Re: [squid-users] ERROR: Cannot connect to 127.0.0.1:3128

2016-10-11 Thread Jorgeley Junior 
I think it could be the sequence of the rules, do this command and post the
results:
grep .   /etc/squid-your-version/squid.conf  |
grep -v   "#"

2016-10-11 3:59 GMT-03:00 Amos Jeffries :

> On 11/10/2016 4:54 p.m., Михаил wrote:
> > I check version of squid 3.5.21 with my configuration and I faced with a
> > problem. Early I used in version 3.5.12 this line for connect localhost,
> but now
> > it doesn't work.
>
> Order is important. Where you place the rules in squid.conf matters a
> lot with regards to whether they are actually useful and do what you
> want, or not.
>
> > # squid.conf
> > ...
> > http_access allow localhost manager
> > http_access deny manager
> > ...
> > # squidclient -p 3128 -h localhost mgr:info
> > HTTP/1.1 403 Forbidden
> > Server: squid
> > Mime-Version: 1.0
> > Date: Tue, 11 Oct 2016 03:42:54 GMT
> > ...
>
> > If I set a full access I could connect to localhost.
>
>
> > # squid.conf
> > ...
> > http_access allow all
> > http_access deny manager
> > ...
>
>
> So what IP address(es) does 'localhost' resolve to?
>
> > # squidclient -p 3128 -h localhost mgr:info
> > stub time| WARNING: BCP 177 violation. IPv6 transport forced OFF by build
> > parameters.
>
> I know you said in a followup to ignore this. But it may be important.
>
> It shows that squidclient was built with --disable-ipv6, and yet your
> system is IPv6-enabled.
>
> The name "localhost" for IPv6-enabled systems is ::1.
>
> A squid binary that is built with --disable-ipv6 will not permit ::1
> since it is non-IP4. But it will be recognized as part of "all" IP space.
>
>
> > HTTP/1.1 200 OK
> > Server: squid
> > Mime-Version: 1.0
> > Date: Tue, 11 Oct 2016 03:47:36 GMT
> > ...
> > What is happend? And what is the right way to connect to
> cache_management from
> > localhost?
>
> squidclient defaults to localhost and port 3128 for management access to
> Squid. Just use:
>
>   squidclient mgr:info
>
> Amos
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>



--
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Lost of all squid cache

2016-09-13 Thread Jorgeley Junior 
what about cache_swap_low and cache_swap_high???

2016-09-13 8:23 GMT-03:00 Eduardo Carneiro :

> Amos Jeffries wrote
> > On 13/09/2016 5:12 a.m., Yuri Voinov wrote:
> >>
> >> Hm.
> >>
> >> As a recovery you can try to rename/remove swap.state from cache_dir's
> >> and start squid again. AFAIK in this case it re-indexing all exists disk
> >> cache contents and build new one swap.state file. Also, does all
> >> permissions to cache_dir and subdirectories recursively is correct and
> >> intact?
> >
> > Also, check that the config file cache_dir L1 and L2 parameters are
> > identical to those which the disk directories were initially created
> > with. If those are different the file hashes will no longer map to the
> > directory layout they are sitting in.
> >
> > Amos
> > ___
> > squid-users mailing list
>
> > squid-users@.squid-cache
>
> > http://lists.squid-cache.org/listinfo/squid-users
>
> The L1 and L2 parameters are identical Amos. I did not change anything or
> the configuration or in the directory.
>
> I tried the solution Yuri mentioned, but it still fails. It took a long
> time
> to rebuild the swap.state, but cache still only 1GB.
>
>
>
> --
> View this message in context: http://squid-web-proxy-cache.
> 1019090.n4.nabble.com/Lost-of-all-squid-cache-tp4679466p4679479.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>



--
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] how to connect machine linux to squid proxy, not in browser?

2016-07-07 Thread Jorgeley Junior 
I dont know if I understand well, but if you want all linux enviroment to
access your proxy you must set the enviroment vars, suck like this:



*ftp_proxy=ftp://192.168.1.254:8213/
http_proxy=http://192.168.1.254:8213/
https_proxy=https://192.168.1.254:8213/
socks_proxy=socks://192.168.1.254:8213/
*


2016-07-07 5:18 GMT-03:00 Antony Stone :

> On Thursday 07 July 2016 at 10:11:14, admin wrote:
>
> > It is transparent (intercept) mode
>
> See http://wiki.squid-cache.org/SquidFaq/InterceptionProxy for details.
>
> Note that:
>
>  - getting intercept mode to work is more complex than standard (browser-
> configured) mode; you are recommended to make sure you have standard mode
> working correctly before adding this further complexity
>
>  - some sites / applications may simply not work correctly with intercept
> mode
>
>  - the Internet is migrating away from HTTP and towards HTTPS, which is a
> *whole* lot more difficult to get working in intercept mode
>
> > james82 писал 2016-07-07 12:26:
> > > In normal, people away connect squid proxy with browser. But I want
> > > method work with whole computer, like VPN, is mean connect machine
> > > linux, window or Mac to squid proxy installed on it? How to do that?
>
> What are you trying to achieve by implementing squid on your network?
>
>
> Antony.
>
> --
> Software development can be quick, high quality, or low cost.
>
> The customer gets to pick any two out of three.
>
>Please reply to the
> list;
>  please *don't* CC
> me.
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>



--
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Force DNS queries over TCP?

2016-06-30 Thread Jorgeley Junior 
I'm not sure, but, if your ISP is intercepting your DNS queries, maybe you
could use the mangle netfilter table to change your DNS queries and so
deceive your ISP, but I'm almost sure that the root servers will not
recognize. It was just an idea.

2016-06-30 16:16 GMT-03:00 Yuri Voinov :

>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Consider TCP/UDP/53 Cisco interception + Unbound + dnscrypt. And
> 127.0.0.1:53 as your squid's DNS resolver finally.
>
>
> 01.07.2016 1:07, Chris Horry пишет:
> >
> >
> > On 06/30/2016 14:55, Alex Crow wrote:
> >>
> >>
> >> On 30/06/16 19:40, brendan kearney wrote:
> >>>
> >>> Nscd or name server caching daemon may be of help.  I believe you can
> >>> run your own bind instqnce and point it at the roots, instead of using
> >>> your isp's broken implementation
> >>>
> >>> On Jun 30, 2016 2:21 PM, "Chris Horry"  >>>  > wrote:
> >>
> >> If the ISP is intercepting and redirecting all connections to UDP/53,
> >> which seems to be the case, I'm not sure this would help, unless the
> >> roots support TCP access.
> >>
> >> Chris, can you confirm this seems to be your ISP's behaviour? If so,
> >> avoiding sending *any* queries in cleartext via UDP/53 is the only way
> >> to do it.
> >
> > That is indeed my ISP's behaviour, they force redirect UDP/53 to their
> > broken implementation so the only option I have is to use TCP.
> >
> > Chris
> >
> >
> >
> > ___
> > squid-users mailing list
> > squid-users@lists.squid-cache.org
> > http://lists.squid-cache.org/listinfo/squid-users
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
>
> iQEcBAEBCAAGBQJXdXAkAAoJENNXIZxhPexGYlAH/A8NZGERE0+0i6N3IWQsvR1o
> LV9GIrmHZ6fBuMTgYWdul7YUDcUV5OT1kZ6GslbHdG/cfT7EqXDmWEUOy36kdTc6
> 50sIDLDGgD4XU3J0AFDyKV+yma1kuO8D3ZcE3nYMbSveX/MmdSZkoatIKwVKJkIP
> W1DFWFhHICC9Xzxia2t+qnRQ3TpXNnTEQbg2j4uMVbgeeYqOWkjg2VG/RcaxIrk6
> AQsXfPzwHC4Dy1GmDSEEEzu2+Q5lfL/IXStLENi9x4izmy+236/5ZOybv3Co6NRG
> 2EQdOoSeLvz2MgEbrNbHYABDkqt4Pjo7JKjONdAbnEBAAIgNKwW5pUSCBQok5+4=
> =paVE
> -END PGP SIGNATURE-
>
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
>


--
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Youtube wont work on squid

2016-03-02 Thread Jorgeley Junior 
I'm not sure if this can solve the problem, but, in my squid.conf I deny
youtube to cache using "cache_deny"

2016-03-02 3:04 GMT-03:00 Yuri Voinov :

>
>
> 02.03.16 2:34, Baselsayeh пишет:
>
>> Yuri Voinov wrote
>>
>>> -BEGIN PGP SIGNED MESSAGE-
>>> Hash: SHA256
>>>   Did you read
>>>
>>> http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit
>>>
>>> this first?
>>>
>>> Look once more to examples.
>>>
>>> 02.03.16 2:15, Baselsayeh пишет:
>>>
 Yuri Voinov wrote
 Seems to some else misconfiguration in peek-n-splice section.

 Where is your at_step peek definition?

 02.03.16 2:08, Baselsayeh пишет:

> Yuri Voinov wrote
>>>
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Aha.

