Re: [squid-users] Muitple ISP client hashing

2015-09-05 Thread Amos Jeffries
On 5/09/2015 2:20 p.m., Lee Brown wrote: > Hello, > > I have multiple ISP's configured, working really nicely, snippet from > config: > > acl service_RLO src 10.1.10.175/32 > acl service_RLG src 10.1.10.0/24 > acl service_RLG src 10.1.200.0/24 > acl service_Guest src 10.1.3.0/24 > [cut] >

Re: [squid-users] Custom external acl helpers in PHP

2015-09-05 Thread Amos Jeffries
On 5/09/2015 7:58 a.m., Walter (NIF) wrote: > Hi! I wrote a PHP script to authenticate users in a postgresql server > and it's working perfectly. > > The question is that we have some groups with different privileges. We > had a LDAP base where > the users were authenticated with the ldap_group

[squid-users] Default ssl-bump that works with chrome/opera

2015-09-05 Thread Xen
Hey, Might I perhaps ask. Currently with the default minimum configuration for ssl-bump that is advocated everywhere, my Firefox bumping works but Chrome and Opera are more strict and will say my certificate is invalid. The certificate was simply generated (self-signed) with openssl x509

[squid-users] [squid-announce] Squid 3.5.8 is available

2015-09-05 Thread Amos Jeffries
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Squid HTTP Proxy team is very pleased to announce the availability of the Squid-3.5.8 release! This release is a bug fix release resolving several issues found in the the prior Squid releases. The major changes to be aware of: * Bug 3553:

Re: [squid-users] stoping after rotate

2015-09-05 Thread Marcus Kool
On Linux, an important sysctl parameter that determines how Linux behaves with respect to VM allocation is vm.overcommit_memory (should be 0). And vm.swappiness is important to tune servers (should be 10-15). Which version of Linux do you have and what is the output of sysctl -a | grep -e

Re: [squid-users] Default ssl-bump that works with chrome/opera

2015-09-05 Thread Rafael Akchurin
Hello Xen, The certificate warning was most probably indeed caused by default SHA-1 signature of the mimicked certificate in stock version of Squid present by default in popular Linux distribs. Latest version does that correctly and your "not private" connection warnings in Chrome/etc is now

Re: [squid-users] acl rep_header and icap respmod

2015-09-05 Thread Antony Stone
On Saturday 05 September 2015 at 15:32:09, Antony Stone wrote: > On Saturday 05 September 2015 at 15:29:28, Alfredo Rezinovsky wrote: > > I'm trying to adapt response for all text/html responses. > > > > icap_service service_respmod respmod_precache > > icap://127.0.0.1:1344/response > > > >

Re: [squid-users] acl rep_header and icap respmod

2015-09-05 Thread Antony Stone
On Saturday 05 September 2015 at 15:29:28, Alfredo Rezinovsky wrote: > I'm trying to adapt response for all text/html responses. > > icap_service service_respmod respmod_precache > icap://127.0.0.1:1344/response > > acl html rep_header -i Content-Type text\/html > adaptation_access

Re: [squid-users] acl rep_header and icap respmod

2015-09-05 Thread Alfredo Rezinovsky
2015-09-05 10:32 GMT-03:00 Antony Stone : > On Saturday 05 September 2015 at 15:29:28, Alfredo Rezinovsky wrote: > > > I'm trying to adapt response for all text/html responses. > > > > icap_service service_respmod respmod_precache > >

Re: [squid-users] Default ssl-bump that works with chrome/opera

2015-09-05 Thread Xen
On 09/05/2015 02:22 PM, Rafael Akchurin wrote: Hello Xen, The certificate warning was most probably indeed caused by default SHA-1 signature of the mimicked certificate in stock version of Squid present by default in popular Linux distribs. Latest version does that correctly and your "not

[squid-users] acl rep_header and icap respmod

2015-09-05 Thread Alfredo Rezinovsky
I'm trying to adapt response for all text/html responses. icap_service service_respmod respmod_precache icap://127.0.0.1:1344/response acl html rep_header -i Content-Type text\/html adaptation_access service_respmod allow html And it doesn't works. The strange thing is that it does works with:

[squid-users] Bug in the squid snmp

2015-09-05 Thread FredT
Hi the Squid team, It seems there is a bug in the snmp engine regarding the "Storage Swap size", it returns a 4 billion integer maxi: SNMPv2-SMI::enterprises.3495.1.3.2.1.14.0 = Gauge32: *4101140992*-> 4.1TB http://wiki.squid-cache.org/Features/Snmp: *.1.3.2.1.14.0 cacheCurrentSwapSize

[squid-users] cache proxy

2015-09-05 Thread Int
In servers's hierarchy proxy how I can do in order that the external web sites have split cache in the external and internal proxy, and how I can do that the internal web sites only have cache in the local proxy and no the rest of proxy's hierarchy parents. Saludos desde Cuba William

Re: [squid-users] Bug in the squid snmp

2015-09-05 Thread Amos Jeffries
On 6/09/2015 10:24 a.m., FredT wrote: > Hi the Squid team, > > It seems there is a bug in the snmp engine regarding the "Storage Swap > size", it returns a 4 billion integer maxi: > SNMPv2-SMI::enterprises.3495.1.3.2.1.14.0 = Gauge32: *4101140992*-> 4.1TB > >

[squid-users] proxy squid cache

2015-09-05 Thread Int
How I can configure of optimal form the proxy's following parameters squid #--CACHE --# cache_mem 256 MB cache_swap_low 90 cache_swap_high 95 maximum_object_size 20480 KB maximum_object_size_in_memory 128 KB cache_replacement_policy heap GDSF memory_replacement_policy heap GDSF cache_dir aufs