Re: [squid-users] squid 3.5.12 and ecap
Hi thanks for you response. I compiled squid on debian jessie On Wednesday, December 16, 2015 6:38 AM, Amos Jeffrieswrote: On 16/12/2015 12:53 a.m., behrad eslami wrote: > Hi I add simple rule to ecap module and deny some url. I forground > (squid -N -d10) all things work well. when i run service wtih mutiple > workers, after a while some url not filter and user can open them in > browsers. I compile Squid 3.5.12 and libecpa 1.0.0. squid compiled > with below options: > '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' > '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' > '--sysconfdir=/etc' '--localstatedir=/var' > '--libexecdir=${prefix}/lib/squid3' '--srcdir=.' '--disable-maintainer-mode' > '--disable-dependency-tracking' '--disable-silent-rules' > '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3' > '--mandir=/usr/share/man' '--enable-inline' '--disable-arch-native' > '--enable-async-io=8' '--enable-storeio=aufs,rock' > '--enable-removal-policies=lru,heap' '--enable-delay-pools' > '--enable-cache-digests' '--enable-follow-x-forwarded-for' '--enable-eui' > '--enable-icmp' '--enable-zph-qos' '--enable-ecap' '--disable-auto-locale' > '--disable-translation' '--with-swapdir=/var/spool/squid3' > '--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid' > '--with-filedescriptors=65536' '--with-large-files' > '--with-default-user=proxy' '--enable-build-info= linux' > '--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu ' 'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall' 'LDFLAGS=-fPIE -pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security' '--disable-ipv6' '--disable-wccp' '--disable-auth-basic' '--disable-auth-digest' '--disable-auth-negotiate' '--disable-auth-ntlm' '--disable-external-acl-helpers' '--disable-url-rewrite-helpers' '--disable-storeid-rewrite-helpers' '--without-mit-krb5' '--without-heimdal-krb5' '--without-gnugss' '--disable-unlinkd' '--disable-ident-lookups' '--disable-esi' '--disable-select' '--disable-poll' '--disable-kqueue' '--disable-devpoll' '--enable-epoll' > This looks like Debian based build settings. With a bunch of extra things disabled. What OS is this being used on? NP: you can use --disable-auth to do all of the --disable-auth-* settings in one simpler option. > and my ecap config is: > icap_enable on > icap_send_client_ip on > icap_client_username_encode on None of that is eCAP configuration. The 'i' (not 'e') at the start of the directive names should give it away. This is the eCAP part: > loadable_modules /usr/local/lib/ecap_adapter_MY_processing.so > ecap_enable on > ecap_service ecapModifier respmod_precache \ > uri=ecap://www.deltaglobal.net/adapter_My_processing \ > victim=sadeghsalehi\ > replacement=*** > adaptation_access ecapModifier allow all > loadable_modules /usr/local/lib/ecap_adapter_My_request.so > ecap_enable onecap_service eReqmod reqmod_precache bypass=1 > ecap://e-cap.org/ecap/services/My/request > adaptation_access eReqmod allow all Looks correct, and should be working. Notice that you have "bypass=1" configured, so any problem down to just a long delay in processing time can cause the second eCAP module to be bypassed and do nothing. Your config looks fine. You will need to dig down into what the module is actually doing and what it is having trouble with. NP: -N is no just foreground, but also disables all multi-process activity by the workers. Perhapse there is a problem with the ecap module being either loaded and/or used by multiple processes simultaneously. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] squid 3.5.12 and ecap
Hi I add simple rule to ecap module and deny some url. I forground (squid -N -d10) all things work well. when i run service wtih mutiple workers, after a while some url not filter and user can open them in browsers. I compile Squid 3.5.12 and libecpa 1.0.0. squid compiled with below options:'--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3' '--srcdir=.' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3' '--mandir=/usr/share/man' '--enable-inline' '--disable-arch-native' '--enable-async-io=8' '--enable-storeio=aufs,rock' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-follow-x-forwarded-for' '--enable-eui' '--enable-icmp' '--enable-zph-qos' '--enable-ecap' '--disable-auto-locale' '--disable-translation' '--with-swapdir=/var/spool/squid3' '--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--enable-build-info= linux' '--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall' 'LDFLAGS=-fPIE -pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security' '--disable-ipv6' '--disable-wccp' '--disable-auth-basic' '--disable-auth-digest' '--disable-auth-negotiate' '--disable-auth-ntlm' '--disable-external-acl-helpers' '--disable-url-rewrite-helpers' '--disable-storeid-rewrite-helpers' '--without-mit-krb5' '--without-heimdal-krb5' '--without-gnugss' '--disable-unlinkd' '--disable-ident-lookups' '--disable-esi' '--disable-select' '--disable-poll' '--disable-kqueue' '--disable-devpoll' '--enable-epoll' and my ecap config is:icap_enable onicap_send_client_ip onicap_client_username_encode on loadable_modules /usr/local/lib/ecap_adapter_MY_processing.soecap_enable onecap_service ecapModifier respmod_precache \ uri=ecap://www.deltaglobal.net/adapter_My_processing \ victim=sadeghsalehi\ replacement=***adaptation_access ecapModifier allow all loadable_modules /usr/local/lib/ecap_adapter_My_request.so ecap_enable onecap_service eReqmod reqmod_precache bypass=1 ecap://e-cap.org/ecap/services/My/requestadaptation_access eReqmod allow all___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] squid 3.5.12 and ecap
On 16/12/2015 12:53 a.m., behrad eslami wrote: > Hi I add simple rule to ecap module and deny some url. I forground > (squid -N -d10) all things work well. when i run service wtih mutiple > workers, after a while some url not filter and user can open them in > browsers. I compile Squid 3.5.12 and libecpa 1.0.0. squid compiled > with below options: > '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' > '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' > '--sysconfdir=/etc' '--localstatedir=/var' > '--libexecdir=${prefix}/lib/squid3' '--srcdir=.' '--disable-maintainer-mode' > '--disable-dependency-tracking' '--disable-silent-rules' > '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3' > '--mandir=/usr/share/man' '--enable-inline' '--disable-arch-native' > '--enable-async-io=8' '--enable-storeio=aufs,rock' > '--enable-removal-policies=lru,heap' '--enable-delay-pools' > '--enable-cache-digests' '--enable-follow-x-forwarded-for' '--enable-eui' > '--enable-icmp' '--enable-zph-qos' '--enable-ecap' '--disable-auto-locale' > '--disable-translation' '--with-swapdir=/var/spool/squid3' > '--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid' > '--with-filedescriptors=65536' '--with-large-files' > '--with-default-user=proxy' '--enable-build-info= linux' > '--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu ' 'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall' 'LDFLAGS=-fPIE -pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security' '--disable-ipv6' '--disable-wccp' '--disable-auth-basic' '--disable-auth-digest' '--disable-auth-negotiate' '--disable-auth-ntlm' '--disable-external-acl-helpers' '--disable-url-rewrite-helpers' '--disable-storeid-rewrite-helpers' '--without-mit-krb5' '--without-heimdal-krb5' '--without-gnugss' '--disable-unlinkd' '--disable-ident-lookups' '--disable-esi' '--disable-select' '--disable-poll' '--disable-kqueue' '--disable-devpoll' '--enable-epoll' > This looks like Debian based build settings. With a bunch of extra things disabled. What OS is this being used on? NP: you can use --disable-auth to do all of the --disable-auth-* settings in one simpler option. > and my ecap config is: > icap_enable on > icap_send_client_ip on > icap_client_username_encode on None of that is eCAP configuration. The 'i' (not 'e') at the start of the directive names should give it away. This is the eCAP part: > loadable_modules /usr/local/lib/ecap_adapter_MY_processing.so > ecap_enable on > ecap_service ecapModifier respmod_precache \ > uri=ecap://www.deltaglobal.net/adapter_My_processing \ >victim=sadeghsalehi\ > replacement=*** > adaptation_access ecapModifier allow all > loadable_modules /usr/local/lib/ecap_adapter_My_request.so > ecap_enable onecap_service eReqmod reqmod_precache bypass=1 > ecap://e-cap.org/ecap/services/My/request > adaptation_access eReqmod allow all Looks correct, and should be working. Notice that you have "bypass=1" configured, so any problem down to just a long delay in processing time can cause the second eCAP module to be bypassed and do nothing. Your config looks fine. You will need to dig down into what the module is actually doing and what it is having trouble with. NP: -N is no just foreground, but also disables all multi-process activity by the workers. Perhapse there is a problem with the ecap module being either loaded and/or used by multiple processes simultaneously. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users