Re: [squid-users] odd wccp issue affecting only some web servers

On 05/12/14 14:22, Amos Jeffries wrote: > > One is a HIT the other a MISS? > Squid ACLs? > TCP connection issue? > Found the problem. We had three proxies and the Cisco ASA was load balancing between them. Ended up the 2nd proxy had "INPUT DROP" instead of "INPUT ALLOW" in iptables (everything el

[squid-users] Check if object is already cached

Hello, I'm working with some scripts to prefetch content but having some trouble, what I can't work out is a way to check if a given object is already cached, in other words, I want to check if the object I'm going to download is going to hit, in which case I can ignore it. I've read squidcli

Re: [squid-users] Memory Leak Squid 3.4.9 on FreeBSD 10.0 x64

> Nothing particularly stands out as leaking. Although the cache memory > pages (mem_node) in-use size is suspiciously close to half what you > say the OS is reporting. > > That makes me suspect that your OS is rounding up its allocations to > 8KB of memory for each node. If that is the case the s

Re: [squid-users] https issues for google

Hi Eliezer, The command for www.google.com failed to complete the connection with a unknown protocol error: openssl s_client -connect www.google.com:443 -showcerts CONNECTED(0003) 140623996839752:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:766: --- no pee

[squid-users] squid with kerberos

Hi , I have a Kerberos protected website. I am making a Kerberos enabled browser. I need to test my browser for proxy support. At least, I must do these 2 tests: 1. make some of my servers only accessible via a proxy (to test my software's proxy support) 2. have the proxy require authenticatio

Re: [squid-users] Check if object is already cached

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/12/2014 6:04 a.m., Ulises Nicolini wrote: > Hello, > > I'm working with some scripts to prefetch content but having some > trouble, what I can't work out is a way to check if a given object > is already cached, in other words, I want to check i

[squid-users] Squid doesn't do a fallback from ipv6 to ipv4, if the ipv6 connect fails

Hello, we use squid 3.4.9 as proxy for our company with ipv4 and ipv6 dual stack. It works good, but if a destination has an A and record and the webserver isn't reachable via ipv6, squid generates an error page instead of trying a connection via ipv4. One example is the url: https://ssl.ra

Re: [squid-users] Transparent proxy with Peek and Splice feature.

Yeap, squid perfectly "splice" the destination domain after step1 or step2 or step3 when the browser is set to use proxy directly. But, it does not work in case of transparent proxy. Squid uses the destination IP address instead of SNI details. The example of using client IP address is below: 2

Re: [squid-users] https issues for google

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey Glen, Since openssls_client is showing you this error I assume squid received the same response. We do need to verify why the connection is being hangs. For now it seems like not 100% squid related issue. Eliezer On 12/09/2014 01:57 AM, glenn.gr

[squid-users] Debugging slow access

I'm looking for advice on figuring out what is causing intermittent high CPU usage. I'm seeing this on multiple servers - most of the time everything is fine and I see the Squid workers using maybe 20% CPU each, but every so often all the workers sit at the top of the process list in "top",

[squid-users] Parent Proxy Cache Problem

Hi, We have an upstream (parent) proxy that we have no control over and I am trying to get squid to cache .ipa files and other large updates. I have tested this offsite where there is no proxy and i get TCP_HIT on all of the content when I download it for the second time (downloaded from cache). H

Re: [squid-users] Memory Leak Squid 3.4.9 on FreeBSD 10.0 x64

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/12/2014 4:22 a.m., Doug Sampson wrote: >> Nothing particularly stands out as leaking. Although the cache >> memory pages (mem_node) in-use size is suspiciously close to half >> what you say the OS is reporting. >> >> That makes me suspect that y

Re: [squid-users] Squid doesn't do a fallback from ipv6 to ipv4, if the ipv6 connect fails

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 9/12/2014 4:48 a.m., Dieter Bloms wrote: > Hello, > > we use squid 3.4.9 as proxy for our company with ipv4 and ipv6 > dual stack. It works good, but if a destination has an A and > record and the webserver isn't reachable via ipv6, squid gene

Re: [squid-users] Parent Proxy Cache Problem

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/12/2014 5:19 a.m., Stephen Young-Work wrote: > Hi, We have an upstream (parent) proxy that we have no control over > and I am trying to get squid to cache .ipa files and other large > updates. > > I have tested this offsite where there is no pro

[squid-users] [squid-announce] Squid 3.4.10 is available

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Squid HTTP Proxy team is very pleased to announce the availability of the Squid-3.4.10 release! This release is a bug fix release resolving several issues found in the prior Squid releases. The major changes to be aware of: * Bug 4033: Rebuil

Re: [squid-users] Check if object is already cached

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey Ulises, I am unsure about what exactly you have asked. There are constrains and there is a current interface to squid internal DB of objects. The basic way is to use whats already there but since there is too much unknown about the script you are

Re: [squid-users] Existing root certificate not working with SSL Bump (squid 3.3.10)

Hello, I found another possible cause. I have a certificate that works properly with this proxy, and it has a signature algorithm of SHA256. The certificates that I have that do not work properly are SHA1. Is this a possible reason it's not working the way I want it to? If so, what options do I ha

Re: [squid-users] Existing root certificate not working with SSL Bump (squid 3.3.10)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/10/2014 09:04 PM, HaxNobody wrote: > Hello, > > I found another possible cause. I have a certificate that works > properly with this proxy, and it has a signature algorithm of > SHA256. The certificates that I have that do not work properly are

Re: [squid-users] Existing root certificate not working with SSL Bump (squid 3.3.10)

>What is your testing environment? >What OS? >What Browser? >Have you tried with openssl s_client? > >Eliezer The proxy runs on Linux (Ubuntu, I believe), and I'm doing my testing from multiple browsers on Windows 8.1. I have been unable to find a way to use openssl s_client via a proxy, although

Re: [squid-users] Existing root certificate not working with SSL Bump (squid 3.3.10)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/10/2014 09:25 PM, HaxNobody wrote: > The proxy runs on Linux (Ubuntu, I believe), and I'm doing my > testing from multiple browsers on Windows 8.1. I have been unable > to find a way to use openssl s_client via a proxy, although I was > able to r

Re: [squid-users] Existing root certificate not working with SSL Bump (squid 3.3.10)

squid -v: Squid Cache: Version 3.3.10 configure options: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/bloxx-squid3' '--srcdir=.' '-

Re: [squid-users] squid with kerberos

Hi Ahmed, squid is a proxy which supports Kerberos authentication. Markus "Ahmed Allzaeem" wrote in message news:001201d014d3$037fda70$0a7f8f50$@netstream.ps... Hi , I have a Kerberos protected website. I am making a Kerberos enabled browser. I need to test my browser for proxy support. A