Re: [squid-users] From Squid 2.7 STABLE 6 to....
In case of replacement of failing hardware, I suggest to install the same as you had: 2.7stable6 will work for you. After the hardware replacement I recommend to plan and test an upgrade. Although the Squid development team recommends 3.2.x I prefer to go for 3.1.x because at this time there are too many problems with 3.2.x. Alternatively, you wait a few months until 3.2.x becomes more stable to migrate to 3.2.x. Marcus On 10/11/2012 12:15 PM, mc864...@mclink.it wrote: I need to install a new proxy server in exchange to the current one based on Squid 2.7 STABLE 6. You already told me that on the new, 12 core, 12 GB server, I should create a hierarchy of squids to use all CPUs but I now have to replace a failing hardware. I currently use a aufs + coss cache_dir, I have about 3000 clients on a 200mbit link and traffic is passed to an upstream cache_peer (antivirus/url checker). Should I go with 3.2 or it's better to stay with 3.1 ? Which storage types are "mainstream" with new squid versions ? Thanks
Re: [squid-users] From Squid 2.7 STABLE 6 to....
On 12/10/2012 4:15 a.m., mc864...@mclink.it wrote: I need to install a new proxy server in exchange to the current one based on Squid 2.7 STABLE 6. You already told me that on the new, 12 core, 12 GB server, I should create a hierarchy of squids to use all CPUs but I now have to replace a failing hardware. I currently use a aufs + coss cache_dir, I have about 3000 clients on a 200mbit link and traffic is passed to an upstream cache_peer (antivirus/url checker). Should I go with 3.2 or it's better to stay with 3.1 ? 3.2 of course. Replace the COSS with rock cache_dir if rock works for you. COSS in 3.x is a bit broken. SMP is not working perfectly for everybody yet, but well worth trying out to see how it goes for you. Which storage types are "mainstream" with new squid versions ? Other than COSS, same old ones as always. Amos
[squid-users] Re: Reverse proxy; finding out what robots (IPs and user-agents) are sending you most of the requests
I have finally found the solution; logformat combined configuration directive in Squid -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Reverse-proxy-finding-out-what-robots-IPs-and-user-agents-are-sending-you-most-of-the-requests-tp4656972p4656973.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Unit of measure for
Hi, There is a parameter in the logformat and the format code is
Re: [squid-users] NTLM passthu
Hi, In fact I made a wrong manipulation while appling the patch. When applied correctly, the provided patch does fix the pinning problem and the authentaction to IIS works. thanks Alex 2012/10/11 Wolfgang Breyha : > Alexandre Chappaz wrote, on 11.10.2012 15:57: >> Applied the patch on both 3.2.1 and 3.2.2 . Same result. >> I'll post on your bug report. >> >> In the meantime, is there some additional info that could help to debug? > > At least I can't help in this matter because my knowledge about squid source > code is still very limited. I thought I understood all the stuff about pinning > and ntlm/negotiate passthrough. It was enough to "fix" our troubles, but > obviously not to fix yours;-) I currently do not have the spare time to debug > any further. Sorry. > > Greetings, Wolfgang > -- > Wolfgang Breyha | http://www.blafasel.at/ > Vienna University Computer Center | Austria >
[squid-users] From Squid 2.7 STABLE 6 to....
