Re: [squid-users] http_access traffic
On 15/10/2012 9:33 p.m., Ibrahim Lubis wrote: I use this line to allowed some traffic Acl vlan2 src 10.10.13.0/24 Http_access allow vlan2 Can i monitor traffic with snmp for certain vlan i allowed? Thx Not easily. Squid records statistics per-client not per-subnet. You have to find the individual client IPs in the SNMP client table and monitor their traffic usage while adding them all together to get the subnet usage. It would be easier (but not as accurate) to create a logging daemon that monitored the log and reported traffic usage back to your other systems. Amos
[squid-users] Re: problem with squid 3.2 as transaparent proxy
Any ideas?? Pls help. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/problem-with-squid-3-2-as-transaparent-proxy-tp4656748p4656998.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] max_filedesc on squid 3.2.2
2012/10/16 Ricardo Rios - Shorewall List : > Testing version 3.2.2-20121015-r11677, i see problems with the > max_filedesc on OpenSuSE 11.4 x64 > > server:/ # ulimit -n > 65535 > > squid.conf : > max_filedesc 65535 > > /etc/security/limits.conf > * - nofile 65535 > > on cache.log : > kid1| NOTICE: Could not increase the number of filedescriptors > kid1| With 16384 file descriptors available > > on squid -k reconfigure : > kid1| WARNING: max_filedescriptors disabled. Operating System > setrlimit(RLIMIT_NOFILE) is missing. > > PS: still getting segment fault dying.. on this version with more then 1 > worker. > > Ricardo try that, the first line on: /etc/init.d/squid Is ulimit -HSn 65535
Re: [squid-users] max_filedesc on squid 3.2.2
On 16/10/2012 6:14 p.m., Ricardo Rios - Shorewall List wrote: Testing version 3.2.2-20121015-r11677, i see problems with the max_filedesc on OpenSuSE 11.4 x64 server:/ # ulimit -n 65535 squid.conf : max_filedesc 65535 /etc/security/limits.conf * - nofile 65535 on cache.log : kid1| NOTICE: Could not increase the number of filedescriptors kid1| With 16384 file descriptors available on squid -k reconfigure : kid1| WARNING: max_filedescriptors disabled. Operating System setrlimit(RLIMIT_NOFILE) is missing. Squid just told you what the problem is: "Operating System setrlimit(RLIMIT_NOFILE) is missing". Please check the config.log from when you built this Squid for more information about what went wrong when the compiler tested your OS for this function support. Does that message show up on startup at all? or just reconfigure? PS. Also notice how the official squid.conf directive name is different to the old experimental "max_filedesc" you are configuring? PS: still getting segment fault dying.. on this version with more then 1 worker. We fixed one of the three SMP segfaults earlier today. Amos
[squid-users] max_filedesc on squid 3.2.2
Testing version 3.2.2-20121015-r11677, i see problems with the max_filedesc on OpenSuSE 11.4 x64 server:/ # ulimit -n 65535 squid.conf : max_filedesc 65535 /etc/security/limits.conf * - nofile 65535 on cache.log : kid1| NOTICE: Could not increase the number of filedescriptors kid1| With 16384 file descriptors available on squid -k reconfigure : kid1| WARNING: max_filedescriptors disabled. Operating System setrlimit(RLIMIT_NOFILE) is missing. PS: still getting segment fault dying.. on this version with more then 1 worker. Ricardo
Re: [squid-users] Crash with workers / shm after update from 3.2.1 to 3.2.2
>>> Amos Jeffries wrote > On 16.10.2012 10:26, Daniel Beschorner wrote: > > I've seen right now the "Improve CLANG support" and "Portable > > flexible arrays instead of r12255 " threads on squid-dev, that seems > > exactly to be the issue that broke SMP, so maybe we get this fixed > > soon. > > > > Daniel > > Give that patch in "Portable flexible arrays instead of r12255" a go. > If it gives you any problems I would be VERY interested to get quick > feedback. :-) > > > Amos Good news - adapted the patch against 3.2.2 and now worker / shm configuration works at a first glance, at least the startup crash has definitely gone. Daniel
Re: [squid-users] Crash with workers / shm after update from 3.2.1 to 3.2.2
On 16.10.2012 10:26, Daniel Beschorner wrote: I've seen right now the "Improve CLANG support" and "Portable flexible arrays instead of r12255 " threads on squid-dev, that seems exactly to be the issue that broke SMP, so maybe we get this fixed soon. Daniel Give that patch in "Portable flexible arrays instead of r12255" a go. If it gives you any problems I would be VERY interested to get quick feedback. :-) Amos Daniel Beschorner wrote I cannot start V3.2.2. Squid seems to die in Ipc::StoreMap::openForReadingAt() -> Ipc::ReadWriteLock::lockShared() at start or first request. If I undo this change (from http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2- 11649.patch): -Slot slots[]; ///< slots storage +Slot *slots; ///< slots storage it works again Without shared mem it works too. Thank you Daniel