 You must know, that stare is client initiated handshake. This is

>>> a bit
>>>
 specific option, which is useless in most usecases (IMHO).

 More reliable configuration is peek then bump.

 Did you client (android) contains your cache CA public key?
 ___
 squid-users mailing list
 squid-users@.squid-cache
 http://lists.squid-cache.org/listinfo/squid-users


 0x613DEC46.asc (2K)

 
>>> http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676357/0/0x613DEC46.asc
>>> ;
>>>
 now new error after changing config to peek then bump
>>>
>>> access.log :  http://pastebin.com/j97k953r
>>>
>> http://pastebin.com/j97k953r;

> cache.log :  http://pastebin.com/2jF6nqeM
>>> http://pastebin.com/2jF6nqeM;
>>>
>>> squid.config :  http://pastebin.com/FDuHtCDD
>>>
>> http://pastebin.com/FDuHtCDD;

> and now youtube works but when i enter a video it loads for a
>>>
>> little bit
>>>
 then says
>>> "Connection to the server lost"
>>> "tap to retry"
>>>
>>> i tried more than 10 videos and none of them worked
>>>
>>>
>>>
>>> --
>>> View this message in context:
>>>
>>
>>> http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676359.html
>>>
 Sent from the Squid - Users mailing list archive at Nabble.com.
>>> ___
>>> squid-users mailing list
>>>
>>> squid-users@.squid-cache

 http://lists.squid-cache.org/listinfo/squid-users
>>>
>>
> ___
> squid-users mailing list
> squid-users@.squid-cache
> http://lists.squid-cache.org/listinfo/squid-users
>
>
> 0x613DEC46.asc (2K)
>
> 
>>> http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676360/0/0x613DEC46.asc
>>> ;
>>>
>>> what do you mean?

 this?

 http_port 3428 intercept
 https_port 3429 intercept ssl-bump generate-host-certificates=on
 dynamic_cert_mem_cache_size=200MB cert=/home/basel/squid/rootCAcert.pem
 key=/home/basel/squid/rootCAkey.key
 ssl_bump peek all
 ssl_bump bump all
 sslcrtd_program /lib/squid/ssl_crtd -s /var/cache/squid/ssl_db/ -M 200MB
 sslcrtd_children 3 startup=1 idle=1




 --
 View this message in context:

>>>
>>> http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-wont-work-on-squid-tp4676349p4676361.html
>>>
 Sent from the Squid - Users mailing list archive at Nabble.com.
 ___
 squid-users mailing list

 squid-users@.squid-cache
>>>
 http://lists.squid-cache.org/listinfo/squid-users

>>> -BEGIN PGP SIGNATURE-
>>> Version: GnuPG v2
>>>   iQEcBAEBCAAGBQJW1f9dAAoJENNXIZxhPexGcSkH/0sykbFIcW+et28E9VUiT6r6
>>> ShcfP89O15nYTFJgsrTGslTv5EX1+fwproBljHLT1VSkZg8Ftl/RcrthP0z4F/F8
>>> Pe83prBkD/EuvpElP9OuKL+CE3IhSKTDya0+VTUUmskr/CFpl51R+tL7Va6BLJc/
>>> MWC3X+B7Ywkujaf3Y1iuxw3pG7bawRHQVYaIhKnCIRwJ3MrfUS4WX31r5bhNplUj
>>> fTq4owWWycq0RjzlJ6gait8p4lRTOts1IBQ+dzzVxuPo+3CdPWd6UXSusWJ7NQUT
>>> Tj9w878S09xkVoGDRsEHB21MgjnbB0GQ7AmjTyPTQvS5tm/msAPMtpsgCS5oz9I=
>>> =WmcI
>>> -END PGP SIGNATURE-
>>>
>>>
>>> ___
>>> squid-users mailing list
>>> squid-users@.squid-cache
>>> http://lists.squid-cache.org/listinfo/squid-users
>>>
>>>
>>> 0x613DEC46.asc (2K)
>>> 
>>> http://squid-web-proxy-cache.1019090.n4.nabble.com/attachment/4676362/0/0x613DEC46.asc
>>> ;
>>>
>> it works now
>>
>> http_port 3428 intercept
>> https_port 3429 intercept ssl-bump generate-host-certificates=on
>> dynamic_cert_mem_cache_size=200MB cert=/home/basel/squid/rootCAcert.pem
>> key=/home/basel/squid/rootCAkey.key
>> acl step1 at_step SslBump1
>> acl step2 at_step SslBump2
>> acl step3 at_step SslBump3
>> ssl_bump peek step1
>> ssl_bump bump all
>> sslcrtd_program /lib/squid/ssl_crtd -s /var/cache/squid/ssl_db/ -M 200MB
>>

Re: [squid-users] urlpath_regex not being matched

2016-01-18 Thread Jorgeley Junior 
I didn't test this, but i think it works better:
*http_access deny banned_sites   !good_facebook*
is it works?

2016-01-18 16:35 GMT-02:00 Lucía Guevgeozian :

> Ok, thanks again for the quick reply, I'm upgrading :)
>
> Regards,
> Lucia
>
> 2016-01-18 14:58 GMT-03:00 Yuri Voinov :
>
>>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>>
>>
>> 18.01.16 23:56, Lucía Guevgeozian пишет:
>> > Thank you very much for your responses.
>> >
>> > I understand from http://www.squid-cache.org/Doc/config/http_access/
>> that
>> > http_access will not work with https in version of squid older than 3.3.
>> >
>> > Do you know if an alternative config exists without upgrading?
>> We don't know it. HTTPS-ops required updrade.
>>
>> >
>> >
>> > Regards,
>> > Lucia
>> >
>> > 2016-01-18 14:38 GMT-03:00 Antony Stone
>>  :
>> >
>> >> On Monday 18 January 2016 at 18:31:40, Yuri Voinov wrote:
>> >>
>> >>> Facebook (like more others) uses Akamai CDN as background delivery
>> >> service.
>> >>>
>> >>> So, facebook.* domain is a little part of whole big fat Facebook :)
>> >>
>> >> True, but that should still match *request* URLs (once the HTTP/S
>> problem
>> >> is
>> >> sorted out), no?
>> >>
>> >>> 18.01.16 23:29, Antony Stone пишет:
>>  On Monday 18 January 2016 at 18:22:24, Lucía Guevgeozian wrote:
>> > acl good_facebook urlpath_regex groups
>> > acl banned_sites url_regex "/etc/squid/config/banned_sites"
>> >
>> > inside banned_sites I have the word facebook
>> >
>> > http_access allow good_facebook
>> > http_access deny banned_sites
>> 
>>  Okay, so you've set up some HTTP access controls... so far, so good.
>> 
>> > If I try accessing https://www.facebook.com/groups I get blocked
>> 
>>  That's an HTTPS URL, not HTTP :)
>> 
>> > ps: I'm using this squid version
>> > Squid Cache: Version 3.0.STABLE18
>> 
>>  That's old - you are strongly recommended to upgrade.
>> 
>> 
>>  Antony.
>> >>
>> >> --
>> >> Perfection in design is achieved not when there is nothing left to
>> add, but
>> >> rather when there is nothing left to take away.
>> >>
>> >>  - Antoine de Saint-Exupery
>> >>
>> >>Please reply to the
>> >> list;
>> >>  please
>> *don't* CC
>> >> me.
>> >> ___
>> >> squid-users mailing list
>> >> squid-users@lists.squid-cache.org
>> >> http://lists.squid-cache.org/listinfo/squid-users
>> >>
>> >
>> >
>> >
>> > ___
>> > squid-users mailing list
>> > squid-users@lists.squid-cache.org
>> > http://lists.squid-cache.org/listinfo/squid-users
>>
>> -BEGIN PGP SIGNATURE-
>> Version: GnuPG v2
>>
>> iQEcBAEBCAAGBQJWnSevAAoJENNXIZxhPexGG9EH/0Rmqad38Lf8vHArd7ZrYrIo
>> Ie6viHuydYgsJOa+Ii/gqbsmIeiubPA8gY5mzJFzAo44k+Q0v8iUv8Qm2bQsD7v5
>> DhsEqenkfazw3Gv3PTQM27aUUk6ucDBJhtrCiGGrofLnMzaHoqVlSU0Vwkv2cNfr
>> flXuTfzhJtqNrXbiyVw75v8lvesRxozpfBas3vOBimrBCn6UFqyFlkirQSvo+m3R
>> IRN/FXOVpJqRXSAfZWRPQayfmDxf+cZbX2nhQvwvBatyu8+Z8s4sl7m6Lf/KU4U2
>> mZaRon9h7cJGmC/sVNre1JFI7tTACg2nnGjINtv+Itm7uE9r95CNr+OGxYkLUcM=
>> =EES7
>> -END PGP SIGNATURE-
>>
>>
>> ___
>> squid-users mailing list
>> squid-users@lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>>
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
>


--
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Optimezed???

