Hi,
so squid is now working again. It was a problem with squidguard and option -s.
Why this all of sudden is a problem, I don’t know. I have some other servers
and there everything works without a problem.
Thank you all for your great help :).
Best regards
Martin
-Ursprüngliche Nachricht-
I want to have users access squid directly from a URL like this:
http://my.squidserver.org:3128/testurl
Rather than by setting a proxy in their browser. Then I want squid to rewrite
the URL “my.squidserver.org” to the site I want users to access. The reason I
want to do this is in order to a
Greetings,
I have been wrestling with squid for a while and my reading has brought
"Cache-Digests" to my attention. I suspect the answer is "that would be
neat, but that's not how it works", but I thought I'd ask a few questions.
I am running an ISP in a remote area only served by satellite li
I’ve got a bunch of services connecting to third party APIs. Many of these
APIs register hits even if squid reaches out to the service to check the HTTP
headers (I verified that hits with the log TCP_REFRESH_UNMODIFIED/200 are
being counted against me with the third party service).
offline_
Hi
I am trying to get 3.5.8 running via the yockto project on an Arm7.
I have everything compiling file but have an odd issue with the
ssl::certuntrusted acl
I have it all running with the same conf file on a pc, but on the arm7 I
get this
root@test:/opt/remote/scripts# squid -v
Squid Cach
Facing the same problem,
by default if i didnt use range_offset_limit , idm download the file with
multiple mirros, all are 206 but cant be cached and hit when repeat the same
url download.
when i use range_offset_limit, idm download the file with 1 mirror, this
will decrease the speed but it can b
On 27/10/2015 7:42 a.m., De Lazzari Matteo wrote:
>
> Hi, is it possible to use Active directory groups in delay pools
> configuration?
Yes. Although to do it easily will require a Squid-3.4 or later where
transaction annotations are available. Also a helper that sends back the
group=X to Squid a
On 27/10/2015 9:36 a.m., Yuri Voinov wrote:
>
> The problem is: I can't see most part of ICQ traffic. Because of it uses
> non-HTTP/HTTPS/FTP ports. Only with sniffer.
Okay, that should not matter much. That part of the traffic there is
nothing we can do about in Squid.
>
> Looks like this:
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
27.10.15 1:37, Amos Jeffries пишет:
> On 27/10/2015 6:22 a.m., Yuri Voinov wrote:
>>
>> Ah, ok:
>>
>> We see in redbot.org this info in server response:
>>
>> Cache-Control: no-cache
>>
>
> It also says "this content was negotiated but does not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
27.10.15 1:34, Amos Jeffries пишет:
> On 27/10/2015 6:19 a.m., Yuri Voinov wrote:
>> 14458854979.432 48 127.0.0.1 TCP_MISS/200 24425 GET
>>
https://upload.wikimedia.org/wikipedia/commons/thumb/8/8c/Teller-Ulam_device.png/200px-Teller-Ulam_dev
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
The problem is: I can't see most part of ICQ traffic. Because of it uses
non-HTTP/HTTPS/FTP ports. Only with sniffer.
Looks like this:
1. Login starts over 5190 port with CONNECT method. And normal squid's
config blocks it - this is non-SSL port.
On 24/10/2015 1:44 a.m., Keith White wrote:
> I changed around the DNS servers and still no luck. This also popped up in
> the log
>
> Acl.cc(70) AuthenticateAcl: returning 2 sending credentials to helper.
> 2015/10/23 05:41:35.259 kid1| 28,3| Acl.cc(158) matches: checked:
> AuthorizedUsers = -
On 27/10/2015 6:22 a.m., Yuri Voinov wrote:
>
> Ah, ok:
>
> We see in redbot.org this info in server response:
>
> Cache-Control: no-cache
>
It also says "this content was negotiated but does not have an
appropriate Vary header". Which is marked as a protocol error.
And has a status code of
On 27/10/2015 6:19 a.m., Yuri Voinov wrote:
> 14458854979.432 48 127.0.0.1 TCP_MISS/200 24425 GET
> https://upload.wikimedia.org/wikipedia/commons/thumb/8/8c/Teller-Ulam_device.png/200px-Teller-Ulam_device.png
> - HIER_NONE/- image/png
A TCP_MISS that did not get fetched from a server. Hmm.
W
Hi Alex,
Thanks. I understand this. I want a mechanism by which squid can send
the FAKE connect SNI as HOST request to ecap adapter so that I can
decide whether to bump this connection or not. So do you think this
will not be possible in current release of squid ?
Squid does not generate SNI FAKE
Hi, is it possible to use Active directory groups in delay pools configuration?
And someone can tell me an example about how to use class 5 delay pool?
