Re: [squid-users] Squid 3.5.1 100% CPU

> About Squid 3.5 wait for the moment, the 100 % CPU bug is present and > I will make deep tests to be sure that there is nothing else. > When this bug will be fixed and my tests (with High load) are all ok > I will post a message here, don't worry about that. Ok, we have worked with Amos and th

Re: [squid-users] Squid 3.5.1 100% CPU

On 10/02/2015 10:19 p.m., FredB wrote: > >> About Squid 3.5 wait for the moment, the 100 % CPU bug is present and >> I will make deep tests to be sure that there is nothing else. >> When this bug will be fixed and my tests (with High load) are all ok >> I will post a message here, don't worry abou

Re: [squid-users] Squid 3.5.1 100% CPU

> > Just wait the next 3.5.x release. > > > > Or todays 3.5 snapshot r13752 has the fixes in it. > > Amos > ___ Great, I am going to be able to justify my time to my manager :) And step away from the aspirin bottle ... Regards, Fred http://

[squid-users] why isn't Squid listening for tcpv4 connections?

Can't reach any web pages when browsers set to proxy with Squid. Squid's running but doesn't appear to be listening for tcpv4 connections. This is a default install on Ubuntu 14.04 server, sudo apt-get install squid3. Firewall is not blocking access. Here's command output showing that and apparen

Re: [squid-users] light weight ICAP server that isn't dead :o)

Hi all there is an interesting project here (https://github.com/netom/pyicap) with some examples about implementing an Icap Server 2015-02-10 5:21 GMT-02:00 Yuri Voinov : > > 10.02.15 5:40, Amos Jeffries пишет: > >> On 10/02/2015 12:00 p.m., Luis Miguel Silva wrote: >> >>> Dear all, >>> >>> I'm

Re: [squid-users] light weight ICAP server that isn't dead :o)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Script solution is not scalable. C-icap written on C. 10.02.15 19:30, Alejandro Martinez пишет: > Hi all > > there is an interesting project here > (https://github.com/netom/pyicap) with some examples about > implementing an Icap Server > > > 2015

[squid-users] Squid 3.5.1 NTLM and LDAP

Hi, After running into plenty of issue with my Linux install of Squid 3.5.1 and eventually solving those, my company has now got me to do some work for another client that wants to use Squid. The issue with this one though is that they will only use Windows, completely anti-Linux... Anyway, I got

Re: [squid-users] benefits of using ext_kerberos_ldap_group_aclinstead of ext_ldap_group_acl

"Amos Jeffries" wrote in message news:54BE3B5C.8040800 at treenet.co.nz... -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 20/01/2015 11:31 p.m., Simon Stäheli wrote: > Are there any other benefits in using ext_kerberos_ldap_group_acl > instead of ext

Re: [squid-users] benefits of using ext_kerberos_ldap_group_aclinstead of ext_ldap_group_acl

"Amos Jeffries" wrote in message news:54BE3B5C.8040800 at treenet.co.nz... -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 20/01/2015 11:31 p.m., Simon Stäheli wrote: > Are there any other benefits in using ext_kerberos_ldap_group_acl > instead of ext

Re: [squid-users] light weight ICAP server that isn't dead :o)

On 02/10/2015 01:00 AM, Luis Miguel Silva wrote: The most interesting one seems to be C-ICAP but I don't like that it hasn't even reached a 1.0 version... If you believe that it is interesting then at least test it to see if it matches your needs. The version number has to do with its goals

Re: [squid-users] light weight ICAP server that isn't dead :o)

I've already installed it and took a look at it but I didn't want to waste time evaluating "5 different solutions" so I asked you guys to learn what was, statistically, the most popular choice :o). How about the performance of i-icap with e-cap on top of it? Its my understanding that squid can hoo

Re: [squid-users] light weight ICAP server that isn't dead :o)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 10.02.15 22:56, Luis Miguel Silva пишет: > I've already installed it and took a look at it but I didn't want > to waste time evaluating "5 different solutions" so I asked you > guys to learn what was, statistically, the most popular choice > :o). C-I

Re: [squid-users] light weight ICAP server that isn't dead :o)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 http://i.imgur.com/fKAUq66.png 5 c-icap processes is good enough to all office building. On squid box you can see above. 10.02.15 22:56, Luis Miguel Silva пишет: > I've already installed it and took a look at it but I didn't want > to waste time eval

Re: [squid-users] why isn't Squid listening for tcpv4 connections?

