I'd be all over any Squid 4 RPMs for EL6, for what that's worth.
I had downloaded your source RPM for EL7 at one point and tried to build
one for EL6. Dealing with the compiler issues was a bit beyond me though,
sadly.
On Tue, 14 Aug 2018 at 05:46, Eliezer Croitoru wrote:
> I need to test it
Copy, Amos — receiving you loud and clear :)
On Mon, 4 Jun 2018 at 15:47, Amos Jeffries wrote:
> Hi anyone,
> just testing to see if the list server is still operational. Things
> have been suspiciously quiet this week.
>
> Amos
> ___
> squid-users
Hello all,
I'm wondering if anyone can point to a Squid 4 RPM package for CentOS /
RHEL 6.
I've had a search around, but it seems people are only packaging it for EL7.
I did try compiling an EL6 RPM myself, based on an EL7 source RPM, but I'm
not adept in this area and couldn't get past certain
Okay, cool — thanks for clarifying.
Guess I'll nuke it myself and reinitialise a blank one.
Best,
Dan
On 19 May 2017 at 23:29, Amos Jeffries <squ...@treenet.co.nz> wrote:
> On 19/05/17 15:47, Dan Charlesworth wrote:
>
>> Hey all
>>
>> I'm fairly new to rock cac
Hey all
I'm fairly new to rock caching. With aufs, if you reduce the cache size in
the config it'll start slowly reducing it down the new size.
I've done that with a ~137GB rock store (reduced it to 10240MB) but it
'aint changing after reloading the config.
cache_dir rock /var/spool/squid/rock
Thanks Amos.As far as I can tell the only device upstream of the proxy is a relatively basic gateway/firewall. I doubt it's capable of messing with HTTP headers (and loading the site directly, as opposed to using the proxy lets it load fine behind the same gateway).I’ve attached the debug output
Hi everyone,
This is a super weird one!
This Pressreader site (http://sheppartonnews.pressreader.com/shepparton-news)
gets a totally different (erroneous) response from the server when accessing it
through squid on a particular school's network.
It doesn’t happen through any other squid box
I just want to throw my support behind seeking a solution to this problem.
Luke’s clearly considered it in way more detail than anyone so far, myself
included.
The affects the squids under my purview every day.
Best,
Dan
> On 14 Sep. 2016, at 10:18 am, squid-us...@filter.luko.org wrote:
>
>
Hey Steve,
Deployed a 3.5.20 build with both of those patches and have noticed a big
improvement in memory consumption of squid processes at a couple of
splice-heavy sites.
Thank you, sir!
Dan
> On 12 Aug 2016, at 7:05 PM, Steve Hill wrote:
>
>
>>This sounds
Pretty sure this is affecting our 3.5.x systems as well — we use a very
similar splicing implementation.
I'll keep an eye out in hope someone adapts that patch!
Dan
On 12 August 2016 at 06:22, Alex Rousskov
wrote:
> On 08/11/2016 10:56 AM, Steve Hill wrote:
>
Hi all,
This is more of a squid-adjacent query. Hopefully relevant enough for someone
here to help…
I’m sick of all these web apps that take it upon themselves to hammer proxies
when they don’t get the response they want, like if they have to authenticate
for example. On big networks, behind
ons of that be?
Dan
On 5 July 2016 at 15:07, Dan Charlesworth <d...@getbusi.com> wrote:
> That’s a super helpful analysis, thanks Amos.
>
> Now to see if I track down the site admins
>
> > On 5 Jul 2016, at 3:04 PM, Amos Jeffries <squ...@treenet.co.nz> wrote:
>
That’s a super helpful analysis, thanks Amos.
Now to see if I track down the site admins
> On 5 Jul 2016, at 3:04 PM, Amos Jeffries <squ...@treenet.co.nz> wrote:
>
> On 5/07/2016 4:25 p.m., Dan Charlesworth wrote:
>> This website seems not send back a proper web page if
This website seems not send back a proper web page if the request comes via a
(squid?) proxy.
http://passporttosafety.com.au/
Can anyone tell what might be going wrong here?
Best,
Dan
___
squid-users mailing list
squid-users@lists.squid-cache.org
No worries—thanks for following up on it!
That’s very interesting, about the concurrent requests, because the “normal”
report does around 80% more requests per day than the “leaky” one — a few
hundred thousand vs a couple of million.
Does this CLOSE_WAIT sockets issue have a bug being tracked
AM, Dan Charlesworth <d...@getbusi.com> wrote:
>
> I’ve now got mgr:mem output from a leaky box for comparison but I’m having a
> hard time spotting where the problem might be.
>
> Would anyone more experienced mind taking at these and seeing if anything
> jumps out as
1KB Strings 0 0
4KB Strings 0 1
16KB Strings 0 5
Other Strings0 0
Large buffers: 0 (0 KB)
Thanks!
> On 11 May 2016, at 2:37 PM, Dan Charlesworth <d...@getbusi.com> wrote:
>
> Thanks Amos -
>
> Not sure how self-explanatory the output
0 0
Large buffers: 0 (0 KB)
> On 10 May 2016, at 6:02 PM, Amos Jeffries <squ...@treenet.co.nz> wrote:
>
> On 10/05/2016 2:35 p.m., Dan Charlesworth wrote:
>> A small percentage of deployments of our squid-based product are using
>> oodles of memory—
A small percentage of deployments of our squid-based product are using oodles
of memory—there doesn’t seem to be a limit to it.
I’m wondering what the best way might be to analyse what squid is reserving it
all for in the latest 3.5 release?
The output of squidclient mgr:cache_mem is
g outside of squid.
>
> Eliezer
>
> On 07/03/2016 06:50, Dan Charlesworth wrote:
>> Alright, we’re getting somewhere.
>>
>> A plain curl is about as slow as a default squid config curl:
>>
>> P.S. I sent you a Skype request
>>
>> ---
>
entioned?
>
> Another one to try is:
> http://www.squid-cache.org/Doc/config/dns_v4_first/
>
> try adding to the end of squid.conf
> dns_v4_first on
>
> All The Bests,
> Eliezer
>
> On 04/03/2016 00:42, Dan Charlesworth wrote:
>> Thanks for your inp
18:07:21 2016
;; MSG SIZE rcvd: 93
real0m0.037s
user0m0.003s
sys 0m0.001s
> On 3 Mar 2016, at 5:44 PM, Eliezer Croitoru <elie...@ngtech.co.il> wrote:
>
> can you try the next command:
> dig -x 10.100.128.1
>
> Eliezer
>
> On 03/03/2016 08:04, Dan Ch
.co.il> wrote:
>
> Hey Dan,
>
> What dig+nslookup queries did you tested for?
>
> Eliezer
>
> On 03/03/2016 07:39, Dan Charlesworth wrote:
>> Right now we have 1 squid box (out of a lot), running 3.5.13, which does
>> something like this for
Right now we have 1 squid box (out of a lot), running 3.5.13, which does
something like this for every request, taking about 10 seconds:
2016/03/03 16:30:48.883 kid1| 78,3| dns_internal.cc(1794) idnsPTRLookup:
idnsPTRLookup: buf is 43 bytes for 10.100.128.1, id = 0x733a
2016/03/03 16:30:48.883
I’m just catching up with this one, but we’ve observed some memory leaks on a
small percentage of our boxes, which we migrated to Peek & Splice late last
year.
We’re on 3.5.13, about to move to 3.5.15.
What’s the least disruptive way to keep this under control, if there is one?
Is there
)
But now I can’t even a source for that … I need to spend some quality time with
Google I think.
> On 24 Feb 2016, at 5:50 AM, Amos Jeffries <squ...@treenet.co.nz> wrote:
>
> On 23/02/2016 1:05 p.m., Dan Charlesworth wrote:
>> I'm bumping this question back up, because I al
I'm bumping this question back up, because I also would like to know.
We'd rather not need users of our squid-based software to need to deploy
new CentOS 7 servers to run it.
On 12 February 2016 at 19:59, Jason Haar wrote:
> Hi there
>
> Given the real work on ssl-bump
It's been a while since I've looked at this—because the software we use to
generate our squid.conf just works around now—but we found that Squid 3
would only enforce exactly half the configured rate on HTTP requests but
enforce the full rate on HTTPS requests.
So we now make two delay pools for
It’s been a far superior client experience to bumping on the deployments I’ve
seen. Obviously MITM-ing a connection is always going to be a less amenable
situation for clients; technically and ethically.
The only problem I’ve had with splicing is this Host Header Forgery error squid
has when
gt;
> On 25/11/2015 12:20 p.m., Dan Charlesworth wrote:
>> Thanks for the perspective on this, folks.
>>
>> Going back to the technical stuff—and this isn’t really a squid thing—but is
>> there any way I can minimise this using my DNS server?
>>
>> Can
Thanks for the perspective on this, folks.
Going back to the technical stuff—and this isn’t really a squid thing—but is
there any way I can minimise this using my DNS server?
Can I force my local DNS to only ever return 1 address from the pool on a
hostname I’m having trouble with?
> On 30
of IPs
apparently at random.
> On 29 Oct 2015, at 3:46 PM, Amos Jeffries <squ...@treenet.co.nz> wrote:
>
> On 29/10/2015 1:16 p.m., Dan Charlesworth wrote:
>> It looks like there’s certain hosts that are designed to load balance (or
>> something) between a few I
the client and the proxy are going to get the same IPs at the same
time.
What is one to do about that?
> On 22 Oct 2015, at 10:00 PM, Yuri Voinov <yvoi...@gmail.com> wrote:
>
>
>
> 22.10.15 15:58, Amos Jeffries пишет:
>> On 21/10/2015 4:53 p.m., Dan Charlesw
I’m getting these very frequently for api.github.com and github.com
I’m using the same DNS servers as my intercepting squid 3.5.10 proxy and they
only return the one IP when I do an nslookup as well …
Any updates from your end, Roel?
> On 8 Oct 2015, at 8:29 PM, Eliezer Croitoru
Amos -
I’m going to assume that request was directed at Alex, as I don’t have editor
access to the wiki. Let me know if not.
> On 16 Oct 2015, at 4:22 PM, Amos Jeffries wrote:
>
> Can you please add to the Troubleshooting section at the end of
>
Great, thanks. Don’t know why I didn’t think of it before but I’ll try
elevating it from Login -> System keychain and see what happens.
> On 16 Oct 2015, at 11:51 AM, Jason Haar <jason_h...@trimble.com> wrote:
>
> On 16/10/15 13:34, Dan Charlesworth wrote:
>> Th
ason_h...@trimble.com> wrote:
>
> On 16/10/15 13:08, Dan Charlesworth wrote:
>> ORLY
>>
>> I seem to recall this happening on 10.10 as well, but it could be an El
>> Capitan thing. Do you mind reminding me of your squid config Jason?
>
> With my config I trying to
anything to do with Elliptic Curves or pinning
>
> Jason
>
> On 15/10/15 12:19, Alex Rousskov wrote:
>> On 10/14/2015 05:00 PM, Dan Charlesworth wrote:
>>
>>> I feel like if server-first is working there must be *some*
>>> combination of peek/s
, and Jason for your help on this.
> On 16 Oct 2015, at 11:55 AM, Dan Charlesworth <d...@getbusi.com> wrote:
>
> Great, thanks. Don’t know why I didn’t think of it before but I’ll try
> elevating it from Login -> System keychain and see what happens.
>
>> On 16 Oct
to use server-first if they decide to
employ bumping, so if any of you smart people have any other suggestions,
please send them through.
Thanks
> On 15 Oct 2015, at 1:34 AM, Alex Rousskov <rouss...@measurement-factory.com>
> wrote:
>
> On 10/13/2015 09:08 PM, Dan
t 2:39 PM, Dan Charlesworth <d...@getbusi.com> wrote:
>
> ¯\_(ツ)_/¯
>
> All I really have to go on is those errors com.apple.WebKit.Networking is
> logging which apparently points to a specific thing it’s missing called
> “forward transport security”. Only the peek@st
aar <jason_h...@trimble.com> wrote:
>
> On 14/10/15 16:08, Dan Charlesworth wrote:
>> I thought that fixed it for a second …
>>
>> But in reality ssl_bump peek step1 & ssl_bump bump step3 is actually
>> splicing everything, it seems.
>>
>> Any
I thought that fixed it for a second …
But in reality ssl_bump peek step1 & ssl_bump bump step3 is actually splicing
everything, it seems.
Any other advice? :-)
> On 14 Oct 2015, at 1:51 PM, Amos Jeffries <squ...@treenet.co.nz> wrote:
>
> On 14/10/2015 1:13 p.m., Dan
Throwing this out to the list in case anyone else might be trying to get SSL
Bump to work with the latest version of Safari.
Every other browser on OS X (and iOS) is happy with bumping for pretty much all
HTTPS sites, so long as the proxy’s CA is trusted.
However Safari throws generic “secure
Same here—I've been meaning to ask the list about this too. I’m still on 3.5.9,
by the way.
> On 6 Oct 2015, at 10:55 PM, Roel van Meer wrote:
>
> Hi everyone,
>
> I have a Squid setup on a linux box with transparent interception of both
> http and https traffic. Everything
It seems there’s no way to get the equivalent of the `dst` internal ACL into an
external ACL. %DST returns the hostname from DNS not the origin IP.
Am I missing something? Perhaps there's a more creative way to pass the IP to
an external ACL regardless of what the hostname is?
Thanks!
Thanks for all the info here, people.
This is probably because of some other dumb thing I’m doing in my ssl_bump
config, but if I change ssl_bump peek step1 to ssl_bump peek all, I get this
assertion failure:
PeerConnector.cc:747: "!callback"
> On 9 Sep 2015, at 6:59 pm, Amos Jeffries
10.0.1.7 TCP_TUNNEL 200 13741 CONNECT
192.30.252.126:443 api.github.com - splice - ORIGINAL_DST/192.30.252.126 -
> On 8 Sep 2015, at 5:39 pm, Dan Charlesworth <d...@getbusi.com> wrote:
>
> Thanks Amos.
>
> To clarify about the user agents: I’m talking about anything with a (log
t log a UA when an explicit CONNECT
does.
> On 8 Sep 2015, at 5:17 pm, Amos Jeffries <squ...@treenet.co.nz> wrote:
>
> On 8/09/2015 5:36 p.m., Dan Charlesworth wrote:
>> Hello all
>>
>> I’ve been testing out an SSL bumping config using 3.5.8 for the last week or
Hello all
I’ve been testing out an SSL bumping config using 3.5.8 for the last week or so
and am scratching my head over a couple of things.
First, here’s my config (shout out to James Lay):
acl tcp_level at_step SslBump1
acl client_hello_peeked at_step SslBump2
acl bump_bypass_domains
I’m trying to figure out if there’s a way to avoid those 0 byte “peeked”
requests being processed by the rest of our external ACLs etc. by allowing them
early on in the transaction.
Unfortunately there doesn’t seem to be a way to target just those ones with
http_access—the TAG_NONE isn’t an
least, slapped in the back of the head.
On 8/6/2015 6:44 PM, Dan Charlesworth wrote:
This used to just cause a WARNING right? Is this really a good enough
reason to stop Squid from starting up?
2015/08/07 09:25:43| ERROR: '.ssl.gstatic.com
http://ssl.gstatic.com/' is a subdomain
This used to just cause a WARNING right? Is this really a good enough reason to
stop Squid from starting up?
2015/08/07 09:25:43| ERROR: '.ssl.gstatic.com http://ssl.gstatic.com/' is a
subdomain of '.gstatic.com http://gstatic.com/'
2015/08/07 09:25:43| ERROR: You need to remove
antony.st...@squid.open.source.it
wrote:
On Monday 03 August 2015 at 08:06:35 (EU time), Dan Charlesworth wrote:
Probably a lot of forward proxy users here have encountered applications
which, if they can’t get their web requests through the proxy (because of
407 Proxy Auth Required
Hey folks
Is 3.4.14 going to be a thing or should we be moving to v3.5 if we want new
bug fixes?
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
It's also worth pointing out that your messages are getting flagged as Spam
by Gmail, which probably isn't helping visibility.
On 23 June 2015 at 06:11, mohammad al_luha...@yahoo.com wrote:
why is no-one answering this ?!!
BTW, i tried the kernel patch 2.6.35 from ZPH, it worked
Thanks Amos. We're using the CONNECT ACL and everything is working as
expected.
On 29 April 2015 at 20:28, Amos Jeffries squ...@treenet.co.nz wrote:
On 29/04/2015 5:44 p.m., dan wrote:
I mentioned last time that we had to x2 all our delay_parameter’s
bytes because of a weird bug where squid
=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m64 -mtune=generic -fPIC'
'PKG_CONFIG_PATH=/usr/lib64/pkgconfig:/usr/share/pkgconfig'
--enable-ltdl-convenience
On 28 Mar 2015, at 3:11 am, Dan Charlesworth d...@getbusi.com wrote:
Roger—thanks for heads up Amos.
On Fri
Bumping this because I think it might have gone into the black hole the other
night.
On 23 Mar 2015, at 5:44 pm, Dan Charlesworth d...@getbusi.com wrote:
Turns out it’s also shitting the bed whenever I go to an SSL site now that
I’ve added --enable-storeio=rock:
2015/03/23 17:40:13 kid1
will upload them to the bug.
Thanks folks.
On 25 March 2015 at 09:28, Dan Charlesworth d...@getbusi.com wrote:
Resending this after the last attempt went into the mail server black hole:
Hey Amos
I decided I’m not confident enough in 3.5.HEAD, after last time, to go
back into production
p.m., Dan Charlesworth wrote:
Thanks Amos.
I'll put together a build with the upcoming snapshot on Monday, might
even try disabling optimization for it too.
Please do. If you're only getting 40 RPS out of the proxy during the
test its hard to see how not optimizing the code could
posted
before?
Kind regards
Dan
On 19 Mar 2015, at 5:18 pm, Amos Jeffries squ...@treenet.co.nz wrote:
On 19/03/2015 6:36 p.m., Dan Charlesworth wrote:
Hey y’all
Finally got 3.5.2 running. I was under the impression that using
server-first SSL bump would still be compatible, despite all
0x4135 in ?? ()
No symbol table info available.
#14 0x0020 in ?? ()
No symbol table info available.
#15 0x in ?? ()
No symbol table info available.
On 16 Mar 2015, at 6:18 pm, Amos Jeffries squ...@treenet.co.nz wrote:On 16/03/2015 7:16 p.m., Dan Charlesworth
then it means that the
issue is related to the way SMP can make a ufs\aufs cache_dir dirty and
there for the answer would be pretty simple to the issue in hands.
Eliezer
On 20/03/2015 00:32, Dan Charlesworth wrote:
Hi John
This bug has been affecting me on an off for a while as well. I
., Dan Charlesworth wrote:
Hey again Amos -
Unfortunately the patch for #4206 won’t apply to squid-3.4.12. I was going
to try creating a new one but couldn’t find an equivalent line in
client_side.cc for that version.
I guess the #4206 issue doesn’t apply to v3.4.x after all?
Correct. Oh
seen this issue frequently when I reduced my cache size,
from 70 GB to 30 GB now.
Regards
On 3/19/15, Dan Charlesworth d...@getbusi.com wrote:
Hey Eliezer
I don't actually use SMP. I could be wrong about the aufs thing; I haven't
personally tested—and don't currently plan to test—any other
Hey y’all
Finally got 3.5.2 running. I was under the impression that using server-first
SSL bump would still be compatible, despite all the Peek Splice changes, but
apparently not. Hopefully someone can explain what might be going wrong here ...
