Re: [squid-users] usage of sslcapath in cache_peer

2015-02-17 Thread Amos Jeffries
On 18/02/2015 2:24 p.m., Hector Chan wrote: > Forgot to add. The actual cert is world readable. > > [admin@dsg214 ~]# ll > /data/cacerts/../certs/a4a521af41327a4ab3ff1feb16a1a76888a0c2ea.crt > -rw-r--r-- 1 admin root 1108 Feb 18 00:21 > /data/cacerts/../certs/a4a521af41327a4ab3ff1feb16a1a76888a0c

Re: [squid-users] assertion failed: comm.cc:769: "Comm::IsConnOpen(conn)"

2015-02-17 Thread Amos Jeffries
On 18/02/2015 10:44 a.m., HackXBack wrote: > root@dotspot:~# gdb /usr/sbin/squid /var/spool/squid/cache/squid/core.53359 > GNU gdb (GDB) 7.4.1-debian > Core was generated by `(squid-1) -YC -f /etc/squid/squid.conf'. > Program terminated with signal 6, Aborted. > #0 0x7f81777ab165 in raise ()

Re: [squid-users] usage of sslcapath in cache_peer

2015-02-17 Thread Hector Chan
Forgot to add. The actual cert is world readable. [admin@dsg214 ~]# ll /data/cacerts/../certs/a4a521af41327a4ab3ff1feb16a1a76888a0c2ea.crt -rw-r--r-- 1 admin root 1108 Feb 18 00:21 /data/cacerts/../certs/a4a521af41327a4ab3ff1feb16a1a76888a0c2ea.crt On Tue, Feb 17, 2015 at 5:18 PM, Hector Chan w

[squid-users] usage of sslcapath in cache_peer

2015-02-17 Thread Hector Chan
Hi All, I have a question about using sslcapath in cache_peer. My server.example.com has a self-signed cert, which I imported into my squid box under /data/certs. The following cache_peer line actually worked. However, if I remove the sslcafile, squid won't verify the self-signed cert. cache_pe

Re: [squid-users] Squid latency at ApacheCon 2014 in comparison between Squid, NGINX, Apache Traffic Server, Varnish and Apache

2015-02-17 Thread Amos Jeffries
On 18/02/2015 3:58 a.m., Anna Jonna Armannsdottir wrote: > Hi everybody! > My question may be rather theoretical, but in essence I need to know if > Squid really has a flaw regarding latency for connections where > keepalive is on. > > At ApacheCon 2014, Bryan Call presented slides where slides

Re: [squid-users] Squid latency at ApacheCon 2014 in comparison between Squid, NGINX, Apache Traffic Server, Varnish and Apache

2015-02-17 Thread Eliezer Croitoru
Hey Anna, Thanks for the links and the detailed comments and thoughts. In most cases I am not a friend of countering others if not really needed. I have yet to implement VARNISH or ATS in production and the blame for this is strictly on me since I am a bit spoiled and a learning curve is not al

Re: [squid-users] can squid handle indirect request from clients ?

2015-02-17 Thread Eliezer Croitoru
Hey, There are couple ways to look at authentication and some would sometimes trade authorization to authentication and vise versa. In some environments there is a mix of both terms which is required to build a logical service unit. I do not have all my archives but I remember that someone ha

Re: [squid-users] ssl proxy error: No valid signing SSL certificate configured for https_port [::]:3127

2015-02-17 Thread Amos Jeffries
On 18/02/2015 2:56 a.m., Alan Palmer wrote: > > Its not just specifying separate lines for the split stack, using the > non-specific addresses 0.0.0.0 and [::] fails. I had to put a real ip > address, in this case loopback, but using another real interface on my > machine also worked. > > Bug/'F

Re: [squid-users] can squid handle indirect request from clients ?

2015-02-17 Thread Amos Jeffries
On 18/02/2015 3:02 p.m., snakeeyes wrote: > Hi Amos, > > Lets forget the authentication now I don’t need it now I will use the ACL > Rules on squid only > > Wt I need to configure squid so that it handle requests from HAproxy ? This: acl from_haproxy src http_access allow from_haproxy

Re: [squid-users] assertion failed: comm.cc:769: "Comm::IsConnOpen(conn)"

2015-02-17 Thread HackXBack
root@dotspot:~# squid -v Squid Cache: Version 3.4.9 build by : ANDO_TBLRB && HackXBack configure options: '--prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--libexecdir=/usr/lib/squid' '--sysconfdir=/etc/squid' '--localstatedir=/var' '--libdir=/usr/lib' '--includedir=/usr/include' '--data

Re: [squid-users] assertion failed: comm.cc:769: "Comm::IsConnOpen(conn)"

2015-02-17 Thread HackXBack
root@dotspot:~# gdb /usr/sbin/squid /var/spool/squid/cache/squid/core.53359 GNU gdb (GDB) 7.4.1-debian Copyright (C) 2012 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. T

Re: [squid-users] can squid handle indirect request from clients ?

2015-02-17 Thread Amos Jeffries
On 18/02/2015 3:04 p.m., snakeeyes wrote: > Thanks eleizer , but does it support other types like radius authentication ? > > I mean all types of authentications are forbidden in intercept mode ? " * Why can't I use authentication togeth

Re: [squid-users] can squid handle indirect request from clients ?

2015-02-17 Thread snakeeyes
Thanks eleizer , but does it support other types like radius authentication ? I mean all types of authentications are forbidden in intercept mode ? -Original Message- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of Eliezer Croitoru Sent: Monday, Februar

Re: [squid-users] can squid handle indirect request from clients ?

2015-02-17 Thread snakeeyes
Hi Amos, Lets forget the authentication now I don’t need it now I will use the ACL Rules on squid only Wt I need to configure squid so that it handle requests from HAproxy ? Note that I see traffic in tcpdump , but no log in access.log cheers -Original Message- From: squid-users [

[squid-users] Squid latency at ApacheCon 2014 in comparison between Squid, NGINX, Apache Traffic Server, Varnish and Apache

2015-02-17 Thread Anna Jonna Armannsdottir
Hi everybody! My question may be rather theoretical, but in essence I need to know if Squid really has a flaw regarding latency for connections where keepalive is on. At ApacheCon 2014, Bryan Call presented slides where slides nr. 40 to 49 show where he writes on slide 46 about Squid: "Worst me

Re: [squid-users] Is Squid can shutdown unused idle redirector's children?

2015-02-17 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sure. Will read manual more carefully. ;) 17.02.15 20:29, Marcus Kool пишет: > > > On 02/17/2015 11:30 AM, Yuri Voinov wrote: >> Also, gents. >> >> ufdbGuard is cool, but: >> >> - Where is good documentation? I found only one connon PDF. No >> pe

Re: [squid-users] Is Squid can shutdown unused idle redirector's children?

2015-02-17 Thread Marcus Kool
On 02/17/2015 11:30 AM, Yuri Voinov wrote: Also, gents. ufdbGuard is cool, but: - Where is good documentation? I found only one connon PDF. No performance recommendations, no administrator's guide - this good piece of software not so trivial as squidGuard, i.e., I don't know, how to support

Re: [squid-users] ssl proxy error: No valid signing SSL certificate configured for https_port [::]:3127

2015-02-17 Thread Alan Palmer
On 2/16/2015 5:45 PM, Amos Jeffries wrote: Notice how the port details have changed from IPv4-only to IPv6-only. You are using a split-stack OS where each of the IPv4 and IPv6 ports needs separate TLS/SSL context. You can set the same settings and load the same cert file, just have to place th

Re: [squid-users] Is Squid can shutdown unused idle redirector's children?

2015-02-17 Thread Yuri Voinov
Also, gents. ufdbGuard is cool, but: - Where is good documentation? I found only one connon PDF. No performance recommendations, no administrator's guide - this good piece of software not so trivial as squidGuard, i.e., I don't know, how to support only used blocking categories databases with

Re: [squid-users] Is Squid can shutdown unused idle redirector's children?

2015-02-17 Thread Antony Stone
On Tuesday 17 Feb 2015 at 11:00, Marcus Kool wrote: > On 02/16/2015 11:43 PM, Amos Jeffries wrote: > > PS. Marcus, perhaps you should go on search around to find distro > > maintainers who are publishing SG and convince them to replace the > > defaults with ufdbguard. I have to do that periodicall

Re: [squid-users] Is Squid can shutdown unused idle redirector's children?

2015-02-17 Thread Marcus Kool
On 02/16/2015 11:43 PM, Amos Jeffries wrote: PS. Marcus, perhapse you should go on search around to find distro maintainers who are publishing SG and convince them to replace the defaults with ufdbguard. I have to do that periodically to clear up old Squid versions being forced on users. It hel

Re: [squid-users] Is Squid can shutdown unused idle redirector's children?

2015-02-17 Thread Marcus Kool
On 02/17/2015 08:21 AM, Yuri Voinov wrote: squidGuard does not support the Squid feature 'concurrency' for url_rewrite_children. ufdbGuard does. With concurrency, latency goes down and the number of processes can also be reduced. The lack of concurrency is main disadvantage of squidGuard. O

Re: [squid-users] Is Squid can shutdown unused idle redirector's children?

2015-02-17 Thread Yuri Voinov
As I said - never. I use external log rotation facility. Squid log rotation is completely off in my installation. 17.02.15 8:26, Amos Jeffries пишет: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 17/02/2015 7:38 a.m., Yuri Voinov wrote: We are talking not about the differences between any *

Re: [squid-users] Is Squid can shutdown unused idle redirector's children?

2015-02-17 Thread Yuri Voinov
17.02.15 6:07, Marcus Kool пишет: On 02/16/2015 08:00 PM, Eliezer Croitoru wrote: Hey Yuri, OK I have seen something... Now we might need also the virtual memory which might be vsz. And the cachemgr output is not from squidview.. The last image I have seen from cachemgr was much helpful(with

Re: [squid-users] Is Squid can shutdown unused idle redirector's children?

2015-02-17 Thread Yuri Voinov
17.02.15 5:01, Amos Jeffries пишет: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 17/02/2015 4:27 a.m., Yuri Voinov wrote: Yep. 16.02.15 20:58, Eliezer Croitoru пишет: On 16/02/2015 15:23, Yuri Voinov wrote: http://i58.tinypic.com/rsqwxh.png 0 shutting down. Always. During nights and w