[squid-users] Cannot get ACL to work

2016-09-13 Thread Jason Leshchyshyn
Ugh, I am trying to get Squid to deny access to a particular AD group, but when I enable the rule, then it denys everyone. This is what I have in squid.conf # NTLM auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 15 auth_param

Re: [squid-users] Introducing delay to HTTP 407 responses

2016-09-13 Thread Dan Charlesworth
I just want to throw my support behind seeking a solution to this problem. Luke’s clearly considered it in way more detail than anyone so far, myself included. The affects the squids under my purview every day. Best, Dan > On 14 Sep. 2016, at 10:18 am, squid-us...@filter.luko.org wrote: > > H

[squid-users] c-icap load balancing

2016-09-13 Thread yanghe
Hi Unlickily,I meet a problem.I want to implement the c-icap cluster.the traffic averagely distribute to each c-icap.but I just found the adaptation_srvices_set and adaptation_services_chain. adaptation_service_set is useful when hot standby or backup adaptation servers are available.The secon

[squid-users] Introducing delay to HTTP 407 responses

2016-09-13 Thread squid-users
Hi Squid users, Seeking advice on how to slow down 407 responses to broken Apple & MS clients, which seem to retry at very short intervals and quickly fill the access.log with garbage. The problem is very similar to this: http://www.squid-cache.org/mail-archive/squid-users/201404/0326.html Howe

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-13 Thread Chico Venancio
Not really, As I understand it it is a websocket, that when proxied starts its handshake with a connect request so it can be "understood" by proxies such as squid. Chico Venancio ___ squid-users mailing list squid-users@lists.squid-cache.org http://list

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-13 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ah, my mistake. This is simple tunnel. 14.09.2016 3:03, Chico Venancio пишет: > You mean the connect requests to the websockets on w[0-9].web.whatsapp.com > ? > > 1473800440.053 16932 192.168.10.128 TCP_TUNNEL/200 3639

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-13 Thread Chico Venancio
You mean the connect requests to the websockets on w[0-9].web.whatsapp.com ? 1473800440.053 16932 192.168.10.128 TCP_TUNNEL/200 3639 CONNECT w7.web.whatsapp.com:443 - HIER_DIRECT/169.55.69.156 - Chico Venancio 2016-09-13 17:40 GMT-03:00 Yuri Voinov : > > -BEGIN PGP SIGNED MESSAGE- > H

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-13 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Wait. Does anybody see WebSockets connections to web.whatsapp.com? 14.09.2016 2:38, Chico Venancio пишет: > > We need more of access log. > There is at least connect attempts at w1.web.whatsapp.com not shown. > > Chi

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-13 Thread Chico Venancio
We need more of access log. There is at least connect attempts at w1.web.whatsapp.com not shown. Chico Venancio Em 13/09/2016 17:03, "erdosain9" escreveu: > > Hi, > No. is explicit. > > > > -- > View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-13 Thread erdosain9
Hi, No. is explicit. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Web-Whatsapp-Dropbox-problem-tp4679299p4679493.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list s

Re: [squid-users] Lost of all squid cache

2016-09-13 Thread Eliezer Croitoru
Hey Eduardo, I replayed the script on my testing lab and it seems to fir 3.5 and 4.0. The next script will receive a filename and will try to read it. As long as the file is in a good shape it will print the URL of the original request. The ruby script at: http://paste.ngtech.co.il/pul2zg62a This

Re: [squid-users] SSO (ldap kerberos)

2016-09-13 Thread Craddock, Tommy
Hello, You get that because that is what happens when you update a keytab using the msktutil program.   Tommy E CRADDOCK JR -Original Message- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of erdosain9 Sent: Tuesday, September 13, 2016 2:33 PM To: squ

Re: [squid-users] SSO (ldap kerberos)

2016-09-13 Thread erdosain9
Hi again. I get this msktutil --auto-update --verbose --computer-name squid-k -k PROXY.keytab -- init_password: Wiping the computer password structure -- generate_new_password: Generating a new, random password for the computer account -- generate_new_password: Characters read from /dev/uda

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-13 Thread Chico Venancio
Is this intercept proxy? Chico Venancio 2016-09-13 11:15 GMT-03:00 erdosain9 : > Hi. > Sorry but... dont work... > > In the chrome i get this > > Creating Application Cache with manifest > https://web.whatsapp.com/404.appcache > web.whatsapp.com/:1 Application Cache Checking event > web.whatsapp

Re: [squid-users] Lost of all squid cache

2016-09-13 Thread Eliezer Croitoru
Amos, I found my old code at: http://ngtech.co.il/paste/1012/ I will try to verify this week if it's compatible with 3.5 and 4.0 ufs\aufs cache_dir. Eliezer Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il -Original Message- From:

Re: [squid-users] Rock store status

2016-09-13 Thread Alex Rousskov
On 09/13/2016 05:01 AM, FredB wrote: > One thing, squid restart is very slow because of time required to rebuild the > cache > > 2016/09/13 00:25:34| Took 1498.42 seconds (3972.24 objects/sec). -> Rock > 2016/09/13 00:00:51| Took 5.71 seconds (533481.90 objects/sec). -> Diskd This is a known

Re: [squid-users] Lost of all squid cache

2016-09-13 Thread Amos Jeffries
On 14/09/2016 3:15 a.m., Eliezer Croitoru wrote: > Hey Eduardo, > > The first thing I would do is to first disable the disk cache in order to try > to recover\rebuild the disk cache manually using another squid instance. > It's not always possible but if this cache is important enough then a loss

Re: [squid-users] SSO (ldap kerberos)

2016-09-13 Thread Amos Jeffries
On 14/09/2016 3:34 a.m., erdosain9 wrote: > Hi. > Thanks. > With "take" a mean... to control which group a user belongs. So I can apply > acl, etc to that groups. > > Like this in ldap > > # Active Directory > auth_param basic program /usr/lib64/squid/basic_ldap_auth -R -b > "cn=Users,dc=example,

Re: [squid-users] SSO (ldap kerberos)

2016-09-13 Thread erdosain9
Hi. Thanks. With "take" a mean... to control which group a user belongs. So I can apply acl, etc to that groups. Like this in ldap # Active Directory auth_param basic program /usr/lib64/squid/basic_ldap_auth -R -b "cn=Users,dc=example,dc=lan" -D sq...@example.lan -w 123456 -f sAMAccountName=%s -

Re: [squid-users] Lost of all squid cache

2016-09-13 Thread Eliezer Croitoru
Hey Eduardo, The first thing I would do is to first disable the disk cache in order to try to recover\rebuild the disk cache manually using another squid instance. It's not always possible but if this cache is important enough then a loss of couple tiny bits for recovery time plus some network l

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-13 Thread erdosain9
Hi. Sorry but... dont work... In the chrome i get this Creating Application Cache with manifest https://web.whatsapp.com/404.appcache web.whatsapp.com/:1 Application Cache Checking event web.whatsapp.com/:1 Application Cache Error event: Manifest fetch failed (404) https://web.whatsapp.com/404.ap

Re: [squid-users] Lost of all squid cache

2016-09-13 Thread Eduardo Carneiro
Jorgeley wrote > what about cache_swap_low and cache_swap_high??? > > 2016-09-13 8:23 GMT-03:00 Eduardo Carneiro < > eduardoocarneiro@ > >: > >> Amos Jeffries wrote >> > On 13/09/2016 5:12 a.m., Yuri Voinov wrote: >> >> >> >> Hm. >> >> >> >> As a recovery you can try to rename/remove swap.state

Re: [squid-users] Lost of all squid cache

2016-09-13 Thread Jorgeley Junior
what about cache_swap_low and cache_swap_high??? 2016-09-13 8:23 GMT-03:00 Eduardo Carneiro : > Amos Jeffries wrote > > On 13/09/2016 5:12 a.m., Yuri Voinov wrote: > >> > >> Hm. > >> > >> As a recovery you can try to rename/remove swap.state from cache_dir's > >> and start squid again. AFAIK in t

Re: [squid-users] Lost of all squid cache

2016-09-13 Thread Eduardo Carneiro
Amos Jeffries wrote > On 13/09/2016 5:12 a.m., Yuri Voinov wrote: >> >> Hm. >> >> As a recovery you can try to rename/remove swap.state from cache_dir's >> and start squid again. AFAIK in this case it re-indexing all exists disk >> cache contents and build new one swap.state file. Also, does all

Re: [squid-users] Rock store status

2016-09-13 Thread FredB
One thing, squid restart is very slow because of time required to rebuild the cache 2016/09/13 00:25:34| Took 1498.42 seconds (3972.24 objects/sec). -> Rock 2016/09/13 00:00:51| Took 5.71 seconds (533481.90 objects/sec). -> Diskd ___ squid-users ma

Re: [squid-users] TProxy and client_dst_passthru

2016-09-13 Thread Omid Kosari
Amos Jeffries wrote > ==> ORIGINAL_DST is should *only* ever be used on MISS or > REFRESH/revalidate traffic. Never on a HIT. Thus zero (0%) hit-ratio is > the expected behaviour. > > For the same reason that a report of the log traffic using "grep -v HIT" > will show zero cache ratio. I have des