The dst ACL type accepts the special value of "ipv4". You can use that and the "!" operator to split traffic. However, please be aware dst is not very reliable until *after* the outgoing connection has been created, and we are still finding some access checks that do not use it correctly. YMMV.Amos
As you have found. There is no destination IP at REQMOD time. Even if squid were to do a lookup it does not know the outcome of the routing decision in order to select which IP to send REQMOD. Especially if REQMOD is the source of that decision.A normal (forward) proxy has only a server host name (
The issue is many layers of caching and interdependent data.Once the auth backend system is producing the right output the group helper cache needs to expire, then lookups by that helper will be correct.Then all the tcp connections holding onto that users credentials need to close. Only once all th
The config you have is doing client-first bumping (bump at step). It happens before the real cert or server details are available. As such any number of TLS features or extensions may be missing (or added) by squid that indicate problems to the browser.If you can use a config the peek/stare/splice
I suspect this is the lookup issue you already found, but with added complication of the dotless name preventing even the delayed lookup working.You can confirm that by adding the .local TLD or whichever your network uses internally to the names (with hosts file entry). It should then behave same a
There is a built-in ACL called "all" which does what you defined for the regex "blacklist" to do.As for sessions. No Squid follows HTTP which is stateless. You can configure it though. setup an ext_session_acl helper for active mode sessions that start when a 302 response comes back. you should hav
The main issue you are having is that the old version had no TLS/1.3 support. The newer squid have some, but not enough for what you are doing.Switching the build from GnuTLS to OpenSSL may work a little better. But without details of your config it is hard to be certain.Amos Original messa
Squid-4 is a stable release series. That means we go out of our way to ensure UI (eg build and squid.conf) does not change behaviour. So yes all *squid* settings should work the same between those versions.c-icap and squidclamav are third party software. You should not need to change them just to u
You enter the IP address or hostname of the squid machine into the browser "proxy settings" for manual configuration.Amos___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
You will need to change to ssl::server_name_regex ACL type to use regex patterns.Also, take care that all values are valid regex pattern and characters which are special in regex are properly escaped. Eg the dots.Amos___
squid-users mailing list
squid-use
ISP speed has no effect on traffic cacheability.HTTPS does have some effect depending on how much of the clients traffic is using it and whether decryption at the proxy is used.Everybody's experience with caching is slightly different. For some it is useful, others not as much. Generally speaking i
Leonardo, it sounds like your decades ago decision was before squid gained full HTTP/1.1 caching ability. 1.0-only abilities are almost useless today.Are you at least still using memory cache? That is squid configured without cache_dir but also without "cache deny" rule.Amos Original messag
The built-in log formats have a specification for what each column contains and are hard coded to comply with that. You cannot "override" them.What you should do is make up your own name for custom formats. Like you did with "test".Amos___
squid-users mai
That is a question with a very long answer. You are best reading the release notes (at least the titles from index of major changes), latest document for each Squid-3.x, 4 and 5 release series.You can find those on the website under As for GUI, I'm not sure what you have been told. The only UI tool
Not sure what you are expecting to see. libecap just contains an API for passing HTTP message pieces between applications. HTTP high-level message structure has not changed since 2014. There is no reason for libecap to have changed.Amos___
squid-users mai
This may be normal. A proxy cache like Squid moves objects closer to the clients, reduces upstream traffic and multiplexes transactions. All of which increase the traffic bandwidth efficiency. Allowing clients to receive their downloaded content faster, and thus users can browse through more pages
16 matches
Mail list logo