[squid-users] Crash with workers / shm after update from 3.2.1 to 3.2.2
I've seen right now the "Improve CLANG support" and "Portable flexible arrays instead of r12255 " threads on squid-dev, that seems exactly to be the issue that broke SMP, so maybe we get this fixed soon. Daniel >>> Daniel Beschorner wrote > I cannot start V3.2.2. > > Squid seems to die in > > Ipc::StoreMap::openForReadingAt() -> Ipc::ReadWriteLock::lockShared() > > at start or first request. > > If I undo this change (from > http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2- > 11649.patch): > > -Slot slots[]; ///< slots storage > +Slot *slots; ///< slots storage > > it works again > > Without shared mem it works too. > > Thank you > Daniel
[squid-users] Connection Interrupted SSL Bump
Greetings, when using SSL bump, we are getting a "connection interrupted" screen when trying to connect to an https protected page. The firewall is not blocking anything. Below is the squid.conf configuration for ssl bump: - sslproxy_cert_error allow all ssl_bump server-first https_port 10.1.10.136:443 ssl-bump cert=/usr/local/squid/certs/star_primepublicsafety_com.crt key=/usr/local/squid/certs/star_primepublicsafety_com.cer tproxy - We are using version 3.3. Any info you could provide would be helpful. Thanks, Jesse S.
[squid-users] Crash with workers / shm after update from 3.2.1 to 3.2.2
I cannot start V3.2.2. Squid seems to die in Ipc::StoreMap::openForReadingAt() -> Ipc::ReadWriteLock::lockShared() at start or first request. If I undo this change (from http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11649.patch): -Slot slots[]; ///< slots storage +Slot *slots; ///< slots storage it works again Without shared mem it works too. Thank you Daniel
Re: [squid-users] 502 Bad gateway
On Sat, 2012-10-13 at 18:05 +1300, Amos Jeffries wrote: > On 13/10/2012 2:18 a.m., Leonardo wrote: > > Hi, > > > > I'm getting "502 bad gateway" while attempting to access the site > > ibs.it. This happens with squid 3.2.2 and 3.2.0.19 at least. It does not > > happen with squid 2.7.x series (not tested with all minor revisions > > though). > > > > Anyone else getting the same error? > > Beyond the generic HTTP status code what else do you have? Squid logs > and the content of that 503 response would be helpful. 1350283892.429129 10.44.65.254 TCP_MISS_ABORTED/200 2901 GET http://www.ibs.it/ - HIER_DIRECT/www.ibs.it text/html > > I've dumped the traffic with squid and without squid (it works without > > proxy), and as far I could tell, there's no reverse proxy doing bad > > stuff. > > It's not about a reverse proxy. It's about something somewhere in the > relay chain not being available. The error page itself will tell more. "502 Bad Gateway The server returned an invalid or incomplete response." > > The answer from the site appears to be same in both cases. With > > squid, I see that after the second response packet, after the GET > > request, my proxy closes the connection with FIN,ACK, and all subsequent > > response packets get an RST. > > Sounds perfectly normal behaviour for TCP shutting down a connection. > > But are you saing the proxy sends FIN or FIN+ACK ? which one determines > which end is doing the closure. Sorry, I was not clear in that. The proxy sends one packet with FIN,ACK flags, effectively shutting down the connection. > > What could it be the issue? > > One of the services needed by Squid to provide a response is not > working. Upstream HTTP server, DNS server, ICAP server, helper problem, > TCP errors, URL scheme unknown, could be any one of those or > something else entirely. I guess I need to turn on some debugging in order to find out what's wrong. I'm trying to figure out the right Section Number to turn on. Thanks! - leonardo signature.asc Description: This is a digitally signed message part
[squid-users] A spesific web site access problem
Hi, There are multiple proxies(squid) in the enviroment and one is the major used one. Some users which use the same proxies for internet connections at different location reports access problem to a spesific site. Mostly using the same proxies i can open the page mostly easily but sometime s a problem. No cache parameter was used there and it seems thats when the problem occurs while anaylzing it seems that some is doing something a doing a trick and maybe create the problem but dont know how. The websites owner says that we have analyzed our logs and everything seems ok . Whether problem reported or not it seems that there is difference at the opening of the page at diffrerent locations. How to analyze and find out the problem ? Regards
[squid-users] http_access traffic
I use this line to allowed some traffic Acl vlan2 src 10.10.13.0/24 Http_access allow vlan2 Can i monitor traffic with snmp for certain vlan i allowed? Thx