Thanks to all
Classification: Public [ ] Confidential [X] Restrict [ ]
Matteo De Lazzari
Information Technology
PREVINET S.p.A.
Via E. Forla
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
ICQ, like Skype later, uses special technique to bypass
proxies/firewalls, and conventionally checks, after it native port 5190,
other ports: 80,443,110,25 and other before it can connect to it's load
balancer. Moreover, when use 443, it CONNECT ov
On 27/10/2015 6:30 a.m., Yuri Voinov wrote:
>
> I think the right question is not "What headers pass through Squid" and
> "Why did they pass through a transparent proxy, if the port that is
> used, not 80 or 443?"
>
ICQ speaks HTTP on port 80. Not sure about 443, it should at least speak
TLS hop
On 27/10/2015 5:43 a.m., Sebastian Kirschner wrote:
> Hi,
>
> in my squid setup the sslcrtvalidator_program doesn’t send the data´s that I
> expect to the helper :-) .
> The helper receive the data´s as described in the wiki , expect the "form" of
> the domain,
> here I would expect a FQDN or do
On 27/10/2015 5:29 a.m., joe wrote:
>> Sounds right. idm is sending multiple parallel Range requests.
>> Essentially trying to fake faster downloads by forcing as many resources
> tks but in that case u say squid should fetch the start of the file range
> and continue sending one after the other ri
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Also here some statistics about real protocols distribution:
# TCP-Request-protocol
protocol request % hit-% sec/req Byte % hit-%
kB/sec
- - -- -- --- --
-- ---
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Here is one day Squid 4 working statistics (by Calamaris):
http://i.imgur.com/XeYRWbY.png
It's about nothing. Squid 3 in bad days easy achieves 35%
26.10.15 23:34, Alex Rousskov пишет:
> On 10/26/2015 11:19 AM, Yuri Voinov wrote:
>
>> 4.0.1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
This should be understood as "Life Saving handiwork of drowning." Or "We
change something, but you sort it out, how to fix it, it's the Open
Source, baby";)
So, finally, there is no answer.
PS. If developers do not know - the more we do not know
On 10/26/2015 11:19 AM, Yuri Voinov wrote:
> 4.0.1 has more than 4 times
> bigger mem_cache, 1 Gb. 1st example 3.5.10 has only 256 Mbytes. This is
> the reason of miss??
Please see my previous email if you want to improve your chances of
getting a correct answer to that and other related ques
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I think the right question is not "What headers pass through Squid" and
"Why did they pass through a transparent proxy, if the port that is
used, not 80 or 443?"
26.10.15 23:26, Amos Jeffries пишет:
> On 27/10/2015 4:54 a.m., Yuri Voinov wrote:
>>
On 27/10/2015 4:54 a.m., Yuri Voinov wrote:
>
> Hi gents.
>
> There is a good contest for all squidmans ;)
>
> So.
>
> We have wey idiotic protocol - OSCAR, and very antique IM client.
>
> This is ICQ.
>
> So what - it's work via Squid 3.4.x (both transparent and forwarding)
> using proxy set
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Ah, ok:
We see in redbot.org this info in server response:
Cache-Control: no-cache
So, what? 3.5.10 permit ignore this. 4.0.x - deny.
Squid decides?
Maybe I'll decide what and how to cache in the my setup?
26.10.15 23:01, Alex Rousskov пиш
On 10/26/2015 06:34 AM, Jatin Bhasin wrote:
> I am running squid 3.5.10 for bumping transparent SSL connections To
> achieve this I am using following squid configuration for SSL Bumping.
>
> ssl_bump peek step1 all
> ssl_bump peek step2 nobumpSites
> ssl_bump bump step3 nobumpSites
> ssl_bump bu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
The answer is simple.
Look ath this row from 3.5.10 access.log:
1445879345.827 48 127.0.0.1 TCP_MEM_HIT/200 24425 GET
https://upload.wikimedia.org/wikipedia/commons/thumb/8/8c/Teller-Ulam_device.png/200px-Teller-Ulam_device.png
- HIER_NONE/-
On 10/26/2015 04:41 AM, Yuri Voinov wrote:
> what has changed so much that the same
> configuration I get 10 times smaller cache hit.
You are asking a good question. I do not think anybody knows the exact
answer -- too many things have changed in general to either identify the
changes that have a
Hi,
in my squid setup the sslcrtvalidator_program doesn’t send the data´s that I
expect to the helper :-) .
The helper receive the data´s as described in the wiki , expect the "form" of
the domain,
here I would expect a FQDN or domain like google.de or ca.google.de but the
helper receive a IP.
>Sounds right. idm is sending multiple parallel Range requests.
>Essentially trying to fake faster downloads by forcing as many resources
tks but in that case u say squid should fetch the start of the file range
and continue sending one after the other right so idm see one only at the
time
ok why w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi gents.
