date:20210301

Re: [squid-users] squid cache

2021-03-01 Thread Majed Zouhairy


Thanks for, at least, the explanation

On 3/1/21 6:12 PM, Alex Rousskov wrote:

On 3/1/21 2:07 AM, Majed Zouhairy wrote:

i tried this, but neither the https download bandwidth restriction nor
caching seems to be working as expected


Squid cannot cache HTTP responses without bumping HTTPS traffic. This is
a protocol-level limitation, not a bug.

There are known delay pools bugs for not-bumped (i.e. tunneled or
CONNECT) traffic. IIRC, the pools may work for some tunnels, but the
imposed limits may vary significantly from the configured values.


HTH,

Alex.



acl slower src 10.46.10.78
acl localnet src 10.46.10.0/24

acl SSL_ports port 443
acl Safe_ports port 80    # http
acl Safe_ports port 8080    # http
acl Safe_ports port 21    # ftp
acl Safe_ports port 443    # https
acl Safe_ports port 70    # gopher
acl Safe_ports port 210    # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280    # http-mgmt
acl Safe_ports port 488    # gss-http
acl Safe_ports port 591    # filemaker
acl Safe_ports port 777    # multiling http
acl CONNECT method CONNECT
acl blockfiles urlpath_regex -i "/etc/squid/blocks.files.acl"

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
visible_hostname proxy.lk.sk


delay_pools 1
delay_class 1 3
delay_access 1 allow slower
delay_access 1 deny all
delay_parameters 1 51200/51200 -1/-1 51200/25600

http_access allow localnet
http_access allow localhost



# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 8080

# Uncomment and adjust the following to add a disk cache directory.
# Updates: chrome and acrobat
refresh_pattern -i gvt1.com/.*\.(exe|ms[i|u|f|p]|dat|zip|psf) 43200 80%
129600 reload-into-ims
refresh_pattern -i adobe.com/.*\.(exe|ms[i|u|f|p]|dat|zip|psf) 43200 80%
129600 reload-into-ims



range_offset_limit 200 MB
maximum_object_size 200 MB
quick_abort_min -1

# DONT MODIFY THESE LINES
refresh_pattern \^ftp:   1440    20% 10080
refresh_pattern \^gopher:    1440    0%  1440
refresh_pattern -i (/cgi-bin/|\?) 0  0%  0
refresh_pattern .   0  20% 43200

cache_dir ufs /var/cache/squid 3000 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid

cache_mem 1024 MB

netdb_filename none

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp:    1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
refresh_pattern .    0    20%    4320

url_rewrite_program /usr/local/ufdbguard/bin/ufdbgclient -m 4 -l
/var/log/squid/
url_rewrite_children 16 startup=8 idle=2 concurrency=4
#debug_options ALL,1 33,2 28,9


any help?


On 2/26/21 10:22 AM, Majed Zouhairy wrote:


Health be Upon you,

i want to cache certain files, let's say exe, msi... above 20MB and
below 300MB, limit the cache directory to 3GB
i have no ssl bump not configured
version 4.14
how to do that?
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users



___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Exclude transaction from being logged

2021-03-01 Thread Alex Rousskov

On 3/1/21 8:35 PM, Service MV wrote:
> Unfortunately, the log that I whant to avoid is being still logged.

Do the unwanted logged records match zabbix_proxy?

* If yes, I am out of ideas. If you share a debugging log dedicated to
the incorrectly logged transaction[1], I may be able to figure it out.

* If not, then perhaps I misunderstood what your zabbix_proxy ACL means
to you. You may need a different ACL.

[1]
https://wiki.squid-cache.org/SquidFaq/BugReporting#Debugging_a_single_transaction

Alex.


