[squid-users] Cannot get ACL to work

2016-09-13 Thread Jason Leshchyshyn
Ugh, I am trying to get Squid to deny access to a particular AD group, but when 
I enable the rule, then it denys everyone. 


This is what I have in squid.conf 






# NTLM 

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp 

auth_param ntlm children 15 

auth_param ntlm keep_alive on 



# Limit access for Factory users 

external_acl_type nt_group %LOGIN /usr/lib64/squid/ext_wbinfo_group_acl 

acl FactoryDeny external nt_group sec_deny_internet 

http_access deny FactoryDeny 




acl auth proxy_auth REQUIRED 

http_access deny !auth 

http_access allow auth 





-=- 
I have verified the ext_wbinfo_group_acl works: 





[root@fac-proxy squid]# ./ext_wbinfo_group_acl -d 

Debugging mode ON. 

user sec_vpn_users 

Got user sec_vpn_users from squid 

User: -user- 

Group: -sec_vpn_users- 

SID: -S-1-5-21-1978138449-291607360-3720246513-19354- 

GID: -1677721- 

Sending OK to squid 

OK 

user sec_deny_internet 

Got user sec_deny_internet from squid 

User: -user- 

Group: -sec_deny_internet- 

SID: -S-1-5-21-1978138449-291607360-3720246513-18148- 

GID: -1677721- 

Sending ERR to squid 

ERR 





Because this is a production server there's a bunch of traffic on it so I can't 
catch too much of the log, but this is what I can see with debugging turned on: 






2016/09/13 23:22:32.552 kid1| Acl.cc(336) matches: ACLList::matches: checking 
FactoryDeny 


2016/09/13 23:22:32.552 kid1| Acl.cc(319) checklistMatches: 
ACL::checklistMatches: checking 'FactoryDeny' 


2016/09/13 23:22:32.552 kid1| Acl.cc(321) checklistMatches: 
ACL::ChecklistMatches: result for 'FactoryDeny' is -1 


2016/09/13 23:22:32.552 kid1| Acl.cc(343) matches: FactoryDeny failed. 


2016/09/13 23:22:32.552 kid1| Acl.cc(354) matches: FactoryDeny result is false 





If the result is false then the deny should be false and it should continue to 
the next rule, right? 


Please help, I don't get it... 



___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


Re: [squid-users] Introducing delay to HTTP 407 responses

2016-09-13 Thread Dan Charlesworth
I just want to throw my support behind seeking a solution to this problem. 
Luke’s clearly considered it in way more detail than anyone so far, myself 
included.

The affects the squids under my purview every day.

Best,
Dan

> On 14 Sep. 2016, at 10:18 am, squid-us...@filter.luko.org wrote:
> 
> Hi Squid users,
> 
> Seeking advice on how to slow down 407 responses to broken Apple & MS
> clients, which seem to retry at very short intervals and quickly fill the
> access.log with garbage.  The problem is very similar to this:
> 
> http://www.squid-cache.org/mail-archive/squid-users/201404/0326.html
> 
> However the config below doesn't seem to slow down the response:
> 
> acl delaydomains dstdomain .live.net .apple.com
> acl authresponse http_status 407
> external_acl_type delay ttl=0 negative_ttl=0 cache=0 %SRC /tmp/delay.pl
> acl delay external delay
> http_reply_access deny delaydomains authresponse delay
> http_reply_access allow all
> 
> The helper is never asked by Squid to process the request.  Just wondering
> if http_status ACLs can be used in http_reply_access?
> 
> My other thinking, if this isn't possible, was to mark 407 responses with
> clientside_tos so they could be delayed/throttled with tc or iptables.  Ie,
> 
> acl authresponse http_status 407
> clientside_tos 0x20 authresponse
> 
> However, auth response packets don't get the desired tos markings.  Instead
> the following message appears in cache.log:
> 
> 2016/09/13 11:35:43 kid1| WARNING: authresponse ACL is used in context
> without an HTTP response. Assuming mismatch.
> 
> After reviewing
> http://lists.squid-cache.org/pipermail/squid-users/2016-May/010630.html it
> seems like this has cropped up before.  The suggestion in that thread was to
> exclude 407 responses from the access log.  Fortunately this works.  But I'm
> wondering if there is a way to introduce delay into the 407 response itself?
> Partly to minimise load associated with serving broken clients, and also to
> maintain logging of actual intrusion attempts.  Any suggestions?
> 
> Luke
> 
> 
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


[squid-users] c-icap load balancing

2016-09-13 Thread yanghe
Hi 
Unlickily,I meet a  problem.I want to implement the c-icap cluster.the traffic 
averagely distribute to each c-icap.but I just found the adaptation_srvices_set 
and adaptation_services_chain.
adaptation_service_set is useful when hot standby or backup adaptation servers 
are available.The second applicable service is tried if and only if the 
transacion with the first service fails and the message waiting to be adapted 
is still intact.
adaptation_service_chain is useful when Squid must perform different 
adaptations on the same message.configures a list of complementary services 
that will be applied one-by-one.
These does not reach my requirement. I hope to confirm whether the c-icap can 
achieve cluster and load balancing.
Look forward to your advice 
Thanks in advance

2016-09-14


yanghe ___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


[squid-users] Introducing delay to HTTP 407 responses

2016-09-13 Thread squid-users
Hi Squid users,

Seeking advice on how to slow down 407 responses to broken Apple & MS
clients, which seem to retry at very short intervals and quickly fill the
access.log with garbage.  The problem is very similar to this:

http://www.squid-cache.org/mail-archive/squid-users/201404/0326.html

However the config below doesn't seem to slow down the response:

acl delaydomains dstdomain .live.net .apple.com
acl authresponse http_status 407
external_acl_type delay ttl=0 negative_ttl=0 cache=0 %SRC /tmp/delay.pl
acl delay external delay
http_reply_access deny delaydomains authresponse delay
http_reply_access allow all

The helper is never asked by Squid to process the request.  Just wondering
if http_status ACLs can be used in http_reply_access?

