Re: [squid-users] Yum Updates and Squid
2010/5/5 GIGO . : > > Dear All, > > > > Is it safe enough to use Automatic yum updates on the squid Server > machine? Is there any strict package version requirements to have those > with which squid was already installed. > Squid has many options for compiling, each option stands for a different usage. Are you sure the yum installed package will be suitable for your application? -- Tech support agent in China http://duxieweb.com/
Re: [squid-users] Compile Error on FreeBSD 8.0 with Squid 3.1.2 & 3.1.3
On Wed, May 5, 2010 at 1:03 AM, Amos Jeffries wrote: > On Tue, 4 May 2010 17:53:31 +0200, Kinkie wrote: >> It's already fixed in trunk. >> Amos, please import changes in revnos 10428 & 10431. Only impacts >> system running bdb-4 but not 1.85 > > 10428 is already in and not related to dbh. > > Did you mean 10432 which reverts a portion of 10431? Yes. I hadn't managed to get it right on the first attempt -- /kinkie
[squid-users] Yum Updates and Squid
Dear All, Is it safe enough to use Automatic yum updates on the squid Server machine? Is there any strict package version requirements to have those with which squid was already installed. Automatic updates will even upgrade kernel as well so is it ok? Please your guidance will be much valuable. Thanks in advance. Regards, Bilal _ Hotmail: Powerful Free email with security by Microsoft. https://signup.live.com/signup.aspx?id=60969
Re: [squid-users] Old squid redirect
On Tue, 4 May 2010 18:06:30 +0300, Adam Squids wrote: > Hey all, > > Using an old Squid 2.5.S10 setup. Trying to redirect mobile > user-agents to a WAP company that handles the mobile version of my > site. > Read a bit about how to do this and got something like : "like"? or "actual"? > > acl Mobile browser -i > (^((SO|ha|Se|[m-p]{2})(NIM|ier|ndo|[h-k]{2}a)|(SA|UP|Ph|Er|Bl|So|Mo|po|fr)(MSU|\.Br|ili|ics|ack|nyE|bil|rta|omp)(NG|owse|ps|so|Berr|rics|eExp|lmmm|assc)|(MO|Pa|HT|EZ)(T-|lm|C|OS)|([O-Q][a-d]L\d{2}[a-z]{2}\d+|S(EC|GH|IE)|LG)))|([l-p]{2}[x-z]([(h-m)]|a){4}\/((1\.22)|([45]\.0).*?(ProF|win|pal|we|H|ip|an|sym)(iLE.+m|dows|msou|b|TC_|ho|dr|bia)(IDp|\sce|rce|os|HD\d|ne|oid|n\s*os)))|((q|O|U|SZ)(q|ww|p|O|i)(v|dv|e|ds|OO)(Q|W|R|OO|Z)(V|PP|YY|A).*?\s[k-p](in|OB)[h-j]) Very complex. Could be very easy to break that. Also the -i means case is ignored. With the troubles you seem to have understanding Squid. I'd make that a simple list of lines like these: acl Mobile browser Nokia acl Mobile browser Symbian ... etc. 'tis slow to process, but you can optimize _after_ you know if the whole setup works. > acl site dstdomain www.MyWebPage.com > http_access deny site Mobile > deny_info > http://wap.mobilepage.mobi?__h=%{HTTP_HOST}&__p=%{REQUEST_URI}&%{QUERY_STRING} > Mobile Squid is not Apache. It does not accept Apache macro language. deny_info http://wap.mobilepage.mobi?__h=&__p=%s Mobile Note how the host name and query string cannot be passed in separately. %s is the full original URL. > > I know that the regex seems odd and insane, but it works (in Apache's > conf that works / tested great). Again. Squid is not Apache. They support different expression types. Working in one does not guarantee working in the other. > > Once I did that, nothing from my original configs worked, had to > rollback and remove that snippet. > "nothing"? Sounds like you are repeating the same habit you showed earlier. Changing many things, telling us about one and blaming every issue on that one. > A) How can I make this work with my current 2.5 ? - I also have a > local Apache that gets requests redirected from Squid, but I rather > not use it. > B) I am about to upgrade to Squid 2.7, will that become easier then? > For most people. For you I'm not so sure. Amos
Re: [squid-users] configure: error: C++ compiler cannot create executables
On Wed, 5 May 2010 06:35:37 +0800, "Wong Fei Young" wrote: Dear All I was stopped to compile squid 3.1.1 in Linux OpenSuSE 11.2 with error below: configure: error: C++ compiler cannot create executables See `config.log' for more details. configure: error: ./configure failed for lib/libTrie I did not get this message in OpenSuSE 11.1. What should I do to solve this issue? Many thanks for your advise. Wong snip configure: creating ./config.status config.status: creating Makefile config.status: creating ska_config.h config.status: executing depfiles commands configure: updating ska_config.h === configuring in lib/libTrie (/usr/src/squid-3.1.1/lib/libTrie) configure: running /bin/sh ./configure --disable-option-checking '--prefix=/usr/local/squid' '--enable-linux-netfilter' '--enable-storeio=aufs,ufs' '--with-large-files' '--disable-ipv6' '--with-filedescriptors=8192' '--with-squid=/usr/src/squid-3.1.1' '--enable-ltdl-convenience' --cache-file=/dev/null --srcdir=. checking for g++... no checking for c++... no checking for gpp... no checking for aCC... no checking for CC... no checking for cxx... no checking for cc++... no checking for cl.exe... no checking for FCC... no checking for KCC... no checking for RCC... no checking for xlC_r... no checking for xlC... no There appears to be no compiler installed on your system. If you have actually got one installed please let us know what it is. Hi Amos, Your advise is very accurate, thanks ! Obviously, I did not install gcc-c++ that required to compile Squid. I just had gcc in my box and succeed to compile Kernel and other software. This made me in vague situation, able to compile kernel and other software but not Squid. This also solved "configure: WARNING: Cannot find necessary Linux kernel (Netfilter) header files" Thx & Rgds, Wong
Re: [squid-users] Re: stop XFF
On Tue, 4 May 2010 17:06:38 -0500, Luis Daniel Lucio Quiroz wrote: > Le mardi 4 mai 2010 17:01:36, Luis Daniel Lucio Quiroz a écrit : >> Hi all >> >> i have this scenario >> >> client -> squid1 -> squid2 -> internet >> >> what do i need to stop the xff header so pages like www.whatismyip.org >> doesnt show that header. >> >> I dont wnat to turn off x-forward because squid2 has an icap server and >> it >> needs that header. I also has tried this configuration >> >> acl localnet 192.168.0.0/16 (and all networks i'm prety sure are local, >> including squid1 and squid2 ips) >> forwarded_for on >> follow_x_forwarded_for allow localnet >> follow_x_forwarded_for deny all >> >> how ever headder is still preset >> >> any advice? >> >> LD > > as i read here > http://www.squid-cache.org/Doc/config/forwarded_for/ > > if i put delete or truncate > the xff header alteration is before or after doing the icap revision? > > LD At the point the requests is cloned to be sent to the remote Server. I think ICAP happens before that. Some other related stuff: Squid sends X-Client-IP for ICAP to use. The result of follow_x_forwarded_for is sent in there if trusted. If it's not being used there is no point in doing follow_x_forwarded_for in the first place. Also, trusting your end-user browser to set XFF headers correctly is a huge mistake. There are popular plugins and apps to trivially forge it. The only machines in your scenario which you can trust are your squid1 and squid2, maybe the ICAP server. Amos