2015-09-24 Thread Jorgeley Junior 
Can we do that to cache https?
http_port 3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/etc/monkey.pem

2015-09-24 11:24 GMT-03:00 Jorgeley Junior <jorge...@gmail.com>:

> Is it not possible to cache the https due the encryption?
>
> 2015-09-18 9:44 GMT-03:00 Antony Stone <antony.st...@squid.open.source.it>
> :
>
>> On Friday 18 September 2015 at 14:27:42, Jorgeley Junior wrote:
>>
>> > there is a way to improve it?
>>
>> Improve what?  The percentage of your traffic which is cached, or the
>> accuracy
>> of the information reported by your monitoring system?
>>
>>
>> If you want to cache more content:
>>
>> 1. Make sure the sites being visited have available content (note that
>> 12.6%
>> of your requests resulted in the remote server saying some variation on
>> "nothing available").
>>
>> 2. Ignore things which are meaningless - such as the 27% of your requests
>> which resulted in 407 Authentication Required - that tells you nothing
>> about
>> whether the user then successfully authenticated and got what they
>> wanted, or
>> didn't, but either way it's a standard response from the server which
>> tells
>> you nothing about the effectiveness of your cache.
>>
>> 3. Make sure your traffic is HTTP instead of HTTPS.
>>
>> 4. Make sure your users are visiting the same sites repeatedly so that
>> content
>> which gets cached gets re-used.
>>
>> 5. Make sure the sites they're visiting are not setting "don't cache" or
>> "already expired" headers (such as is common for news sites, for example)
>> so
>> that the content is cacheable.
>>
>> 6. Run your cache for long enough that it's likely to have a
>> representative
>> proportion of what the users are asking for when you start measuring its
>> effectiveness - if you start from an empty cache and pass requests
>> through it,
>> it's going to take some time for the content to build up so that you see
>> some
>> hits.
>>
>>
>> If you want to improve the information you're getting from the monitoring
>> system, make sure it's telling you how much was cached as a proportion of
>> requests which could have been cached - in other words, leave out HTTPS
>> (36%)
>> and 407 Auth Required (27%), plus anything where the remote server had
>> nothing
>> to provide (13%), and requests where the user's browser already had a
>> cached
>> copy and didn't to request an update (4%).
>>
>> That throws out 80% of your current statistics, so you concentrate on the
>> data
>> about connections Squid *could* have helped with.
>>
>> > 2015-09-18 8:25 GMT-03:00 Antony Stone:
>> > > On Friday 18 September 2015 at 13:13:27, Jorgeley Junior wrote:
>> > > > hey guys, forgot-me? :(
>> > >
>> > > Surely you can see for yourself how many connections you've had of
>> > > different types?  Here are the most common (all those over 100
>> instances)
>> > > from your list of 5240 results
>> > >
>> > > > > 290 TAG_NONE/503
>> > > > > 368 TCP_DENIED/403
>> > > > >1421 TCP_DENIED/407
>> > > > > 680 TCP_MISS/200
>> > > > > 192 TCP_REFRESH_UNMODIFIED/304
>> > > > >1896 TCP_TUNNEL/200
>> > >
>> > > So:
>> > >
>> > > 290 (5.5%) got a 503 result (service unavailable)
>> > > 368 (7%) were denied by the remote server with code 403 (forbidden)
>> > > 1421 (27%) were deined by the remote server with code 407 (auth
>> required)
>> > > 680 (13%) were successfully retreived from the remote servers but were
>> > > not previously in your cache
>> > > 192 (3.6%) were already cached by your browser and didn't need to be
>> > > retreived
>> > > 1896 (36%) were successful HTTPS tunneled connections, simply being
>> > > forwarded
>> > > by the proxy
>> > >
>> > > This accounts for 4847 (92.5%) of your 5240 results.
>> > >
>> > > As you can see, just measuring HIT and MISS is not the whole picture.
>> > >
>> > >
>> > > Hope that helps,
>> > >
>> > >
>> > > Antony.
>>
>> --
>> "The problem with television is that the people must sit and keep their
>> eyes
>> glued on a screen; the average American family hasn't time for it."
>>
>>  - New York Times, following a demonstration at the 1939 World's Fair.
>>
>>Please reply to the
>> list;
>>  please *don't*
>> CC me.
>> ___
>> squid-users mailing list
>> squid-users@lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>
>
>
> --
>
>
>


--
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Optimezed???

2015-09-18 Thread Jorgeley Junior 
hey guys, forgot-me? :(

2015-09-17 8:08 GMT-03:00 Jorgeley Junior <jorge...@gmail.com>:

> thank you all for the reply, here is the result of the command:
> 1 TAG_NONE/500
> 290 TAG_NONE/503
>  10 TAG_NONE_ABORTED/000
>   4 TCP_CLIENT_REFRESH_MISS/200
> 368 TCP_DENIED/403
>1421 TCP_DENIED/407
>   5 TCP_HIT/200
>   7 TCP_HIT_ABORTED/000
>   7 TCP_IMS_HIT/200
>  39 TCP_IMS_HIT/304
>   1 TCP_MEM_HIT/200
> 680 TCP_MISS/200
>  39 TCP_MISS/204
>   1 TCP_MISS/206
>   9 TCP_MISS/301
>  30 TCP_MISS/302
>  70 TCP_MISS/304
>   8 TCP_MISS/404
>  29 TCP_MISS/416
>   1 TCP_MISS/500
>   3 TCP_MISS/503
>  16 TCP_MISS_ABORTED/000
>   4 TCP_MISS_ABORTED/200
>   1 TCP_MISS_ABORTED/206
>  56 TCP_REFRESH_MODIFIED/200
>   1 TCP_REFRESH_MODIFIED/416
>  38 TCP_REFRESH_UNMODIFIED/200
> 192 TCP_REFRESH_UNMODIFIED/304
>   3 TCP_SWAPFAIL_MISS/200
>  10 TCP_SWAPFAIL_MISS/304
>1896 TCP_TUNNEL/200
>
>
> 2015-09-17 2:12 GMT-03:00 Amos Jeffries <squ...@treenet.co.nz>:
>
>> On 17/09/2015 8:55 a.m., Eliezer Croitoru wrote:
>> > Try to run this on you access.log:
>> > cat /var/log/squid/access.log|gawk '{print $4}'|sort|uniq -c
>> >
>> > This should show a list of all the cases which includes 304 status code.
>> > If you can post the results there will might be another side to the
>> > whole story in the output.
>> >
>> > Eliezer
>>
>> Yes that should clarify the story a bit. As would the Squid version
>> details.
>>
>> What is clear is that over 60% of the traffic by both count and volume
>> is neither HIT nor MISS. The graphing / analysis tool does not account
>> for TUNNEL or REFRESH transactions which can happen in HTTP/1.1.
>>
>> Amos
>>
>>
>> ___
>> squid-users mailing list
>> squid-users@lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>
>
>
> --
>
>
>


--
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Optimezed???

2015-09-16 Thread Jorgeley Junior 
I think my squid is not optimezed due the percentage of hits, see the graph
bellow:

​
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Optimezed???

2015-09-16 Thread Jorgeley Junior 
Any suggestions?
Em 16/09/2015 17:10, "Eliezer Croitoru" <elie...@ngtech.co.il> escreveu:

> Can you run a script on the access log? to verify couple things?
> Hit and Miss are not the only options and there is a possibility that your
> cache causes that only specific requests will be even downloaded using the
> cache.
>
> If so I will send you the bash script to try and see something.
>
> Eliezer
>
> On 16/09/2015 23:00, Jorgeley Junior wrote:
>
>> I think my squid is not optimezed due the percentage of hits, see the
>> graph
>> bellow:
>>
>> ​
>>
>>
>>
>> ___
>> squid-users mailing list
>> squid-users@lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] stoping after rotate

2015-09-09 Thread Jorgeley Junior 
ok, thank you all so much!