My other thinking, if this isn't possible, was to mark 407 responses with
clientside_tos so they could be delayed/throttled with tc or iptables.  Ie,

acl authresponse http_status 407
clientside_tos 0x20 authresponse

However, auth response packets don't get the desired tos markings.  Instead
the following message appears in cache.log:

2016/09/13 11:35:43 kid1| WARNING: authresponse ACL is used in context
without an HTTP response. Assuming mismatch.

After reviewing
http://lists.squid-cache.org/pipermail/squid-users/2016-May/010630.html it
seems like this has cropped up before.  The suggestion in that thread was to
exclude 407 responses from the access log.  Fortunately this works.  But I'm
wondering if there is a way to introduce delay into the 407 response itself?
Partly to minimise load associated with serving broken clients, and also to
maintain logging of actual intrusion attempts.  Any suggestions?

Luke


___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-13 Thread Chico Venancio
Not really,
As I understand it it is a websocket, that when proxied starts its
handshake with a connect request so it can be "understood" by proxies such
as squid.


Chico Venancio
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-13 Thread Yuri Voinov

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
 
Ah,

my mistake. This is simple tunnel.

14.09.2016 3:03, Chico Venancio пишет:
> You mean the connect requests to the websockets on w[0-9].web.whatsapp.com 
>  ?
>
> 1473800440.053  16932 192.168.10.128 TCP_TUNNEL/200 3639 CONNECT
w7.web.whatsapp.com:443  -
HIER_DIRECT/169.55.69.156  -
>
>
> Chico Venancio
>
> 2016-09-13 17:40 GMT-03:00 Yuri Voinov mailto:yvoi...@gmail.com>>:
>
>
> Wait.
>
> Does anybody see WebSockets connections to web.whatsapp.com
?
>
>
> 14.09.2016 2:38, Chico Venancio пишет:
>
>
>   > We need more of access log.
>
>   > There is at least connect attempts at w1.web.whatsapp.com

>     not shown.
>
>
>
>   > Chico Venancio
>
>
>
>   > Em 13/09/2016 17:03, "erdosain9" mailto:erdosa...@gmail.com>
>    > escreveu:
>
>   > >
>
>   > > Hi,
>
>   > > No. is explicit.
>
>   > >
>
>   > >
>
>   > >
>
>   > > --
>
>   > > View this message in
>
context:http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679493.html

>


>
>   > > Sent from the Squid - Users mailing list archive at
>   Nabble.com.
>
>   > > ___
>
>   > > squid-users mailing list
>
>   > >squid-users@lists.squid-cache.org

>   

>
>   > >http://lists.squid-cache.org/listinfo/squid-users

>   

>
>
>
>   > Chico Venancio
>
>   > CEO e Diretor de Criação
>
>   > VM TECH - (98)8800-2743 
>
>
>
>
>
>
>
>   > ___
>
>   > squid-users mailing list
>
>   > squid-users@lists.squid-cache.org

>
>   > http://lists.squid-cache.org/listinfo/squid-users

>
>
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org

> http://lists.squid-cache.org/listinfo/squid-users

>
>

-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBCAAGBQJX2Gu3AAoJENNXIZxhPexGJnMIAJXwR3ni9uos/PJo/8/YfKZ5
/90dhZ/W5Fm2bImnbn32NR1gZXl4E7TXWE+B2SRwyc4DdFqzuyNdMCGYe1jAKKrs
8DKEA1Z1wOof+gTWB0/LRl2OpmHPbTFuxzbQEj5noFYCblQZq86a1Ucc3mh5LQUR
bBSBe5VZi35XOIFW0ZSdeX5eJtR23lSnS9Sq/rV129pY18M/BtZ4FvRUm2Pc9FN2
4l2PZW1/xxYK02L7ucd2rT0d50wyRAiPOlGP2Ot7rzdjrCaeyaFBLDaJopEaXTwn
5CyVDS0Nu+cuZW8Wx3gSO3mEFGqpXu4NiQ6HXPQBRT5pJgNg2zezT9lk/diyhqA=
=GvIy
-END PGP SIGNATURE-



0x613DEC46.asc
Description: application/pgp-keys
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-13 Thread Chico Venancio
You mean the connect requests to the websockets on w[0-9].web.whatsapp.com
?

1473800440.053  16932 192.168.10.128 TCP_TUNNEL/200 3639 CONNECT
w7.web.whatsapp.com:443 - HIER_DIRECT/169.55.69.156 -


Chico Venancio

2016-09-13 17:40 GMT-03:00 Yuri Voinov :