Re: [squid-users] configure: WARNING: Cannot find necessary Linux kernel (Netfilter) header files
On Wed, 5 May 2010 07:31:00 +0800, "Wong Fei Young" wrote: > Dear All, > > I upgraded a new 2.6.33 (and squeezed) kernel for my Linux box (OpenSuSE > 11.2). TPROXY option is enabled as well as NAT / redirect. > > But I got error to configure Squid (either 3.1.1 or 3.1.3) below. > > I used the old (OpenSuSE stock) linux-kernel-headers RPM 2.6.31. Please > advise me what I should do to enable Intercepting Proxy. > > Thanks a lot for your help. > > Wong > > --snip-- > > checking if Linux (Netfilter) kernel header files are installed... no > configure: WARNING: Cannot find necessary Linux kernel (Netfilter) header > files > configure: WARNING: Linux Transparent and Intercepting Proxy support WILL > NOT be enabled What are the configure options you build with? (all of them) Amos
Re: [squid-users] configure: error: C++ compiler cannot create executables
On Wed, 5 May 2010 06:35:37 +0800, "Wong Fei Young" wrote: > Dear All > > I was stopped to compile squid 3.1.1 in Linux OpenSuSE 11.2 with error > below: > > configure: error: C++ compiler cannot create executables > See `config.log' for more details. > configure: error: ./configure failed for lib/libTrie > > I did not get this message in OpenSuSE 11.1. What should I do to solve > this > issue? > > Many thanks for your advise. > > Wong > > snip > > configure: creating ./config.status > config.status: creating Makefile > config.status: creating ska_config.h > config.status: executing depfiles commands > configure: updating ska_config.h > === configuring in lib/libTrie (/usr/src/squid-3.1.1/lib/libTrie) > configure: running /bin/sh ./configure --disable-option-checking > '--prefix=/usr/local/squid' '--enable-linux-netfilter' > '--enable-storeio=aufs,ufs' '--with-large-files' '--disable-ipv6' > '--with-filedescriptors=8192' '--with-squid=/usr/src/squid-3.1.1' > '--enable-ltdl-convenience' --cache-file=/dev/null --srcdir=. > checking for g++... no > checking for c++... no > checking for gpp... no > checking for aCC... no > checking for CC... no > checking for cxx... no > checking for cc++... no > checking for cl.exe... no > checking for FCC... no > checking for KCC... no > checking for RCC... no > checking for xlC_r... no > checking for xlC... no There appears to be no compiler installed on your system. If you have actually got one installed please let us know what it is. > checking for C++ compiler default output file name... > configure: error: C++ compiler cannot create executables > See `config.log' for more details. > configure: error: ./configure failed for lib/libTrie Amos
[squid-users] configure: WARNING: Cannot find necessary Linux kernel (Netfilter) header files
Dear All, I upgraded a new 2.6.33 (and squeezed) kernel for my Linux box (OpenSuSE 11.2). TPROXY option is enabled as well as NAT / redirect. But I got error to configure Squid (either 3.1.1 or 3.1.3) below. I used the old (OpenSuSE stock) linux-kernel-headers RPM 2.6.31. Please advise me what I should do to enable Intercepting Proxy. Thanks a lot for your help. Wong --snip-- checking if Linux (Netfilter) kernel header files are installed... no configure: WARNING: Cannot find necessary Linux kernel (Netfilter) header files configure: WARNING: Linux Transparent and Intercepting Proxy support WILL NOT be enabled
Re: [squid-users] questions around NTLM authentication
On Tue, 04 May 2010 17:45:44 +0200, apmail...@free.fr wrote: > Hello, > > Using Squid for 6 years now, quite happily. > We have moved from ldap to AD authentication a few months ago. > using : > squid-2.7.STABLE7 > auth_param ntlm program /usr/bin/ntlm_auth > --helper-protocol=squid-2.5-ntlmssp > external_acl_type ad_group children=30 %LOGIN > /proxy1/libexec/wbinfo_group.pl > ntlm_auth and wbinfo come from : samba-common-3.0.33-3.14.el5 (on rhel 5.4) > > We are suffering from a few problems : > - when one of the 2 DC server fails, samba will not failover to the second > DC server quickly enough for the users comfort. Has anyone faced the same > problem ? ( we have no SRV records ) > The solution relies entirely on samba config + dns failovers, so I'm not > hoping > for a solution on this mailing list. Just other users feedback. > > - As a workaround, I would like to increase the value of the > authenticate-ip-shortcircuit-ttl parameter. It is currently at 300 > seconds, I > would put it at 36000 seconds (10hours). So the NTLM authentication would > really > only happen > once a working day. > What would be the drawbacks ? Is such a value reasonable technically ? ( > memory > buffers will handle this correctly ?) It's a controlled security breach. You are effectively setting that the IP address (from any machine) is to be assumed as logged in with the initial users credentials. This assumption remains active until the end of the timeout, whether the user has logged off and another sat down at the machine, or whether they machine is turned off and another has been assigned the DHCP lease. Personally, given the choice I'd remove the option entirely from Squid. It only exists to buffer problems caused by the design of NTLM. > > - wbinfo has stopped working twice in two months. (I will tackle this > topic with > samba support). > Again , anyone else seeing such behavior ? > An excerpt of the cache log : > Could not get groups for user dotdot > 2010/04/28 23:47:39| AuthenticateNTLMHandleReply: Helper '0x96b4c90' > crashed!. > 2010/04/28 23:47:39| assertion failed: helper.c:332: "!srv->request" > 2010/04/28 23:47:47| Starting Squid Cache version 2.7.STABLE7 for > i686-pc-linux-gnu... > Is this normal that SQuid should restart on such a problem ? (just > wondering). Restart kills all stored authentication credentials and makes Squid re-check all requests with the backend. NTLM requires several handshake HTTP requests to go through for a backend check. This means Squid has to reject the given end-process NTLM tokens and fetch new initial tokens from the browser after a restart. The NTLM backend is also known for its low limit on parallel connections processed which compounds this type of issue. > > Finally, would another authentication means to AD be more reliable ? > Kerberos > maybe ? Yes. Kerberos uses a stronger encryption type and does away with most of the handshake portion of NTLM. So Squid able to do a less intrusive re-check of the tokens after a restart or reconfigure. Also the backends so fas as I know have not had the same connection limits reported that NTLM suffers from. Additionally, NTLM has been officially deprecated by Microsoft along with Windows XP and not supported by their Windows 7 and later software. Kerberos is the model they are moving to. Amos
Re: [squid-users] Illegal character in hostname '!host!'
