Hey Amos,
I didn't had the chance to follow the PROXY protocol advancements.
Was there any fix for the PROXY protocol issue that I can test?
Thanks,
Eliezer
On 09/06/2015 02:06, Amos Jeffries wrote:
We are somewhat recently added basic support for the PROXY protocol to
Squid. So HAProxy can
Hi,
James Lay just replied to me with his current config.. (pretty much like
what he posted), and it seems he does not even try to use http_access
rules to filter on urls from https requests..
@Amos: are you certain that there's not an error in how http_access
rules are applied to bumped
Hi Amos,
snip
There seems to be a bit of a myth going around about how HAProxy does
load balancing. HAProxy is an HTTP layer proxy. Just like Squid.
They both do the same things to received TCP connections. But HAProxy
supports less HTTP features, so its somewhat simpler processing is also
I have a number of machines running BOINC which are having issues uploading
with one particular project (climateprediction.net) however if I redirect the
client to a Squid 2.7 server they work fine. It doesn't do it every time, some
files work just fine. They are usually 15Mb or 47Mb uploads.
Hello,
I use squid 3.5.5 and use the sslbump feature.
When I activate sslbump, the browsertest on www.ssllabs.com
( https://www.ssllabs.com/ssltest/viewMyClient.html )
says TLS compression is activated and insecure.
I use openssl 1.0.1m on my proxyserver
I tried some settings like:
On 10/06/2015 2:51 a.m., Klavs Klavsen wrote:
Amos Jeffries wrote on 06/09/2015 03:06 PM:
The HTTP message log (access.log) is only logging the HTTP(S) messages.
The non-HTTP protools are not logged.
10.xx.131.244 - - [09/Jun/2015:08:40:15 +0200] CONNECT
64.233.184.94:443 HTTP/1.1
I traced the problem to the persistent_request_timeout variable. Once I set
this from 2 Min to 10 Seconds, it resolved the issue.
==
J.R. Swartz
Northern Computer Service, LLC
Owner
8821 Hwy 47 East
Woodruff, WI 54568
715.358.9806
Email: jrswa...@ncswi.com
Amos Jeffries wrote on 2015-06-09 17:10:
[CUT]
You have to first configure ssl_bump in a way that lets Squid receive
the clientHello message (step1 - peek) AND the serverHello message
(step2 - peek). Then you can use those cert details to bump (step3 -
bump).
The config is quite simple:
On 9/06/2015 7:15 p.m., Rafael Akchurin wrote:
Hi Amos,
snip
There seems to be a bit of a myth going around about how HAProxy does
load balancing. HAProxy is an HTTP layer proxy. Just like Squid.
They both do the same things to received TCP connections. But HAProxy
supports less HTTP
On 9/06/2015 9:36 p.m., Eliezer Croitoru wrote:
Hey Amos,
I didn't had the chance to follow the PROXY protocol advancements.
Was there any fix for the PROXY protocol issue that I can test?
IIRC the issues we found are all resolved. Though I've had no confirmation.
Amos
On 9/06/2015 6:44 p.m., Klavs Klavsen wrote:
Hi,
James Lay just replied to me with his current config.. (pretty much like
what he posted), and it seems he does not even try to use http_access
rules to filter on urls from https requests..
@Amos: are you certain that there's not an error in
In the examples on the squid site it gives a multi-worker example using carp
(http://wiki.squid-cache.org/ConfigExamples/SmpCarpCluster). Now that rock
storage has been updated with 3.5.5 is that still the best approach?
I was thinking of a single rock cache so the workers could share it rather
On 10/06/2015 12:35 p.m., TarotApprentice wrote:
In the examples on the squid site it gives a multi-worker example using carp
(http://wiki.squid-cache.org/ConfigExamples/SmpCarpCluster). Now that rock
storage has been updated with 3.5.5 is that still the best approach?
I was thinking of a
On 10/06/2015 1:11 p.m., TarotApprentice wrote:
Yes I noticed that and assumed that was because 2.7 wasn't able to handle
HTTP 1.1 fully.
I think I better keep the squid 2.7 machine around for a bit. It was due to
be retired as it's an old WinXP machine.
Maybe not.
I took a look
Hi
I run 2 squid boxes, and I use pacemaker to float 2 VIP's between the 2 boxes.
Basically I just run squid on both and I create a VIP resource that
test if squid is running to allocate the VIP.
But this doesn't really give you load balancing. but very good resilience.
Pacemaker and Linux
I would like to be able to inspect traffic from my android device. I have a
transparent squid proxy working with SSL bump (using WiFi to get traffic
through my proxy server). Everything works fine as long as I go through a
browser. But I would like to see the other traffic which the OS and other
16 matches
Mail list logo