[squid-users] Re: Youtube Changes
youtube back to static id -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-Changes-tp4659599p4659706.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Re: need help in cache_peer
Sorry, I was wrong. This is possible in squid.conf since squid 3.1, I did not recognize it: cache_peer 192.168.158.105 parent 3128 no-tproxy So you are using tproxy. Another piece, which might go wrong, when doing the forwarding. This should force all requests to be forwarded, but obviously it does not: never_direct allow all Strange ... To get some more insight into the problem: What did this tell you ? debug_options ALL,5 33,2 28,9 Are the youtube-requests forwarded to the parent, or not ? I expect some own work from you, to fix your problem. First step is, to figure out, where the problem is located, on squidA-machine or squidB-machine. Obviously you have LUSCA sources: visible_hostname Lusca-Cache Then here is the wrong place to ask for help, anyway. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/need-help-in-cache-peer-tp4659677p4659705.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Squid 3.2.10 not compilable under OpenBSD 5.2
Hello amos, The command Line you give didn't work. It always tries to compile all helpers. I must disable compile in the makefile and disable Sasl check in the configure file. Loic Blot Le 29 avr. 2013 à 03:11, Amos Jeffries a écrit : > On 29/04/2013 5:50 a.m., Loïc BLOT wrote: >> Hi, >> i cannot upgrade squid because my ./configure fails (cause : sasl) >> >> checking sasl/sasl.h usability... no >> checking sasl/sasl.h presence... no >> checking for sasl/sasl.h... no >> checking sasl.h usability... no >> checking sasl.h presence... no >> checking for sasl.h... no >> checking for sasl_errstring in -lsasl2... no >> checking for sasl_errstring in -lsasl... no >> configure: error: Neither SASL nor SASL2 found >> >> With squid 3.2.9 i haven't this problem >> >> cyrus-sasl is installed but i don't need SASL. >> >> Have you got an idea ? > > We merged in the patch used by OpenBSD ports for auto-detecting SASL and LDAP > libraries presence in this release. So a bunch of helpers which use SASL are > now attempting build when they did not earlier. But that means the configure > *did* detect SASL existence at some point. > > The helpers using SASL are mostly Basic auth helpers. So if you build with > --enable-auth-basic="" (exactly that, empty string parameter) it should > enable basic auth without building any of the helpers. Or you can explicitly > list just the ones you want to use. > > > To help me resolve the issue permanently could you please let me know what > was the exact full ./configure command you used was? and can you also supply > a list of the SASL header files you have installed with full paths? > > Amos
Re: [squid-users] squid 3.2.10 - RHELv6 - compile error
On 29/04/2013 3:28 p.m., Михаил wrote: Hi All. I tried to install new version of squid - 3.2.10, but it isn't compile on my machine. The previous version of squid - 3.2.9 compile without a problem. http://bugs.squid-cache.org/show_bug.cgi?id=3839 Please use the daily bugfix snapshot. Or better, when building from source please upgrade to the latest which is currently squid-3.3.4. Amos
[squid-users] squid 3.2.10 - RHELv6 - compile error
Hi All. I tried to install new version of squid - 3.2.10, but it isn't compile on my machine. The previous version of squid - 3.2.9 compile without a problem. # uname -a Linux ui-proxy 2.6.32-358.2.1.el6.x86_64 #1 SMP Wed Feb 20 12:17:37 EST 2013 x86_64 x86_64 x86_64 GNU/Linux # more /etc/redhat-release Red Hat Enterprise Linux Server release 6.4 (Santiago) # ./configure --prefix=/usr --includedir=/usr/include --datadir=/usr/share --bindir=/usr/sbin --libexecdir=/usr/lib/squid --localstatedir=/var --sysconfdir=/etc/squid --with-default-user=root # make The last lines of the compilation: libtool: link: /usr/bin/ar cru .libs/libacls.a .libs/Acl.o .libs/AclMaxUserIp.o .libs/AclProxyAuth.o libtool: link: ranlib .libs/libacls.a libtool: link: ( cd ".libs" && rm -f "libacls.la" && ln -s "../libacls.la" "libacls.la" ) make[4]: Leaving directory `/DOWNLOAD/SQUID/squid-3.2.10/src/auth' make[3]: Leaving directory `/DOWNLOAD/SQUID/squid-3.2.10/src/auth' Making all in ip make[3]: Entering directory `/DOWNLOAD/SQUID/squid-3.2.10/src/ip' /bin/sh ../../libtool --tag=CXX --mode=compile g++ -DHAVE_CONFIG_H -I../.. -I../../include -I../../lib -I../../src -I../../include -I../../libltdl -Wall -Wpointer-arith -Wwrite-strings -Wcomments -Werror -pipe -D_REENTRANT -g -O2 -MT Address.lo -MD -MP -MF .deps/Address.Tpo -c -o Address.lo Address.cc libtool: compile: g++ -DHAVE_CONFIG_H -I../.. -I../../include -I../../lib -I../../src -I../../include -I../../libltdl -Wall -Wpointer-arith -Wwrite-strings -Wcomments -Werror -pipe -D_REENTRANT -g -O2 -MT Address.lo -MD -MP -MF .deps/Address.Tpo -c Address.cc -fPIC -DPIC -o .libs/Address.o libtool: compile: g++ -DHAVE_CONFIG_H -I../.. -I../../include -I../../lib -I../../src -I../../include -I../../libltdl -Wall -Wpointer-arith -Wwrite-strings -Wcomments -Werror -pipe -D_REENTRANT -g -O2 -MT Address.lo -MD -MP -MF .deps/Address.Tpo -c Address.cc -o Address.o >/dev/null 2>&1 mv -f .deps/Address.Tpo .deps/Address.Plo /bin/sh ../../libtool --tag=CXX --mode=compile g++ -DHAVE_CONFIG_H -I../.. -I../../include -I../../lib -I../../src -I../../include -I../../libltdl -Wall -Wpointer-arith -Wwrite-strings -Wcomments -Werror -pipe -D_REENTRANT -g -O2 -MT Intercept.lo -MD -MP -MF .deps/Intercept.Tpo -c -o Intercept.lo Intercept.cc libtool: compile: g++ -DHAVE_CONFIG_H -I../.. -I../../include -I../../lib -I../../src -I../../include -I../../libltdl -Wall -Wpointer-arith -Wwrite-strings -Wcomments -Werror -pipe -D_REENTRANT -g -O2 -MT Intercept.lo -MD -MP -MF .deps/Intercept.Tpo -c Intercept.cc -fPIC -DPIC -o .libs/Intercept.o Intercept.cc:37:23: error: src/tools.h: No such file or directory make[3]: *** [Intercept.lo] Error 1 make[3]: Leaving directory `/DOWNLOAD/SQUID/squid-3.2.10/src/ip' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/DOWNLOAD/SQUID/squid-3.2.10/src' make[1]: *** [all] Error 2 make[1]: Leaving directory `/DOWNLOAD/SQUID/squid-3.2.10/src' make: *** [all-recursive] Error 1
Re: [squid-users] Squid-3.1 failed to select source
Hello, # squid3 -k parse 2013/04/29 10:10:15| Processing Configuration File: /etc/squid3/squid.conf (depth 0) This is the info it gives. 2013/4/29 Amos Jeffries : > On 28/04/2013 8:55 p.m., Doug wrote: >> >> Hello, >> >> I have the reverse proxy config as: >> >> cache_peer 175.6.1.216 parent 80 0 no-query originserver >> name=caiyuan >> acl resdomain dstdomain www.52caiyuan.com www.52huayuan.cn >> 52caiyuan.com 52huayuan.cn huayuan.52caiyuan.com >> cache_peer_access caiyuan allow resdomain > > What does "squid -k parse" throw out at you? > > I would expect some warnings about something to do with splay trees. > Which means ... > > >> When accessing to the cache, the domains www.52caiyuan.com and >> 52caiyuan.com work fine. >> But huayuan.52caiyuan.com got failed, the cache.log says: >> >> 2013/04/28 16:36:13| Failed to select source for >> 'http://huayuan.52caiyuan.com/' >> 2013/04/28 16:36:13| always_direct = 0 >> 2013/04/28 16:36:13|never_direct = 1 >> 2013/04/28 16:36:13|timedout = 0 > > > The latest version should work much better. There is a package of 3.3.3 now > available in the Debian sid repository you should try out. > > Amos >
Re: [squid-users] Squid 3.2.10 not compilable under OpenBSD 5.2
On 29/04/2013 5:50 a.m., Loïc BLOT wrote: Hi, i cannot upgrade squid because my ./configure fails (cause : sasl) checking sasl/sasl.h usability... no checking sasl/sasl.h presence... no checking for sasl/sasl.h... no checking sasl.h usability... no checking sasl.h presence... no checking for sasl.h... no checking for sasl_errstring in -lsasl2... no checking for sasl_errstring in -lsasl... no configure: error: Neither SASL nor SASL2 found With squid 3.2.9 i haven't this problem cyrus-sasl is installed but i don't need SASL. Have you got an idea ? We merged in the patch used by OpenBSD ports for auto-detecting SASL and LDAP libraries presence in this release. So a bunch of helpers which use SASL are now attempting build when they did not earlier. But that means the configure *did* detect SASL existence at some point. The helpers using SASL are mostly Basic auth helpers. So if you build with --enable-auth-basic="" (exactly that, empty string parameter) it should enable basic auth without building any of the helpers. Or you can explicitly list just the ones you want to use. To help me resolve the issue permanently could you please let me know what was the exact full ./configure command you used was? and can you also supply a list of the SASL header files you have installed with full paths? Amos