On Tue, 4 May 2010 11:17:18 -0700, Tory M Blue wrote: > I'm seeing this error on occasion and trying to figure out how to > capture what is causing it. > > 2010/05/04 11:06:03| urlParse: Illegal character in hostname '!host!' > > > !host!. > > I've thought maybe it was actually in a URI but I've added access > logging with urlpath_regex -i \!host and nothing is matching. urlpath_regex matches the path+filename+query portion of the URL. Try with url_regex. > > Is the !host! possibly internal to squid? No. > > How do I go about capturing and figuring this out? If the url_regex does not capture it debug_options 84,9 will display all the headers going through squid. debug_options 23,3 will show the higher level URL parse and what its being split into. Amos
Re: [squid-users] Compile Error on FreeBSD 8.0 with Squid 3.1.2 & 3.1.3
On Tue, 4 May 2010 17:53:31 +0200, Kinkie wrote: > It's already fixed in trunk. > Amos, please import changes in revnos 10428 & 10431. Only impacts > system running bdb-4 but not 1.85 10428 is already in and not related to dbh. Did you mean 10432 which reverts a portion of 10431? Amos > >Kinkie > > On Tue, May 4, 2010 at 5:44 PM, Dean Weimer wrote: >> I have run into the following compile error on both squid 3.1.2 and >> squid 3.1.3 on FreeBSD 8.0 using these options for >> ./configure \ >> --prefix=/usr/local/squid \ >> --enable-pthreads \ >> --enable-ssl \ >> --with-openssl=/usr/local \ >> --enable-async-io \ >> --enable-underscores \ >> --enable-storeio="ufs,aufs" \ >> --enable-delay-pools \ >> --disable-ipv6 >> Squid 3.1.1 Compiles fine on this system, has anyone else ran into this >> issue or have any ideas as to the cause. >> >> Making all in session >> gcc -DHAVE_CONFIG_H -I../../.. -I../../../include -I../../../src >> -I../../../include -I. -I/usr/local/include -Wall -Wpointer-arith >> -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments >> -Werror -D_REENTRANT -Wall -g -O2 -MT squid_session.o -MD -MP -MF >> .deps/squid_session.Tpo -c -o squid_session.o squid_session.c >> cc1: warnings being treated as errors >> squid_session.c: In function 'init_db': >> squid_session.c:62: warning: implicit declaration of function 'dbopen' >> squid_session.c:62: warning: assignment makes pointer from integer >> without a cast >> squid_session.c: In function 'shutdown_db': >> squid_session.c:71: error: too few arguments to function 'db->close' >> squid_session.c: In function 'session_active': >> squid_session.c:81: warning: passing argument 2 of 'db->get' from >> incompatible pointer type >> squid_session.c:81: error: too few arguments to function 'db->get' >> squid_session.c:85: warning: passing argument 2 of 'db->del' from >> incompatible pointer type >> squid_session.c:85: error: too few arguments to function 'db->del' >> squid_session.c: In function 'session_login': >> squid_session.c:103: warning: passing argument 2 of 'db->put' from >> incompatible pointer type >> squid_session.c:103: error: too few arguments to function 'db->put' >> squid_session.c: In function 'session_logout': >> squid_session.c:111: warning: passing argument 2 of 'db->del' from >> incompatible pointer type >> squid_session.c:111: error: too few arguments to function 'db->del' >> *** Error code 1 >> >> Stop in /usr/local/squid-3.1.3/helpers/external_acl/session. >> *** Error code 1 >> >> Stop in /usr/local/squid-3.1.3/helpers/external_acl. >> *** Error code 1 >> >> Stop in /usr/local/squid-3.1.3/helpers. >> *** Error code 1 >> >> Stop in /usr/local/squid-3.1.3. >> >> Thanks, >> Dean Weimer >> Network Administrator >> Orscheln Management Co >> >>
[squid-users] configure: error: C++ compiler cannot create executables
Dear All I was stopped to compile squid 3.1.1 in Linux OpenSuSE 11.2 with error below: configure: error: C++ compiler cannot create executables See `config.log' for more details. configure: error: ./configure failed for lib/libTrie I did not get this message in OpenSuSE 11.1. What should I do to solve this issue? Many thanks for your advise. Wong snip configure: creating ./config.status config.status: creating Makefile config.status: creating ska_config.h config.status: executing depfiles commands configure: updating ska_config.h === configuring in lib/libTrie (/usr/src/squid-3.1.1/lib/libTrie) configure: running /bin/sh ./configure --disable-option-checking '--prefix=/usr/local/squid' '--enable-linux-netfilter' '--enable-storeio=aufs,ufs' '--with-large-files' '--disable-ipv6' '--with-filedescriptors=8192' '--with-squid=/usr/src/squid-3.1.1' '--enable-ltdl-convenience' --cache-file=/dev/null --srcdir=. checking for g++... no checking for c++... no checking for gpp... no checking for aCC... no checking for CC... no checking for cxx... no checking for cc++... no checking for cl.exe... no checking for FCC... no checking for KCC... no checking for RCC... no checking for xlC_r... no checking for xlC... no checking for C++ compiler default output file name... configure: error: C++ compiler cannot create executables See `config.log' for more details. configure: error: ./configure failed for lib/libTrie
Re: [squid-users] squid_ldap_auth
Le mardi 4 mai 2010 14:10:00, burbankmarc a écrit : > Hey all, > > I have ldap authentication working in squid 3.1.3, and it works > wellexcept that the user has to authenticate everytime they open a > browser window. All the users are XP using IE. I have another squid (2.5) > instance running using NTLM and they only need to type in their credentials > when their password changes. > > Is there a way to get similar functionality using squid_ldap_auth? Unfortunatly that behaivoir is perfectly well in basic auth, every new window or you IE doesnt know what session has other and they no share previews autehtnication. But if you do a Ctrl+ t (new tab) IE (or mozilla) wont ask for new password. with ntlm is the same, but borwser sends password for you :) maybe programin an external acl to keep track of what ips are being used and if there's an already authenticated session with X ip, next X ip wont need password. but be careful, you will lose usernames at logfile LD