>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Wait.
>
> Does anybody see WebSockets connections to web.whatsapp.com?
>
>
> 14.09.2016 2:38, Chico Venancio пишет:
> >
> > We need more of access log.
> > There is at least connect attempts at w1.web.whatsapp.com
>   not shown.
> >
> > Chico Venancio
> >
> > Em 13/09/2016 17:03, "erdosain9"   > escreveu:
> > >
> > > Hi,
> > > No. is explicit.
> > >
> > >
> > >
> > > --
> > > View this message in context:http://squid-web-
> proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-
> problem-tp4679299p4679493.html  1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679493.html>
> 
> > > Sent from the Squid - Users mailing list archive at Nabble.com.
> > > ___
> > > squid-users mailing list
> > >squid-users@lists.squid-cache.org  squid-cache.org> 
> > >http://lists.squid-cache.org/listinfo/squid-users
> 
> 
> >
> > Chico Venancio
> > CEO e Diretor de Criação
> > VM TECH - (98)8800-2743
> >
> >
> >
> > ___
> > squid-users mailing list
> > squid-users@lists.squid-cache.org
> > http://lists.squid-cache.org/listinfo/squid-users
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
>
> iQEcBAEBCAAGBQJX2GQmAAoJENNXIZxhPexG9CMH/368uq1R7qpnXtP6rKB80sFs
> WBvPHwfSX1U4EAUpHuZK3bPNQXki/9xzX0D/kvbUiDGf3lu9NqYjNEFpv3lqGC2B
> 61euZ5XjYbUXpOa3tysIrchl0tC2J5dLNTkK5cAaEABG328YxY2Yil9UqQyf2GEj
> Cwr3vpJlOMQpDlnDNjHlMvsv+scrSEiZ5CVmoj41qoYGw1S+2mym9+pxwlhRxNrd
> 9i+8Dnjj1DmMsq2IKNc/DdRciNaYIuXQAEdn8bdcoTkLWffj7KHqCCyjMFxys9F3
> RJ6vS9v1kdqLEiK2LAdVyMMylaiRWZh6Nt7ZBkYSjPCJix+hPREUPIDiF9qPM10=
> =tg++
> -END PGP SIGNATURE-
>
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
>
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-13 Thread Yuri Voinov

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
 
Wait.

Does anybody see WebSockets connections to web.whatsapp.com?


14.09.2016 2:38, Chico Venancio пишет:
>
> We need more of access log.
> There is at least connect attempts at w1.web.whatsapp.com
 not shown.
>
> Chico Venancio
>
> Em 13/09/2016 17:03, "erdosain9" mailto:erdosa...@gmail.com>> escreveu:
> >
> > Hi,
> > No. is explicit.
> >
> >
> >
> > --
> > View this message in
context:http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679493.html

> > Sent from the Squid - Users mailing list archive at Nabble.com.
> > ___
> > squid-users mailing list
> >squid-users@lists.squid-cache.org

> >http://lists.squid-cache.org/listinfo/squid-users

>
> Chico Venancio
> CEO e Diretor de Criação
> VM TECH - (98)8800-2743
>
>
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBCAAGBQJX2GQmAAoJENNXIZxhPexG9CMH/368uq1R7qpnXtP6rKB80sFs
WBvPHwfSX1U4EAUpHuZK3bPNQXki/9xzX0D/kvbUiDGf3lu9NqYjNEFpv3lqGC2B
61euZ5XjYbUXpOa3tysIrchl0tC2J5dLNTkK5cAaEABG328YxY2Yil9UqQyf2GEj
Cwr3vpJlOMQpDlnDNjHlMvsv+scrSEiZ5CVmoj41qoYGw1S+2mym9+pxwlhRxNrd
9i+8Dnjj1DmMsq2IKNc/DdRciNaYIuXQAEdn8bdcoTkLWffj7KHqCCyjMFxys9F3
RJ6vS9v1kdqLEiK2LAdVyMMylaiRWZh6Nt7ZBkYSjPCJix+hPREUPIDiF9qPM10=
=tg++
-END PGP SIGNATURE-



0x613DEC46.asc
Description: application/pgp-keys
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-13 Thread Chico Venancio
We need more of access log.
There is at least connect attempts at w1.web.whatsapp.com not shown.

Chico Venancio

Em 13/09/2016 17:03, "erdosain9"  escreveu:
>
> Hi,
> No. is explicit.
>
>
>
> --
> View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679493.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

Chico Venancio
CEO e Diretor de Criação
VM TECH - (98)8800-2743
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-13 Thread erdosain9
Hi,
No. is explicit.



--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679493.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


Re: [squid-users] Lost of all squid cache

2016-09-13 Thread Eliezer Croitoru
Hey Eduardo,

I replayed the script on my testing lab and it seems to fir 3.5 and 4.0.
The next script will receive a filename and will try to read it.
As long as the file is in a good shape it will print the URL of the original 
request.
The ruby script at: http://paste.ngtech.co.il/pul2zg62a
This script is written in ruby and uses the "bindata" gem(library) depends on 
your OS it will be pretty simple to install.
Once you will be able to run the above script on a single file we can move on 
to verify each and every one of the files in the cache_dir.

But first comment the "cache_dir" line from squid so your squid will not touch 
anything while you will be trying to verify the status of the files.

Eliezer


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il


-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf 
Of Eduardo Carneiro
Sent: Tuesday, September 13, 2016 2:38 PM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Lost of all squid cache

Jorgeley wrote
> what about cache_swap_low and cache_swap_high???
> 
> 2016-09-13 8:23 GMT-03:00 Eduardo Carneiro <

> eduardoocarneiro@

> >:
> 
>> Amos Jeffries wrote
>> > On 13/09/2016 5:12 a.m., Yuri Voinov wrote:
>> >>
>> >> Hm.
>> >>
>> >> As a recovery you can try to rename/remove swap.state from cache_dir's
>> >> and start squid again. AFAIK in this case it re-indexing all exists
>> disk
>> >> cache contents and build new one swap.state file. Also, does all
>> >> permissions to cache_dir and subdirectories recursively is correct and
>> >> intact?
>> >
>> > Also, check that the config file cache_dir L1 and L2 parameters are
>> > identical to those which the disk directories were initially created
>> > with. If those are different the file hashes will no longer map to the
>> > directory layout they are sitting in.
>> >
>> > Amos
>> > ___
>> > squid-users mailing list
>>
>> > squid-users@.squid-cache
>>
>> > http://lists.squid-cache.org/listinfo/squid-users
>>
>> The L1 and L2 parameters are identical Amos. I did not change anything or
>> the configuration or in the directory.
>>
>> I tried the solution Yuri mentioned, but it still fails. It took a long
>> time
>> to rebuild the swap.state, but cache still only 1GB.
>>
>>
>>
>> --
>> View this message in context: http://squid-web-proxy-cache.
>> 1019090.n4.nabble.com/Lost-of-all-squid-cache-tp4679466p4679479.html
>> Sent from the Squid - Users mailing list archive at Nabble.com.
>> ___
>> squid-users mailing list
>> 

> squid-users@.squid-cache

>> http://lists.squid-cache.org/listinfo/squid-users
>>
> 
> 
> 
> --
> 
> ___
> squid-users mailing list

> squid-users@.squid-cache

> http://lists.squid-cache.org/listinfo/squid-users

cache_swap_low 90
cache_swap_high 95

When the problem was detected, the cache was only 77% of used disk space.



