Re: [squid-users] squid 3.5.12 and ecap

2015-12-16 Thread behrad eslami 
Hi 
thanks for you response. I compiled squid on debian jessie 


On Wednesday, December 16, 2015 6:38 AM, Amos Jeffries 
 wrote:
 

 On 16/12/2015 12:53 a.m., behrad eslami wrote:
> Hi I add simple rule to ecap module and deny some url. I forground
> (squid -N -d10) all things work well. when i run service wtih mutiple
> workers, after a while some url not filter and user can open them in
> browsers. I compile Squid 3.5.12 and libecpa 1.0.0. squid compiled
> with below options:
> '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' 
> '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' 
> '--sysconfdir=/etc' '--localstatedir=/var' 
> '--libexecdir=${prefix}/lib/squid3' '--srcdir=.' '--disable-maintainer-mode' 
> '--disable-dependency-tracking' '--disable-silent-rules' 
> '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3' 
> '--mandir=/usr/share/man' '--enable-inline' '--disable-arch-native' 
> '--enable-async-io=8' '--enable-storeio=aufs,rock' 
> '--enable-removal-policies=lru,heap' '--enable-delay-pools' 
> '--enable-cache-digests' '--enable-follow-x-forwarded-for' '--enable-eui' 
> '--enable-icmp' '--enable-zph-qos' '--enable-ecap' '--disable-auto-locale' 
> '--disable-translation' '--with-swapdir=/var/spool/squid3' 
> '--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid' 
> '--with-filedescriptors=65536' '--with-large-files' 
> '--with-default-user=proxy' '--enable-build-info= linux' 
> '--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu
' 'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat 
-Werror=format-security -Wall' 'LDFLAGS=-fPIE -pie -Wl,-z,relro -Wl,-z,now' 
'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fPIE -fstack-protector-strong 
-Wformat -Werror=format-security' '--disable-ipv6' '--disable-wccp' 
'--disable-auth-basic' '--disable-auth-digest' '--disable-auth-negotiate' 
'--disable-auth-ntlm' '--disable-external-acl-helpers' 
'--disable-url-rewrite-helpers' '--disable-storeid-rewrite-helpers' 
'--without-mit-krb5' '--without-heimdal-krb5' '--without-gnugss' 
'--disable-unlinkd' '--disable-ident-lookups' '--disable-esi' 
'--disable-select' '--disable-poll' '--disable-kqueue' '--disable-devpoll' 
'--enable-epoll'
> 

This looks like Debian based build settings. With a bunch of extra
things disabled. What OS is this being used on?

NP: you can use --disable-auth to do all of the --disable-auth-*
settings in one simpler option.


> and my ecap config is:
> icap_enable on
> icap_send_client_ip on
> icap_client_username_encode on

None of that is eCAP configuration. The 'i' (not 'e') at the start of
the directive names should give it away.

This is the eCAP part:

> loadable_modules /usr/local/lib/ecap_adapter_MY_processing.so
> ecap_enable on
> ecap_service ecapModifier respmod_precache \
>      uri=ecap://www.deltaglobal.net/adapter_My_processing  \
>        victim=sadeghsalehi\
>        replacement=***
> adaptation_access ecapModifier allow all
> loadable_modules /usr/local/lib/ecap_adapter_My_request.so
> ecap_enable onecap_service eReqmod reqmod_precache bypass=1  
> ecap://e-cap.org/ecap/services/My/request
> adaptation_access  eReqmod  allow all

Looks correct, and should be working.

Notice that you have "bypass=1" configured, so any problem down to just
a long delay in processing time can cause the second eCAP module to be
bypassed and do nothing.

Your config looks fine. You will need to dig down into what the module
is actually doing and what it is having trouble with.

NP: -N is no just foreground, but also disables all multi-process
activity by the workers. Perhapse there is a problem with the ecap
module being either loaded and/or used by multiple processes simultaneously.

Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


  ___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] squid 3.5.12 and ecap

2015-12-15 Thread behrad eslami 
Hi
I add simple rule to ecap module and deny some url. I forground (squid -N -d10) 
all things work well. when i run service wtih mutiple workers, after a while 
some url not filter and user can open them in browsers.
I compile Squid 3.5.12 and libecpa 1.0.0. squid compiled with below 
options:'--build=x86_64-linux-gnu' '--prefix=/usr' 
'--includedir=${prefix}/include' '--mandir=${prefix}/share/man' 
'--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' 
'--libexecdir=${prefix}/lib/squid3' '--srcdir=.' '--disable-maintainer-mode' 
'--disable-dependency-tracking' '--disable-silent-rules' 
'--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3' 
'--mandir=/usr/share/man' '--enable-inline' '--disable-arch-native' 
'--enable-async-io=8' '--enable-storeio=aufs,rock' 
'--enable-removal-policies=lru,heap' '--enable-delay-pools' 
'--enable-cache-digests' '--enable-follow-x-forwarded-for' '--enable-eui' 
'--enable-icmp' '--enable-zph-qos' '--enable-ecap' '--disable-auto-locale' 
'--disable-translation' '--with-swapdir=/var/spool/squid3' 
'--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid' 
'--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' 
'--enable-build-info= linux' '--enable-linux-netfilter' 
'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fPIE -fstack-protector-strong 
-Wformat -Werror=format-security -Wall' 'LDFLAGS=-fPIE -pie -Wl,-z,relro 
-Wl,-z,now' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fPIE 
-fstack-protector-strong -Wformat -Werror=format-security' '--disable-ipv6' 
'--disable-wccp' '--disable-auth-basic' '--disable-auth-digest' 
'--disable-auth-negotiate' '--disable-auth-ntlm' 
'--disable-external-acl-helpers' '--disable-url-rewrite-helpers' 
'--disable-storeid-rewrite-helpers' '--without-mit-krb5' 
'--without-heimdal-krb5' '--without-gnugss' '--disable-unlinkd' 
'--disable-ident-lookups' '--disable-esi' '--disable-select' '--disable-poll' 
'--disable-kqueue' '--disable-devpoll' '--enable-epoll'