[squid-users] Re: stop XFF
Le mardi 4 mai 2010 17:01:36, Luis Daniel Lucio Quiroz a écrit : > Hi all > > i have this scenario > > client -> squid1 -> squid2 -> internet > > what do i need to stop the xff header so pages like www.whatismyip.org > doesnt show that header. > > I dont wnat to turn off x-forward because squid2 has an icap server and it > needs that header. I also has tried this configuration > > acl localnet 192.168.0.0/16 (and all networks i'm prety sure are local, > including squid1 and squid2 ips) > forwarded_for on > follow_x_forwarded_for allow localnet > follow_x_forwarded_for deny all > > how ever headder is still preset > > any advice? > > LD as i read here http://www.squid-cache.org/Doc/config/forwarded_for/ if i put delete or truncate the xff header alteration is before or after doing the icap revision? LD
[squid-users] stop XFF
Hi all i have this scenario client -> squid1 -> squid2 -> internet what do i need to stop the xff header so pages like www.whatismyip.org doesnt show that header. I dont wnat to turn off x-forward because squid2 has an icap server and it needs that header. I also has tried this configuration acl localnet 192.168.0.0/16 (and all networks i'm prety sure are local, including squid1 and squid2 ips) forwarded_for on follow_x_forwarded_for allow localnet follow_x_forwarded_for deny all how ever headder is still preset any advice? LD
[squid-users] Squid2.x / Squid3.x + OS X + WPAD, issues with iTunes?
Anyone else having issues with squid, wpad and iTunes? It's constantly prompting for authentication when trying to listen to a radio station... which is fine except it never actually goes through, meaning no music can be heard. Curious if I need a special ACL or something in order to make it work? Things like slacker radio / pandora / grooveshark etc all seem to work, but nothing within iTunes Radio.
[squid-users] squid_ldap_auth
Hey all, I have ldap authentication working in squid 3.1.3, and it works wellexcept that the user has to authenticate everytime they open a browser window. All the users are XP using IE. I have another squid (2.5) instance running using NTLM and they only need to type in their credentials when their password changes. Is there a way to get similar functionality using squid_ldap_auth? -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-ldap-auth-tp2126169p2126169.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Illegal character in hostname '!host!'
I'm seeing this error on occasion and trying to figure out how to capture what is causing it. 2010/05/04 11:06:03| urlParse: Illegal character in hostname '!host!' !host!. I've thought maybe it was actually in a URI but I've added access logging with urlpath_regex -i \!host and nothing is matching. Is the !host! possibly internal to squid? How do I go about capturing and figuring this out? Thanks Tory
[squid-users] [ot] polish users
Hi, sorry for this big off topic. If there is any polish user here, please, contact me via email. --
Re: [squid-users] Compile Error on FreeBSD 8.0 with Squid 3.1.2 & 3.1.3
It's already fixed in trunk. Amos, please import changes in revnos 10428 & 10431. Only impacts system running bdb-4 but not 1.85 Kinkie On Tue, May 4, 2010 at 5:44 PM, Dean Weimer wrote: > I have run into the following compile error on both squid 3.1.2 and squid > 3.1.3 on FreeBSD 8.0 using these options for > ./configure \ > --prefix=/usr/local/squid \ > --enable-pthreads \ > --enable-ssl \ > --with-openssl=/usr/local \ > --enable-async-io \ > --enable-underscores \ > --enable-storeio="ufs,aufs" \ > --enable-delay-pools \ > --disable-ipv6 > Squid 3.1.1 Compiles fine on this system, has anyone else ran into this issue > or have any ideas as to the cause. > > Making all in session > gcc -DHAVE_CONFIG_H -I../../.. -I../../../include -I../../../src > -I../../../include -I. -I/usr/local/include -Wall -Wpointer-arith > -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments > -Werror -D_REENTRANT -Wall -g -O2 -MT squid_session.o -MD -MP -MF > .deps/squid_session.Tpo -c -o squid_session.o squid_session.c > cc1: warnings being treated as errors > squid_session.c: In function 'init_db': > squid_session.c:62: warning: implicit declaration of function 'dbopen' > squid_session.c:62: warning: assignment makes pointer from integer without a > cast > squid_session.c: In function 'shutdown_db': > squid_session.c:71: error: too few arguments to function 'db->close' > squid_session.c: In function 'session_active': > squid_session.c:81: warning: passing argument 2 of 'db->get' from > incompatible pointer type > squid_session.c:81: error: too few arguments to function 'db->get' > squid_session.c:85: warning: passing argument 2 of 'db->del' from > incompatible pointer type > squid_session.c:85: error: too few arguments to function 'db->del' > squid_session.c: In function 'session_login': > squid_session.c:103: warning: passing argument 2 of 'db->put' from > incompatible pointer type > squid_session.c:103: error: too few arguments to function 'db->put' > squid_session.c: In function 'session_logout': > squid_session.c:111: warning: passing argument 2 of 'db->del' from > incompatible pointer type > squid_session.c:111: error: too few arguments to function 'db->del' > *** Error code 1 > > Stop in /usr/local/squid-3.1.3/helpers/external_acl/session. > *** Error code 1 > > Stop in /usr/local/squid-3.1.3/helpers/external_acl. > *** Error code 1 > > Stop in /usr/local/squid-3.1.3/helpers. > *** Error code 1 > > Stop in /usr/local/squid-3.1.3. > > Thanks, > Dean Weimer > Network Administrator > Orscheln Management Co > > -- /kinkie
RE: [squid-users] Problem with SQUID