--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Lost-of-all-squid-cache-tp4679466p4679481.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


Re: [squid-users] SSO (ldap kerberos)

2016-09-13 Thread Craddock, Tommy

Hello, 

You get that because that is what happens when you update a keytab using the 
msktutil program. 
 
Tommy E CRADDOCK JR

-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf 
Of erdosain9
Sent: Tuesday, September 13, 2016 2:33 PM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] SSO (ldap kerberos)

Hi again.


I get this

msktutil --auto-update --verbose --computer-name squid-k -k PROXY.keytab
 -- init_password: Wiping the computer password structure
 -- generate_new_password: Generating a new, random password for the computer 
account
 -- generate_new_password:  Characters read from /dev/udandom = 95
 -- get_dc_host: Attempting to find a Domain Controller to use (DNS SRV RR
TCP)
 -- get_dc_host: Found DC: ads-01.example.lan
 -- get_dc_host: Canonicalizing DC through forward/reverse lookup...
 -- get_dc_host: Found Domain Controller: ads-01.example.lan
 -- create_fake_krb5_conf: Created a fake krb5.conf file:
/tmp/.msktkrb5.conf-L8DxV8
 -- reload: Reloading Kerberos Context
 -- finalize_exec: SAM Account Name is: squid-k$
 -- try_machine_keytab_princ: Trying to authenticate for squid-k$ from local 
keytab...
 -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed 
(Preauthentication failed)
 -- try_machine_keytab_princ: Authentication with keytab failed
 -- try_machine_keytab_princ: Trying to authenticate for host/squid.example.lan 
from local keytab...
 -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Client 
not found in Kerberos database)
 -- try_machine_keytab_princ: Authentication with keytab failed
 -- try_machine_password: Trying to authenticate for squid-k$ with password.
 -- create_default_machine_password: Default machine password for squid-k$ is 
squid-k
 -- try_machine_password: Error: krb5_get_init_creds_keytab failed 
(Preauthentication failed)
 -- try_machine_password: Authentication with password failed
 -- try_user_creds: Checking if default ticket cache has tickets...
 -- finalize_exec: Authenticated using method 4

 -- ldap_connect: Connecting to LDAP server: ads-01.example.lan try_tls=YES
 -- ldap_connect: Connecting to LDAP server: ads-01.example.lan try_tls=NO 
SASL/GSSAPI authentication started SASL username: administra...@example.lan 
SASL SSF: 56 SASL data security layer installed.
 -- ldap_connect: LDAP_OPT_X_SASL_SSF=56

 -- ldap_get_base_dn: Determining default LDAP base: dc=example,dc=LAN
 -- get_default_ou: Determining default OU: CN=Computers,DC=example,DC=lan
 -- ldap_check_account: Checking that a computer account for squid-k$ exists
 -- ldap_check_account: Checking computer account - found
 -- ldap_check_account: Found userAccountControl = 0x1000

 -- ldap_check_account: Found supportedEncryptionTypes = 28

 -- ldap_check_account: Found dNSHostName = squid.example.lan

 -- ldap_check_account:   Found Principal: HTTP/squid.example.lan
 -- ldap_check_account:   Found Principal: host/squid.example.lan
 -- ldap_check_account:   Found User Principal: HTTP/squid.example.lan
 -- ldap_check_account_strings: Inspecting (and updating) computer account 
attributes
 -- ldap_set_supportedEncryptionTypes: No need to change 
msDs-supportedEncryptionTypes they are 28

 -- ldap_set_userAccountControl_flag: Setting userAccountControl bit at
0x20 to 0x0
 -- ldap_set_userAccountControl_flag:  userAccountControl not changed 0x1000

 -- set_password: Attempting to reset computer's password
 -- set_password: Try change password using user's ticket cache

 -- ldap_get_pwdLastSet: pwdLastSet is 13118265146000
 -- set_password: Successfully set password, waiting for it to be reflected in 
LDAP.
 -- ldap_get_pwdLastSet: pwdLastSet is 13118265158000
 -- set_password: Successfully reset computer's password
 -- execute: Updating all entries for squid.example.lan in the keytab 
WRFILE:PROXY.keytab

 -- update_keytab: Updating all entires for squid-k$
 -- ldap_get_kvno: KVNO is 4
 -- add_principal_keytab: Adding principal to keytab: squid-k$
 -- add_principal_keytab: Removing entries with kvno < 0
 -- add_principal_keytab: Using salt of
example.LANhostsquid-k.example.lan
 -- add_principal_keytab:   Adding entry of enctype 0x17
 -- add_principal_keytab: Using salt of
example.LANhostsquid-k.example.lan
 -- add_principal_keytab:   Adding entry of enctype 0x11
 -- add_principal_keytab: Using salt of
example.LANhostsquid-k.example.lan
 -- add_principal_keytab:   Adding entry of enctype 0x12
 -- add_principal_keytab: Adding principal to keytab: HTTP/squid.example.lan
 -- add_principal_keytab: Removing entries with kvno < 0
 -- add_principal_keytab: Using salt of
example.LANhostsquid-k.example.lan
 -- add_principal_keytab:   Adding entry of enctype 0x17
 -- add_principal_keytab: Using salt of
example.LANhostsquid-k.example.lan
 -- add_principal_keytab:   Adding entry of enctype 0x11
 -- add_principal_keytab: Using salt of
example.LANhostsquid-k.example.lan
 -- ad

Re: [squid-users] SSO (ldap kerberos)

2016-09-13 Thread erdosain9
Hi again.


