6k2S+LCNGZefkS3AvydqhicedhYo+hP2IRd7/9Pmk4gDTpYc1v0vXXa
kNOv/HfZn1nVXJNjLH2Pf/7+aZKwDBlKRYMl68TL8mDpZbXG0l2vpIHhNwXElbg=
=aDgE
-END PGP SIGNATURE-

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Compiling Squid without log messages

[Amos Jeffries]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 15/01/2015 11:00 p.m., Alan wrote:
> Hello,
> 
> I want to have a minimal Squid installation. So I compiled
> disabling everything I don't need. The resulting /usr/sbin/squid is
> 3.4 Mb.
> 
> Since I don't need logging, I decided to remove that as well, but
> its not easy to do with sed since sometimes log messages span
> multiple lines.
> 
> So I changed the definition for debugs() in Debug.h like this:
> 
> 
> /* Debug stream */ +#ifdef NODEBUG +#define debugs(SECTION, LEVEL,
> CONTENT) ((void)0) +#else #define debugs(SECTION, LEVEL, CONTENT)
> \ do { \ if ((Debug::level = (LEVEL)) <= Debug::Levels[SECTION]) {
> \ @@ -116,6 +119,7 @@ Debug::finishDebug(); \ } \ } while
> (/*CONSTCOND*/ 0) +#endif
> 
> 
> And compiled with -DNODEBUG. The resulting binary is 2.1 Mb, a 60%
> size reduction!
> 
> But it doesn't work properly, and since there is no log, its hard
> to debug.
> 
> A trace shows it accepts requests, makes them to the HTTP server,
> but after that it closes the connection to the HTTP client.
> 
> Any ideas?

Well ... take a guess where to look :-P

If you are disabling anything via manual alteration of the code
instead of the ./configure --disable options (you mention using sed)
then one of the things you *do* need is the debugs() logging.

cache.log / debugs() is not just for debugging either. It is also for
recording major/critical events that you as administrator really,
really need to be made aware of.



Though, on the diagnosis I suggest at least trying with a macro name
other than "NODEBUG". For some reason that macro is used to disable
the assertion handling.


Amos

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUt519AAoJELJo5wb/XPRjjDcH/jw+0nRZEfpu4ydg7M0q73PY
IVZFWXO6jc1WPKBoix7QoOiRDE95/umt5vKtMo9EkENhTLyPIwcggfql8aDhQYv2
uqR0To+wXECK9N6FfYentOFAONayeI2ecKy1Ttp+SMkjbg5xTzVwDZcyyQkxpiFE
uTa8um39PS7hSr255+WNA6wcsmDpa8B3BOioSp8TDUnOu/ImnH7A8XI2MfsjicTH
S8ijQ6eFP6YcAOrzPF8eJbWP3gqZVSyA7C815ZdiySRgwF34ym24RhoGx0yi+nqE
QrIunGZH6gMZsypeqW6I3TwWfYmYEqYTvASZyUA2MA7bU0GTuJtkJWR7cTnJ8Mg=
=4Xlr
-END PGP SIGNATURE-
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Compiling Squid without log messages

[Alan]

Hello,

I want to have a minimal Squid installation.
So I compiled disabling everything I don't need.
The resulting /usr/sbin/squid is 3.4 Mb.

Since I don't need logging, I decided to remove that as well, but its
not easy to do with sed since sometimes log messages span multiple
lines.

So I changed the definition for debugs() in Debug.h like this:


 /* Debug stream */
+#ifdef NODEBUG
+#define debugs(SECTION, LEVEL, CONTENT) ((void)0)
+#else
 #define debugs(SECTION, LEVEL, CONTENT) \
do { \
 if ((Debug::level = (LEVEL)) <= Debug::Levels[SECTION]) { \
@@ -116,6 +119,7 @@
 Debug::finishDebug(); \
 } \
} while (/*CONSTCOND*/ 0)
+#endif


And compiled with -DNODEBUG.
The resulting binary is 2.1 Mb, a 60% size reduction!

But it doesn't work properly, and since there is no log, its hard to debug.

A trace shows it accepts requests, makes them to the HTTP server, but
after that it closes the connection to the HTTP client.

Any ideas?
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] [squid-announce] Squid 3.4.11 is available

[Amos Jeffries]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-3.4.11 release!


This release is a bug fix release resolving several issues found in
the prior Squid releases.


The major changes to be aware of:


* "Deleting first fs left psstate->servers pointing to uninitialized
memory"

This obscurely named bug takes the appearance of randomly appearing
high CPU consumption and hanging worker, less commonly a direct crash.
It is not the only cause of overly high CPU usage, but is the major
one now known about in 3.4 series.

This affects all Squid configured with a large number of peers or when
contacting domains with many advertised IP addresses (such as Google
or Facebook).


* Bug #3760: squidclient ignores --disable-ipv6

The squidclient tool would mysteriously attempt to use IPv6 and abort
regardless of IP version probles successfully detecting that protocol
being disabled.

It turns out that Squid has not been correctly filtering out IPv6
results presented by the operating system getaddrinfo() API in the
event that the administrator disabled IPv6 in Squid but not the
operating sytem.

This affects DNS resolution of all domain names when starting and
configuring Squid, but not for regular proxy operational DNS queries.


* Bug #4057: Avoid on-exit crashes when adaptation is enabled.

As the name describes, Squid 3.4.5 and later will crash when shutting
down (or reconfiguring) if adpatation is configued.


* Bug #3754: configure doesnt detect IPFilter 5.1.2 system headers

The Solaris 10 operating system broken IPFilter, both the one built
into Solaris 10 and the publicly available external sources for the tools.

This Squid release includes a hack to workaround that system breakage
and allow Squids part of the IPFilter mechanisms to build and work again.



 All users of Squid are urged to upgrade to this release as soon as
possible.


 See the ChangeLog for the full list of changes in this and earlier
 releases.

Please refer to the release notes at
http://www.squid-cache.org/Versions/v3/3.4/RELEASENOTES.html
when you are ready to make the switch to Squid-3.4

Upgrade tip:
  "squid -k parse" is starting to display even more
   useful hints about squid.conf changes.

This new release can be downloaded from our HTTP or FTP servers

 http://www.squid-cache.org/Versions/v3/3.4/
 ftp://ftp.squid-cache.org/pub/squid/
 ftp://ftp.squid-cache.org/pub/archive/3.4/

or the mirrors. For a list of mirror sites see

 http://www.squid-cache.org/Download/http-mirrors.html
 http://www.squid-cache.org/Download/mirrors.html

If you encounter any issues with this release please file a bug report.
http://bugs.squid-cache.org/


Amos Jeffries
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUt0wtAAoJELJo5wb/XPRjD3gIAJR51FyrE+fnQZ3Nf37A3e5U
sLvcpQClEj9wLPKdg95x+3ocOjvFlRRZgNgTREH50VhGWBooAv5jBgrwnFZ697J5
ikMm9v37R/aTB1rZfsbXswEsedJlb4KqSraiqly963Eicn20uMnEE9NYUHyMlXoW
UeMD6lkRWay5KQZ2LUiyX9Hloiy50qRjuM01QEmeO+p3Lj6X7EqD4u5+zGj5fc23
52HGudftsyOo2Lqv1fmnR3eJMp+6oHD2xqDJB1Nb5Ayngry2ceOTlhD15ZwOcIfK
Xytii0TmLdfnh0Nkg4TWKcPajfCcUJVYVzPW4sQa5d7ZyV3bAa3hVeujqfvRfN0=
=UMfa
-END PGP SIGNATURE-
___
squid-announce mailing list
squid-annou...@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-announce
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users