and my ecap config is:icap_enable onicap_send_client_ip 
onicap_client_username_encode on
loadable_modules /usr/local/lib/ecap_adapter_MY_processing.soecap_enable 
onecap_service ecapModifier respmod_precache \      
uri=ecap://www.deltaglobal.net/adapter_My_processing  \       
victim=sadeghsalehi\        replacement=***adaptation_access ecapModifier allow 
all
loadable_modules /usr/local/lib/ecap_adapter_My_request.so
ecap_enable onecap_service eReqmod reqmod_precache bypass=1  
ecap://e-cap.org/ecap/services/My/requestadaptation_access   eReqmod  allow all___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid 3.5.12 and ecap

2015-12-15 Thread Amos Jeffries 
On 16/12/2015 12:53 a.m., behrad eslami wrote:
> Hi I add simple rule to ecap module and deny some url. I forground
> (squid -N -d10) all things work well. when i run service wtih mutiple
> workers, after a while some url not filter and user can open them in
> browsers. I compile Squid 3.5.12 and libecpa 1.0.0. squid compiled
> with below options:
> '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' 
> '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' 
> '--sysconfdir=/etc' '--localstatedir=/var' 
> '--libexecdir=${prefix}/lib/squid3' '--srcdir=.' '--disable-maintainer-mode' 
> '--disable-dependency-tracking' '--disable-silent-rules' 
> '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3' 
> '--mandir=/usr/share/man' '--enable-inline' '--disable-arch-native' 
> '--enable-async-io=8' '--enable-storeio=aufs,rock' 
> '--enable-removal-policies=lru,heap' '--enable-delay-pools' 
> '--enable-cache-digests' '--enable-follow-x-forwarded-for' '--enable-eui' 
> '--enable-icmp' '--enable-zph-qos' '--enable-ecap' '--disable-auto-locale' 
> '--disable-translation' '--with-swapdir=/var/spool/squid3' 
> '--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid' 
> '--with-filedescriptors=65536' '--with-large-files' 
> '--with-default-user=proxy' '--enable-build-info= linux' 
> '--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu
' 'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat 
-Werror=format-security -Wall' 'LDFLAGS=-fPIE -pie -Wl,-z,relro -Wl,-z,now' 
'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fPIE -fstack-protector-strong 
-Wformat -Werror=format-security' '--disable-ipv6' '--disable-wccp' 
'--disable-auth-basic' '--disable-auth-digest' '--disable-auth-negotiate' 
'--disable-auth-ntlm' '--disable-external-acl-helpers' 
'--disable-url-rewrite-helpers' '--disable-storeid-rewrite-helpers' 
'--without-mit-krb5' '--without-heimdal-krb5' '--without-gnugss' 
'--disable-unlinkd' '--disable-ident-lookups' '--disable-esi' 
'--disable-select' '--disable-poll' '--disable-kqueue' '--disable-devpoll' 
'--enable-epoll'
> 

This looks like Debian based build settings. With a bunch of extra
things disabled. What OS is this being used on?

NP: you can use --disable-auth to do all of the --disable-auth-*
settings in one simpler option.


> and my ecap config is:
> icap_enable on
> icap_send_client_ip on
> icap_client_username_encode on

None of that is eCAP configuration. The 'i' (not 'e') at the start of
the directive names should give it away.

This is the eCAP part:

> loadable_modules /usr/local/lib/ecap_adapter_MY_processing.so
> ecap_enable on
> ecap_service ecapModifier respmod_precache \
>  uri=ecap://www.deltaglobal.net/adapter_My_processing  \
>victim=sadeghsalehi\
> replacement=***
> adaptation_access ecapModifier allow all
> loadable_modules /usr/local/lib/ecap_adapter_My_request.so
> ecap_enable onecap_service eReqmod reqmod_precache bypass=1  
> ecap://e-cap.org/ecap/services/My/request
> adaptation_access   eReqmod  allow all

Looks correct, and should be working.

Notice that you have "bypass=1" configured, so any problem down to just
a long delay in processing time can cause the second eCAP module to be
bypassed and do nothing.

Your config looks fine. You will need to dig down into what the module
is actually doing and what it is having trouble with.

NP: -N is no just foreground, but also disables all multi-process
activity by the workers. Perhapse there is a problem with the ecap
module being either loaded and/or used by multiple processes simultaneously.

Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users