2015-09-09 10:40 GMT-03:00 Marcus Kool <marcus.k...@urlfilterdb.com>:

> It seems that your system is finally getting healthy.
>
> The fact that the resident memory is 371 MB means that you have no disk
> cache or Squid is hardly used, or both.
> But look at that red 6.4GB virtual memory which indicates that Squid can
> grow to 6.4 GB and even more when it is used.
>
> So next step is to start using the proxy and monitor the process size.
>
> Marcus
>
>
> On 09/09/2015 10:24 AM, Jorgeley Junior wrote:
>
>> changed cache_mem to 3GB, after one hour, this is my htop:
>>
>> ​
>>
>> 2015-09-09 9:39 GMT-03:00 Jorgeley Junior <jorge...@gmail.com > jorge...@gmail.com>>:
>>
>> changed cache_mem to 3GB, after one hour, this is my htop:
>>
>> ​
>>
>> 2015-09-09 9:34 GMT-03:00 Jorgeley Junior <jorge...@gmail.com
>> <mailto:jorge...@gmail.com>>:
>>
>> changed cache_mem to 3GB, after one hour, this is my htop:
>>
>> ​
>>
>> 2015-09-08 21:43 GMT-03:00 Jorgeley Junior <jorge...@gmail.com
>> <mailto:jorge...@gmail.com>>:
>>
>>     ok, I'll do it
>>
>> 2015-09-08 21:30 GMT-03:00 Marcus Kool <
>> marcus.k...@urlfilterdb.com <mailto:marcus.k...@urlfilterdb.com>>:
>>
>>
>>
>> On 09/08/2015 09:23 PM, Jorgeley Junior wrote:
>>
>> ok, read that already, i set cache_mem to 5GB, so is
>> not ok?
>>
>>
>> No. Squid will use more than 6 GB with cache_mem set to 5
>> GB.
>> I suggest that you use 2500 MB and after Squid runs for 1
>> hour, see what the total process size is.
>>
>> Marcus
>>
>>
>> 2015-09-08 20:25 GMT-03:00 Marcus Kool <
>> marcus.k...@urlfilterdb.com <mailto:marcus.k...@urlfilterdb.com> > marcus.k...@urlfilterdb.com <mailto:marcus.k...@urlfilterdb.com>>>:
>>
>>
>>
>>  On 09/08/2015 10:39 AM, Jorgeley Junior wrote:
>>
>>  I have 8GB physical memory and my swap is
>> 32GB.
>>  I didn't increase the swap yet, should I?
>>
>>
>>  You must start with reading the memory FAQ:
>> http://wiki.squid-cache.org/SquidFaq/SquidMemory
>>
>>  The general rule for all processes applies: make
>> sure that a process is *not* larger than 80% of the physical memory.
>>  In your case, you must reduce cache_mem and make
>> sure that Squid does not use more than 6 GB.
>>
>>  A swap of 32 GB is fine for a system with 8 GB
>> physical memory.
>>
>>  I also suggest to consider a memory upgrade.
>>
>>  Marcus
>>
>>
>>  2015-09-08 9:23 GMT-03:00 Marcus Kool <
>> marcus.k...@urlfilterdb.com <mailto:marcus.k...@urlfilterdb.com> > marcus.k...@urlfilterdb.com
>> <mailto:marcus.k...@urlfilterdb.com>> > marcus.k...@urlfilterdb.com <mailto:marcus.k...@urlfilterdb.com> > marcus.k...@urlfilterdb.com
>> <mailto:marcus.k...@urlfilterdb.com>>>>:
>>
>>
>>
>>   On 09/08/2015 08:11 AM, Jorgeley Junior
>> wrote:
>>
>>   Thank you all, this is the output:
>>   vm.overcommit_memory = 0
>>   vm.swappiness = 60
>>   I have a Redhat 6.6
>>
>>
>>   The value of vm.overcommit_memory is OK.
>>   The default value for vm.swappiness is
>> way too high. It means that Linux swaps out parts of processes when they
>> are idle for a while.
>>   For better overall system performance,
>> you want those processes in memory as long as possible and not swapped out
>> so I recommend to change it to 15.
>>   This implies that the OS has 15% of the
>> physical memory available for file system buffers which is plenty.
>>
>>   You only mentioned that the swap is 32
>> GB.  What is the size of the physical memory ?
>>
>>

Re: [squid-users] stoping after rotate

2015-09-08 Thread Jorgeley Junior 
Thank you all, this is the output:
vm.overcommit_memory = 0
vm.swappiness = 60
I have a Redhat 6.6

2015-09-05 15:08 GMT-03:00 Marcus Kool <marcus.k...@urlfilterdb.com>:

> On Linux, an important sysctl parameter that determines how Linux behaves
> with respect to VM allocation is vm.overcommit_memory (should be 0).
> And vm.swappiness is important to tune servers (should be 10-15).
>
> Which version of Linux do you have and what is the output of
>sysctl -a | grep -e vm.overcommit_memory -e  vm.swappiness
>
> Marcus
>
>
> On 09/04/2015 07:04 PM, Jorgeley Junior wrote:
>
>> Thanks Amos, i will increase the swap
>>
>> Em 04/09/2015 17:22, "Amos Jeffries" <squ...@treenet.co.nz > squ...@treenet.co.nz>> escreveu:
>>
>> On 5/09/2015 7:16 a.m., Jorgeley Junior wrote:
>>  > Thanks Amos, my swap is 32GB, so that's causing the error as you
>> said.
>>  > Which is the better choice: increase the swap size or reduce the
>>  > cache_mem???
>>  >
>>
>> Both probably. 128 GB swap I suspect you will need.
>>
>> Increase the swap so the system lets Squid use more virtual memory.
>>
>> Decrease the cache_mem so that Squid does not actually end up using
>> the
>> swap for its main worker processes. That is a real killer for
>> performance.
>>
>>
>> Amos
>>
>>
>>
>> ___
>> squid-users mailing list
>> squid-users@lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>>


--
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] stoping after rotate

2015-09-08 Thread Jorgeley Junior 
ok, I'll do it

2015-09-08 21:30 GMT-03:00 Marcus Kool <marcus.k...@urlfilterdb.com>:

>
>
> On 09/08/2015 09:23 PM, Jorgeley Junior wrote:
>
>> ok, read that already, i set cache_mem to 5GB, so is not ok?
>>
>
> No. Squid will use more than 6 GB with cache_mem set to 5 GB.
> I suggest that you use 2500 MB and after Squid runs for 1 hour, see what
> the total process size is.
>
> Marcus
>
>
> 2015-09-08 20:25 GMT-03:00 Marcus Kool <marcus.k...@urlfilterdb.com
>> <mailto:marcus.k...@urlfilterdb.com>>:
>>
>>
>>
>> On 09/08/2015 10:39 AM, Jorgeley Junior wrote:
>>
>> I have 8GB physical memory and my swap is 32GB.
>> I didn't increase the swap yet, should I?
>>
>>
>> You must start with reading the memory FAQ:
>> http://wiki.squid-cache.org/SquidFaq/SquidMemory
>>
>> The general rule for all processes applies: make sure that a process
>> is *not* larger than 80% of the physical memory.
>> In your case, you must reduce cache_mem and make sure that Squid does
>> not use more than 6 GB.
>>
>> A swap of 32 GB is fine for a system with 8 GB physical memory.
>>
>> I also suggest to consider a memory upgrade.
>>
>> Marcus
>>
>>
>> 2015-09-08 9:23 GMT-03:00 Marcus Kool <
>> marcus.k...@urlfilterdb.com <mailto:marcus.k...@urlfilterdb.com> > marcus.k...@urlfilterdb.com <mailto:marcus.k...@urlfilterdb.com>>>:
>>
>>
>>
>>  On 09/08/2015 08:11 AM, Jorgeley Junior wrote:
>>
>>  Thank you all, this is the output:
>>  vm.overcommit_memory = 0
>>  vm.swappiness = 60
>>  I have a Redhat 6.6
>>
>>
>>  The value of vm.overcommit_memory is OK.
>>  The default value for vm.swappiness is way too high. It
>> means that Linux swaps out parts of processes when they are idle for a
>> while.
>>  For better overall system performance, you want those
>> processes in memory as long as possible and not swapped out so I recommend
>> to change it to 15.
>>  This implies that the OS has 15% of the physical memory
>> available for file system buffers which is plenty.
>>
>>  You only mentioned that the swap is 32 GB.  What is the size
>> of the physical memory ?
>>
>>  Did you already increase the swap ?
>>
>>  Marcus
>>
>>
>>  2015-09-05 15:08 GMT-03:00 Marcus Kool <
>> marcus.k...@urlfilterdb.com <mailto:marcus.k...@urlfilterdb.com> > marcus.k...@urlfilterdb.com <mailto:marcus.k...@urlfilterdb.com>>
>> <mailto:marcus.k...@urlfilterdb.com > marcus.k...@urlfilterdb.com> <mailto:marcus.k...@urlfilterdb.com > marcus.k...@urlfilterdb.com>>>>:
>>
>>   On Linux, an important sysctl parameter that
>> determines how Linux behaves with respect to VM allocation is
>> vm.overcommit_memory (should be 0).
>>   And vm.swappiness is important to tune servers
>> (should be 10-15).
>>
>>   Which version of Linux do you have and what is the
>> output of
>>   sysctl -a | grep -e vm.overcommit_memory -e
>> vm.swappiness
>>
>>   Marcus
>>
>>
>>   On 09/04/2015 07:04 PM, Jorgeley Junior wrote:
>>
>>   Thanks Amos, i will increase the swap
>>
>>   Em 04/09/2015 17:22, "Amos Jeffries" <
>> squ...@treenet.co.nz <mailto:squ...@treenet.co.nz> > squ...@treenet.co.nz <mailto:squ...@treenet.co.nz>>
>> <mailto:squ...@treenet.co.nz <mailto:squ...@treenet.co.nz>
>> <mailto:squ...@treenet.co.nz <mailto:squ...@treenet.co.nz>>> > squ...@treenet.co.nz <mailto:squ...@treenet.co.nz>
>>  <mailto:squ...@treenet.co.nz > squ...@treenet.co.nz>> <mailto:squ...@treenet.co.nz > squ...@treenet.co.nz> <mailto:squ...@treenet.co.nz > squ...@treenet.co.nz>>>>>
>> escreveu:
>>
>>On 5/09/2015 7:16 a.m., Jorgeley Junior
>> wrote:
>> > Thanks Amos, my swap is 32GB, so that's
>> causing the error as you said.
>> > Which is the better choice: increase
>> the swap size or reduce the
>

Re: [squid-users] stoping after rotate

2015-09-08 Thread Jorgeley Junior 
ok, read that already, i set cache_mem to 5GB, so is not ok?