On 11/02/2015 1:36 a.m., Alan Boba wrote: > Can't reach any web pages when browsers set to proxy with Squid. > Squid's running but doesn't appear to be listening for tcpv4 connections. > This is a default install on Ubuntu 14.04 server, sudo apt-get install squid3. > Firewall is not blocking acces

[squid-users] squid access list based on sql database , is it possible ?

Hi , I need to do an access list that get info mysql database. Can squid get info of accesslist from external db coloum ? cheers ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid access list based on sql database , is it possible ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 http://wiki.squid-cache.org/SquidFaq/SquidAcl#Does_Squid_support_the_use_of_a_database_such_as_mySQL_for_storing_the_ACL_list.3F 11.02.15 11:41, Ahmad пишет: > Hi , > > I need to do an access list that get info mysql database. > > > > Can squid ge

Re: [squid-users] squid access list based on sql database , is it possible ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 basic_db_auth helper is included in Squid distribution. #!/usr/bin/perl use strict; use Pod::Usage; use Getopt::Long; =pod =head1 NAME basic_db_auth - Database auth helper for Squid =head1 SYNOPSIS basic_db_auth [options] =head1 DESCRIPTOIN

Re: [squid-users] Squid 3.5.1 NTLM and LDAP

On 11/02/2015 2:39 a.m., Rich549 wrote: > Hi, > > After running into plenty of issue with my Linux install of Squid 3.5.1 and > eventually solving those, my company has now got me to do some work for > another client that wants to use Squid. The issue with this one though is > that they will only

Re: [squid-users] squid authentication to remote sql server

Thank you amos , but I have an issue with connection : Here is my mysql info : grant select on squid.* to 'squid'@'%' identified by 'squid'; = mysql> show databases; ++ | Database | ++ | information_schema | | mysql

Re: [squid-users] squid access list based on sql database , is it possible ?

Thank you , can you show me a directive with that as an example plz ? -Original Message- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of Yuri Voinov Sent: Tuesday, February 10, 2015 11:48 AM To: squid-users@lists.squid-cache.org Subject: Re: [squid-user

Re: [squid-users] squid authentication to remote sql server

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 11.02.15 12:24, Ahmad пишет: > Thank you amos , but I have an issue with connection : Here is my > mysql info : grant select on squid.* to 'squid'@'%' > identified by 'squid'; = mysql> show > databases; +-

Re: [squid-users] squid authentication to remote sql server

On 11/02/2015 7:24 p.m., Ahmad wrote: > Thank you amos , but I have an issue with connection : > Here is my mysql info : > > grant select on squid.* to 'squid'@'%' identified by 'squid'; > = > mysql> show databases; > ++ > | Database | > +-

Re: [squid-users] squid access list based on sql database , is it possible ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I don't use database with ACL's. But I can make the assumption that it is necessary to dig in the direction of the database adapter Perl. 11.02.15 12:24, Ahmad пишет: > Thank you , can you show me a directive with that as an example > plz ? > > > -

Re: [squid-users] squid authentication to remote sql server

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wow, it just cannot connect with DB?! 11.02.15 2:32, Amos Jeffries пишет: > On 11/02/2015 7:24 p.m., Ahmad wrote: >> Thank you amos , but I have an issue with connection : Here is my >> mysql info : grant select on squid.* to 'squid'@'%' >> i

Re: [squid-users] squid authentication to remote sql server

Replying again because I missed the --table parameter value earlier. On 11/02/2015 7:24 p.m., Ahmad wrote: > Thank you amos , but I have an issue with connection : > mysql> select * from passwd; ===> notice the TABLE NAME. > ++--+-+---+-+

Re: [squid-users] squid authentication to remote sql server

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Heh. Pure SQL database is VERY bad idea to store any security credentials or ACL's. They too easy to hack. 11.02.15 2:32, Amos Jeffries пишет: > On 11/02/2015 7:24 p.m., Ahmad wrote: >> Thank you amos , but I have an issue with connection : Here is my