I get this

msktutil --auto-update --verbose --computer-name squid-k -k PROXY.keytab 
 -- init_password: Wiping the computer password structure
 -- generate_new_password: Generating a new, random password for the
computer account
 -- generate_new_password:  Characters read from /dev/udandom = 95
 -- get_dc_host: Attempting to find a Domain Controller to use (DNS SRV RR
TCP)
 -- get_dc_host: Found DC: ads-01.example.lan
 -- get_dc_host: Canonicalizing DC through forward/reverse lookup...
 -- get_dc_host: Found Domain Controller: ads-01.example.lan
 -- create_fake_krb5_conf: Created a fake krb5.conf file:
/tmp/.msktkrb5.conf-L8DxV8
 -- reload: Reloading Kerberos Context
 -- finalize_exec: SAM Account Name is: squid-k$
 -- try_machine_keytab_princ: Trying to authenticate for squid-k$ from local
keytab...
 -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed
(Preauthentication failed)
 -- try_machine_keytab_princ: Authentication with keytab failed
 -- try_machine_keytab_princ: Trying to authenticate for
host/squid.example.lan from local keytab...
 -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed
(Client not found in Kerberos database)
 -- try_machine_keytab_princ: Authentication with keytab failed
 -- try_machine_password: Trying to authenticate for squid-k$ with password.
 -- create_default_machine_password: Default machine password for squid-k$
is squid-k
 -- try_machine_password: Error: krb5_get_init_creds_keytab failed
(Preauthentication failed)
 -- try_machine_password: Authentication with password failed
 -- try_user_creds: Checking if default ticket cache has tickets...
 -- finalize_exec: Authenticated using method 4

 -- ldap_connect: Connecting to LDAP server: ads-01.example.lan try_tls=YES
 -- ldap_connect: Connecting to LDAP server: ads-01.example.lan try_tls=NO
SASL/GSSAPI authentication started
SASL username: administra...@example.lan
SASL SSF: 56
SASL data security layer installed.
 -- ldap_connect: LDAP_OPT_X_SASL_SSF=56

 -- ldap_get_base_dn: Determining default LDAP base: dc=example,dc=LAN
 -- get_default_ou: Determining default OU: CN=Computers,DC=example,DC=lan
 -- ldap_check_account: Checking that a computer account for squid-k$ exists
 -- ldap_check_account: Checking computer account - found
 -- ldap_check_account: Found userAccountControl = 0x1000

 -- ldap_check_account: Found supportedEncryptionTypes = 28

 -- ldap_check_account: Found dNSHostName = squid.example.lan

 -- ldap_check_account:   Found Principal: HTTP/squid.example.lan
 -- ldap_check_account:   Found Principal: host/squid.example.lan
 -- ldap_check_account:   Found User Principal: HTTP/squid.example.lan
 -- ldap_check_account_strings: Inspecting (and updating) computer account
attributes
 -- ldap_set_supportedEncryptionTypes: No need to change
msDs-supportedEncryptionTypes they are 28

 -- ldap_set_userAccountControl_flag: Setting userAccountControl bit at
0x20 to 0x0
 -- ldap_set_userAccountControl_flag:  userAccountControl not changed 0x1000

 -- set_password: Attempting to reset computer's password
 -- set_password: Try change password using user's ticket cache

 -- ldap_get_pwdLastSet: pwdLastSet is 13118265146000
 -- set_password: Successfully set password, waiting for it to be reflected
in LDAP.
 -- ldap_get_pwdLastSet: pwdLastSet is 13118265158000
 -- set_password: Successfully reset computer's password
 -- execute: Updating all entries for squid.example.lan in the keytab
WRFILE:PROXY.keytab

 -- update_keytab: Updating all entires for squid-k$
 -- ldap_get_kvno: KVNO is 4
 -- add_principal_keytab: Adding principal to keytab: squid-k$
 -- add_principal_keytab: Removing entries with kvno < 0
 -- add_principal_keytab: Using salt of
example.LANhostsquid-k.example.lan
 -- add_principal_keytab:   Adding entry of enctype 0x17
 -- add_principal_keytab: Using salt of
example.LANhostsquid-k.example.lan
 -- add_principal_keytab:   Adding entry of enctype 0x11
 -- add_principal_keytab: Using salt of
example.LANhostsquid-k.example.lan
 -- add_principal_keytab:   Adding entry of enctype 0x12
 -- add_principal_keytab: Adding principal to keytab: HTTP/squid.example.lan
 -- add_principal_keytab: Removing entries with kvno < 0
 -- add_principal_keytab: Using salt of
example.LANhostsquid-k.example.lan
 -- add_principal_keytab:   Adding entry of enctype 0x17
 -- add_principal_keytab: Using salt of
example.LANhostsquid-k.example.lan
 -- add_principal_keytab:   Adding entry of enctype 0x11
 -- add_principal_keytab: Using salt of
example.LANhostsquid-k.example.lan
 -- add_principal_keytab:   Adding entry of enctype 0x12
 -- add_principal_keytab: Adding principal to keytab: host/squid.example.lan
 -- add_principal_keytab: Removing entries with kvno < 0
 -- add_principal_keytab: Using salt of
example.LANhostsquid-k.example.lan
 -- add_principal_keytab:   Adding entry of enctype 0x17
 -- add_principal_keytab: Using salt of
example.LANhostsquid-k.ex

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-13 Thread Chico Venancio
Is this intercept proxy?