2015-09-08 20:25 GMT-03:00 Marcus Kool <marcus.k...@urlfilterdb.com>:

>
>
> On 09/08/2015 10:39 AM, Jorgeley Junior wrote:
>
>> I have 8GB physical memory and my swap is 32GB.
>> I didn't increase the swap yet, should I?
>>
>
> You must start with reading the memory FAQ:
> http://wiki.squid-cache.org/SquidFaq/SquidMemory
>
> The general rule for all processes applies: make sure that a process is
> *not* larger than 80% of the physical memory.
> In your case, you must reduce cache_mem and make sure that Squid does not
> use more than 6 GB.
>
> A swap of 32 GB is fine for a system with 8 GB physical memory.
>
> I also suggest to consider a memory upgrade.
>
> Marcus
>
>
> 2015-09-08 9:23 GMT-03:00 Marcus Kool <marcus.k...@urlfilterdb.com
>> <mailto:marcus.k...@urlfilterdb.com>>:
>>
>>
>>
>> On 09/08/2015 08:11 AM, Jorgeley Junior wrote:
>>
>> Thank you all, this is the output:
>> vm.overcommit_memory = 0
>> vm.swappiness = 60
>> I have a Redhat 6.6
>>
>>
>> The value of vm.overcommit_memory is OK.
>> The default value for vm.swappiness is way too high. It means that
>> Linux swaps out parts of processes when they are idle for a while.
>> For better overall system performance, you want those processes in
>> memory as long as possible and not swapped out so I recommend to change it
>> to 15.
>> This implies that the OS has 15% of the physical memory available for
>> file system buffers which is plenty.
>>
>> You only mentioned that the swap is 32 GB.  What is the size of the
>> physical memory ?
>>
>> Did you already increase the swap ?
>>
>> Marcus
>>
>>
>> 2015-09-05 15:08 GMT-03:00 Marcus Kool <
>> marcus.k...@urlfilterdb.com <mailto:marcus.k...@urlfilterdb.com> > marcus.k...@urlfilterdb.com <mailto:marcus.k...@urlfilterdb.com>>>:
>>
>>  On Linux, an important sysctl parameter that determines how
>> Linux behaves with respect to VM allocation is vm.overcommit_memory (should
>> be 0).
>>  And vm.swappiness is important to tune servers (should be
>> 10-15).
>>
>>  Which version of Linux do you have and what is the output of
>>  sysctl -a | grep -e vm.overcommit_memory -e
>> vm.swappiness
>>
>>  Marcus
>>
>>
>>  On 09/04/2015 07:04 PM, Jorgeley Junior wrote:
>>
>>      Thanks Amos, i will increase the swap
>>
>>  Em 04/09/2015 17:22, "Amos Jeffries" <
>> squ...@treenet.co.nz <mailto:squ...@treenet.co.nz> > squ...@treenet.co.nz <mailto:squ...@treenet.co.nz>> > squ...@treenet.co.nz
>> <mailto:squ...@treenet.co.nz> <mailto:squ...@treenet.co.nz
>> <mailto:squ...@treenet.co.nz>>>> escreveu:
>>
>>   On 5/09/2015 7:16 a.m., Jorgeley Junior wrote:
>>> Thanks Amos, my swap is 32GB, so that's causing
>> the error as you said.
>>> Which is the better choice: increase the swap
>> size or reduce the
>>> cache_mem???
>>>
>>
>>   Both probably. 128 GB swap I suspect you will need.
>>
>>   Increase the swap so the system lets Squid use more
>> virtual memory.
>>
>>   Decrease the cache_mem so that Squid does not
>> actually end up using the
>>   swap for its main worker processes. That is a real
>> killer for performance.
>>
>>
>>   Amos
>>
>>
>>
>>  ___
>>  squid-users mailing list
>> squid-users@lists.squid-cache.org > squid-users@lists.squid-cache.org> > squid-users@lists.squid-cache.org > squid-users@lists.squid-cache.org>>
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>>
>>
>>
>> --
>> *_
>> _*
>> *_
>> _*
>>
>> ___
>> squid-users mailing list
>> squid-users@lists.squid-cache.org > squid-users@lists.squid-cache.org>
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>>
>>
>>
>> --
>> *_
>> _*
>> *_
>> _*
>>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>



--
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] stoping after rotate

2015-09-08 Thread Jorgeley Junior 
I have 8GB physical memory and my swap is 32GB.
I didn't increase the swap yet, should I?

2015-09-08 9:23 GMT-03:00 Marcus Kool <marcus.k...@urlfilterdb.com>:

>
>
> On 09/08/2015 08:11 AM, Jorgeley Junior wrote:
>
>> Thank you all, this is the output:
>> vm.overcommit_memory = 0
>> vm.swappiness = 60
>> I have a Redhat 6.6
>>
>
> The value of vm.overcommit_memory is OK.
> The default value for vm.swappiness is way too high. It means that Linux
> swaps out parts of processes when they are idle for a while.
> For better overall system performance, you want those processes in memory
> as long as possible and not swapped out so I recommend to change it to 15.
> This implies that the OS has 15% of the physical memory available for file
> system buffers which is plenty.
>
> You only mentioned that the swap is 32 GB.  What is the size of the
> physical memory ?
>
> Did you already increase the swap ?
>
> Marcus
>
>
> 2015-09-05 15:08 GMT-03:00 Marcus Kool <marcus.k...@urlfilterdb.com
>> <mailto:marcus.k...@urlfilterdb.com>>:
>>
>> On Linux, an important sysctl parameter that determines how Linux
>> behaves with respect to VM allocation is vm.overcommit_memory (should be 0).
>> And vm.swappiness is important to tune servers (should be 10-15).
>>
>> Which version of Linux do you have and what is the output of
>> sysctl -a | grep -e vm.overcommit_memory -e  vm.swappiness
>>
>> Marcus
>>
>>
>> On 09/04/2015 07:04 PM, Jorgeley Junior wrote:
>>
>> Thanks Amos, i will increase the swap
>>
>>     Em 04/09/2015 17:22, "Amos Jeffries" <squ...@treenet.co.nz
>> <mailto:squ...@treenet.co.nz> <mailto:squ...@treenet.co.nz > squ...@treenet.co.nz>>> escreveu:
>>
>>  On 5/09/2015 7:16 a.m., Jorgeley Junior wrote:
>>   > Thanks Amos, my swap is 32GB, so that's causing the error
>> as you said.
>>   > Which is the better choice: increase the swap size or
>> reduce the
>>   > cache_mem???
>>   >
>>
>>  Both probably. 128 GB swap I suspect you will need.
>>
>>  Increase the swap so the system lets Squid use more virtual
>> memory.
>>
>>  Decrease the cache_mem so that Squid does not actually end
>> up using the
>>  swap for its main worker processes. That is a real killer
>> for performance.
>>
>>
>>  Amos
>>
>>
>>
>> ___
>> squid-users mailing list
>> squid-users@lists.squid-cache.org > squid-users@lists.squid-cache.org>
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>>
>>
>>
>> --
>> *_
>> _*
>> *_
>> _*
>>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>



--
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] stoping after rotate

2015-09-04 Thread Jorgeley Junior 
Thanks Amos, my swap is 32GB, so that's causing the error as you said.
Which is the better choice: increase the swap size or reduce the
cache_mem???