> El vie., 26 feb. 2021 17:14, Alex Rousskov
>  > escribió:
> 
> On 2/26/21 2:58 PM, Service MV wrote:
> > Ok, but whit this two lines disabled completely access logs. I've no
> > more access_log directives configured.
> 
> Yeah, this outcome is surprising to many admins (and there are also
> related bugs in Squid code).
> 
> To see all other records, add access_log lines that define how you want
> the rest of the records to be logged. For example, if you want Squid to
> use the default record format and other defaults, then try this untested
> sketch:
> 
>    acl zabbix_proxy src x.x.x.x
>    access_log none zabbix_proxy
>    access_log daemon:/specify/exact/log/file/location/here
> 
> You can see the default access_log configuration specific to your Squid
> build in squid.conf.documented.
> 
> 
> HTH,
> 
> Alex.
> 
> 
> 
> > El vie., 26 feb. 2021 16:21, Alex Rousskov escribió:
> >
> >     On 2/26/21 12:36 PM, Service MV wrote:
> >
> >     > NONE/000 0 NONE error:transaction-end-before-headers -
> HIER_NONE/- -
> >     >
> >     > I know that this is not an error. But I want to exclude this
> log when
> >     > the Zabbix server checks the port status of SQUID. Zabbix
> server does
> >     > not use the SQUID as a proxy.
> >
> >     If you do not want to see what Zabbix is doing to your Squid,
> you can
> >     exclude its requests from access.log. For example, if you do
> not want to
> >     see any requests from Zabbix IP address:
> >
> >       acl zabbix_proxy src x.x.x.x
> >       access_log none zabbix_proxy
> >
> >
> >     HTH,
> >
> >     Alex.
> >
> 

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Exclude transaction from being logged

2021-03-01 Thread Service MV

Unfortunately, the log that I whant to avoid is being still logged.

El vie., 26 feb. 2021 17:14, Alex Rousskov 
escribió:

> On 2/26/21 2:58 PM, Service MV wrote:
> > Ok, but whit this two lines disabled completely access logs. I've no
> > more access_log directives configured.
>
> Yeah, this outcome is surprising to many admins (and there are also
> related bugs in Squid code).
>
> To see all other records, add access_log lines that define how you want
> the rest of the records to be logged. For example, if you want Squid to
> use the default record format and other defaults, then try this untested
> sketch:
>
>acl zabbix_proxy src x.x.x.x
>access_log none zabbix_proxy
>access_log daemon:/specify/exact/log/file/location/here
>
> You can see the default access_log configuration specific to your Squid
> build in squid.conf.documented.
>
>
> HTH,
>
> Alex.
>
>
>
> > El vie., 26 feb. 2021 16:21, Alex Rousskov escribió:
> >
> > On 2/26/21 12:36 PM, Service MV wrote:
> >
> > > NONE/000 0 NONE error:transaction-end-before-headers - HIER_NONE/-
> -
> > >
> > > I know that this is not an error. But I want to exclude this log
> when
> > > the Zabbix server checks the port status of SQUID. Zabbix server
> does
> > > not use the SQUID as a proxy.
> >
> > If you do not want to see what Zabbix is doing to your Squid, you can
> > exclude its requests from access.log. For example, if you do not
> want to
> > see any requests from Zabbix IP address:
> >
> >   acl zabbix_proxy src x.x.x.x
> >   access_log none zabbix_proxy
> >
> >
> > HTH,
> >
> > Alex.
> >
>
>
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] SNMP OID SQUID 4

2021-03-01 Thread Stephane Simon


Hello,

 

I am looking for snmp's oid for squid 4


 

 
Here (https://wiki.squid-cache.org/Features/Snmp#Squid_OIDs)i found for squid 2 
and 3



 

Can u help me please ?

 

Thanks

 

Stéphane

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid cache

2021-03-01 Thread Alex Rousskov

On 3/1/21 2:07 AM, Majed Zouhairy wrote:
> i tried this, but neither the https download bandwidth restriction nor
> caching seems to be working as expected

Squid cannot cache HTTP responses without bumping HTTPS traffic. This is
a protocol-level limitation, not a bug.

There are known delay pools bugs for not-bumped (i.e. tunneled or
CONNECT) traffic. IIRC, the pools may work for some tunnels, but the
imposed limits may vary significantly from the configured values.


HTH,

Alex.


> acl slower src 10.46.10.78
> acl localnet src 10.46.10.0/24
> 
> acl SSL_ports port 443
> acl Safe_ports port 80    # http
> acl Safe_ports port 8080    # http
> acl Safe_ports port 21    # ftp
> acl Safe_ports port 443    # https
> acl Safe_ports port 70    # gopher
> acl Safe_ports port 210    # wais
> acl Safe_ports port 1025-65535    # unregistered ports
> acl Safe_ports port 280    # http-mgmt
> acl Safe_ports port 488    # gss-http
> acl Safe_ports port 591    # filemaker
> acl Safe_ports port 777    # multiling http
> acl CONNECT method CONNECT
> acl blockfiles urlpath_regex -i "/etc/squid/blocks.files.acl"
> 
> #
> # Recommended minimum Access Permission configuration:
> #
> # Deny requests to certain unsafe ports
> http_access deny !Safe_ports
> 
> # Deny CONNECT to other than secure SSL ports
> http_access deny CONNECT !SSL_ports
> 
> # Only allow cachemgr access from localhost
> http_access allow localhost manager
> http_access deny manager
> 
> # We strongly recommend the following be uncommented to protect innocent
> # web applications running on the proxy server who think the only
> # one who can access services on "localhost" is a local user
> #http_access deny to_localhost
> visible_hostname proxy.lk.sk
> 
> 
> delay_pools 1
> delay_class 1 3
> delay_access 1 allow slower
> delay_access 1 deny all
> delay_parameters 1 51200/51200 -1/-1 51200/25600
> 
> http_access allow localnet
> http_access allow localhost
> 
> 
> 
> # And finally deny all other access to this proxy
> http_access deny all
> 
> # Squid normally listens to port 3128
> http_port 8080
> 
> # Uncomment and adjust the following to add a disk cache directory.
> # Updates: chrome and acrobat
> refresh_pattern -i gvt1.com/.*\.(exe|ms[i|u|f|p]|dat|zip|psf) 43200 80%
> 129600 reload-into-ims
> refresh_pattern -i adobe.com/.*\.(exe|ms[i|u|f|p]|dat|zip|psf) 43200 80%
> 129600 reload-into-ims
> 
> 
> 
> range_offset_limit 200 MB
> maximum_object_size 200 MB
> quick_abort_min -1
> 
> # DONT MODIFY THESE LINES
> refresh_pattern \^ftp:   1440    20% 10080
> refresh_pattern \^gopher:    1440    0%  1440
> refresh_pattern -i (/cgi-bin/|\?) 0  0%  0
> refresh_pattern .   0  20% 43200
> 
> cache_dir ufs /var/cache/squid 3000 16 256
> 
> # Leave coredumps in the first cache dir
> coredump_dir /var/cache/squid
> 
> cache_mem 1024 MB
> 
> netdb_filename none
> 
> #
> # Add any of your own refresh_pattern entries above these.
> #
> refresh_pattern ^ftp:    1440    20%    10080
> refresh_pattern ^gopher:    1440    0%    1440
> refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
> refresh_pattern .    0    20%    4320
> 
> url_rewrite_program /usr/local/ufdbguard/bin/ufdbgclient -m 4 -l
> /var/log/squid/
> url_rewrite_children 16 startup=8 idle=2 concurrency=4
> #debug_options ALL,1 33,2 28,9
> 
> 
> any help?
> 
> 
> On 2/26/21 10:22 AM, Majed Zouhairy wrote:
>>
>> Health be Upon you,
>>
>> i want to cache certain files, let's say exe, msi... above 20MB and
>> below 300MB, limit the cache directory to 3GB
>> i have no ssl bump not configured
>> version 4.14
>> how to do that?
>> ___
>> squid-users mailing list
>> squid-users@lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] SNMP OID SQUID 4

2021-03-01 Thread Matus UHLAR - fantomas


On 01.03.21 13:23, Stephane Simon wrote:

I am looking for snmp's oid for squid 4
Here (https://wiki.squid-cache.org/Features/Snmp#Squid_OIDs)i found for squid 2 
and 3


I use those for squid4 without problems.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Where do you want to go to die?" [Microsoft]
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid cache

Re: [squid-users] Exclude transaction from being logged

Re: [squid-users] Exclude transaction from being logged

[squid-users] SNMP OID SQUID 4

Re: [squid-users] squid cache

Re: [squid-users] SNMP OID SQUID 4

6 matches

Site Navigation

Mail list logo

Footer information