There is a good contest for all squidmans ;)
So.
We have wey idiotic protocol - OSCAR, and very antique IM client.
This is ICQ.
So what - it's work via Squid 3.4.x (both transparent and forwarding)
using proxy settings by client.
Bu
On 27/10/2015 3:42 a.m., Eliezer Croitoru wrote:
> Try to disable squidGuard and see if it solves the issue.
> Maybe a bad update for squidguard caused some issue with the startup of
> the helper.
> Also try to run the same command that is being used by squid to start
> squidGuard in order to start
On 27/10/2015 1:34 a.m., Jatin Bhasin wrote:
> Hello,
>
> I am running squid 3.5.10 for bumping transparent SSL connections To
> achieve this I am using following squid configuration for SSL Bumping.
>
> acl nobumpSites ssl::server_name "/etc/squid/allowed_SSL_sites.txt"
> ssl_bump peek step1 all
Try to disable squidGuard and see if it solves the issue.
Maybe a bad update for squidguard caused some issue with the startup of
the helper.
Also try to run the same command that is being used by squid to start
squidGuard in order to start and debug the issue.
Eliezer
* squid 2.7 is not supp
On 27/10/2015 1:00 a.m., joe wrote:
> regarding range_offset_limit no matter what i do idm or any download
> manager not working correctly
>
> try to download using idm and it start downloading one file suppose to start
> downloading multiple of chunk range setting idm to download 16 chunk range
Hello list,
Since morning i have a strange problem with my squid. First i saw that the
Proxy authentication in Firefox and IE didn't appear.
On my Suse Enterprise Server 11 SP3 i saw with rcsquid status: dead.
After a rcsquid restart i got a running.
But i didn't change a thing because i cant
>
> I have investigate better about the problem that brings up CPU and
> Squid process over 100%!
> We have this situation: Dansguardian on port 8080 and Squid on port
> 3128.
>
And without DansGuardian, same problem ?
> cgi-bin/a2/out.cgi
Hum, Avast somewhere ? In your log do you have the
Hey Job,
There are still missing parts.
If telnet or nc results with this it usually means bad setup(considering
the information).
You will need to describe in more detail your setup with subnets+routers
and iptables rules on the CentOS machine.
What do you do in the telnetting? just running "
Thank you Amos.
I'll try that!
I've made an investigation here and looks like Squid 3.5.9 separates the
ICAP payload on little chunks with the size of 27 bytes.
This is probably a side effect of the bug 4353 / 4206 issue on the main
I/O socket from the client. On a fast Squid the small input b
On 26/10/2015 11:32 p.m., Vadim Rogoziansky wrote:
> Hello All.
>
> I have a question about the size of ICAP request chunks. What is it and
> is there a way to make it configurable?
It is the size of data ready to be written on the socket when a write is
scheduled. For the full details on the chu
Hello Amos!
>Something that would cause a machine to make lots of HTTP requests.
>You have provided almost no information about the network, it
>configuration, or uses etc. Having eliminated the usual problem(s) it is
>a waste of time to guess.
I have investigate better about the problem that bri
Hello,
I am running squid 3.5.10 for bumping transparent SSL connections To
achieve this I am using following squid configuration for SSL Bumping.
acl nobumpSites ssl::server_name "/etc/squid/allowed_SSL_sites.txt"
ssl_bump peek step1 all
ssl_bump peek step2 nobumpSites
ssl_bump bump step3 nobump
regarding range_offset_limit no matter what i do idm or any download
manager not working correctly
try to download using idm and it start downloading one file suppose to start
downloading multiple of chunk range setting idm to download 16 chunk range
at the same time only one start downloading o
> squid.conf
> auth_param digest program /usr/bin/php /etc/squid3/check_user.php
> auth_param digest children 5
> auth_param digest realm MySquidProxy
> auth_param digest nonce_garbage_interval 5 minutes
> auth_param digest nonce_max_duration 2 hours
> auth_param digest nonce_max_count 50
This is
I understand perfectly. However - I changed version of the proxy and
everywhere at the same time changed the headlines? Now I will return the
version 3.4 and everything will be as it was. I already did.
That's why I ask the question - what has changed so much that the same
configuration I get
Hello All.
I have a question about the size of ICAP request chunks. What is it and
is there a way to make it configurable?
I've made an investigation here and looks like Squid 3.5.9 separates the
ICAP payload on little chunks with the size of 27 bytes.
Like:
27
2345678912345
012345678912345
Hey Yuri,
What have you tried until now to understand the situation of the issue?
From your basic question I was sure that you ran some tests on some
well defined objects.
To asses the state of squid you would need some static objects and some
changing objects.
You would also be required to tes
49 matches
Mail list logo