I need to install a new proxy server in exchange to the current one based on Squid 2.7 STABLE 6. You already told me that on the new, 12 core, 12 GB server, I should create a hierarchy of squids to use all CPUs but I now have to replace a failing hardware. I currently use a aufs + coss cache_dir, I have about 3000 clients on a 200mbit link and traffic is passed to an upstream cache_peer (antivirus/url checker). Should I go with 3.2 or it's better to stay with 3.1 ? Which storage types are "mainstream" with new squid versions ? Thanks
Re: [squid-users] NTLM passthu
Alexandre Chappaz wrote, on 11.10.2012 15:57: > Applied the patch on both 3.2.1 and 3.2.2 . Same result. > I'll post on your bug report. > > In the meantime, is there some additional info that could help to debug? At least I can't help in this matter because my knowledge about squid source code is still very limited. I thought I understood all the stuff about pinning and ntlm/negotiate passthrough. It was enough to "fix" our troubles, but obviously not to fix yours;-) I currently do not have the spare time to debug any further. Sorry. Greetings, Wolfgang -- Wolfgang Breyha | http://www.blafasel.at/ Vienna University Computer Center | Austria
Re: [squid-users] NTLM passthu
Applied the patch on both 3.2.1 and 3.2.2 . Same result. I'll post on your bug report. In the meantime, is there some additional info that could help to debug? 2012/10/11 Wolfgang Breyha : > Alexandre Chappaz wrote, on 11.10.2012 15:42: >> Yes I have seen this bug and applied the patch right now. >> >> with patch applied, behavior is a bit different : >> >> after asking for credentials, I get a connexion reset. > > Did you use 3.2.2 or 3.2.1? My patch is for 3.2.1. Don't know if it still > works on 3.2.2. > > If it doesn't work on 3.2.1 either it's bad because this is not trivial to > debug. > > Maybe you want to comment on my bugreport that my patch doesn't fix it for > you. > > Greetings, Wolfgang > -- > Wolfgang Breyha | http://www.blafasel.at/ > Vienna University Computer Center | Austria >
Re: [squid-users] NTLM passthu
Alexandre Chappaz wrote, on 11.10.2012 15:42: > Yes I have seen this bug and applied the patch right now. > > with patch applied, behavior is a bit different : > > after asking for credentials, I get a connexion reset. Did you use 3.2.2 or 3.2.1? My patch is for 3.2.1. Don't know if it still works on 3.2.2. If it doesn't work on 3.2.1 either it's bad because this is not trivial to debug. Maybe you want to comment on my bugreport that my patch doesn't fix it for you. Greetings, Wolfgang -- Wolfgang Breyha | http://www.blafasel.at/ Vienna University Computer Center | Austria
Re: [squid-users] NTLM passthu
Yes I have seen this bug and applied the patch right now. with patch applied, behavior is a bit different : after asking for credentials, I get a connexion reset. and from access log : 1349962782.169 9 10.XXX.XXX.XXX TCP_MISS/401 436 GET http://www.si-diamant.fr/ - HIER_DIRECT/94.124.232.64 - 2012/10/11 Wolfgang Breyha : > Alexandre Chappaz wrote, on 11.10.2012 14:45: >> Is this a regression? Shoudl I file a bug? > > There already is a bug and a proposed fix > http://bugs.squid-cache.org/show_bug.cgi?id=3655 > > Greetings, Wolfgang > -- > Wolfgang Breyha | http://www.blafasel.at/ > Vienna University Computer Center | Austria >
Re: [squid-users] NTLM passthu
Alexandre Chappaz wrote, on 11.10.2012 14:45: > Is this a regression? Shoudl I file a bug? There already is a bug and a proposed fix http://bugs.squid-cache.org/show_bug.cgi?id=3655 Greetings, Wolfgang -- Wolfgang Breyha | http://www.blafasel.at/ Vienna University Computer Center | Austria
[squid-users] NTLM passthu
Hi, since upgrade from 3.1.20 to 3.2.1, we are facing a problem regarding access to a IIS server with authentication : the popup asking for credentials keeps poping out and make the browsing impossibe. I observed the same behavior with latest 3.2.2 version (r11676 ). On the contrary, using 3.1.20 and same config, everything is fine. Is this a regression? Shoudl I file a bug? Thanks Alex
AW: [squid-users] squid 3.2.1: workers not working
thanxs,
upgrading to 3.2.2 did the trick! now the workers are working.
also thanxs for the config options, we have used a configure-script which we
have created with long time ago with squid 2.5x and then adjusted it a little.
some of the options have survived since then...
mfg
Markus Rietzler
Rechenzentrum der Finanzverwaltung
Tel: 0211/4572-2130
> -Ursprüngliche Nachricht-
> Von: Amos Jeffries [mailto:squ...@treenet.co.nz]
> Gesendet: Mittwoch, 10. Oktober 2012 23:59
> An: squid-users@squid-cache.org
> Betreff: Re: [squid-users] squid 3.2.1: workers not working
>
> On 11.10.2012 03:42, Rietzler, Markus (RZF, SG 324 /
> ) wrote:
> > we are trying to get squid using SMP workers. tried with workers2
> > seting up different cache_dirs for each worker
> >
> > workers 2
> > http_port 8080
> > cache_dir aufs $SQUID_CACHE_ROOT/${process_number} 32000 16 256
> >
>
> Seems okay. But note the 32GB cache size.