Hello, I update this afternoon the proxy (from version 2.5 to version 2.7 STABLE9) as mentioned in the message of Amos Jeffries; I got the version and installed it in less than 10 minutes : I had only 2 problems in the squid.conf file (an option disappeared, and I need to identify the user running squid): the problem is now solved. Best regards, Bernard LANDRON -Message d'origine- De : Amos Jeffries [mailto:squ...@treenet.co.nz] Envoyé : mardi 4 mai 2010 14:21 À : squid-users@squid-cache.org Objet : Re: [squid-users] Problem with SQUID Bernard LANDRON wrote: > Hello, > SQUID is installed on my site since more than 5 years and was running > correctly ; since less than a week, SQUID stops very frequently, and I have > some messages: > > * In the /var/log/messages file I have the following: > > May 4 13:25:42 renesas2 squid[8722]: Squid Parent: child process 9634 exited > due to signal 6 May 4 13:25:45 renesas2 squid[8722]: Squid Parent: child > process 9716 started May 4 13:26:28 renesas2 squid[8722]: Squid Parent: > child process 9716 exited due to signal 6 May 4 13:26:31 renesas2 > squid[8722]: Squid Parent: child process 9855 started May 4 13:26:34 > renesas2 squid[8722]: Squid Parent: child process 9855 exited due to signal 6 > May 4 13:26:37 renesas2 squid[8722]: Squid Parent: child pro > > > When there are too many failures, SQUID parent stops. > > * In the /var/squid/log/cahe.log I have also the following: > > FATAL: Received Segment Violation...dying. > 2010/05/04 13:30:42| storeDirWriteCleanLogs: Starting... > 2010/05/04 13:30:42| WARNING: Closing open FD 11 > 2010/05/04 13:30:42| Finished. Wrote 5206 entries. The lines above the FATAL are generally more important, since the error is logged then a the death shutdown begins. It also gives some info of maybe some action leading up to the death which may be useful. > > > Can somebody explain me what is happening? And what can be the solution? > Best regards > Bernard LANDRON > Exact cause uncertain. 2.5 is as you say many years old now. It's likely some HTTP feature becoming common among your users hitting hidden bug. Or maybe a security flaw that has not been patched and now being hit by someone. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.3
[squid-users] questions around NTLM authentication
Hello, Using Squid for 6 years now, quite happily. We have moved from ldap to AD authentication a few months ago. using : squid-2.7.STABLE7 auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp external_acl_type ad_group children=30 %LOGIN /proxy1/libexec/wbinfo_group.pl ntlm_auth and wbinfo come from : samba-common-3.0.33-3.14.el5 (on rhel 5.4) We are suffering from a few problems : - when one of the 2 DC server fails, samba will not failover to the second DC server quickly enough for the users comfort. Has anyone faced the same problem ? ( we have no SRV records ) The solution relies entirely on samba config + dns failovers, so I'm not hoping for a solution on this mailing list. Just other users feedback. - As a workaround, I would like to increase the value of the authenticate-ip-shortcircuit-ttl parameter. It is currently at 300 seconds, I would put it at 36000 seconds (10hours). So the NTLM authentication would really only happen once a working day. What would be the drawbacks ? Is such a value reasonable technically ? ( memory buffers will handle this correctly ?) - wbinfo has stopped working twice in two months. (I will tackle this topic with samba support). Again , anyone else seeing such behavior ? An excerpt of the cache log : Could not get groups for user dotdot 2010/04/28 23:47:39| AuthenticateNTLMHandleReply: Helper '0x96b4c90' crashed!. 2010/04/28 23:47:39| assertion failed: helper.c:332: "!srv->request" 2010/04/28 23:47:47| Starting Squid Cache version 2.7.STABLE7 for i686-pc-linux-gnu... Is this normal that SQuid should restart on such a problem ? (just wondering). Finally, would another authentication means to AD be more reliable ? Kerberos maybe ? Thanks Andrew
[squid-users] Compile Error on FreeBSD 8.0 with Squid 3.1.2 & 3.1.3
I have run into the following compile error on both squid 3.1.2 and squid 3.1.3 on FreeBSD 8.0 using these options for ./configure \ --prefix=/usr/local/squid \ --enable-pthreads \ --enable-ssl \ --with-openssl=/usr/local \ --enable-async-io \ --enable-underscores \ --enable-storeio="ufs,aufs" \ --enable-delay-pools \ --disable-ipv6 Squid 3.1.1 Compiles fine on this system, has anyone else ran into this issue or have any ideas as to the cause. Making all in session gcc -DHAVE_CONFIG_H -I../../.. -I../../../include -I../../../src -I../../../include -I. -I/usr/local/include -Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments -Werror -D_REENTRANT -Wall -g -O2 -MT squid_session.o -MD -MP -MF .deps/squid_session.Tpo -c -o squid_session.o squid_session.c cc1: warnings being treated as errors squid_session.c: In function 'init_db': squid_session.c:62: warning: implicit declaration of function 'dbopen' squid_session.c:62: warning: assignment makes pointer from integer without a cast squid_session.c: In function 'shutdown_db': squid_session.c:71: error: too few arguments to function 'db->close' squid_session.c: In function 'session_active': squid_session.c:81: warning: passing argument 2 of 'db->get' from incompatible pointer type squid_session.c:81: error: too few arguments to function 'db->get' squid_session.c:85: warning: passing argument 2 of 'db->del' from incompatible pointer type squid_session.c:85: error: too few arguments to function 'db->del' squid_session.c: In function 'session_login': squid_session.c:103: warning: passing argument 2 of 'db->put' from incompatible pointer type squid_session.c:103: error: too few arguments to function 'db->put' squid_session.c: In function 'session_logout': squid_session.c:111: warning: passing argument 2 of 'db->del' from incompatible pointer type squid_session.c:111: error: too few arguments to function 'db->del' *** Error code 1 Stop in /usr/local/squid-3.1.3/helpers/external_acl/session. *** Error code 1 Stop in /usr/local/squid-3.1.3/helpers/external_acl. *** Error code 1 Stop in /usr/local/squid-3.1.3/helpers. *** Error code 1 Stop in /usr/local/squid-3.1.3. Thanks, Dean Weimer Network Administrator Orscheln Management Co
[squid-users] cache channel support
Hi. Does squid supports cache channels in any capacity http://potaroo.net/ietf/all-ids/draft-nottingham-http-cache-channels-01.txt or has plans to support it in the future? -- Dmitri Priimak
[squid-users] Old squid redirect
Hey all, Using an old Squid 2.5.S10 setup. Trying to redirect mobile user-agents to a WAP company that handles the mobile version of my site. Read a bit about how to do this and got something like : acl Mobile browser -i (^((SO|ha|Se|[m-p]{2})(NIM|ier|ndo|[h-k]{2}a)|(SA|UP|Ph|Er|Bl|So|Mo|po|fr)(MSU|\.Br|ili|ics|ack|nyE|bil|rta|omp)(NG|owse|ps|so|Berr|rics|eExp|lmmm|assc)|(MO|Pa|HT|EZ)(T-|lm|C|OS)|([O-Q][a-d]L\d{2}[a-z]{2}\d+|S(EC|GH|IE)|LG)))|([l-p]{2}[x-z]([(h-m)]|a){4}\/((1\.22)|([45]\.0).*?(ProF|win|pal|we|H|ip|an|sym)(iLE.+m|dows|msou|b|TC_|ho|dr|bia)(IDp|\sce|rce|os|HD\d|ne|oid|n\s*os)))|((q|O|U|SZ)(q|ww|p|O|i)(v|dv|e|ds|OO)(Q|W|R|OO|Z)(V|PP|YY|A).*?\s[k-p](in|OB)[h-j]) acl site dstdomain www.MyWebPage.com http_access deny site Mobile deny_info http://wap.mobilepage.mobi?__h=%{HTTP_HOST}&__p=%{REQUEST_URI}&%{QUERY_STRING} Mobile I know that the regex seems odd and insane, but it works (in Apache's conf that works / tested great). Once I did that, nothing from my original configs worked, had to rollback and remove that snippet. A) How can I make this work with my current 2.5 ? - I also have a local Apache that gets requests redirected from Squid, but I rather not use it. B) I am about to upgrade to Squid 2.7, will that become easier then? Thanks a million, Adam
Re: [squid-users] Squid bandwidth
2010/5/4 badaim2 : > > > Any real time example squid code is there for my bandwidth configuration? > >From what I know you can't do that with current features of Squid. You may need some customized code to Squid, this is the reason I once asked squid developers to provide us a development API like Apache's. -- Tech support agent in China http://duxieweb.com/
Re: [squid-users] connection refused by proxy.. where to start..
2010/5/4 B. Cook : > > Our squid is an authenticated proxy. > > We are also doing squidguard as redirect_program. > > And we are using wpad autodiscovery to configure the proxy to everyone. > A complicated application with Squid in the enterprise. If there is no error in cache.log, you may run squid with debug mode to catch something. -- Tech support agent in China http://duxieweb.com/
Re: [squid-users] connection refused by proxy.. where to start..
B. Cook wrote: Running a squid box for a large network, about 3k computers; but only about 1/3 are ever on at one time.. Squid Object Cache: Version 2.7.STABLE7 Start Time:Tue, 06 Apr 2010 17:49:52 GMT Current Time:Tue, 04 May 2010 13:16:48 GMT Connection information for squid: Number of clients accessing cache:888 Number of HTTP requests received:23157816 Number of ICP messages received:167211 Number of ICP messages sent:167401 Number of queued ICP replies:0 Request failure ratio: 0.00 Average HTTP requests per minute since start:578.3 Average ICP messages per minute since start:8.4 Select loop called: 614713658 times, 3.909 ms avg Squid is a FreeBSD 8.0-p2 i386 machine with 2G of ram; bge nic with rxcsum and txcsum enabled. I have an occasional issue that sometimes clients will receive a 'proxy refusing connections' message (firefox is more straight forward with the message than IE - but the network is mostly IE) Instantly hitting F5 or refresh causes everything to return to normal and the user goes on, it's a 'rare' thing that happens, but occasionally it happens. I don't see anything obvious in cache.log.. Where/How could I start to figure this out? With your debug_options is set to at least ALL,1. Check cache.log for WARNING, ERROR, FATAL or "Starting". See if their times match up to the blackout periods. Check for any system triggered restart / reconfigure events that may be causing Squid to reset connections. It's normal for the current releases to have a small blackout during those. If there is any cyclic pattern to the outages it may be one of the internal cleanup cycles (internal roughly hourly by default for the worst one: cache purging). Our squid is an authenticated proxy. We are also doing squidguard as redirect_program. And we are using wpad autodiscovery to configure the proxy to everyone. Thanks in advance. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.3
Re: [squid-users] Squid bandwidth
I've seen the future squid-users <= it is motto. 2010/05/04 02:36:49 -0700 badaim2 => To squid-users@squid-cache.org : b> We planned to configure a new squid proxy server in FreeBSD. We want to b> implement bandwidth management in squid by using delaypool. We having 6mbps b> DSL connection. We going to give totally 300MB limited net usage for every b> one per day. If a single user reached his limit 300mb then that user should b> not able to access net for few hours. He should be informed via web site, b> that he reached his limit for a while. Like this we want to implement b> bandwidth management. b> b> Any real time example squid code is there for my bandwidth configuration? I did it myself under influences of squid2mysql script that was popular a decade ago and yes, here is the code: http://skybill.sf.net. It has some time of reaction, several minutes so hard to say how much it's of a real time but as of the first public release v0.1 it did those exact things with both transparent squid on a LAN and ipacctd for FreeBSD, too: there were monthly limits per user, users were disconected ( actually they had access only to pop3, smtp and icq ports from the outside WAN ) upon the limit was reached, and were notified by email on reaching 90 or 100 percents of their limit. ISPs dramatically dropped their prices and charging models since then so the code isn't yet known to be used with squid anymore but I use it with ipacctd for myself and with nginx for demo. 73! Peter pgp: A0E26627 (4A42 6841 2871 5EA7 52AB 12F8 0CE1 4AAC A0E2 6627) -- http://vereshagin.org
[squid-users] connection refused by proxy.. where to start..
