[squid-users] Simple REGEX not working...

eds. I'm on Debian 10 and am unable to determine which RE library Debian compiled Squid3 against (I've got a Tweet out to them to see if they can point me in the right direction). Ultimately, I would like to get Squid to use PCREs. Idea

[squid-users] Not working: http://www.squid-cache.org/cgi-bin/swish-query.cgi

Hello, The mailing list site     http://www.squid-cache.org/Support/mailing-lists.html states a search engine is available at     http://www.squid-cache.org/cgi-bin/swish-query.cgi However, going here results in a 404 not found.  Is there another search engine? --David

Re: [squid-users] squid 4.10: ssl-bump on https_port requires tproxy/intercept which is missing in secure proxy method

Thanks for the answer details How to be a sponsor ? ( cost ) of such feature Could you think it can be planned for 5.x ? I think it should be a "future" "standard" in the same way of DNS over SSL Le 19/05/2020 à 16:46, Alex Rousskov a écrit : On 18/05/20 10:15 am, David T

Re: [squid-users] Squid 4.x acl server_cert_fingerprint for bump no matches

TestFinger ssl_bump stare ssl_step2 all ssl_bump bump all But no luck, website still decrypted. Le 13/05/2020 à 21:33, Alex Rousskov a écrit : On 5/12/20 7:42 AM, David Touzeau wrote: ssl_bump peek ssl_step1 ssl_bump splice TestFinger ssl_bump stare ssl_step2 all ssl_bump bump all Seems TestFinger

[squid-users] squid 4.10: ssl-bump on https_port requires tproxy/intercept which is missing in secure proxy method

Hi we want to use squid as * * * Secure Proxy * * * using https_port We have tested major browsers and it seems working good. To make it work, we need to deploy the proxy certificate on all browsers to make the secure connection running. In this case, squid forward requests without decryptin

[squid-users] Squid 4.x acl server_cert_fingerprint for bump no matches

Hi, i'm trying to play with acl "server_cert_fingerprint" for splicing websites. First, get the fingerprint : openssl s_client -host www.clubic.com -port 443 2> /dev/null | openssl x509 -fingerprint -noout # Build the acl acl TestFinger server_cert_fingerprint 77:F6:8D:C1:0A:DF:94:8B:43

[squid-users] TCP Fast open and squid4

Hi Is Squid handle TCP Fast open on modern kernel ? Has anyone tried to implement this directive and noticed a performance improvement ? Best regards. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listin

Re: [squid-users] squid v4: logformat log the last denied ACL object

Le 15/04/2019 à 22:41, Alex Rousskov a écrit : On 4/15/19 8:01 AM, David Touzeau wrote: Is it possible, sometimes to better understand a bunch of ACLs to log the last matches or a set of matched acls objects: 192.168.1.235 - - [15/Apr/2019:15:59:30 +0200] "GET http://www.msftncsi.com/ncs

Re: [squid-users] Why Squid on CentOS is faster than Debian ?

Le 02/04/2019 à 10:39, Amos Jeffries a écrit : On 2/04/19 8:53 pm, L.P.H. van Belle wrote: I suggest start compairing the logs you posted, the builds are really different. Differences in - kernel - needed packages - build paramaters due to missing or different packages. Etc. Just diff you log

[squid-users] squid v4: logformat log the last denied ACL object

Hi Is it possible, sometimes to better understand a bunch of ACLs to log the last matches or a set of matched acls objects: example 192.168.1.235 - - [15/Apr/2019:15:59:30 +0200] "GET http://www.msftncsi.com/ncsi.txt HTTP/1.1" 200 211 "-" "curl/7.52.1" TCP_MISS:HIER_DIRECT text/plain obje

Re: [squid-users] Why Squid on CentOS is faster than Debian ?

Le 02/04/2019 à 18:06, Alex Rousskov a écrit : On 4/2/19 1:23 AM, David Touzeau wrote: Le 01/04/2019 à 23:22, Alex Rousskov a écrit : Do your Squids use shared memory for the memory cache? See memory_cache_shared (even if you do not set it explicitly). http://www.squid-cache.org/Doc/config

Re: [squid-users] Why Squid on CentOS is faster than Debian ?

Le 02/04/2019 à 07:43, L A Walsh a écrit : On 4/1/2019 2:17 AM, David Touzeau wrote: We have recompiled same squid version on 2 systems https://github.com/dtouzeau/1.6.x/blob/Tempfiles/centos7-config.log?raw=true --- Result was CentOS 44

Re: [squid-users] Why Squid on CentOS is faster than Debian ?

Le 01/04/2019 à 23:22, Alex Rousskov a écrit : On 4/1/19 3:17 AM, David Touzeau wrote: On 30.03.19 10:22, David Touzeau wrote: * Debian 9 net install + Squid compiled * CentOS 7 minimal  + Squid compiled Same version, same compilation parameters, same Squid settings. It seems that Squid on

Re: [squid-users] Why Squid on CentOS is faster than Debian ?

Le 01/04/2019 à 00:23, David Touzeau a écrit : Le 31/03/2019 à 05:50, Amos Jeffries a écrit : On 31/03/19 3:41 am, David Touzeau wrote: On 30.03.19 10:22, David Touzeau wrote: Did you have perform squid stress on Debian against CentOS ? I have installed: * Debian 9 net install + Squid

Re: [squid-users] Why Squid on CentOS is faster than Debian ?

Le 31/03/2019 à 05:50, Amos Jeffries a écrit : On 31/03/19 3:41 am, David Touzeau wrote: On 30.03.19 10:22, David Touzeau wrote: Did you have perform squid stress on Debian against CentOS ? I have installed: * Debian 9 net install + Squid compiled * CentOS 7 minimal  + Squid compiled Same

Re: [squid-users] Why Squid on CentOS is faster than Debian ?

On 30.03.19 10:22, David Touzeau wrote: Did you have perform squid stress on Debian against CentOS ? I have installed: * Debian 9 net install + Squid compiled * CentOS 7 minimal  + Squid compiled Same version, same compilation parameters, same Squid settings. It seems that Squid on CentOS

[squid-users] Why Squid on CentOS is faster than Debian ?

Hi all, Did you have perform squid stress on Debian against CentOS ? I have installed: * Debian 9 net install + Squid compiled * CentOS 7 minimal  + Squid compiled Same version, same compilation parameters, same Squid settings. It seems that Squid on CentOS is 10 times faster than squid on

Re: [squid-users] squid 4.x: decided: do not cache but share because the entry has been released

[squid-users] squid 4.x: decided: do not cache but share because the entry has been released On 2/23/19 10:17 AM, Amos Jeffries wrote: > On 24/02/19 5:33 am, David Touzeau wrote: >> http.cc(982) haveParsedReplyHeaders: decided: do not cache but share >> because the entry has been

[squid-users] squid 4.x: decided: do not cache but share because the entry has been released

Hi I'm trying to store in cache an Internet file Run the squid in debug mode says: http.cc(982) haveParsedReplyHeaders: decided: do not cache but share because the entry has been released; HTTP status 200 What "but share because the entry has been released" event means ?

Re: [squid-users] Squid 4.x: cache_peer PROXY_PROTOCOL support with squid parents

quid-users] Squid 4.x: cache_peer PROXY_PROTOCOL support with squid parents On 23/02/19 2:45 am, David Touzeau wrote: > Hi, > > > > We would like to use this infrastructure: > > > > Squid-cache client authentication 1 > > >| > Squid Pa

[squid-users] Squid 4.x: cache_peer PROXY_PROTOCOL support with squid parents

Hi, We would like to use this infrastructure: Squid-cache client authentication 1 | > Squid Parent with ACLs per user/LDAP groups/Web filtering ---> INTERNET Squid-cache client authentication 2 Currently this kind of infrastructure cannot be done because t

Re: [squid-users] Transparent vs Tproxy: performance ?

t you confirm that this is not relevant... Best regards, -Message d'origine- De : squid-users De la part de Amos Jeffries Envoyé : samedi 1 septembre 2018 17:07 À : squid-users@lists.squid-cache.org Objet : Re: [squid-users] Transparent vs Tproxy: performance ? On 1/09/18 9:33 PM, Dav

[squid-users] Transparent vs Tproxy: performance ?

Hi We have 2 ways to make the squid in < transparent mode. > The standard Transparent method and (with modern kernels) the use of < Tproxy > method I would like to know which is the best according to the performance ? Or is it the same ? Best regards. ___

Re: [squid-users] v4.2 url_rewrite Uri.cc line 371 bad URL parsing on SSL

[squid-users] v4.2 url_rewrite Uri.cc line 371 bad URL parsing on SSL On 16/08/18 11:58, David Touzeau wrote: > Hi, > > > > I have written my own url_rewrite helper > > > > On SSL sites, the helper answering a redirect to a remote denied php page. > No your he

[squid-users] v4.2 url_rewrite Uri.cc line 371 bad URL parsing on SSL

Hi, I have written my own url_rewrite helper On SSL sites, the helper answering a redirect to a remote denied php page. With HTTP, no issue but on SSL there is a different behavior My helper return rewrite-url= https://192.168.1.122:443/myguard.php?rule-id=0

Re: [squid-users] Squid v4.1: commBind Cannot bind [::1] on SNMP with no ipv6

7/18 11:40, David Touzeau wrote: > Hi > > > > Hi, > > > > Ipv6 is not enabled on this Debian 9 system. > Nod. That would be why is cannot open IPv6 sockets. Squid is designed to comply with RFC 6540 (aka BCP 177), and to assume the machine it is running on al

[squid-users] Squid v4.1: commBind Cannot bind [::1] on SNMP with no ipv6

Hi Hi, Ipv6 is not enabled on this Debian 9 system. sysctl -a |grep ipv6|grep disable sysctl: reading key "net.ipv6.conf.all.stable_secret" sysctl: reading key "net.ipv6.conf.default.stable_secret" sysctl: reading key "net.ipv6.conf.eth0.stable_secret" net.ipv6.conf.all.disable_ipv6

Re: [squid-users] v4.0.22 error:transaction-end-before-headers using transparent SSL method

Thanks Amos for the tips. The error was a python helper that works on 3.5 but freeze on v4. Forward code to php fix the issue Thanks again ! ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-us

Re: [squid-users] v4.0.22 error:transaction-end-before-headers using transparent SSL method

Hi Amos, I did not find any documentation related to "memory-only" on sslcrtd_program features. Did you have an example ? ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] 3.5.27: Compilation failed CRYPTO_LOCK_X509 on Debian 9

-Message d'origine- De : squid-users [mailto:squid-users-boun...@lists.squid-cache.org] De la part de Amos Jeffries Envoyé : mercredi 24 janvier 2018 01:21 À : squid-users@lists.squid-cache.org Objet : Re: [squid-users] 3.5.27: Compilation failed CRYPTO_LOCK_X509 on Debian 9 Squid-3 on D

[squid-users] 3.5.27: Compilation failed CRYPTO_LOCK_X509 on Debian 9

Hi all Did anyone have encountered and fixed this issue : Make failed with the following error : /bin/bash ../../libtool --tag=CXX --mode=compile g++ -DHAVE_CONFIG_H -I../.. -I../../include -I../../lib -I../../src -I../../include -isystem /usr/include/mit-krb5 -I/usr/include/libxml

Re: [squid-users] v4.0.22 error:transaction-end-before-headers using transparent SSL method

Notice, it appears on both http/https ports Transparent Ports are freezing each 10 minutes. I mention that in normal port there is no issue, the issue can be generated only on transparent mode. De : squid-users [mailto:squid-users-boun...@lists.squid-cache.org] De la part de David

Re: [squid-users] v4.0.22 error:transaction-end-before-headers using transparent SSL method

Notice, it appears on both http/https ports, not only SSL De : squid-users [mailto:squid-users-boun...@lists.squid-cache.org] De la part de David Touzeau Envoyé : lundi 22 janvier 2018 23:39 À : squid-users@lists.squid-cache.org Objet : [squid-users] v4.0.22 error:transaction-end-before

[squid-users] v4.0.22 error:transaction-end-before-headers using transparent SSL method

Hi I'm using Squid Cache: Version 4.0.22 in transparent method After several times the SSL port going into < freeze mode > and write in logs 1516660011.849 00 192.168.1.214 NONE/000 0 NONE error:transaction-end-before-headers - Doing a squid -k reconfigure release all freeze r

[squid-users] Official Docker Image?

Would a maintainer be willing to submit a request for an official docker image of Squid? https://github.com/docker-library/official-images I would love to do this, but they need maintainers of the project to submit the request. I am certainly willing to help make a docker image for Squid, but a re

[squid-users] Recompiling Squid3 for Mips hardware, enabling captive portal?

Hello, I used Squid 2 a while back, when my networks were different. I'm now wanting to implement squid 3.x. I've got an Asus Rt-N66U router, which I believe has a Mips processor on it. I am wondering how to recompile Squid for Mips, or obtain the compilation script for the entware version of squ

[squid-users] HTTPS proxy working in non-transparent mode, failing in transparent mode

es.  HTTP proxying still works fine, but the HTTPS proxying breaks. Does anyone have any suggestions as to what to look for that may be causing that?  I don't understand what could break just switching between non-transparent and transparent modes. -David

Re: [squid-users] source spoofing without tproxy?

That's very helpful guidance, Alex. Thank you. It's probably not in scope currently for me to take on championing such an effort, but I'll keep it in mind as an option for the future. David On Tue, Jun 13, 2017 at 2:43 PM, Alex Rousskov < rouss...@measurement-factory.com&g

Re: [squid-users] source spoofing without tproxy?

On Tue, Jun 13, 2017 at 3:15 AM, Amos Jeffries wrote: > On 13/06/17 18:14, David Kewley wrote: > >> This might be of help if you are not already aware of the risks and >> issues involved with spoofing and handling of non-local IPs; < >> http://www.bcp38.info/> >

Re: [squid-users] source spoofing without tproxy?

Thanks for your reply, Amos. On Mon, Jun 12, 2017 at 9:50 PM, Amos Jeffries wrote: > On 13/06/17 13:48, David Kewley wrote: > >> I want my clients to explicitly address squid as a proxy (not use >> tproxy), but have squid spoof the source addresses in the forwarded >

[squid-users] source spoofing without tproxy?

nd no way to do it with forward proxying. Nginx doesn't do https forward proxying (no handling of CONNECT). If squid can't do what I'm looking for today, I would welcome pointers to other possible approaches. Thanks, David ___ squid-user

Re: [squid-users] 3.5.25: (71) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

Added Symantec Class 3 Secure Server CA - G4 VeriSign Class 3 Public Primary Certification Authority - G5 Same issue :=( -Message d'origine- De : Yuri Voinov [mailto:yvoi...@gmail.com] Envoyé : vendredi 28 avril 2017 19:31 À : Rafael Akchurin ; David Touzeau ; squid-

Re: [squid-users] 3.5.25: (71) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

De : Yuri Voinov [mailto:yvoi...@gmail.com] Envoyé : jeudi 27 avril 2017 23:26 À : David Touzeau ; squid-users@lists.squid-cache.org Objet : Re: [squid-users] 3.5.25: (71) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE) Be careful with intermediate CA's you grabbed. Check they validity

Re: [squid-users] 3.5.25: (71) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

ail.com] Envoyé : jeudi 27 avril 2017 22:52 À : David Touzeau ; squid-users@lists.squid-cache.org Objet : Re: [squid-users] 3.5.25: (71) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE) Squid can't have any intermediate certificates. As by as root CA's. You can use this: # TAG: ss

Re: [squid-users] 3.5.25: (71) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

users@lists.squid-cache.org Objet : Re: [squid-users] 3.5.25: (71) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE) Look. It can be intermediate certificates issue. Does Squid have Symantec intermediate certificates? 27.04.2017 22:47, David Touzeau пишет: > Hi, > I'm unable to

[squid-users] 3.5.25: (71) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

Hi, I'm unable to access to https://www.boutique.afnor.org website. I would like to know if this issue cannot be fixed and must deny bump website to fix it. Without Squid the website is correctly displayed Squid claim an error page with "(71) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)"

Re: [squid-users] [3.5.23]: mozilla.org failed using SSL transparent SSL23_GET_SERVER_HELLO:unknown protocol

-Message d'origine- De : squid-users [mailto:squid-users-boun...@lists.squid-cache.org] De la part de David Touzeau Envoyé : mardi 24 janvier 2017 11:42 À : squid-users@lists.squid-cache.org Objet : Re: [squid-users] [3.5.23]: mozilla.org failed using SSL transp

Re: [squid-users] [3.5.23]: mozilla.org failed using SSL transparent SSL23_GET_SERVER_HELLO:unknown protocol

This is a different log trace from David's. Here Squid is setting up a TUNNEL to the clients original dst-IP, successfully. Any TLS funky stuff going on for this transaction is done directly between server and client. Squid's only involvement is to peek at the Hello messages and record them for i

Re: [squid-users] [3.5.23]: mozilla.org failed using SSL transparent SSL23_GET_SERVER_HELLO:unknown protocol

/2017 12:28 p.m., David Touzeau wrote: > Same issue with https://www.digitalocean.com/ is somebody did not > encounter the issue using Squid in transparent mode with SSL ?? > The TLS / HTTP Senvironment is in the process of stabilizing, but still quite volatile. Since the error mes

Re: [squid-users] [3.5.23]: mozilla.org failed using SSL transparent SSL23_GET_SERVER_HELLO:unknown protocol

Same issue with https://www.digitalocean.com/ is somebody did not encounter the issue using Squid in transparent mode with SSL ?? -Message d'origine- De : squid-users [mailto:squid-users-boun...@lists.squid-cache.org] De la part de David Touzeau Envoyé : dimanche 22 janvier 2017

[squid-users] [3.5.23]: mozilla.org failed using SSL transparent SSL23_GET_SERVER_HELLO:unknown protocol

Hi I'm using SSL transparent method : https_port 0.0.0.0:53695 intercept disable-pmtu-discovery=transparent name=MyPortNameID22 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl/cb623e9bfc65772f68b84393604cd6ea.dyn sslproxy_foreign_intermediate_certs

Re: [squid-users] 3.5.23: Retreive pairs in note acl

> I have created an external helper that return OK a=note1 > > What is the correct line to retrieve the correct note ? acl annotatedWithANote1 note a note1 http_access deny annotatedWithANote1 Alex. > acl aclname note [-m[=delimiters]] name [value ...] > # match transaction annotation

[squid-users] 3.5.23: Retreive pairs in note acl

Hi I have created an external helper that return OK a=note1 By adding tags in logs I see correctly that squid writes in log, "a:%20note1" But I cannot match this note in acls both test1 and test2 test3 not matches the added tag Acl test1 note a:note1 Acl test2 note a=note1 Acl test3 note:%20n

Re: [squid-users] [3.5x]: identd lookup made before proxy_protocol checking and failed [help]

ailed [help] On 2017-01-06 22:12, David Touzeau wrote: > Added in bugtrack > > http://bugs.squid-cache.org/show_bug.cgi?id=4657 > > > -Message d'origine- > De : David Touzeau > > Hi, > > We need to use ident daemon in order to authenticate users. >

Re: [squid-users] [3.5x]: identd lookup made before proxy_protocol checking and failed [help]

Added in bugtrack http://bugs.squid-cache.org/show_bug.cgi?id=4657 -Message d'origine- De : squid-users [mailto:squid-users-boun...@lists.squid-cache.org] De la part de David Touzeau Envoyé : jeudi 5 janvier 2017 17:10 À : squid-users@lists.squid-cache.org Objet : [squid-users]

[squid-users] [3.5x]: identd lookup made before proxy_protocol checking and failed [help]

Hi, We need to use ident daemon in order to authenticate users. Squid works fine when computers are directly connected to the proxy. We have added HaProxy * * * Load-balancer * * * using *proxy_protocol* between users and 2 Squid proxies With the load balancer, squid want to query identd port

Re: [squid-users] Squid freeze each hour.

6-12-20 21:42, David Touzeau wrote: > Is there any way to disabling Cache digest without need to recompile > squid ? Hi, Use "digest_generation off". http://www.squid-cache.org/Doc/config/digest_generation/ Garri ___ squid-user

Re: [squid-users] Squid freeze each hour.

Hi Alex, Is there any way to disabling Cache digest without need to recompile squid ? -Message d'origine- De : Alex Rousskov [mailto:rouss...@measurement-factory.com] Envoyé : mardi 20 décembre 2016 17:21 À : squid-users@lists.squid-cache.org Cc : David Touzeau Objet : Re: [squid-

Re: [squid-users] Squid freeze each hour.

_EXPIRES 2016/12/20 15:27:41.533 kid1| 71,6| store_digest.cc(288) storeDigestAdd: storeDigestAdd: added entry, key: A1F5E4243AA2BD14C147D180CBD5022F -Message d'origine- De : Eliezer Croitoru [mailto:elie...@ngtech.co.il] Envoyé : mardi 20 décembre 2016 14:30 À : 'David Touzeau

Re: [squid-users] Squid freeze each hour.

using ssl-bump? --> No Are you using it with multiple cores? --> Only one core Can you attach the squid.conf( removing the confidential details) to this email? -Message d'origine- De : Eliezer Croitoru [mailto:elie...@ngtech.co.il] Envoyé : mardi 20 décembre 2016 14:30 À

[squid-users] Squid freeze each hour.

Hi I'm using the 3.5.23, each hour, the proxy port did not respond for 3 to 10 minutes. During the freeze have made a -k debug to see whats happening. Here a piece of log of the log during the freeze: Is there something relevant ?: 2016/12/20 12:09:09.072 kid1| 71,6| store_digest.cc(226) storeDi

Re: [squid-users] cache_peer and PROXY protocol

on it... >> -Message d'origine- De : squid-users [mailto:squid-users-boun...@lists.squid-cache.org] De la part de Amos Jeffries Envoyé : lundi 19 décembre 2016 13:20 À : squid-users@lists.squid-cache.org Objet : Re: [squid-users] cache_peer and PROXY protocol On 20/12/2016 12:44 a.m., Da

[squid-users] cache_peer and PROXY protocol

Hi Squid accept "Proxy protocol" in http_port, is there a chance to see "PROXY Protocol" supported in cache_peer if you need to link 2 squid ? Best regards. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org

Re: [squid-users] clt_conn_tag and url_rewrite_program

On 17/11/2016 1:50 a.m., David Touzeau wrote: > > > Hi, > > I have my own redirector and i want to play with the clt_conn_tag but > i encounter some issues ( perhaps for misunderstanding ) > > url_rewrite_program /usr/share/artica-postfix/filter.py > url_rewrite_c

[squid-users] clt_conn_tag and url_rewrite_program

Hi, I have my own redirector and i want to play with the clt_conn_tag but i encounter some issues ( perhaps for misunderstanding ) url_rewrite_program /usr/share/artica-postfix/filter.py url_rewrite_children 10 startup=1 idle=1 concurrency=4 url_rewrite_extras "%>a/%>A %un %>rm myip=%la myport

[squid-users] New error on version 3.5.19

36 -0500] "CONNECT guzzoni.apple.com:443 HTTP/1.1" 200 3475 "-" "com.apple.siri.analyzer/1 CFNetwork/808.0.2 Darwin/16.0.0" TCP_TUNNEL:HIER_DIRECT guzzoni.apple.com:443 333.444.5.66 - - [26/Sep/2016:12:49:37 -0500] "CONNECT guzzoni.apple.com:443 HTTP/1.1" 200

[squid-users] Squid Samba 4 and ntlm_auth concurrency question

amba 4 building in some concurrency itself into ntlm_auth but I'm not sure that this is fully supported. So my question is what is the current state of play for squid 3.x (and upcoming squid 4) with respect to negotiate and ntlm concurrency with samba4 ? -- David Webb (CISSP-ISSAP) I

Re: [squid-users] squid refresh_pattern / cache question

Jeffries Sent: Tuesday, August 09, 2016 6:12 PM To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] squid refresh_pattern / cache question On 10/08/2016 10:43 a.m., Berkes, David wrote: > > I have a question about the caching mechanism and "refresh_pattern" > speci

[squid-users] squid refresh_pattern / cache question

I have a question about the caching mechanism and "refresh_pattern" specifically. I had the following configured for my company. Lateley there have been complaints that people are seeing old pages and not the recent content...specifically when going to www.bbc.com. Im not

Re: [squid-users] Preparing for shutdown after xxx requests

we have reinstalled cleanly Squid, have squid -z and it works for some time, then squid terminates with: DiskThreadsDiskFile::openDone: (2) No such file or directory the original config file is the one below. thank you - David 2016/06/24 06:26:53 kid1| Set Current Directory to /var/cache

[squid-users] Preparing for shutdown after xxx requests

So far Squid worked nice, but recently it shutdown again and again with: Preparing for shutdown after xxx requests has someone a hint what that causes squid to shutdown Squid Cache: Version 3.5.19 on Archlinux free -h: total usedfree shared Puffer/

Re: [squid-users] ACL is used in context without an HTTP response. Assuming mismatch

ists.squid-cache.org Objet : