Re: [squid-users] [squid-announce] Squid 4.2 is available

I'd be all over any Squid 4 RPMs for EL6, for what that's worth. I had downloaded your source RPM for EL7 at one point and tried to build one for EL6. Dealing with the compiler issues was a bit beyond me though, sadly. On Tue, 14 Aug 2018 at 05:46, Eliezer Croitoru wrote: > I need to test it

Re: [squid-users] quiet week

Copy, Amos — receiving you loud and clear :) On Mon, 4 Jun 2018 at 15:47, Amos Jeffries wrote: > Hi anyone, > just testing to see if the list server is still operational. Things > have been suspiciously quiet this week. > > Amos > ___ > squid-users

[squid-users] Squid 4 EL6 RPMs

Hello all, I'm wondering if anyone can point to a Squid 4 RPM package for CentOS / RHEL 6. I've had a search around, but it seems people are only packaging it for EL7. I did try compiling an EL6 RPM myself, based on an EL7 source RPM, but I'm not adept in this area and couldn't get past certain

Re: [squid-users] Rock store size not decreasing

Okay, cool — thanks for clarifying. Guess I'll nuke it myself and reinitialise a blank one. Best, Dan On 19 May 2017 at 23:29, Amos Jeffries <squ...@treenet.co.nz> wrote: > On 19/05/17 15:47, Dan Charlesworth wrote: > >> Hey all >> >> I'm fairly new to rock cac

[squid-users] Rock store size not decreasing

Hey all I'm fairly new to rock caching. With aufs, if you reduce the cache size in the config it'll start slowly reducing it down the new size. I've done that with a ~137GB rock store (reduced it to 10240MB) but it 'aint changing after reloading the config. cache_dir rock /var/spool/squid/rock

Re: [squid-users] Access-Control-* headers missing when going through squid

Thanks Amos.As far as I can tell the only device upstream of the proxy is a relatively basic gateway/firewall. I doubt it's capable of messing with HTTP headers (and loading the site directly, as opposed to using the proxy lets it load fine behind the same gateway).I’ve attached the debug output

[squid-users] Access-Control-* headers missing when going through squid

Hi everyone, This is a super weird one! This Pressreader site (http://sheppartonnews.pressreader.com/shepparton-news) gets a totally different (erroneous) response from the server when accessing it through squid on a particular school's network. It doesn’t happen through any other squid box

Re: [squid-users] Introducing delay to HTTP 407 responses

I just want to throw my support behind seeking a solution to this problem. Luke’s clearly considered it in way more detail than anyone so far, myself included. The affects the squids under my purview every day. Best, Dan > On 14 Sep. 2016, at 10:18 am, squid-us...@filter.luko.org wrote: > >

Re: [squid-users] Large memory leak with ssl_peek (now partly understood)

Hey Steve, Deployed a 3.5.20 build with both of those patches and have noticed a big improvement in memory consumption of squid processes at a couple of splice-heavy sites. Thank you, sir! Dan > On 12 Aug 2016, at 7:05 PM, Steve Hill wrote: > > >>This sounds

Re: [squid-users] Large memory leak with ssl_peek (now partly understood)

Pretty sure this is affecting our 3.5.x systems as well — we use a very similar splicing implementation. I'll keep an eye out in hope someone adapts that patch! Dan On 12 August 2016 at 06:22, Alex Rousskov wrote: > On 08/11/2016 10:56 AM, Steve Hill wrote: >

[squid-users] Rate limiting bad clients?

Hi all, This is more of a squid-adjacent query. Hopefully relevant enough for someone here to help… I’m sick of all these web apps that take it upon themselves to hammer proxies when they don’t get the response they want, like if they have to authenticate for example. On big networks, behind

Re: [squid-users] Empty response from website via proxy

ons of that be? Dan On 5 July 2016 at 15:07, Dan Charlesworth <d...@getbusi.com> wrote: > That’s a super helpful analysis, thanks Amos. > > Now to see if I track down the site admins  > > > On 5 Jul 2016, at 3:04 PM, Amos Jeffries <squ...@treenet.co.nz> wrote: >

Re: [squid-users] Empty response from website via proxy

That’s a super helpful analysis, thanks Amos. Now to see if I track down the site admins  > On 5 Jul 2016, at 3:04 PM, Amos Jeffries <squ...@treenet.co.nz> wrote: > > On 5/07/2016 4:25 p.m., Dan Charlesworth wrote: >> This website seems not send back a proper web page if

[squid-users] Empty response from website via proxy

This website seems not send back a proper web page if the request comes via a (squid?) proxy. http://passporttosafety.com.au/ Can anyone tell what might be going wrong here? Best, Dan ___ squid-users mailing list squid-users@lists.squid-cache.org

Re: [squid-users] How to analyse squid memory usage

No worries—thanks for following up on it! That’s very interesting, about the concurrent requests, because the “normal” report does around 80% more requests per day than the “leaky” one — a few hundred thousand vs a couple of million. Does this CLOSE_WAIT sockets issue have a bug being tracked

Re: [squid-users] How to analyse squid memory usage

AM, Dan Charlesworth <d...@getbusi.com> wrote: > > I’ve now got mgr:mem output from a leaky box for comparison but I’m having a > hard time spotting where the problem might be. > > Would anyone more experienced mind taking at these and seeing if anything > jumps out as

Re: [squid-users] How to analyse squid memory usage

1KB Strings 0 0 4KB Strings 0 1 16KB Strings 0 5 Other Strings0 0 Large buffers: 0 (0 KB) Thanks! > On 11 May 2016, at 2:37 PM, Dan Charlesworth <d...@getbusi.com> wrote: > > Thanks Amos - > > Not sure how self-explanatory the output

Re: [squid-users] How to analyse squid memory usage

0 0 Large buffers: 0 (0 KB) > On 10 May 2016, at 6:02 PM, Amos Jeffries <squ...@treenet.co.nz> wrote: > > On 10/05/2016 2:35 p.m., Dan Charlesworth wrote: >> A small percentage of deployments of our squid-based product are using >> oodles of memory—

[squid-users] How to analyse squid memory usage

A small percentage of deployments of our squid-based product are using oodles of memory—there doesn’t seem to be a limit to it. I’m wondering what the best way might be to analyse what squid is reserving it all for in the latest 3.5 release? The output of squidclient mgr:cache_mem is

Re: [squid-users] Bizarrely slow, timing out DNS only via Squid :D

g outside of squid. > > Eliezer > > On 07/03/2016 06:50, Dan Charlesworth wrote: >> Alright, we’re getting somewhere. >> >> A plain curl is about as slow as a default squid config curl: >> >> P.S. I sent you a Skype request >> >> --- >

Re: [squid-users] Bizarrely slow, timing out DNS only via Squid :D

entioned? > > Another one to try is: > http://www.squid-cache.org/Doc/config/dns_v4_first/ > > try adding to the end of squid.conf > dns_v4_first on > > All The Bests, > Eliezer > > On 04/03/2016 00:42, Dan Charlesworth wrote: >> Thanks for your inp

Re: [squid-users] Bizarrely slow, timing out DNS only via Squid 

18:07:21 2016 ;; MSG SIZE rcvd: 93 real0m0.037s user0m0.003s sys 0m0.001s > On 3 Mar 2016, at 5:44 PM, Eliezer Croitoru <elie...@ngtech.co.il> wrote: > > can you try the next command: > dig -x 10.100.128.1 > > Eliezer > > On 03/03/2016 08:04, Dan Ch

Re: [squid-users] Bizarrely slow, timing out DNS only via Squid 

.co.il> wrote: > > Hey Dan, > > What dig+nslookup queries did you tested for? > > Eliezer > > On 03/03/2016 07:39, Dan Charlesworth wrote: >> Right now we have 1 squid box (out of a lot), running 3.5.13, which does >> something like this for

[squid-users] Bizarrely slow, timing out DNS only via Squid 

Right now we have 1 squid box (out of a lot), running 3.5.13, which does something like this for every request, taking about 10 seconds: 2016/03/03 16:30:48.883 kid1| 78,3| dns_internal.cc(1794) idnsPTRLookup: idnsPTRLookup: buf is 43 bytes for 10.100.128.1, id = 0x733a 2016/03/03 16:30:48.883

Re: [squid-users] SSL bump memory leak

I’m just catching up with this one, but we’ve observed some memory leaks on a small percentage of our boxes, which we migrated to Peek & Splice late last year. We’re on 3.5.13, about to move to 3.5.15. What’s the least disruptive way to keep this under control, if there is one? Is there

Re: [squid-users] any way to get squid-4 compiled on CentOS-6?

) But now I can’t even a source for that … I need to spend some quality time with Google I think. > On 24 Feb 2016, at 5:50 AM, Amos Jeffries <squ...@treenet.co.nz> wrote: > > On 23/02/2016 1:05 p.m., Dan Charlesworth wrote: >> I'm bumping this question back up, because I al

Re: [squid-users] any way to get squid-4 compiled on CentOS-6?

I'm bumping this question back up, because I also would like to know. We'd rather not need users of our squid-based software to need to deploy new CentOS 7 servers to run it. On 12 February 2016 at 19:59, Jason Haar wrote: > Hi there > > Given the real work on ssl-bump

Re: [squid-users] Delay Pools and HTTPS on Squid 3.x

It's been a while since I've looked at this—because the software we use to generate our squid.conf just works around now—but we found that Squid 3 would only enforce exactly half the configured rate on HTTP requests but enforce the full rate on HTTPS requests. So we now make two delay pools for

Re: [squid-users] using splice just to improve TLS SNI logging

It’s been a far superior client experience to bumping on the deployments I’ve seen. Obviously MITM-ing a connection is always going to be a less amenable situation for clients; technically and ethically. The only problem I’ve had with splicing is this Host Header Forgery error squid has when

Re: [squid-users] Host header forgery detected after upgrade from 3.5.8 to 3.5.9

gt; > On 25/11/2015 12:20 p.m., Dan Charlesworth wrote: >> Thanks for the perspective on this, folks. >> >> Going back to the technical stuff—and this isn’t really a squid thing—but is >> there any way I can minimise this using my DNS server? >> >> Can

Re: [squid-users] Host header forgery detected after upgrade from 3.5.8 to 3.5.9

Thanks for the perspective on this, folks. Going back to the technical stuff—and this isn’t really a squid thing—but is there any way I can minimise this using my DNS server? Can I force my local DNS to only ever return 1 address from the pool on a hostname I’m having trouble with? > On 30

Re: [squid-users] Host header forgery detected after upgrade from 3.5.8 to 3.5.9

of IPs apparently at random. > On 29 Oct 2015, at 3:46 PM, Amos Jeffries <squ...@treenet.co.nz> wrote: > > On 29/10/2015 1:16 p.m., Dan Charlesworth wrote: >> It looks like there’s certain hosts that are designed to load balance (or >> something) between a few I

Re: [squid-users] Host header forgery detected after upgrade from 3.5.8 to 3.5.9

the client and the proxy are going to get the same IPs at the same time. What is one to do about that? > On 22 Oct 2015, at 10:00 PM, Yuri Voinov <yvoi...@gmail.com> wrote: > > > > 22.10.15 15:58, Amos Jeffries пишет: >> On 21/10/2015 4:53 p.m., Dan Charlesw

Re: [squid-users] Host header forgery detected after upgrade from 3.5.8 to 3.5.9

I’m getting these very frequently for api.github.com and github.com I’m using the same DNS servers as my intercepting squid 3.5.10 proxy and they only return the one IP when I do an nslookup as well … Any updates from your end, Roel? > On 8 Oct 2015, at 8:29 PM, Eliezer Croitoru

Re: [squid-users] Safari 9 vs. SSL Bump

Amos - I’m going to assume that request was directed at Alex, as I don’t have editor access to the wiki. Let me know if not. > On 16 Oct 2015, at 4:22 PM, Amos Jeffries wrote: > > Can you please add to the Troubleshooting section at the end of >

Re: [squid-users] Safari 9 vs. SSL Bump

Great, thanks. Don’t know why I didn’t think of it before but I’ll try elevating it from Login -> System keychain and see what happens. > On 16 Oct 2015, at 11:51 AM, Jason Haar <jason_h...@trimble.com> wrote: > > On 16/10/15 13:34, Dan Charlesworth wrote: >> Th

Re: [squid-users] Safari 9 vs. SSL Bump

ason_h...@trimble.com> wrote: > > On 16/10/15 13:08, Dan Charlesworth wrote: >> ORLY >> >> I seem to recall this happening on 10.10 as well, but it could be an El >> Capitan thing. Do you mind reminding me of your squid config Jason? > > With my config I trying to

Re: [squid-users] Safari 9 vs. SSL Bump

anything to do with Elliptic Curves or pinning > > Jason > > On 15/10/15 12:19, Alex Rousskov wrote: >> On 10/14/2015 05:00 PM, Dan Charlesworth wrote: >> >>> I feel like if server-first is working there must be *some* >>> combination of peek/s

Re: [squid-users] Safari 9 vs. SSL Bump

, and Jason for your help on this.    > On 16 Oct 2015, at 11:55 AM, Dan Charlesworth <d...@getbusi.com> wrote: > > Great, thanks. Don’t know why I didn’t think of it before but I’ll try > elevating it from Login -> System keychain and see what happens. > >> On 16 Oct

Re: [squid-users] Safari 9 vs. SSL Bump

to use server-first if they decide to employ bumping, so if any of you smart people have any other suggestions, please send them through. Thanks > On 15 Oct 2015, at 1:34 AM, Alex Rousskov <rouss...@measurement-factory.com> > wrote: > > On 10/13/2015 09:08 PM, Dan

Re: [squid-users] Safari 9 vs. SSL Bump

t 2:39 PM, Dan Charlesworth <d...@getbusi.com> wrote: > > ¯\_(ツ)_/¯ > > All I really have to go on is those errors com.apple.WebKit.Networking is > logging which apparently points to a specific thing it’s missing called > “forward transport security”. Only the peek@st

Re: [squid-users] Safari 9 vs. SSL Bump

aar <jason_h...@trimble.com> wrote: > > On 14/10/15 16:08, Dan Charlesworth wrote: >> I thought that fixed it for a second … >> >> But in reality ssl_bump peek step1 & ssl_bump bump step3 is actually >> splicing everything, it seems. >> >> Any

Re: [squid-users] Safari 9 vs. SSL Bump

I thought that fixed it for a second … But in reality ssl_bump peek step1 & ssl_bump bump step3 is actually splicing everything, it seems. Any other advice? :-) > On 14 Oct 2015, at 1:51 PM, Amos Jeffries <squ...@treenet.co.nz> wrote: > > On 14/10/2015 1:13 p.m., Dan

[squid-users] Safari 9 vs. SSL Bump

Throwing this out to the list in case anyone else might be trying to get SSL Bump to work with the latest version of Safari. Every other browser on OS X (and iOS) is happy with bumping for pretty much all HTTPS sites, so long as the proxy’s CA is trusted. However Safari throws generic “secure

Re: [squid-users] Host header forgery detected after upgrade from 3.5.8 to 3.5.9

Same here—I've been meaning to ask the list about this too. I’m still on 3.5.9, by the way. > On 6 Oct 2015, at 10:55 PM, Roel van Meer wrote: > > Hi everyone, > > I have a Squid setup on a linux box with transparent interception of both > http and https traffic. Everything

[squid-users] External ACL format tag for origin IP?

It seems there’s no way to get the equivalent of the `dst` internal ACL into an external ACL. %DST returns the hostname from DNS not the origin IP. Am I missing something? Perhaps there's a more creative way to pass the IP to an external ACL regardless of what the hostname is? Thanks!

Re: [squid-users] 3.5.8 — SSL Bump questions

Thanks for all the info here, people. This is probably because of some other dumb thing I’m doing in my ssl_bump config, but if I change ssl_bump peek step1 to ssl_bump peek all, I get this assertion failure: PeerConnector.cc:747: "!callback" > On 9 Sep 2015, at 6:59 pm, Amos Jeffries

Re: [squid-users] 3.5.8 — SSL Bump questions

10.0.1.7 TCP_TUNNEL 200 13741 CONNECT 192.30.252.126:443 api.github.com - splice - ORIGINAL_DST/192.30.252.126 - > On 8 Sep 2015, at 5:39 pm, Dan Charlesworth <d...@getbusi.com> wrote: > > Thanks Amos. > > To clarify about the user agents: I’m talking about anything with a (log

Re: [squid-users] 3.5.8 — SSL Bump questions

t log a UA when an explicit CONNECT does. > On 8 Sep 2015, at 5:17 pm, Amos Jeffries <squ...@treenet.co.nz> wrote: > > On 8/09/2015 5:36 p.m., Dan Charlesworth wrote: >> Hello all >> >> I’ve been testing out an SSL bumping config using 3.5.8 for the last week or

[squid-users] 3.5.8 — SSL Bump questions

Hello all I’ve been testing out an SSL bumping config using 3.5.8 for the last week or so and am scratching my head over a couple of things. First, here’s my config (shout out to James Lay): acl tcp_level at_step SslBump1 acl client_hello_peeked at_step SslBump2 acl bump_bypass_domains

[squid-users] Any plan for an SSL bump mode ACL?

I’m trying to figure out if there’s a way to avoid those 0 byte “peeked” requests being processed by the rest of our external ACLs etc. by allowing them early on in the transaction. Unfortunately there doesn’t seem to be a way to target just those ones with http_access—the TAG_NONE isn’t an

Re: [squid-users] Why is overlapping dstdomains a FATAL error now?

least, slapped in the back of the head. On 8/6/2015 6:44 PM, Dan Charlesworth wrote: This used to just cause a WARNING right? Is this really a good enough reason to stop Squid from starting up? 2015/08/07 09:25:43| ERROR: '.ssl.gstatic.com http://ssl.gstatic.com/' is a subdomain

[squid-users] Why is overlapping dstdomains a FATAL error now?

This used to just cause a WARNING right? Is this really a good enough reason to stop Squid from starting up? 2015/08/07 09:25:43| ERROR: '.ssl.gstatic.com http://ssl.gstatic.com/' is a subdomain of '.gstatic.com http://gstatic.com/' 2015/08/07 09:25:43| ERROR: You need to remove

Re: [squid-users] Detecting clients flooding squid with failed request

antony.st...@squid.open.source.it wrote: On Monday 03 August 2015 at 08:06:35 (EU time), Dan Charlesworth wrote: Probably a lot of forward proxy users here have encountered applications which, if they can’t get their web requests through the proxy (because of 407 Proxy Auth Required

[squid-users] Squid 3.4.14

Hey folks Is 3.4.14 going to be a thing or should we be moving to v3.5 if we want new bug fixes? ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] tos miss-mask not working at all squid 3.5.5

It's also worth pointing out that your messages are getting flagged as Spam by Gmail, which probably isn't helping visibility. On 23 June 2015 at 06:11, mohammad al_luha...@yahoo.com wrote: why is no-one answering this ?!! BTW, i tried the kernel patch 2.6.35 from ZPH, it worked

Re: [squid-users] Individual delay pools and youtube

Thanks Amos. We're using the CONNECT ACL and everything is working as expected. On 29 April 2015 at 20:28, Amos Jeffries squ...@treenet.co.nz wrote: On 29/04/2015 5:44 p.m., dan wrote: I mentioned last time that we had to x2 all our delay_parameter’s bytes because of a weird bug where squid

Re: [squid-users] assertion failed: ../src/ipc/AtomicWord.h:88: Enabled()

=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fPIC' 'PKG_CONFIG_PATH=/usr/lib64/pkgconfig:/usr/share/pkgconfig' --enable-ltdl-convenience On 28 Mar 2015, at 3:11 am, Dan Charlesworth d...@getbusi.com wrote: Roger—thanks for heads up Amos. On Fri

Re: [squid-users] assertion failed: ../src/ipc/AtomicWord.h:88: Enabled()

Bumping this because I think it might have gone into the black hole the other night. On 23 Mar 2015, at 5:44 pm, Dan Charlesworth d...@getbusi.com wrote: Turns out it’s also shitting the bed whenever I go to an SSL site now that I’ve added --enable-storeio=rock: 2015/03/23 17:40:13 kid1

Re: [squid-users] assertion failed: client_side.cc:1515: connIsUsable(http-getConn())

will upload them to the bug. Thanks folks. On 25 March 2015 at 09:28, Dan Charlesworth d...@getbusi.com wrote: Resending this after the last attempt went into the mail server black hole: Hey Amos I decided I’m not confident enough in 3.5.HEAD, after last time, to go back into production

Re: [squid-users] assertion failed: client_side.cc:1515: connIsUsable(http-getConn())

p.m., Dan Charlesworth wrote: Thanks Amos. I'll put together a build with the upcoming snapshot on Monday, might even try disabling optimization for it too. Please do. If you're only getting 40 RPS out of the proxy during the test its hard to see how not optimizing the code could

Re: [squid-users] Server-first SSL bump in Squid 3.5.x

posted before? Kind regards Dan On 19 Mar 2015, at 5:18 pm, Amos Jeffries squ...@treenet.co.nz wrote: On 19/03/2015 6:36 p.m., Dan Charlesworth wrote: Hey y’all Finally got 3.5.2 running. I was under the impression that using server-first SSL bump would still be compatible, despite all

Re: [squid-users] assertion failed: client_side.cc:1515: connIsUsable(http-getConn())

0x4135 in ?? () No symbol table info available. #14 0x0020 in ?? () No symbol table info available. #15 0x in ?? () No symbol table info available. On 16 Mar 2015, at 6:18 pm, Amos Jeffries squ...@treenet.co.nz wrote:On 16/03/2015 7:16 p.m., Dan Charlesworth

Re: [squid-users] WARNING: 1 swapin MD5 mismatches and BUG 3279: HTTP reply without Date:

then it means that the issue is related to the way SMP can make a ufs\aufs cache_dir dirty and there for the answer would be pretty simple to the issue in hands. Eliezer On 20/03/2015 00:32, Dan Charlesworth wrote: Hi John This bug has been affecting me on an off for a while as well. I

Re: [squid-users] assertion failed: client_side.cc:1515: connIsUsable(http-getConn())

., Dan Charlesworth wrote: Hey again Amos - Unfortunately the patch for #4206 won’t apply to squid-3.4.12. I was going to try creating a new one but couldn’t find an equivalent line in client_side.cc for that version. I guess the #4206 issue doesn’t apply to v3.4.x after all? Correct. Oh

Re: [squid-users] WARNING: 1 swapin MD5 mismatches and BUG 3279: HTTP reply without Date:

seen this issue frequently when I reduced my cache size, from 70 GB to 30 GB now. Regards On 3/19/15, Dan Charlesworth d...@getbusi.com wrote: Hey Eliezer I don't actually use SMP. I could be wrong about the aufs thing; I haven't personally tested—and don't currently plan to test—any other

[squid-users] Server-first SSL bump in Squid 3.5.x

Hey y’all Finally got 3.5.2 running. I was under the impression that using server-first SSL bump would still be compatible, despite all the Peek Splice changes, but apparently not. Hopefully someone can explain what might be going wrong here ... Using the same SSL Bump config that we used for

Re: [squid-users] v3.5.x RPM for CentOS 6

, eliezer already made binary for centos 6.x, you just missed perl modules and pinger need to have correct permission. On Wed, Mar 18, 2015 at 11:54 AM, Dan Charlesworth d...@getbusi.com mailto:d...@getbusi.com wrote: *Tory — sorry. On 18 Mar 2015, at 3:49 pm, Dan Charlesworth d

Re: [squid-users] v3.5.x RPM for CentOS 6

. Tory Sent via the wild blue yonder On Mar 17, 2015, at 20:16, Dan Charlesworth d...@getbusi.com mailto:d...@getbusi.com wrote: Hey Eliezer Do you have any plans to maintain a Squid 3.5.x rpm for CentOS 6? I can see you’ve published one for CentOS 7. In fact I tried to use your

Re: [squid-users] Random SSL bump DB corruption

Bumpity bump Had this go down exactly the same way this past Monday at Deployment #1. On 10 Mar 2015, at 4:51 pm, Dan Charlesworth d...@getbusi.com wrote: Hey folks After having many of our systems running Squid 3.4.12 for a couple of weeks now we had two different deployments fail

[squid-users] Random SSL bump DB corruption

Hey folks After having many of our systems running Squid 3.4.12 for a couple of weeks now we had two different deployments fail today due to SSL DB corruption. Never seen this in almost 9 months of SSL bump being in production and there were no problems in either cache log until the “wrong

Re: [squid-users] assertion failed: client_side.cc:1515: connIsUsable(http-getConn())

Alright I got abrtd on board, finally.Here’s a a backtrace from this morning (bt and bt full versions included separately):#0 0x00397e232625 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x00397e233e05 in abort () at abort.c:92 #2 0x005656ef in xassert

Re: [squid-users] assertion failed: client_side.cc:1515: connIsUsable(http-getConn())

a fake acl that will match all requests instead of using an external_acl helper that will help you to select the 100MB limit. On 20/02/2015 05:34, Dan Charlesworth wrote: Installed v3.4.12 and almost went a whole day without this crash. Ended up rearing its head during a spike in traffic after

Re: [squid-users] assertion failed: client_side.cc:1515: connIsUsable(http-getConn())

Thanks Amos - So then it more than likely is related to our external ACLs that deal with the HTTP response? On 20 Feb 2015, at 5:06 pm, Amos Jeffries squ...@treenet.co.nz wrote: On 20/02/2015 5:46 p.m., Eliezer Croitoru wrote: Hey Dan, The basic rule of thumb in programming lands is

Re: [squid-users] assertion failed: client_side.cc:1515: connIsUsable(http-getConn())

its impact? Thanks Dan On 12 February 2015 at 09:51, Dan Charlesworth d...@getbusi.com wrote: Hey Eliezer With the response_size_100 ACL definition: - 100 tells the external ACL the limit in MB - 192.168.0.10 tells the external ACL the squid IP I think one or both of these is only needed

Re: [squid-users] assertion failed: client_side.cc:1515: connIsUsable(http-getConn())

other info I can provide that might point towards the cause of this crash. And thanks again for taking a look. On 3 Feb 2015, at 2:49 pm, Dan Charlesworth d...@getbusi.com wrote: Hi Eliezer Thanks for paying attention, as always. I’m working on getting an (appropriately censored) example

Re: [squid-users] assertion failed: client_side.cc:1515: connIsUsable(http-getConn())

, Eliezer On 02/02/2015 01:14, Dan Charlesworth wrote: Bumping this one for the new year 'cause I still don't understand squid traces and because it's still happening with v3.4.11. I would speculate that's it's something to do with the External ACLs (there's a bunch). Let me know if a more

Re: [squid-users] assertion failed: client_side.cc:1515: connIsUsable(http-getConn())

help. On 2 February 2015 at 10:14, Dan Charlesworth d...@getbusi.com wrote: Bumping this one for the new year 'cause I still don't understand squid traces and because it's still happening with v3.4.11. I would speculate that's it's something to do with the External ACLs (there's a bunch). Let me

Re: [squid-users] HTTPS intercept, simple configuration to avoid bank bumping

Wasn't somebody saying that you'd need write an External ACL to evaluate the SNI host because dstdomain isn't hooked into that code (yet? ever?)? On 27 January 2015 at 08:33, Jason Haar jason_h...@trimble.com wrote: Well the documentation says # SslBump1: After getting TCP-level and HTTP

Re: [squid-users] Kerberos Authentication Failing for Windows 7+ with BH gss_accept_sec_context() failed

I was recently receiving this (incredibly vague) error. Turns out my squid user didn’t have permission to read the keytab. On Sat, Oct 25, 2014 at 8:37 PM, Pedro Lobo pal...@gmail.com wrote: Hi Markus, I used msktutil to create the keytab. msktutil -c -s HTTP/proxy01tst.fake.net -h