>
> > when we start squid we get:
> >
> > 2012/10/10 16:26:16.663 kid3| IoCallback.cc(107) finish: called for
> > local=[::] remote=[::] FD 13 flags=1 (0, 0)
> > 2012/10/10 16:26:16.663 kid1| fd_open() FD 19
> > /rzf/db/www/squid/1/swap.state.clean
> > 2012/10/10 16:26:16.663 kid3| comm_read_try: FD 11, size 4328, retval
> > 4112, errno 0
> > 2012/10/10 16:26:16.663 kid1| storeDirWriteCleanLogs: opened
> > /rzf/db/www/squid/1/swap.state.clean, FD 19
> > 2012/10/10 16:26:16.663 kid3| IoCallback.cc(107) finish: called for
> > local=[::] remote=[::] FD 11 flags=1 (0, 0)
> > 2012/10/10 16:26:16.663 kid3| comm_close: start closing FD 13
> > 2012/10/10 16:26:16.663 kid3| comm.cc(735) commUnsetFdTimeout: Remove
> > timeout for FD 13
> > 2012/10/10 16:26:16.663 kid1| fd_close FD 15
> > /rzf/db/www/squid/1/swap.state
> > 2012/10/10 16:26:16.663 kid3| The AsyncCall comm_close_complete
> > constructed, this=0x9e88e0 [call144]
> > 2012/10/10 16:26:16.663 kid1| Cache Dir #0 log closed on FD 15
> > 2012/10/10 16:26:16.663 kid3| comm.cc(1154) will call
> > comm_close_complete(FD 13) [call144]
> > 2012/10/10 16:26:16.663 kid1| xrename: renaming
> > /rzf/db/www/squid/1/swap.state.clean to
> > /rzf/db/www/squid/1/swap.state
> > 2012/10/10 16:26:16.663 kid3| Coordinator.cc(146)
> > handleSharedListenRequest: kid1 needs shared listen FD for
> > 130.11.6.5:8080
> > 2012/10/10 16:26:16.664 kid3| Coordinator.cc(154)
> > handleSharedListenRequest: sending shared listen
> > local=130.11.6.5:8080
> > remote=[::] FD 15 flags=9 for 130.11.6.5:8080 to kid1 mapId=0
> > 2012/10/10 16:26:16.664 kid3| entering comm_close_complete(FD 13)
> > 2012/10/10 16:26:16.664 kid3| AsyncCall.cc(34) make: make call
> > comm_close_complete [call144]
> > 2012/10/10 16:26:16.664 kid1| fd_open() FD 15
> > /rzf/db/www/squid/1/swap.state.last-clean
> > 2012/10/10 16:26:16.664 kid3| fd_close FD 13
> > 2012/10/10 16:26:16.664 kid1| fd_close FD 15
> > /rzf/db/www/squid/1/swap.state.last-clean
> > 2012/10/10 16:26:16.664 kid3| leaving comm_close_complete(FD 13)
> > 2012/10/10 16:26:16.664 kid1| fd_close FD 19
> > /rzf/db/www/squid/1/swap.state.clean
> > 2012/10/10 16:26:16.664 kid3| comm.cc(2116) comm_open_uds: Attempt
> > open socket for: /rzf/produkte/www/squid/var/run/squid/kid-1.ipc
>
> > 2012/10/10 16:26:16.664 kid1| Finished. Wrote 0 entries.
> > 2012/10/10 16:26:16.664 kid1| Took 0.00 seconds ( 0.00
> > entries/sec).
> > 2012/10/10 16:26:16.664 kid3| comm.cc(2134) comm_open_uds: Opened UDS
> > FD 13 : family=1, type=2, protocol=0
> > 2012/10/10 16:26:16.664 kid3| fd_open() FD 13
> > 2012/10/10 16:26:16.664 kid3| comm.cc(748) commSetConnTimeout:
> > local=[::] remote=[::] FD 13 flags=1 timeout 10
> > FATAL: kid1 registration timed out
> > FATAL: kid2 registration timed out
> >
> > and later:
> >
> > 2012/10/10 16:26:19.675 kid2| leave_suid: PID 11031 called
> > 2012/10/10 16:26:19.675 kid2| leave_suid: PID 11031 giving up root,
> > becoming 'www'
> > 2012/10/10 16:26:19.675 kid2| leave_suid: PID 11031 called
> > FATAL: Ipc::Mem::Segment::open failed to
> > shm_open(/squid-squid-page-pool.shm): (2) No such file or directory
> >
>
> This is kid2 attempting to open its UDS connection to register with the
> coordinator (kid3).
>
>
> > but I think this comes from the first FATAL.
>
> It's related to the "FATAL: kid2" but this one is caused by the UDS
> path not existing. The shm_open() is supposed to create one if it does
> not exist already.
