Re: [squid-users] store_id_extras to access request header

2018-07-10 Thread Kedar K 
additional note:
I do see both request and response header in access.log though.

On Wed, Jul 11, 2018 at 11:29 AM Kedar K  wrote:

> Hi,
> I tried to get the request header to store id helper
> with %>h option for store_id_extras; However, I get a '-' (and the default
> k-v pairs intact)
>
> Is this expected behaviour? Wouldn't request header be available before
> sending a query to store-id helper?
>
> ​My use case was to pass custom fields either as part of URL (append at
> the end) or request header.
>
> Is it possible to use combination of store_id_program helper and
> rewrite_url_program; such that the extra params from the url are used by
> store-id helper to create a store-id and then the url_rewrite program can
> strip them off before sending the request to origin server? ​
>
>
> --
>
> *- Kedar*
>


-- 

*- Kedar Kekan*
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] store_id_extras to access request header

2018-07-10 Thread Kedar K 
Hi,
I tried to get the request header to store id helper
with %>h option for store_id_extras; However, I get a '-' (and the default
k-v pairs intact)

Is this expected behaviour? Wouldn't request header be available before
sending a query to store-id helper?

​My use case was to pass custom fields either as part of URL (append at the
end) or request header.

Is it possible to use combination of store_id_program helper and
rewrite_url_program; such that the extra params from the url are used by
store-id helper to create a store-id and then the url_rewrite program can
strip them off before sending the request to origin server? ​


-- 

*- Kedar*
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Delay pools in squid4 not working with https

2018-07-10 Thread Alex Rousskov 
On 07/10/2018 01:50 PM, Paolo Marzari wrote:
> My home server just updated from 3.5.27, everything is working fine, but
> delay pools seems broken to me.

> Revert to 3.5.27 and delays works again with every type of traffic.
> 
> I think there's something wrong with https traffic.

You are probably right. A few days ago, while working on an unrelated
project, we have found a bug in delay pools support for tunneled https
traffic. That support was probably broken by v4 commit 6b2b6cf. We have
not tested v3.5, so I can only confirm that v4 and v5 are broken.

The bug will be fixed as a side effect of "peering support for SslBump"
changes that should be ready for the official review soon. If you would
like to test our unofficial branch, the code is available at
https://github.com/measurement-factory/squid/tree/SQUID-360-peering-for-SslBump


HTH,

Alex.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Delay pools in squid4 not working with https

2018-07-10 Thread prazola 
A fast check with nbwmon shows 2.2Mbps when using squid 4.1.




--
Sent from: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Delay pools in squid4 not working with https

2018-07-10 Thread Amos Jeffries 
On 11/07/18 07:50, Paolo Marzari wrote:
> My home server just updated from 3.5.27, everything is working fine, but
> delay pools seems broken to me.
> I capped some devices to 240kb/s and tried to download a debian ISO with
> one of them...all good, 240kb/s.
> Then I tried a speed test, results = 2.2mb/s, that's the whole ADSL speed.
> 
> So I tried youtube videos, no cap at all, same problem with facebook.
> Revert to 3.5.27 and delays works again with every type of traffic.
> 
> I think there's something wrong with https traffic.
> 

a) is it actually HTTPS traffic?

b) are the bytes going through the proxy 2.2Mbps or 240kbps ?

I ask because Google/YouTube and Facebook are services using HTTP/2 with
high compression features as much as possible. So while the proxy is set
to transfer X bytes per second, when hidden inside "HTTPS" those X bytes
may show up as 90*X bytes of traffic when decompressed by a Browser.

Or the transfer may be QUIC protocol, completely bypassing the HTTP the
proxy is counting.

Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Delay pools in squid4 not working with https

2018-07-10 Thread prazola 
My home server just updated from 3.5.27, everything is working fine, but
delay pools seems broken to me.
I capped some devices to 240kb/s and tried to download a debian ISO with one
of them...all good, 240kb/s.
Then I tried a speed test, results = 2.2mb/s, that's the whole ADSL speed.

So I tried youtube videos, no cap at all, same problem with facebook.
Revert to 3.5.27 and delays works again with every type of traffic.

I think there's something wrong with https traffic.

Here's my delay config section:

acl group288 src 192.168.0.87/32 192.168.0.88/32 192.168.0.84/32
acl groupapo src 192.168.0.56/32 #192.168.0.6/32
acl group656 src 192.168.0.61/32 192.168.0.89/32
acl group656b src 192.168.0.95/32 #192.168.0.112/32 192.168.0.96/32
#192.168.0.6/32
acl group1024 src 192.168.0.92/32
#acl limit5conn maxconn 5
delay_pools 4
delay_class 1 1
delay_class 2 1
delay_class 3 1
delay_class 4 1
delay_parameters 1 288000/308000
delay_parameters 2 595000/64
delay_parameters 3 595200/640400
delay_parameters 4 972000/1024000
delay_access 1 allow group288
delay_access 1 allow groupapo
delay_access 2 allow group656
delay_access 3 allow group656b
delay_access 4 allow group1024
delay_access 1 deny all
delay_access 2 deny all
delay_access 3 deny all
delay_access 4 deny all

Am I missing something in my config?
I need your help squid's gurus...and sorry for bad englando.



--
Sent from: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Delay pools in squid4 not working with https

2018-07-10 Thread Paolo Marzari 
My home server just updated from 3.5.27, everything is working fine, but 
delay pools seems broken to me.
I capped some devices to 240kb/s and tried to download a debian ISO with 
one of them...all good, 240kb/s.

Then I tried a speed test, results = 2.2mb/s, that's the whole ADSL speed.

So I tried youtube videos, no cap at all, same problem with facebook.
Revert to 3.5.27 and delays works again with every type of traffic.

I think there's something wrong with https traffic.

Here's my delay config section:

   acl group288 src 192.168.0.87/32 192.168.0.88/32 192.168.0.84/32
   acl groupapo src 192.168.0.56/32 #192.168.0.6/32
   acl group656 src 192.168.0.61/32 192.168.0.89/32
   acl group656b src 192.168.0.95/32 #192.168.0.112/32 192.168.0.96/32
   #192.168.0.6/32
   acl group1024 src 192.168.0.92/32
   #acl limit5conn maxconn 5
   delay_pools 4
   delay_class 1 1
   delay_class 2 1
   delay_class 3 1
   delay_class 4 1
   delay_parameters 1 288000/308000
   delay_parameters 2 595000/64
   delay_parameters 3 595200/640400
   delay_parameters 4 972000/1024000
   delay_access 1 allow group288
   delay_access 1 allow groupapo
   delay_access 2 allow group656
   delay_access 3 allow group656b
   delay_access 4 allow group1024
   delay_access 1 deny all
   delay_access 2 deny all
   delay_access 3 deny all
   delay_access 4 deny all

Am I missing something in my config?
I need your help squid's gurus...and sorry for bad englando.

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] minimize squid memory usage

2018-07-10 Thread Leonardo Rodrigues 

Em 09/07/18 20:45, Gordon Hsiao escreveu:


Assuming I need _absolutely_ no cache what-so-ever(to the point to 
change compile flags to disable that, if needed), no store-to-disk 
neither, i.e. no objects need to be cached at all. I just need Squid 
to check a few ACLs with absolutely minimal memory usage for now, what 
else am I missing to get that work?


    If you don't need everything that squid can offer, maybe using 
other proxy software can be a better option. There are other software, 
with less options, that for sure will have a smaller memory footprint. 
But as you just need ACL capabilities, maybe those can be enough.


    Have you tried checking that ?



--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it



___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Allow weaker ciphers for selected sites using an ACL?

2018-07-10 Thread Amos Jeffries 
On 10/07/18 18:27, Ahmad, Sarfaraz wrote:
> Hi,
> 
> I have disabled weak ciphers through tls_outgoing_options . Is there a
> way to allow weak ciphers for selected websites, say, using an ACL and
> without splicing the connections?

cache_peer directive is used to customize connectivity to specific servers.
 


Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] minimize squid memory usage

2018-07-10 Thread Amos Jeffries 
On 10/07/18 11:45, Gordon Hsiao wrote:
> I noticed my Squid doubles its memory usage even though I had:
> 

What do you mean by "double" ? Squid memory is mostly used for things
that are not caches.
 

And be careful that you are looking at *resident* size, not virtual
memory or the areas the OS calls "cache" memory (which is not related to
Squid).


> cache deny all
> cache_mem 0 MB
> access_log none
> 
> Assuming I need _absolutely_ no cache what-so-ever(to the point to
> change compile flags to disable that, if needed), no store-to-disk
> neither, i.e. no objects need to be cached at all. I just need Squid to
> check a few ACLs with absolutely minimal memory usage for now, what else
> am I missing to get that work?


Start with a minimal build. The set of ./configure build options to
disable for small Squid binaries can be found at


There are some other options not listed there (or listed at the top with
reasons stated) which can be disabled. However they or the replacement
code requires OS-specific support. If your OS has that, you can shrink
it a bit more.

When you have a minimal build look at what the memory if being used for
and tune further.


Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users