2015-09-04 13:55 GMT-03:00 Amos Jeffries <squ...@treenet.co.nz>:

> On 4/09/2015 11:32 p.m., Jorgeley Junior wrote:
> > Hi guys, I suspect my squid stop to serve request after rotate, in the
> > morning, after I restarted it, everything goes to normal.
> > here is the log:
> > 2015/09/04 00:00:01 kid1| storeDirWriteCleanLogs: Starting...
> > 2015/09/04 00:00:01 kid1|   Finished.  Wrote 39639 entries.
> > 2015/09/04 00:00:01 kid1|   Took 0.01 seconds (5804510.18 entries/sec).
> > 2015/09/04 00:00:01 kid1| logfileRotate: stdio:/var/logs/store.log
> > 2015/09/04 00:00:01 kid1| Rotate log file stdio:/var/logs/store.log
> > 2015/09/04 00:00:01 kid1| logfileRotate: stdio:/var/logs/access.log
> > 2015/09/04 00:00:01 kid1| Rotate log file stdio:/var/logs/access.log
> > 2015/09/04 00:00:01 kid1| helperOpenServers: Starting 1/10
> > 'basic_ncsa_auth' processes
> > 2015/09/04 00:00:01 kid1| ipcCreate: fork: (12) Cannot allocate memory
>
> As you can see Squid uses fork() to spawn its helpers. That means Linux
> is going to allocate an N amount of virtual memory equal to the memory
> currently being used by Squid.
>
> > 2015/09/04 00:00:01 kid1| WARNING: Cannot run
> > '/etc/squid-3.5.6/libexec/basic_ncsa_auth' process.
> > 2015/09/04 00:00:55 kid1| WARNING: Memory usage at 67121 MB
> > ...
>
> Which is over 64 GiB.
>
> Does your machine have 67,121 MB of virtual memory free ?
>  it would seem not to.
>
>
> The only workaround for this is to keep Squid cache_mem small enough
> that these oprations do not fail when it is fully in-use.
>
> Amos
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>



--
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] stoping after rotate

2015-09-04 Thread Jorgeley Junior 
Thanks Amos, i will increase the swap
Em 04/09/2015 17:22, "Amos Jeffries" <squ...@treenet.co.nz> escreveu:

> On 5/09/2015 7:16 a.m., Jorgeley Junior wrote:
> > Thanks Amos, my swap is 32GB, so that's causing the error as you said.
> > Which is the better choice: increase the swap size or reduce the
> > cache_mem???
> >
>
> Both probably. 128 GB swap I suspect you will need.
>
> Increase the swap so the system lets Squid use more virtual memory.
>
> Decrease the cache_mem so that Squid does not actually end up using the
> swap for its main worker processes. That is a real killer for performance.
>
>
> Amos
>
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] 16G Virtual Mem

2015-08-28 Thread Jorgeley Junior 
Guys, is this really normal???

​

--
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] How to limit upload bandwidth in squid proxy?

2015-08-28 Thread Jorgeley Junior 
I think the directive: client_request_buffer_max_size do a limit to upload,
but it will stop the request, is that it?

2015-08-28 14:00 GMT-03:00 Alex Rousskov rouss...@measurement-factory.com:

 On 08/24/2015 01:20 AM, Amos Jeffries wrote:

  On 24/08/2015 1:03 p.m., Brandon Elliott wrote:
  I need a solution that
  doesn't involve using a second authentication just to limit upload
  bandwidth per user.


  client_delay_pools was added to meet this need.


 client_delay_pools limit Squid-to-client download bandwidth, not
 client-to-Squid upload bandwidth.


 Alex.

 ___
 squid-users mailing list
 squid-users@lists.squid-cache.org
 http://lists.squid-cache.org/listinfo/squid-users




--
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Zero Sized Reply

2015-08-27 Thread Jorgeley Junior 
Thanks Amos.
my squid is 3.5.6, so i can disconsider the bug, right?
I'm very lost about this problem, any suggestion will be appreciated

2015-08-27 3:04 GMT-03:00 Amos Jeffries squ...@treenet.co.nz:

 On 27/08/2015 7:48 a.m., Jorgeley Junior wrote:
  Hi guys.
  I'm having a weird problem, my squid is doing ZERO SIZED REPLY when I
 try
  to connect with some addresses, like this on log above:
  2015/08/26 13:50:31.335 kid1| http.cc(1300) continueAfterParsingHeader:
  WARNING: HTTP: Invalid Response: No object data received for
  http://www.grupoatuall.com.br/ AKA www.grupoatuall.com.br/
  2015/08/26 13:50:31.335 kid1| store.cc(1755) reset: StoreEntry::reset:
  http://www.grupoatuall.com.br/
  2015/08/26 13:50:31.335 kid1| FwdState.cc(412) fail: ERR_ZERO_SIZE_OBJECT
  Bad Gateway
  http://www.grupoatuall.com.br/
  Any ideas???

 The server connection got disconnected between sending Squid the reply
 headers and the message payload they were attached to.

 If you have a Squid between 3.2.0 and 3.5.5 (inclusive) please upgrade.
 Which is processing SSL-bump, NTLM or Negotiate auth (even just relaying
 those in www-auth form). It is probably bug 3329 related.

 If you have a more current Squid debug_options 11,2 should show you
 the HTTP headers going through to eyeball if they had any kind of fatal
 syntax problem that would make Squid abandon the connection.

 Otherwise it would seem to be the server disconnecting. There can be a
 lot of reasons for that.

 Amos

 ___
 squid-users mailing list
 squid-users@lists.squid-cache.org
 http://lists.squid-cache.org/listinfo/squid-users




--
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Zero Sized Reply

2015-08-27 Thread Jorgeley Junior 
increasing the log leve i got this:
2015/08/27 11:43:30.966 kid1| ipcache.cc(501) ipcache_nbgethostbyname:
ipcache_nbgethostbyname: Name 'www.grupoatuall.com.br'.
2015/08/27 11:43:30.966 kid1| Address.cc(389) lookupHostIP: Given Non-IP '
www.grupoatuall.com.br': Name or service not known
2015/08/27 11:43:30.966 kid1| ipcache.cc(549) ipcache_nbgethostbyname:
ipcache_nbgethostbyname: MISS for 'www.grupoatuall.com.br'
Any other ideas???

2015-08-27 13:01 GMT-03:00 Amos Jeffries squ...@treenet.co.nz:

 On 28/08/2015 2:42 a.m., Jorgeley Junior wrote:
  Thanks Amos.
  my squid is 3.5.6, so i can disconsider the bug, right?

 Yes I believe so.

 Amos





--
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Zero Sized Reply

2015-08-27 Thread Jorgeley Junior 
You're the man Amos!!! You're the man!!! Thanks!!! Thanks so so much!!!
that's solved the problem, but I'm thinking if it solved just for this
domain, so can it happen again with another domains, ok? No way to solve
for future errors of this same type?

2015-08-27 16:03 GMT-03:00 Amos Jeffries squ...@treenet.co.nz:

 On 28/08/2015 5:49 a.m., Jorgeley Junior wrote:
  Amos, thank you so much for attention, but sorry, I didn't understand
 what
  you said.

 Nevermind. The website code is broken.

 I have been looking into it from here using those request headers from
 your log.

 What I see happening is that the server starts responding. Then the PHP
 code it is running hangs for a very long time. If you wait long enough
 it will pop out part of a page and a PHP error message about its
 database connection script and some timeout.

 The best I could get was over a minute (78 seconds) delay before
 anything at all happened. Usually a bit longer.

 I think something in your network is terminating the server connection
 after it takes too long. NAT and high speed router systems tend to have
 a 30 second maximum wait between TCP packets before they close the
 connection.

 Either way the website server itself is very broken.


  So, I tried to change the http for https and it showed the website and i
  added the security exception for no trusted certificate, but I really
 would
  like that the squid didn't show the error.
  Why http show de Zero Sized Reply and https no?

 Different protocols and ports.

 I still see the same delays, partial page and database errors when
 connecting with HTTPS. But kept digging to see why you might be getting
 a page...

 It seems to be an IPv6 server sitting behind some form of gateway access
 network and only pretending to be IPv4-only. When sending it a
 X-Forwarded-For header claiming to be an IPv6-enabled browser it seems
 to operate just fine.

 So, try adding this to your squid.conf:

  acl magicXff dstdomain .grupoatuall.com.br
  request_header_access X-Forwarded-For deny magicXff
  request_header_replace X-Forwarded-For ::1


 Amos




--
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Zero Sized Reply

2015-08-26 Thread Jorgeley Junior 
Hi guys.
I'm having a weird problem, my squid is doing ZERO SIZED REPLY when I try
to connect with some addresses, like this on log above:
2015/08/26 13:50:31.335 kid1| http.cc(1300) continueAfterParsingHeader:
WARNING: HTTP: Invalid Response: No object data received for
http://www.grupoatuall.com.br/ AKA www.grupoatuall.com.br/
2015/08/26 13:50:31.335 kid1| store.cc(1755) reset: StoreEntry::reset:
http://www.grupoatuall.com.br/
2015/08/26 13:50:31.335 kid1| FwdState.cc(412) fail: ERR_ZERO_SIZE_OBJECT
Bad Gateway
http://www.grupoatuall.com.br/
Any ideas???
--
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Android

2015-08-12 Thread Jorgeley Junior 
Hi guys.
Is there a way to work around android under squid authentication???
I could make an ACL to a range of address that my wifi router distribute to
my wifi network and deny auth for them, but I'd like to identify the
Android clients and specify that just them do not need authentication.
Any ideas?
Thanks since now

--
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Deny Caching of Video and Audio

2015-08-03 Thread Jorgeley Junior 
create an acl:
acl youtube dstdomain .youtube.com
use the directive: cache deny youtube

2015-08-03 19:29 GMT-03:00 Antony Stone antony.st...@squid.open.source.it:

 On Tuesday 04 August 2015 at 00:13:32, markme wrote:

  Is there a simple way to deny caching of video and audio? My manager
  doesn't want these to be cached due to the large amount of space they
  might take up.

 Just set the maximum cache object size - then it doesn't matter whether
 it's
 audio, video, ISO images, windows updates, or whatever - things taking up
 large amounts of space won't be cached.


 Antony.

 --
 What do you get when you cross a joke with a rhetorical question?

Please reply to the
 list;
  please *don't* CC
 me.
 ___
 squid-users mailing list
 squid-users@lists.squid-cache.org
 http://lists.squid-cache.org/listinfo/squid-users




--
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] ident ACL

2015-07-31 Thread Jorgeley Junior 
Hi guys, about the prior problem, I solved it, I was compiled with option
'--disable-ident-acl', thats why it was not running.
now I have another problem, my *ident acl* itsn't working, my purpose it's
enable access to cachemgr just to user JORGELEY, here is my conf:

auth_param basic program /etc/squid-3.5.6/libexec/basic_ncsa_auth
/regras/usuarios

auth_param basic children 10 startup=1 idle=1

auth_param basic realm INTERNET-LOGIN NECESSARIO


acl localnet src 192.168.0.0/16

acl jorgeley ident jorgeley

acl PURGE method PURGE

acl usuarios proxy_auth -i regras/usuarios

acl usuarios_liberados proxy_auth -i regras/usuarios_liberados

acl sem_delay_pool url_regex -i 192.168

acl com_delay_pool url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .zip
.rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .mov .ogg .mp4 .vob
.iso .flv .mkv youtube

acl palavras_proibidas url_regex -i regras/palavras_proibidas

acl palavras_liberadas url_regex -i regras/palavras_liberadas

acl dominios_proibidos dstdomain regras/dominios_proibidos

acl dominios_liberados dstdomain regras/dominios_liberados

acl ips_bloqueados src regras/ips_bloqueados

acl ips_liberados src regras/ips_liberados

acl conexoes maxconn 10

acl winupdate dstdomain .windowsupdate.com .microsoft.com

acl periodo_winupdate time SMTWHFA 8:00-18:00

acl youtube dstdomain .youtube.com

acl prefeitura dstdomain .rioverdegoias.com.br

acl SSL_ports port 443

acl CONNECT method CONNECT


http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow PURGE localhost

http_access deny PURGE

http_access allow localhost jorgeley manager

http_access deny manager

http_access allow usuarios_liberados

http_access allow localhost

http_access allow palavras_liberadas

http_access allow dominios_liberados

http_access deny palavras_proibidas

http_access deny dominios_proibidos

http_access deny conexoes localnet

http_access allow usuarios

http_access allow localnet

http_access deny all


reply_body_max_size 100 MB


http_port 192.168.0.254:8213


cache_mem 3000 MB


maximum_object_size_in_memory 2 MB


memory_cache_mode always


memory_replacement_policy heap GDSF


cache_replacement_policy heap LFUDA


minimum_object_size 0 KB


maximum_object_size 96 MB


cache_dir diskd /cache 7168 16 256 Q1=64 Q2=72

cache_dir diskd /cache 7168 16 256 Q1=64 Q2=72

cache_dir diskd /cache 7168 16 256 Q1=64 Q2=72

cache_dir diskd /cache 7168 16 256 Q1=64 Q2=72

cache_dir diskd /cache 7168 16 256 Q1=64 Q2=72


store_dir_select_algorithm least-load|round-robin


max_open_disk_fds 512000


cache_swap_low 96


cache_swap_high 97


access_log stdio:/var/logs/access.log squid


logfile_daemon /libexec/log_file_daemon


cache_store_log none


logfile_rotate 3


mime_table /etc/mime.conf


pid_filename /var/run/squid.pid


cache_log /var/logs/cache.log


debug_options ALL,1


coredump_dir /cache


ftp_user none


ftp_passive on


ftp_telnet_protocol off


diskd_program /libexec/diskd


unlinkd_program /libexec/unlinkd


cache deny youtube

cache deny prefeitura

cache deny localnet


refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern -i (/cgi-bin/|\?) 0 0% 0

refresh_pattern . 0 20% 4320

refresh_pattern -i ^http:\/\/www\.google\.com\/$ 0 20% 360 override-expire
override-lastmod ignore-reload ignore-no-cache ignore-no-store
reload-into-ims ignore-must-revalidate


quick_abort_min 1024 KB

quick_abort_max 2048 KB

quick_abort_pct 90



negative_ttl 10 seconds

negative_dns_ttl 30 seconds


range_offset_limit 0


request_header_max_size 2 KB

request_body_max_size 2 MB


ie_refresh off


connect_timeout 30 seconds

read_timeout 5 minutes

request_timeout 1 minutes


client_lifetime 1 day


cache_mgr jorgeley...@gmail.com

cache_effective_user squid

cache_effective_group squid


httpd_suppress_version_string on


visible_hostname firewall


delay_pools 2

delay_class 1 2

delay_class 2 2

delay_access 1 allow sem_delay_pool

delay_access 2 allow com_delay_pool

delay_parameters 1 -1/-1 -1/-1

delay_parameters 2 8000/8000 8000/8000


icon_directory /share/icons

error_directory /share/errors/pt-br

err_page_stylesheet /etc/errorpage.css

err_html_text mailto:jorgeley...@gmail.com

email_err_data on


deny_info ERR_ACCESS_DENIED dominios_proibidos palavras_proibidas


check_hostnames off


dns_nameservers 8.8.4.4 8.8.8.8


hosts_file /etc/hosts


client_db on


chroot /etc/squid-3.5.6


high_memory_warning 4000 MB


max_filedescriptors 512000


redirect_program /bannerfilter-1.31/redirector.pl


2015-07-31 11:23 GMT-03:00 Jorgeley Junior jorge...@gmail.com:

 Hi guys.
 ident ACL was discontinued on Squid 3.5.6???
 I didn't found it in compilation options and it's unknown by squid.conf
 Any help?

 --





--
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid 3.5 with auth and chroot

2015-07-24 Thread Jorgeley Junior 
Thank you so much for the help.
So, I use the directive 'chroot' in the squid.conf.
I start squid this way:
cd /etc/squid-3.5.6
sbin/squid
and it starts normally, but when I open the client browser and do an
authentication it logs the errors and don't authenticate, but the squid
doesn't stop running, just it logs the error and do not authenticate.
How I told you before, if I do: chroot /etc/squid-3.5.6
libexec/basic_ncsa_auth it runs, that's why I'm sure that basic_ncsa_auth
it's running correctly, I suspect maybe this IPCcreate run as another user
that cannot access the basic_ncsa_auth or maybe IPCcreate its located in a
directory that cannot see the libexec/basice_ncsa relative path
That's a weird scenario.

2015-07-24 11:02 GMT-03:00 Amos Jeffries squ...@treenet.co.nz:

 On 25/07/2015 12:10 a.m., Jorgeley Junior wrote:
  please guys, help me.
  Any suggestions?
 

 Squid is not generally run in a chroot. The master / coordinator daemon
 manager process requires root access for several things and spawns
 workers that are dropped automatically to highly restricted access
 anyway. You already found out how big the dependency pool of libraries is.

 I guess what I'm getting at is that this is a rarely tested situation.

 To complicate matters there are three different combinations of chroot
 that Squid can run.

 * External chroot. Where you enter the chroot before starting Squid and
 it thinks the chroot content is the whole system.

 * configured chroot. Where you configure Squid master process to chroot
 its low-privilege workers with the squid.conf chroot directive.

 * Linux containers. Similar to the first, but you dont have to copy
 files into a separate chroot area. Just assign visibility/access to the
 OS areas.


 The error is pretty clear though. The problem is that something is
 unable to load a file during helper startup.
 Either Squid is unable to read/open/see the helper binary file itself.
 Or the helper is unable to open a file it needs to operate.

 ipcCreate: is a big hint that its Squid not finding the helper binary
 named.

 So is Squid being run from inside the chroot, or using chroot
 directive in squid.conf?


 Amos





--
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid 3.5 with auth and chroot

2015-07-24 Thread Jorgeley Junior 
That's are good ideas, I'll try them.
Thanks!!!

2015-07-24 11:57 GMT-03:00 Amos Jeffries squ...@treenet.co.nz:

 On 25/07/2015 2:22 a.m., Jorgeley Junior wrote:
  Thank you so much for the help.

 Cant be much help sorry. I'm just guessing here. Never actually run
 Squid in a chroot myself.

  So, I use the directive 'chroot' in the squid.conf.
  I start squid this way:
  cd /etc/squid-3.5.6
  sbin/squid
  and it starts normally, but when I open the client browser and do an
  authentication it logs the errors and don't authenticate, but the squid
  doesn't stop running, just it logs the error and do not authenticate.

 I've just looked up what is displaying that error and why. It is more of
 the code wrongly using errno to display error text. So the message
 itself may be bogus, but some error is happening when fork()'ing and
 execv()'ing the helper process.

 Some things I think you should try;

 1) configure Squid with the full non-chroot path of the binary in the
 auth_param line.

 2) enter the chroot, downgrade yourself to the squid low-privilege user,
 then try running the helper. Thats whats Squid is doing.

 3) try the chroot directive in squid.conf with a '/' on the end

 I'm out of ideas at this point. Apart from patching your squid to fix
 the errno usage in ipcCreate() just to see if some other error message
 appears. Sad thing about thtat is that I'm not sure what syscall is
 supposed to be error-reported there, quite a few happen in sequence.

 Amos




--
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid 3.5 with auth and chroot

2015-07-24 Thread Jorgeley Junior 
please guys, help me.
Any suggestions?

2015-07-23 13:28 GMT-03:00 Jorgeley Junior jorge...@gmail.com:

 Befor all, thanks so so much for the answears!!!
 It's exist, I'm sure.
 This is my chroot structre:
 / (linux root)
 /etc
  squid-3.5.6/
   bin/
purge
squidclient
   cache/
(squid cache dirs generated by squid -z)
   etc/
 cachemgr.conf
 errorpage.css
 group
 gshadow
 hosts
 localtime
 mime.conf
 nsswitch.conf
 passwd
 resolv.conf
 shadow
 squid.conf
lib64/
  (a lot of libs here, discovered with ldd
 command)
libexec/
  basic_ncsa_auth
  diskd
  (other default squid libs)
regras/
  (my acl files rules)
sbin/
  squid
share/
errors/
(default dir squid errors)
icons/
(default squid icons
man/
(default man squid pages)
usr/
   lib64/
(a lot of libs here, discovered
 with ldd command)
var/
   logs/
(default squid logs)
   run/
 squid.pid

 I did the command:
 chroot /etc/squid-3.5.6 /libexec/basic_ncsa_auth
 It runs, that's why I'm sure the chroot environment, unless for the
 ncsa_auth, is correct

 Any more suggestions?

 2015-07-23 11:42 GMT-03:00 Amos Jeffries squ...@treenet.co.nz:

 On 23/07/2015 11:23 p.m., Jorgeley Junior wrote:
  Hi guys.
  I have a RedHat 6.6 + squid 3.5.6 + basic_ncsa_auth + chroot and is
  crashing only when I do an authentication.
 
  Here is the main confs:
  auth_param basic program /libexec/basic_ncsa_auth /regras/usuarios
  auth_param basic children 10 startup=0 idle=1
  auth_param basic realm INTERNET-LOGIN NECESSARIO
  ... (other confs) ...
  acl usuariosproxy_auth -i
  /etc/squid-3.5.6/regras/usuarios
  ... (other confs) ...
  chroot /etc/squid-3.5.6
 
  Here is what I find in the cache.log:
  2015/07/22 18:47:27.866 kid1| WARNING: no_suid: setuid(0): (1)
 Operation
  not permitted
  2015/07/22 18:48:01.735 kid1| ipcCreate: /libexec/basic_ncsa_auth: (2)
 No
  such file or directory
  2015/07/22 18:47:27.866 kid1| WARNING: basicauthenticator #Hlpr13818
 exited
 
  What is the ipcCreate and why he is not findind the file?

 It is the code that runs the helper.

 The /libexec/basic_ncsa_auth does not exist as an exectuable binary
 inside your chroot.


 
  About the libs needed when I do the chroot, I have to copy them to the
  squid folder or I need to create the same structure like
  /squid-3.5.6/libs,  /squid-3.5.6/lib64?

 They must match the OS layout where Squid (and everything else that will
 run in the chroot) expects to find them.

 Amos

 ___
 squid-users mailing list
 squid-users@lists.squid-cache.org
 http://lists.squid-cache.org/listinfo/squid-users




 --





--
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid 3.5 with auth and chroot

2015-07-23 Thread Jorgeley Junior 
 Hi guys.
 I have a RedHat 6.6 + squid 3.5.6 + basic_ncsa_auth + chroot and is
 crashing only when I do an authentication.

 Here is the main confs:
 auth_param basic program /libexec/basic_ncsa_auth /regras/usuarios
 auth_param basic children 10 startup=0 idle=1
 auth_param basic realm INTERNET-LOGIN NECESSARIO
 ... (other confs) ...
 acl usuariosproxy_auth -i   /etc/squid-3.5.6/regras/usuarios
 ... (other confs) ...
 chroot /etc/squid-3.5.6

 Here is what I find in the cache.log:
 2015/07/22 18:47:27.866 kid1| WARNING: no_suid: setuid(0): (1) Operation
 not permitted
 2015/07/22 18:48:01.735 kid1| ipcCreate: /libexec/basic_ncsa_auth: (2) No
 such file or directory
 2015/07/22 18:47:27.866 kid1| WARNING: basicauthenticator #Hlpr13818 exited

 What is the ipcCreate and why he is not findind the file?

About the libs needed when I do the chroot, I have to copy them to the
squid folder or I need to create the same structure like
/squid-3.5.6/libs,  /squid-3.5.6/lib64?

 Any ideas? Thanks since now.
 --




___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid youtube caching

2015-07-23 Thread Jorgeley Junior 
Hi Joe, I had similar problem with youtube, I did not sure if it's the same
with you, but I passed the youtube.com domain out of the cache with 'cache
deny' directive.
I'm using squid-3.5.6 and I'm in trouble with the authentication on chroot
environment, so, maybe you cand help me, is your squid on a chroot? do you
use authentication?

2015-07-23 13:00 GMT-03:00 joe chip_...@hotmail.com:

 my English not grait so be pattion tks
 hi i setup yt caching working perfect but i need to ask
 first squid 3.5.6
 i need to know how is yt detect and send partial video
 i have 2 computer same flash v. same firefox v. all identical exept one
 windowsxp another is win7
 i cache html5 on win7 yt send partial video on winxp send full video
 i put none to
 request_header_access Accept-Ranges deny all
 reply_header_access Accept-Ranges deny all
 request_header_replace Accept-Ranges none
 reply_header_replace Accept-Ranges none

 so Wat cause the partial video on win7 is it some header or ??

 you thing deny Accept-Ranges not working  ?
 or some other thing tks if any help



 --
 View this message in context:
 http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-youtube-caching-tp4672389.html
 Sent from the Squid - Users mailing list archive at Nabble.com.
 ___
 squid-users mailing list
 squid-users@lists.squid-cache.org
 http://lists.squid-cache.org/listinfo/squid-users




--
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid 3.5 with auth and chroot

2015-07-23 Thread Jorgeley Junior 
Befor all, thanks so so much for the answears!!!
It's exist, I'm sure.
This is my chroot structre:
/ (linux root)
/etc
 squid-3.5.6/
  bin/
   purge
   squidclient
  cache/
   (squid cache dirs generated by squid -z)
  etc/
cachemgr.conf
errorpage.css
group
gshadow
hosts
localtime
mime.conf
nsswitch.conf
passwd
resolv.conf
shadow
squid.conf
   lib64/
 (a lot of libs here, discovered with ldd
command)
   libexec/
 basic_ncsa_auth
 diskd
 (other default squid libs)
   regras/
 (my acl files rules)
   sbin/
 squid
   share/
   errors/
   (default dir squid errors)
   icons/
   (default squid icons
   man/
   (default man squid pages)
   usr/
  lib64/
   (a lot of libs here, discovered with
ldd command)
   var/
  logs/
   (default squid logs)
  run/
squid.pid

I did the command:
chroot /etc/squid-3.5.6 /libexec/basic_ncsa_auth
It runs, that's why I'm sure the chroot environment, unless for the
ncsa_auth, is correct

Any more suggestions?

2015-07-23 11:42 GMT-03:00 Amos Jeffries squ...@treenet.co.nz:

 On 23/07/2015 11:23 p.m., Jorgeley Junior wrote:
  Hi guys.
  I have a RedHat 6.6 + squid 3.5.6 + basic_ncsa_auth + chroot and is
  crashing only when I do an authentication.
 
  Here is the main confs:
  auth_param basic program /libexec/basic_ncsa_auth /regras/usuarios
  auth_param basic children 10 startup=0 idle=1
  auth_param basic realm INTERNET-LOGIN NECESSARIO
  ... (other confs) ...
  acl usuariosproxy_auth -i
  /etc/squid-3.5.6/regras/usuarios
  ... (other confs) ...
  chroot /etc/squid-3.5.6
 
  Here is what I find in the cache.log:
  2015/07/22 18:47:27.866 kid1| WARNING: no_suid: setuid(0): (1) Operation
  not permitted
  2015/07/22 18:48:01.735 kid1| ipcCreate: /libexec/basic_ncsa_auth: (2)
 No
  such file or directory
  2015/07/22 18:47:27.866 kid1| WARNING: basicauthenticator #Hlpr13818
 exited
 
  What is the ipcCreate and why he is not findind the file?

 It is the code that runs the helper.

 The /libexec/basic_ncsa_auth does not exist as an exectuable binary
 inside your chroot.


 
  About the libs needed when I do the chroot, I have to copy them to the
  squid folder or I need to create the same structure like
  /squid-3.5.6/libs,  /squid-3.5.6/lib64?

 They must match the OS layout where Squid (and everything else that will
 run in the chroot) expects to find them.

 Amos

 ___
 squid-users mailing list
 squid-users@lists.squid-cache.org
 http://lists.squid-cache.org/listinfo/squid-users




--
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users