Chico Venancio

2016-09-13 11:15 GMT-03:00 erdosain9 :

> Hi.
> Sorry but... dont work...
>
> In the chrome i get this
>
> Creating Application Cache with manifest
> https://web.whatsapp.com/404.appcache
> web.whatsapp.com/:1 Application Cache Checking event
> web.whatsapp.com/:1 Application Cache Error event: Manifest fetch failed
> (404) https://web.whatsapp.com/404.appcache
> app_5163437….js:6 WebSocket connection to 'wss://w5.web.whatsapp.com/ws'
> failed: Error in connection establishment: net::ERR_TIMED_OUT
> app_5163437….js:6 WebSocket connection to 'wss://w6.web.whatsapp.com/ws'
> failed: Error in connection establishment: net::ERR_TIMED_OUT
> app_5163437….js:6 WebSocket connection to 'wss://w7.web.whatsapp.com/ws'
> failed: Error in connection establishment: net::ERR_TIMED_OUT
> app_5163437….js:6 WebSocket connection to 'wss://w8.web.whatsapp.com/ws'
> failed: Error in connection establishment: net::ERR_TIMED_OUT
> app_5163437….js:6 WebSocket connection to 'wss://w1.web.whatsapp.com/ws'
> failed: Error in connection establishment: net::ERR_TIMED_OUT
>
> In access.log i get
>
> 1473776268.226198 192.168.1.172 TAG_NONE/200 0 CONNECT
> fonts.googleapis.com:443 - HIER_DIRECT/64.233.190.95 -
> 1473776268.731132 192.168.1.172 TAG_NONE/200 0 CONNECT
> fonts.gstatic.com:443 - HIER_DIRECT/64.233.190.94 -
>
>
> just that... ¿?¿??¿?¿?¿
> Thanks!
>
>
>
> --
> View this message in context: http://squid-web-proxy-cache.
> 1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679482.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


Re: [squid-users] Lost of all squid cache

2016-09-13 Thread Eliezer Croitoru
Amos,

I found my old code at:
http://ngtech.co.il/paste/1012/

I will try to verify this week if it's compatible with 3.5 and 4.0 ufs\aufs 
cache_dir.

Eliezer 


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il


-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf 
Of Amos Jeffries
Sent: Tuesday, September 13, 2016 6:57 PM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Lost of all squid cache

On 14/09/2016 3:15 a.m., Eliezer Croitoru wrote:
> Hey Eduardo,
> 
> The first thing I would do is to first disable the disk cache in order to try 
> to recover\rebuild the disk cache manually using another squid instance.
> It's not always possible but if this cache is important enough then a loss of 
> couple tiny bits for recovery time plus some network load might worth it.
> If you are up to manually trying to recover the cache I will try to be 
> here(publically) to see if I can help you.
> In the past I wrote a tiny tool that can inspect cache files but I am not 
> sure if I have it here or on another disk remotely.
> 

Since it is a UFS format cache the squid-purge tool may be of use inspecting 
the disk files. Though it may not be up to date with the latest file format.

Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


Re: [squid-users] Rock store status

2016-09-13 Thread Alex Rousskov
On 09/13/2016 05:01 AM, FredB wrote:
> One thing, squid restart is very slow because of time required to rebuild the 
> cache
> 
> 2016/09/13 00:25:34|   Took 1498.42 seconds (3972.24 objects/sec). -> Rock
> 2016/09/13 00:00:51|   Took 5.71 seconds (533481.90 objects/sec). -> Diskd

This is a known problem, with several important wrinkles, including:

* Squid start itself is not slow. Cache index build is slow.

* Squid can serve requests, including cache hits while it builds rock
index, but indexing does affect overall Squid performance and hit ratios.

* Avoid comparing loading a "few" ufs entries (from the clean swap
state) with scanning all available cache slots for rock. The biggest
difference is observed for a virtually empty ufs cache that was in use
for a short time (small swap.state). Rock focus is on Squid running for
a long time with a full cache (the common and intended use case).

* We are essentially comparing a from-scratch index build for rock with
a clean index loading for ufs. If you remove all swap state files, ufs
indexing time will probably be worse than that of rock. If you leave
dirty swap state files, then ufs indexing may slow down significantly;
this happens after Squid crashes, for example. Rock indexing does not
depend on the previous Squid state.

* Rock indexing can be optimized in various ways, of course. Many trade
offs are involved, and some optimizations may hurt runtime performance.
For example, there is a trade-off between
- maintaining a disk index (i.e., swap state files) at runtime
 (and then saving a clean index at shutdown) like UFS stores do and
- building an index from scratch by scanning the entire cache at
  start like rock stores do.


This is now documented at

http://wiki.squid-cache.org/Features/LargeRockStore#Slow_cache_index_build


HTH,

Alex.

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


Re: [squid-users] Lost of all squid cache

2016-09-13 Thread Amos Jeffries
On 14/09/2016 3:15 a.m., Eliezer Croitoru wrote:
> Hey Eduardo,
> 
> The first thing I would do is to first disable the disk cache in order to try 
> to recover\rebuild the disk cache manually using another squid instance.
> It's not always possible but if this cache is important enough then a loss of 
> couple tiny bits for recovery time plus some network load might worth it.
> If you are up to manually trying to recover the cache I will try to be 
> here(publically) to see if I can help you.
> In the past I wrote a tiny tool that can inspect cache files but I am not 
> sure if I have it here or on another disk remotely.
> 

Since it is a UFS format cache the squid-purge tool may be of use
inspecting the disk files. Though it may not be up to date with the
latest file format.

Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


Re: [squid-users] SSO (ldap kerberos)

2016-09-13 Thread Amos Jeffries
On 14/09/2016 3:34 a.m., erdosain9 wrote:
> Hi.
> Thanks.
> With "take" a mean... to control which group a user belongs. So I can apply
> acl, etc to that groups.
> 
> Like this in ldap
> 
> # Active Directory
> auth_param basic program /usr/lib64/squid/basic_ldap_auth -R -b
> "cn=Users,dc=example,dc=lan" -D sq...@example.lan -w 123456  -f
> sAMAccountName=%s -v 3 -s sub -h 192.168.1.109
> auth_param basic children 10
> auth_param basic realm SQUID
> auth_param basic credentialsttl 2 hour
> 
> external_acl_type grupos ttl=360 %LOGIN /usr/lib64/squid/ext_ldap_group_acl
> -d -R -b "dc=example,dc=lan" -D sq...@example.lan -w 123456 -f
> "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,ou=grupos,dc=example,dc=lan))"
> -h 192.168.1.109
> 
> 
> acl ifull  external grupos ifull
> acl icontrol external grupos icontrol
> 
> But, in this way the web browser ask for user... and i want automatically
> take the user that is logging on PC. 

That is a problem between the browser and the OS. Squid and its helpers
only verify what the browser sends them.

There is nothing Squid can do except offering various authentication
schemes in the hope that the browser can get one of those schemes
credentials from the OS.

Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


Re: [squid-users] SSO (ldap kerberos)

2016-09-13 Thread erdosain9
Hi.
Thanks.
With "take" a mean... to control which group a user belongs. So I can apply
acl, etc to that groups.

Like this in ldap

# Active Directory
auth_param basic program /usr/lib64/squid/basic_ldap_auth -R -b
"cn=Users,dc=example,dc=lan" -D sq...@example.lan -w 123456  -f
sAMAccountName=%s -v 3 -s sub -h 192.168.1.109
auth_param basic children 10
auth_param basic realm SQUID
auth_param basic credentialsttl 2 hour

external_acl_type grupos ttl=360 %LOGIN /usr/lib64/squid/ext_ldap_group_acl
-d -R -b "dc=example,dc=lan" -D sq...@example.lan -w 123456 -f
"(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,ou=grupos,dc=example,dc=lan))"
-h 192.168.1.109


acl ifull  external grupos ifull
acl icontrol external grupos icontrol

But, in this way the web browser ask for user... and i want automatically
take the user that is logging on PC. 



--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/SSO-ldap-kerberos-tp4679470p4679484.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


Re: [squid-users] Lost of all squid cache

2016-09-13 Thread Eliezer Croitoru
Hey Eduardo,

The first thing I would do is to first disable the disk cache in order to try 
to recover\rebuild the disk cache manually using another squid instance.
It's not always possible but if this cache is important enough then a loss of 
couple tiny bits for recovery time plus some network load might worth it.
If you are up to manually trying to recover the cache I will try to be 
here(publically) to see if I can help you.
In the past I wrote a tiny tool that can inspect cache files but I am not sure 
if I have it here or on another disk remotely.

Eliezer


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il


-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf 
Of Eduardo Carneiro
Sent: Monday, September 12, 2016 7:54 PM
To: squid-users@lists.squid-cache.org
Subject: [squid-users] Lost of all squid cache

Hi everyone!

I've got a strange issue on my Squid 3.5.19. 

About 30 minutes ago, my squid stopped and I noticed that the message 
"Rebuilding storage in /squid/cache/directory (dirty log)" was in my cache.log. 
Other message was also detected in my cache.log (Store rebuilding is 5.14% 
complete). When reached 100%, I lost all my 350GB cache data. 

The data are still in the Hard disk, but squid doesn't understand it.

Using squidclient, I can see now only 0.1% of my cache used. For the operating 
system, all the data are still available. For the squid, not.

Someone can help me that?

Best regards,
Eduardo Carneiro



--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Lost-of-all-squid-cache-tp4679466.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-13 Thread erdosain9
Hi.
Sorry but... dont work...

In the chrome i get this

Creating Application Cache with manifest
https://web.whatsapp.com/404.appcache
web.whatsapp.com/:1 Application Cache Checking event
web.whatsapp.com/:1 Application Cache Error event: Manifest fetch failed
(404) https://web.whatsapp.com/404.appcache
app_5163437….js:6 WebSocket connection to 'wss://w5.web.whatsapp.com/ws'
failed: Error in connection establishment: net::ERR_TIMED_OUT
app_5163437….js:6 WebSocket connection to 'wss://w6.web.whatsapp.com/ws'
failed: Error in connection establishment: net::ERR_TIMED_OUT
app_5163437….js:6 WebSocket connection to 'wss://w7.web.whatsapp.com/ws'
failed: Error in connection establishment: net::ERR_TIMED_OUT
app_5163437….js:6 WebSocket connection to 'wss://w8.web.whatsapp.com/ws'
failed: Error in connection establishment: net::ERR_TIMED_OUT
app_5163437….js:6 WebSocket connection to 'wss://w1.web.whatsapp.com/ws'
failed: Error in connection establishment: net::ERR_TIMED_OUT

In access.log i get

1473776268.226198 192.168.1.172 TAG_NONE/200 0 CONNECT
fonts.googleapis.com:443 - HIER_DIRECT/64.233.190.95 -
1473776268.731132 192.168.1.172 TAG_NONE/200 0 CONNECT
fonts.gstatic.com:443 - HIER_DIRECT/64.233.190.94 -


just that... ¿?¿??¿?¿?¿
Thanks!