Using the same SSL Bump config that we used for
,
eliezer already made binary for centos 6.x, you just missed perl modules and
pinger need to have correct permission.
On Wed, Mar 18, 2015 at 11:54 AM, Dan Charlesworth d...@getbusi.com
mailto:d...@getbusi.com wrote:
*Tory — sorry.
On 18 Mar 2015, at 3:49 pm, Dan Charlesworth d
.
Tory
Sent via the wild blue yonder
On Mar 17, 2015, at 20:16, Dan Charlesworth d...@getbusi.com
mailto:d...@getbusi.com wrote:
Hey Eliezer
Do you have any plans to maintain a Squid 3.5.x rpm for CentOS 6?
I can see you’ve published one for CentOS 7. In fact I tried to use your
Bumpity bump
Had this go down exactly the same way this past Monday at Deployment #1.
On 10 Mar 2015, at 4:51 pm, Dan Charlesworth d...@getbusi.com wrote:
Hey folks
After having many of our systems running Squid 3.4.12 for a couple of weeks
now we had two different deployments fail
Hey folks
After having many of our systems running Squid 3.4.12 for a couple of weeks now
we had two different deployments fail today due to SSL DB corruption.
Never seen this in almost 9 months of SSL bump being in production and there
were no problems in either cache log until the “wrong
Alright I got abrtd on board, finally.Here’s a a backtrace from this morning (bt and bt full versions included separately):#0 0x00397e232625 in raise (sig=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1 0x00397e233e05 in abort () at abort.c:92
#2 0x005656ef in xassert
a fake acl that will match all requests
instead of using an external_acl helper that will help you to select the
100MB limit.
On 20/02/2015 05:34, Dan Charlesworth wrote:
Installed v3.4.12 and almost went a whole day without this crash.
Ended up rearing its head during a spike in traffic after
Thanks Amos -
So then it more than likely is related to our external ACLs that deal with the
HTTP response?
On 20 Feb 2015, at 5:06 pm, Amos Jeffries squ...@treenet.co.nz wrote:
On 20/02/2015 5:46 p.m., Eliezer Croitoru wrote:
Hey Dan,
The basic rule of thumb in programming lands is
its impact?
Thanks
Dan
On 12 February 2015 at 09:51, Dan Charlesworth d...@getbusi.com wrote:
Hey Eliezer
With the response_size_100 ACL definition:
- 100 tells the external ACL the limit in MB
- 192.168.0.10 tells the external ACL the squid IP
I think one or both of these is only needed
other info I can provide that might point towards
the cause of this crash.
And thanks again for taking a look.
On 3 Feb 2015, at 2:49 pm, Dan Charlesworth d...@getbusi.com wrote:
Hi Eliezer
Thanks for paying attention, as always. I’m working on getting an
(appropriately censored) example
,
Eliezer
On 02/02/2015 01:14, Dan Charlesworth wrote:
Bumping this one for the new year 'cause I still don't understand squid
traces and because it's still happening with v3.4.11.
I would speculate that's it's something to do with the External ACLs
(there's a bunch). Let me know if a more
help.
On 2 February 2015 at 10:14, Dan Charlesworth d...@getbusi.com wrote:
Bumping this one for the new year 'cause I still don't understand squid
traces and because it's still happening with v3.4.11.
I would speculate that's it's something to do with the External ACLs
(there's a bunch). Let me
Wasn't somebody saying that you'd need write an External ACL to evaluate
the SNI host because dstdomain isn't hooked into that code (yet? ever?)?
On 27 January 2015 at 08:33, Jason Haar jason_h...@trimble.com wrote:
Well the documentation says
# SslBump1: After getting TCP-level and HTTP
I was recently receiving this (incredibly vague) error. Turns out my squid user
didn’t have permission to read the keytab.
On Sat, Oct 25, 2014 at 8:37 PM, Pedro Lobo pal...@gmail.com wrote:
Hi Markus,
I used msktutil to create the keytab.
msktutil -c -s HTTP/proxy01tst.fake.net -h
80 matches
Mail list logo