Running a squid box for a large network, about 3k computers; but only about 1/3 are ever on at one time.. Squid Object Cache: Version 2.7.STABLE7 Start Time: Tue, 06 Apr 2010 17:49:52 GMT Current Time: Tue, 04 May 2010 13:16:48 GMT Connection information for squid: Number of clients accessing cache: 888 Number of HTTP requests received: 23157816 Number of ICP messages received:167211 Number of ICP messages sent:167401 Number of queued ICP replies: 0 Request failure ratio: 0.00 Average HTTP requests per minute since start: 578.3 Average ICP messages per minute since start:8.4 Select loop called: 614713658 times, 3.909 ms avg Squid is a FreeBSD 8.0-p2 i386 machine with 2G of ram; bge nic with rxcsum and txcsum enabled. I have an occasional issue that sometimes clients will receive a 'proxy refusing connections' message (firefox is more straight forward with the message than IE - but the network is mostly IE) Instantly hitting F5 or refresh causes everything to return to normal and the user goes on, it's a 'rare' thing that happens, but occasionally it happens. I don't see anything obvious in cache.log.. Where/How could I start to figure this out? Our squid is an authenticated proxy. We are also doing squidguard as redirect_program. And we are using wpad autodiscovery to configure the proxy to everyone. Thanks in advance.
Re: [squid-users] Problem with SQUID
Bernard LANDRON wrote: Hello, SQUID is installed on my site since more than 5 years and was running correctly ; since less than a week, SQUID stops very frequently, and I have some messages: * In the /var/log/messages file I have the following: May 4 13:25:42 renesas2 squid[8722]: Squid Parent: child process 9634 exited due to signal 6 May 4 13:25:45 renesas2 squid[8722]: Squid Parent: child process 9716 started May 4 13:26:28 renesas2 squid[8722]: Squid Parent: child process 9716 exited due to signal 6 May 4 13:26:31 renesas2 squid[8722]: Squid Parent: child process 9855 started May 4 13:26:34 renesas2 squid[8722]: Squid Parent: child process 9855 exited due to signal 6 May 4 13:26:37 renesas2 squid[8722]: Squid Parent: child pro When there are too many failures, SQUID parent stops. * In the /var/squid/log/cahe.log I have also the following: FATAL: Received Segment Violation...dying. 2010/05/04 13:30:42| storeDirWriteCleanLogs: Starting... 2010/05/04 13:30:42| WARNING: Closing open FD 11 2010/05/04 13:30:42| Finished. Wrote 5206 entries. The lines above the FATAL are generally more important, since the error is logged then a the death shutdown begins. It also gives some info of maybe some action leading up to the death which may be useful. Can somebody explain me what is happening? And what can be the solution? Best regards Bernard LANDRON Exact cause uncertain. 2.5 is as you say many years old now. It's likely some HTTP feature becoming common among your users hitting hidden bug. Or maybe a security flaw that has not been patched and now being hit by someone. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.3
[squid-users] Problem with SQUID
Hello, SQUID is installed on my site since more than 5 years and was running correctly ; since less than a week, SQUID stops very frequently, and I have some messages: * In the /var/log/messages file I have the following: May 4 13:25:42 renesas2 squid[8722]: Squid Parent: child process 9634 exited due to signal 6 May 4 13:25:45 renesas2 squid[8722]: Squid Parent: child process 9716 started May 4 13:26:28 renesas2 squid[8722]: Squid Parent: child process 9716 exited due to signal 6 May 4 13:26:31 renesas2 squid[8722]: Squid Parent: child process 9855 started May 4 13:26:34 renesas2 squid[8722]: Squid Parent: child process 9855 exited due to signal 6 May 4 13:26:37 renesas2 squid[8722]: Squid Parent: child pro When there are too many failures, SQUID parent stops. * In the /var/squid/log/cahe.log I have also the following: FATAL: Received Segment Violation...dying. 2010/05/04 13:30:42| storeDirWriteCleanLogs: Starting... 2010/05/04 13:30:42| WARNING: Closing open FD 11 2010/05/04 13:30:42| Finished. Wrote 5206 entries. 2010/05/04 13:30:42| Took 0.0 seconds (5206.0 entries/sec). CPU Usage: 1.820 seconds = 0.690 user + 1.130 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 647 Memory usage for squid via mallinfo(): total space in arena:7324 KB Ordinary blocks: 7234 KB 49 blks Small blocks: 0 KB 5 blks Holding blocks: 284 KB 1 blks Free Small blocks: 0 KB Free Ordinary blocks: 89 KB Total in use:7518 KB 103% Total free:89 KB 1% 2010/05/04 13:30:45| Starting Squid Cache version 2.5.STABLE3 for x86_64-redhat-linux-gnu... 2010/05/04 13:30:45| Process ID 10140 2010/05/04 13:30:45| With 1024 file descriptors available 2010/05/04 13:30:45| DNS Socket created at 0.0.0.0, port 32889, FD 4 2010/05/04 13:30:45| Adding nameserver 127.0.0.1 from /etc/resolv.conf 2010/05/04 13:30:45| User-Agent logging is disabled. 2010/05/04 13:30:45| Referer logging is disabled. 2010/05/04 13:30:45| Unlinkd pipe opened on FD 9 2010/05/04 13:30:45| Swap maxSize 102400 KB, estimated 7876 objects 2010/05/04 13:30:45| Target number of buckets: 393 2010/05/04 13:30:45| Using 8192 Store buckets 2010/05/04 13:30:45| Max Mem size: 8192 KB 2010/05/04 13:30:45| Max Swap size: 102400 KB 2010/05/04 13:30:45| Rebuilding storage in /home/squid/cache (CLEAN) 2010/05/04 13:30:45| Using Least Load store dir selection 2010/05/04 13:30:45| Set Current Directory to /home/squid 2010/05/04 13:30:45| Loaded Icons. 2010/05/04 13:30:45| Accepting HTTP connections at 0.0.0.0, port 3128, FD 11. 2010/05/04 13:30:45| Accepting ICP messages at 0.0.0.0, port 3130, FD 12. 2010/05/04 13:30:45| WCCP Disabled. 2010/05/04 13:30:45| Configuring Parent 172.28.64.247/80/0 2010/05/04 13:30:45| Ready to serve requests. 2010/05/04 13:30:45| Store rebuilding is 78.7% complete 2010/05/04 13:30:45| Done reading /home/squid/cache swaplog (5206 entries) 2010/05/04 13:30:45| Finished rebuilding storage from disk. 2010/05/04 13:30:45| 5206 Entries scanned 2010/05/04 13:30:45| 0 Invalid entries. 2010/05/04 13:30:45| 0 With invalid flags. 2010/05/04 13:30:45| 5206 Objects loaded. 2010/05/04 13:30:45| 0 Objects expired. 2010/05/04 13:30:45| 0 Objects cancelled. 2010/05/04 13:30:45| 0 Duplicate URLs purged. 2010/05/04 13:30:45| 0 Swapfile clashes avoided. 2010/05/04 13:30:45| Took 0.3 seconds (17951.7 objects/sec). 2010/05/04 13:30:45| Beginning Validation Procedure 2010/05/04 13:30:45| Completed Validation Procedure 2010/05/04 13:30:45| Validated 5206 Entries 2010/05/04 13:30:45| store_swap_size = 57324k 2010/05/04 13:30:46| storeLateRelease: released 0 objects Can somebody explain me what is happening? And what can be the solution? Best regards Bernard LANDRON __ Bernard LANDRON IT Manager RENESAS Design France 14 A, rue Patis Tatelin 35700 RENNES Attention l'adresse email a changé et est maintenant: bernard.landron...@rdf.renesas.com Tél: +33 (0)2 23 21 27 50 - Fax: +33 (0)2 23 21 28 02 Portable: +33 (0) 6 31 47 65 13 __ This message and any attachments (the "message") are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. Messages are susceptible to alteration. RENESAS Design France shall not be liable for the message if altered, changed or falsified. If you are not the intended addressee of this message, please cancel it immediately and inform the sender.
Re: [squid-users] Squid bandwidth
> badaim2 wrote: > > Hello, > > > > We planned to configure a new squid proxy server in FreeBSD. We want to > > implement bandwidth management in squid by using delaypool. We having > > 6mbps DSL connection. We going to give totally 300MB limited net usage > > for every one per day. If a single user reached his limit 300mb then that > > user should not able to access net for few hours. He should be informed > > via web site, that he reached his limit for a while. Like this we want to > > implement bandwidth management. > > > > Any real time example squid code is there for my bandwidth configuration? > For this purposes there are several other projects. Usually it's a log analyzer program that parses squid's access.log and accumulate statistics information in RDBMS, like MySQL or PostgreSQL. After log analyser setup you must write squid redirector program, that checks accumulated statistics and, optionally, redirect user to deny page. See this page http://www.squid-cache.org/Scripts/ for additional information. Hope that helps. WBR. Igor.
Re: [squid-users] Squid bandwidth
badaim2 wrote: Hello, We planned to configure a new squid proxy server in FreeBSD. We want to implement bandwidth management in squid by using delaypool. We having 6mbps DSL connection. We going to give totally 300MB limited net usage for every one per day. If a single user reached his limit 300mb then that user should not able to access net for few hours. He should be informed via web site, that he reached his limit for a while. Like this we want to implement bandwidth management. Any real time example squid code is there for my bandwidth configuration? What you are asking for is Quota management, not bandwidth management. Squid does not do quotas easily yet. Delay pools, are designed to delay things. As in set per-second bandwidth rates to distinct groups (aka pools) of requests. If you wish to limit each user to a connection speed of 216bps over the entire day. Or 432bps over half the day. That is what delay pools can help with. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.3
[squid-users] Squid bandwidth
Hello, We planned to configure a new squid proxy server in FreeBSD. We want to implement bandwidth management in squid by using delaypool. We having 6mbps DSL connection. We going to give totally 300MB limited net usage for every one per day. If a single user reached his limit 300mb then that user should not able to access net for few hours. He should be informed via web site, that he reached his limit for a while. Like this we want to implement bandwidth management. Any real time example squid code is there for my bandwidth configuration? -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-bandwidth-tp2125238p2125238.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] OpenBSD 4.6: Squid 3.1.3 compilation error (patch attached)
Silamael wrote: On 05/03/2010 02:04 PM, Amos Jeffries wrote: Thanks for the thought, but... Code in Squid is NOT permitted to include system headers before the FD_* compat code. Kernel defines will be allocated with incompatible size and overflows happen. Can you provide a full compiler trace of the clash so we can fix the include sequence? Amos Hello Amos, Here i have another patch fixing the include file ordering for the ntlm_auth helper. Not sure if this is the best patch but it works for me. -- Matthias Thank you. It is good enough for 3.1. Though I'm adding the config.h include specifically to the top of those .c like it should have been instead of indirectly via the sub-headers. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.3
Re: [squid-users] squid-3.1.1 + ecap + gzip copression fails
Dnia Pt Kwietnia 30 2010, 17:47, Luis Daniel Lucio Quiroz napisał(a): > Le vendredi 30 avril 2010 08:20:12, Tomasz a ĂŠcrit : >> Dnia piÄ�tek 30 kwiecieĹ� 2010 o 14:52:20 Amos Jeffries napisaĹ�(a): >> > Tomasz wrote: >> > > Dnia piÄ�tek 30 kwiecieĹ� 2010 o 12:50:53 Amos Jeffries napisaĹ�(a): >> > >> Tomasz wrote: >> > >>> Hello >> > >>> >> > >>> I tried ecap gzip compression in last Squid >> > >>> (http://code.google.com/p/squid- ecap-gzip/ ) >> > >>> >> > >>> Compression works but every 5-20 minutes regularly squid restarts. >> > >> >> > >> cache.log entry for the crash? >> > > >> > > Ok its cacche.log from few seconds before crach at crash moment. >> > > >> > > () >> > >> > http://bugs.squid-cache.org/show_bug.cgi?id=2877 >> > >> > We are having some trouble tracking this one down still. If you are >> able >> > to use "debug_options ALL,9" across a crash there might be something >> > slightly more helpful in cache.log. Otherwise I'm at a loss. >> >> I attached log (last line is starting squid after crash) >> >> Strange that with debug_options ALL,9 squid crash every 5-60sec >> >> Regards. > I know this is now kind of good comment, but if you have an urgent case > that > nees to zip, you could set a parent proxy with ziproxy to compress, while > this bug is fixed > I don't want another process, It'll probably increase latency. At now surfspeeed from numion.com give better results without squid (I want to set up squid for minimal difference between test with and without squid. Best regards, -- Tomasz