Re: [squid-users] squid authentication to remote sql server

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/02/2015 9:35 a.m., Yuri Voinov wrote: > Wow, it just cannot connect with DB?! > Maybe, maybe not, maybe its connecting to the localhost instead of remote (he had a localhost test earlier). I just spotted table names were different too. Amos --

Re: [squid-users] Kerberos authentication problem - squid 3.4.11

Hi Ludovit, Which Kerberos library version do you use ?Is it possible that the encryption types don't match ? I saw in your first email the following: Your klist shows a HTTP ticket for arcfour Server: HTTP/squid1.mdpt.local@MDPT.LOCAL Client: HTTP/squid1.mdpt.local@MDPT.LOCAL Ticket et

Re: [squid-users] squid authentication to remote sql server

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 As I think, this is around DB. Not squid. :) Just misconfiguration. 11.02.15 2:44, Amos Jeffries пишет: > On 11/02/2015 9:35 a.m., Yuri Voinov wrote: >> Wow, it just cannot connect with DB?! > > > Maybe, maybe not, maybe its connecting to the localh

Re: [squid-users] squid authentication to remote sql server

Thank you amos , I fixed the table thing , but I have new error now : /lib/squid/basic_db_auth --dsn "DBI:mysql:host=x.xx..189.177;port=3306;database=squid" --user "squid" --password "squid" --table "passwd" --usercol "user" --passwdcol "password" --cond "" --plaintext ERR unknown login ERR un

Re: [squid-users] squid authentication to remote sql server

On 11/02/2015 8:17 p.m., Ahmad wrote: > Thank you amos , I fixed the table thing , but I have new error now : > > /lib/squid/basic_db_auth --dsn > "DBI:mysql:host=x.xx..189.177;port=3306;database=squid" --user "squid" > --password "squid" --table "passwd" --usercol "user" --passwdcol "password"

Re: [squid-users] squid authentication to remote sql server

Hi amos I hadded squi/squid in the table mysql> show tables -> ; +-+ | Tables_in_squid | +-+ | passwd | +-+ 1 row in set (0.00 sec) mysql> select * from passwd; ++--+-+---+-+ | user

Re: [squid-users] squid authentication to remote sql server

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Amos, MD5 insufficient. As minimum, SHA256 with salt. New Oracle RDBMS use SHA to store user's password. And don't forget about SQL Injection and password cracking farms.. 11.02.15 3:28, Amos Jeffries пишет: > On 11/02/2015 8:17 p.m., Ahmad w

Re: [squid-users] squid authentication to remote sql server

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 (facepalm) 11.02.15 13:40, snakeeyes пишет: > Hi amos I hadded squi/squid in the table > > mysql> show tables -> ; +-+ | Tables_in_squid | > +-+ | passwd | +-+ 1 row > in set (0.00 sec) > >

[squid-users] Calculate time spent on website (per ip address)

Dear all, I was wondering if there is a built in feature in Squid to calculate the time spent on a website, per ip address (e.g. 32 minutes between 12pm and 1pm, 5 minutes between 1pm and 2pm)? And, if not, how would you do it? I immediately thought about using the log files for this BUT, because

Re: [squid-users] Calculate time spent on website (per ip address)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hmmm Access.log? sqTop? 11.02.15 3:50, Luis Miguel Silva пишет: > Dear all, > > I was wondering if there is a built in feature in Squid to > calculate the time spent on a website, per ip address (e.g. 32 > minutes between 12pm and 1pm, 5 minu

[squid-users] Marking outgoing packets

Dear all, I just found this REALLY cool feature that allows you to mark packets for Netfilter to then intercept and handle: http://www.squid-cache.org/Doc/config/tcp_outgoing_mark/ What I was wondering was, is there a way for us to mark based on a ICAP filter or redirect_program output? The obje

Re: [squid-users] Marking outgoing packets

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I think, the answer is 'no' without Squid code customization. I'm right, Amos? 11.02.15 3:52, Luis Miguel Silva пишет: > Dear all, > > I just found this REALLY cool feature that allows you to mark > packets for Netfilter to then intercept and handle

Re: [squid-users] Marking outgoing packets

Anyway to work around that? (e.g. based on the output of the c-ical call, make the request land on a certain ACL?) On Tue, Feb 10, 2015 at 2:54 PM, Yuri Voinov wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > I think, the answer is 'no' without Squid code customization. > > I'm right

Re: [squid-users] squid authentication to remote sql server

On 11/02/2015 8:40 p.m., snakeeyes wrote: > Hi amos > I hadded squi/squid in the table > > mysql> show tables > -> ; > +-+ > | Tables_in_squid | > +-+ > | passwd | > +-+ > 1 row in set (0.00 sec) > > mysql> select * from passwd; > +

Re: [squid-users] Calculate time spent on website (per ip address)

I did not know about sqtop. Too bad it requires access to Squid's manager interface (I was hoping it used access.log or something)... Any other tools you know that might provide me with (time usage) statistics from access.log (I don't want to reinvent the wheel here :o)). On Tue, Feb 10, 2015 at

Re: [squid-users] Calculate time spent on website (per ip address)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You can't get any meaningful info about client connections times without cache_object://localhost/active_requests access. 11.02.15 3:58, Luis Miguel Silva пишет: > I did not know about sqtop. Too bad it requires access to Squid's > manager interface (

Re: [squid-users] Calculate time spent on website (per ip address)

On 11/02/2015 10:50 a.m., Luis Miguel Silva wrote: > Dear all, > > I was wondering if there is a built in feature in Squid to calculate the > time spent on a website, per ip address (e.g. 32 minutes between 12pm and > 1pm, 5 minutes between 1pm and 2pm)? And, if not, how would you do it? > No th

Re: [squid-users] Marking outgoing packets

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/02/2015 10:54 a.m., Yuri Voinov wrote: > I think, the answer is 'no' without Squid code customization. > > I'm right, Amos? No your not ;-) We have this other really, REALLY cool feature of transaction annotations. Where the squid helpers add

Re: [squid-users] Calculate time spent on website (per ip address)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I forgot about one thing ;) HTTP is stateless protocol (in most cases, excluding presistant connections). So, it is impossible to determine how much time user spent on site. Only very approximately. Right? 11.02.15 4:16, Amos Jeffries пишет: > On 11/

Re: [squid-users] Marking outgoing packets

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wow, I have forgotten about this. It is really cool feature! 11.02.15 4:21, Amos Jeffries пишет: > On 11/02/2015 10:54 a.m., Yuri Voinov wrote: >> I think, the answer is 'no' without Squid code customization. > >> I'm right, Amos? > > No your not ;

Re: [squid-users] assertion failed: client_side.cc:1515: "connIsUsable(http->getConn())

Hi Eliezer Took a while to get this up—sorry about that. Here’s an example of a production config of ours (with some confidential stuff necessarily taken out/edited): https://gist.github.com/djch/92cf0b04afbd7917 Let me know if there’s any

Re: [squid-users] Marking outgoing packets

That's GREAT Amos, Where can I learn more about it? Can you point me to some documentation? I was able to find this here: http://www.eu.squid-cache.org/Doc/config/note/ It does seem that I could use this to note to tag things to an ACL but it isn't clear to me how to use it (especially leveraging

Re: [squid-users] Calculate time spent on website (per ip address)

I'm trying to export this information and create pretty reports detailing how much time each device spent online / on each site. I understand I'll probably need to create this myself, I'm just trying to figure out what the state of the art is so I don't waste time on problems that have already bee

Re: [squid-users] Calculate time spent on website (per ip address)

On 11/02/2015 1:37 p.m., Luis Miguel Silva wrote: > I'm trying to export this information and create pretty reports detailing > how much time each device spent online / on each site. The graph of online will shock you. Network access times are seriously tiny. The Squid access.log column #2 is the

Re: [squid-users] Marking outgoing packets

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/02/2015 1:35 p.m., Luis Miguel Silva wrote: > That's GREAT Amos, > > Where can I learn more about it? Can you point me to some > documentation? I was able to find this here: > http://www.eu.squid-cache.org/Doc/config/note/ > http://www.squid-

[squid-users] Redirecting to DIRECT_CONNECT failed ssl-bump connections

Dear all, I'm seeing several error messages in my cache.log, complaining that the destination certificate is invalid: 2015/02/08 19:27:28 kid1| fwdNegotiateSSL: Error negotiating SSL connection on FD 22: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (1/-1/0) 201