>
> Start with an upgrade to 3.2.2 we fixed some SHM related bugs there.
> Then check bugzilla for more info, shm_open() has a few OS-specific
> problems and oath problems known.
>
>
> >
> > why are the kids nor registered. squid (coordinator) is running but
> > no other squid process and so it does not listen on port 8080.
> >
>
> The registration is done by sending packets to their UDS sockets (the
> SHM path which failing to open).
>
> To put it in more familiar terms; what is happening is somewhat vaguely
> equivalent to a network socket() creation failing to happen in the
> worker, whi
[squid-users] Re: problem with squid 3.2 as transaparent proxy
Now i have Centos 6.2 and i installed squid 3.2.1 without any problems. On my wrt router i changed firewall rules to mark and route packets to squid box, where packets are forwarded from port 80 to port 3128. Now i have other issues: 1. on wrt router i have Chillispot acting as captive portal, redirecting users web requests to a cgi script on the same server where squid is installed. I would like squid ignore requests about everythig is on the server (for example the cgi script) and intercepts only request about external sites. 2. looking at access.log, where i can see lines concerning requests about the cgi script, mac address is always missing. Is it a problem due to my configuration, or it is something i cannot obtain in any way? Thanks Giovanni -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/problem-with-squid-3-2-as-transaparent-proxy-tp4656748p4656961.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Squid 3.2.2 is available
The Squid HTTP Proxy team is very pleased to announce the availability of the Squid-3.2.2 release! This release is a security update and bug fix release resolving several issues found in the prior releases. Some changes to note: * Regression: Make login=PASS send no credentials when none available Since the addition of login=PASSTHRU the login=PASS option has been to always send credentials with a best-effort made to locate some. However it should not have been sending empty username and password in the events where none were available. This is now corrected. * Regression: Handle dstdomain duplicates and overlapping names better Updated domain matching in 3.2 inadvertently made Squid start rejecting exact duplicates on dstdomain ACL lists. Several popular domain blacklists contain duplicates and would kill 3.2.1 on startup. With this release exact duplicates are silently dropped, an overlapping wildcards and sub-domains are also handled much better (quieter). * Several crashes and segmentation faults. - Bug 3661: Segmentation fault when using more than 1 worker - Bug 3660: ACLFilledChecklist::fd set with wrong fd for sslproxy_cert_error - Bug 3647: parsing hier_code acl fails - Bug 3616: retrieve client connection for ACL checks from the related HttpRequest object There are still several open bugs when operating with multiple SMP workers and with ssl_crtd. So care and testing is still needed. * A few issues causing ERR_ZERO_SIZED_OBJECT pages to be displayed to users have finally been resolved. Hopefully for good. - Bug 3658: ERR_ZERO_SIZE_OBJECT propagates out even after successful retry - Do not reuse persistent connections for PUTs to avoid ERR_ZERO_SIZE_OBJECT - Fix chunked encoding on responses carrying a Content-Range header. * Squid now detects forwarding loops in all traffic types (bug 3626) Loops became a larger problem on intercepted traffic when ORIGINAL_DST was added for failed Host header validation handling. Squid will now detect them in both intercepted and reverse-proxy traffic and abort the client quickly with minimal resource consumption. * Some small but annoying memory leaks uncovered in 3.2.1 have been fixed. - Bug 3605: memory leak in Negotiate authentication - Fix small memory leak in src ACL parse Please remember to run "squid -k parse" when testing upgrade to a new version of Squid. It will audit your configuration files and report any identifiable issues the new release will have in your installation before you "press go". We are still removing the infamous "Bungled Config" halting points and adding checks, so if something is not identified please report it. See the ChangeLog for the full list of changes in this and earlier releases. All users of Squid-3.2 are encouraged to upgrade to this release as time permits. Please refer to the release notes at http://www.squid-cache.org/Versions/v3/3.2/RELEASENOTES.html when you are ready to make the switch to Squid-3.2 Upgrade tip: "squid -k parse" is starting to display even more useful hints about squid.conf changes. This new release can be downloaded from our HTTP or FTP servers http://www.squid-cache.org/Versions/v3/3.2/ ftp://ftp.squid-cache.org/pub/squid/ ftp://ftp.squid-cache.org/pub/archive/3.2/ or the mirrors. For a list of mirror sites see http://www.squid-cache.org/Download/http-mirrors.html http://www.squid-cache.org/Download/mirrors.html If you encounter any issues with this release please file a bug report. http://bugs.squid-cache.org/ Amos Jeffries