--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679482.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


Re: [squid-users] Lost of all squid cache

2016-09-13 Thread Eduardo Carneiro
Jorgeley wrote
> what about cache_swap_low and cache_swap_high???
> 
> 2016-09-13 8:23 GMT-03:00 Eduardo Carneiro <

> eduardoocarneiro@

> >:
> 
>> Amos Jeffries wrote
>> > On 13/09/2016 5:12 a.m., Yuri Voinov wrote:
>> >>
>> >> Hm.
>> >>
>> >> As a recovery you can try to rename/remove swap.state from cache_dir's
>> >> and start squid again. AFAIK in this case it re-indexing all exists
>> disk
>> >> cache contents and build new one swap.state file. Also, does all
>> >> permissions to cache_dir and subdirectories recursively is correct and
>> >> intact?
>> >
>> > Also, check that the config file cache_dir L1 and L2 parameters are
>> > identical to those which the disk directories were initially created
>> > with. If those are different the file hashes will no longer map to the
>> > directory layout they are sitting in.
>> >
>> > Amos
>> > ___
>> > squid-users mailing list
>>
>> > squid-users@.squid-cache
>>
>> > http://lists.squid-cache.org/listinfo/squid-users
>>
>> The L1 and L2 parameters are identical Amos. I did not change anything or
>> the configuration or in the directory.
>>
>> I tried the solution Yuri mentioned, but it still fails. It took a long
>> time
>> to rebuild the swap.state, but cache still only 1GB.
>>
>>
>>
>> --
>> View this message in context: http://squid-web-proxy-cache.
>> 1019090.n4.nabble.com/Lost-of-all-squid-cache-tp4679466p4679479.html
>> Sent from the Squid - Users mailing list archive at Nabble.com.
>> ___
>> squid-users mailing list
>> 

> squid-users@.squid-cache

>> http://lists.squid-cache.org/listinfo/squid-users
>>
> 
> 
> 
> --
> 
> ___
> squid-users mailing list

> squid-users@.squid-cache

> http://lists.squid-cache.org/listinfo/squid-users

cache_swap_low 90
cache_swap_high 95

When the problem was detected, the cache was only 77% of used disk space.



--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Lost-of-all-squid-cache-tp4679466p4679481.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


Re: [squid-users] Lost of all squid cache

2016-09-13 Thread Jorgeley Junior
what about cache_swap_low and cache_swap_high???

2016-09-13 8:23 GMT-03:00 Eduardo Carneiro :

> Amos Jeffries wrote
> > On 13/09/2016 5:12 a.m., Yuri Voinov wrote:
> >>
> >> Hm.
> >>
> >> As a recovery you can try to rename/remove swap.state from cache_dir's
> >> and start squid again. AFAIK in this case it re-indexing all exists disk
> >> cache contents and build new one swap.state file. Also, does all
> >> permissions to cache_dir and subdirectories recursively is correct and
> >> intact?
> >
> > Also, check that the config file cache_dir L1 and L2 parameters are
> > identical to those which the disk directories were initially created
> > with. If those are different the file hashes will no longer map to the
> > directory layout they are sitting in.
> >
> > Amos
> > ___
> > squid-users mailing list
>
> > squid-users@.squid-cache
>
> > http://lists.squid-cache.org/listinfo/squid-users
>
> The L1 and L2 parameters are identical Amos. I did not change anything or
> the configuration or in the directory.
>
> I tried the solution Yuri mentioned, but it still fails. It took a long
> time
> to rebuild the swap.state, but cache still only 1GB.
>
>
>
> --
> View this message in context: http://squid-web-proxy-cache.
> 1019090.n4.nabble.com/Lost-of-all-squid-cache-tp4679466p4679479.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>



--
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


Re: [squid-users] Lost of all squid cache

2016-09-13 Thread Eduardo Carneiro
Amos Jeffries wrote
> On 13/09/2016 5:12 a.m., Yuri Voinov wrote:
>> 
>> Hm.
>> 
>> As a recovery you can try to rename/remove swap.state from cache_dir's
>> and start squid again. AFAIK in this case it re-indexing all exists disk
>> cache contents and build new one swap.state file. Also, does all
>> permissions to cache_dir and subdirectories recursively is correct and
>> intact?
> 
> Also, check that the config file cache_dir L1 and L2 parameters are
> identical to those which the disk directories were initially created
> with. If those are different the file hashes will no longer map to the
> directory layout they are sitting in.
> 
> Amos
> ___
> squid-users mailing list

> squid-users@.squid-cache

> http://lists.squid-cache.org/listinfo/squid-users

The L1 and L2 parameters are identical Amos. I did not change anything or
the configuration or in the directory.

I tried the solution Yuri mentioned, but it still fails. It took a long time
to rebuild the swap.state, but cache still only 1GB.



--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Lost-of-all-squid-cache-tp4679466p4679479.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


Re: [squid-users] Rock store status

2016-09-13 Thread FredB
One thing, squid restart is very slow because of time required to rebuild the 
cache

2016/09/13 00:25:34|   Took 1498.42 seconds (3972.24 objects/sec). -> Rock
2016/09/13 00:00:51|   Took 5.71 seconds (533481.90 objects/sec). -> Diskd

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


Re: [squid-users] TProxy and client_dst_passthru

2016-09-13 Thread Omid Kosari
Amos Jeffries wrote
> ==> ORIGINAL_DST is should *only* ever be used on MISS or
> REFRESH/revalidate traffic. Never on a HIT. Thus zero (0%) hit-ratio is
> the expected behaviour.
> 
> For the same reason that a report of the log traffic using "grep -v HIT"
> will show zero cache ratio.

I have describe my problem in another thread
http://squid-web-proxy-cache.1019090.n4.nabble.com/range-offset-limit-not-working-as-expected-td4679355.html
. Based on your suggestion , now squid only has one dns server which is same
as users .

I am sure that this url
http://download.cdn.mozilla.net/pub/firefox/releases/48.0.2/update/win32/en-US/firefox-48.0.2.complete.mar
existed and cached . So why there are lots of log lines with ORIGINAL_DST ?





--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/TProxy-and-client-dst-passthru-tp4670189p4679477.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users