Re: [squid-users] Re: need help in cache_peer
On 28/04/2013 6:24 a.m., Eliezer Croitoru wrote: On 4/27/2013 9:11 PM, babajaga wrote: It is always a good idea to post full squid.conf Why not? unless you have something to hide... like passwords etc. WTF is this thread about? I hope you all realise that the original poster is not subscribed to the list and all teh details in their post is off-record as a result. Amos
Re: [squid-users] Squid-3.1 failed to select source
On 28/04/2013 8:55 p.m., Doug wrote: Hello, I have the reverse proxy config as: cache_peer 175.6.1.216 parent 80 0 no-query originserver name=caiyuan acl resdomain dstdomain www.52caiyuan.com www.52huayuan.cn 52caiyuan.com 52huayuan.cn huayuan.52caiyuan.com cache_peer_access caiyuan allow resdomain What does "squid -k parse" throw out at you? I would expect some warnings about something to do with splay trees. Which means ... When accessing to the cache, the domains www.52caiyuan.com and 52caiyuan.com work fine. But huayuan.52caiyuan.com got failed, the cache.log says: 2013/04/28 16:36:13| Failed to select source for 'http://huayuan.52caiyuan.com/' 2013/04/28 16:36:13| always_direct = 0 2013/04/28 16:36:13|never_direct = 1 2013/04/28 16:36:13|timedout = 0 The latest version should work much better. There is a package of 3.3.3 now available in the Debian sid repository you should try out. Amos
Re: [squid-users] Need help on SSL bump and certificate chain
> > I already managed to see Hellos in the logs when switching on ssl_bump > > peek-and-splice, but I fail to write an ACL filtering for the ServerName in > > the > > hello to decide if the traffic should be bumped or not. Allowed sites should > > simply go to the ssl_bump none option then. AND by using ssl_dump none, no > > config change is required on the client. > > What about the not allowed sites? ok you got me ;) - they are running in the default setting which means ssl_bump server-first and get an certificate error - but as they are trying to access a site not allowed I don't really care about the error as they will be redirected anyway in my environment and it's not important if the squid sends the "wrong" certificate to the client or the redirect webserver does. > The currently committed Peek and Splice code may not be able to do what > you want, but depending on what exactly you want to do, we are getting > close to a usable state. > > If you do want to bump some connections, and are ready to configure > clients accordingly, then you may want to monitor branch commit messages > and try again in a week or two. Otherwise, it is likely that what you > need is either impossible (bumping without knowledge or consent) or > requires another feature on top of Peek and Splice (terminating > connections after peeking at the server certificate to learn the server > name). I would be fine using the current setup with ssl_bump none for allowed sites and bumping the not allowed sites with a certificate error. Changing the ACL from IP to ServerName from the hello messages would be good to get rid of the ip script to get the actual server ips. greetingx, Alex
[squid-users] Squid 3.2.10 not compilable under OpenBSD 5.2
Hi, i cannot upgrade squid because my ./configure fails (cause : sasl) checking sasl/sasl.h usability... no checking sasl/sasl.h presence... no checking for sasl/sasl.h... no checking sasl.h usability... no checking sasl.h presence... no checking for sasl.h... no checking for sasl_errstring in -lsasl2... no checking for sasl_errstring in -lsasl... no configure: error: Neither SASL nor SASL2 found With squid 3.2.9 i haven't this problem cyrus-sasl is installed but i don't need SASL. Have you got an idea ? Thanks for advance -- Best regards, Loïc BLOT, UNIX systems, security and network expert http://www.unix-experience.fr Le dimanche 28 avril 2013 à 01:49 +1200, Amos Jeffries a écrit : > The Squid HTTP Proxy team is very pleased to announce the availability > of the Squid-3.2.10 release! > > > This release is a bug fix release resolving several crashes and build > issues found in the prior releases. > > > Please note that with 3.3 series being STABLE the 3.2 series is > now officially deprecated. There are no longer any guaranteed of > future 3.2 releases. > > > The major changes to be aware of in this release: > > * running "squid -k reconfigure" drops rock cache > > Squid would happly run and report information about rock caches > until reconfigure. After which it would cease reporting the rock > caches existence, but continue to use it. > > > * multiple build issues on GNU Hurd, OpenBSD, FreeBSD, NetBSD > > GNU Hurd would fail to build with MAP_NORESERVE errors. > BSD systems would fail to build with enter_suid/leave_suid errors. > BSD systems were also unable to build SASL or LDAP helpers. > > > * crashes in ssl_crtd and basic_ncsa_auth helpers > > ssl_crtd on ARM systems would crash on startup. > basic_ncsa_auth build against recent glibc would crash during first > authentication process validating credentials. > > > * HTTP/1.1 compliance with no-cache="params" , private="params" > > Since caching was enabled for traffic containing Cache-Control:no-cache > Squid has been incorrectly caching traffic where that control > was passed a list of headers. Squid is now reverted to the old > behaviour when passed no-cache or private with parameters. > > > > See the ChangeLog for the full list of changes in this and earlier > releases. > > Users of Squid-3.2 with error page language negotiation are urged > to upgrade to this release or Squid-3.3.3 as soon as possible. > > All users of Squid-3.2 are encouraged to upgrade to the 3.3 series > stable release as soon as possible. > > > Please remember to run "squid -k parse" when testing upgrade to a new > version of Squid. It will audit your configuration files and report > any identifiable issues the new release will have in your installation > before you "press go". We are still removing the infamous "Bungled > Config" halting points and adding checks, so if something is not > identified please report it. > > > > Please refer to the release notes at > http://www.squid-cache.org/Versions/v3/3.2/RELEASENOTES.html > when you are ready to make the switch to Squid-3.2 > > Upgrade tip: >"squid -k parse" is starting to display even more > useful hints about squid.conf changes. > > This new release can be downloaded from our HTTP or FTP servers > > http://www.squid-cache.org/Versions/v3/3.2/ > ftp://ftp.squid-cache.org/pub/squid/ > ftp://ftp.squid-cache.org/pub/archive/3.2/ > > or the mirrors. For a list of mirror sites see > > http://www.squid-cache.org/Download/http-mirrors.html > http://www.squid-cache.org/Download/mirrors.html > > If you encounter any issues with this release please > file a bug report. > http://bugs.squid-cache.org/ > > > Amos Jeffries signature.asc Description: This is a digitally signed message part
Re: [squid-users] Transparent Proxy Authentication.
Em 27/04/13 07:22, James Harper escreveu: That's not really a useful answer though, is it? You can't use the regular http "WWW-Authenticate" style authentication, but you can redirect the user to a captive portal style page and have them authenticate to that, then redirect back to the original address. Have a look at http://en.wikipedia.org/wiki/Captive_portal for some info about the concept, and some limitations. Making it work with squid is an exercise for the reader, although I'm sure someone has described a solution somewhere before. James Depending on your scenario, specially if that's a corporate network, you can somehow easily have your browsing agents (browsers) transparently CONFIGURED, using Windows AD policies (if that's your case) of even WPAD thing. That way, having the browsers transparently CONFIGURED (that's absolutely different from transparently intercepted requests), you can use authentication with no problem at all. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
[squid-users] Squid-3.1 failed to select source
Hello, I have the reverse proxy config as: cache_peer 175.6.1.216 parent 80 0 no-query originserver name=caiyuan acl resdomain dstdomain www.52caiyuan.com www.52huayuan.cn 52caiyuan.com 52huayuan.cn huayuan.52caiyuan.com cache_peer_access caiyuan allow resdomain When accessing to the cache, the domains www.52caiyuan.com and 52caiyuan.com work fine. But huayuan.52caiyuan.com got failed, the cache.log says: 2013/04/28 16:36:13| Failed to select source for 'http://huayuan.52caiyuan.com/' 2013/04/28 16:36:13| always_direct = 0 2013/04/28 16:36:13|never_direct = 1 2013/04/28 16:36:13|timedout = 0 For the same originserver, why some domains work but some not? The squid and OS version: Squid Cache: Version 3.1.6 Debian GNU/Linux 6.0 (apt-get install squid3) Can you help? thanks.
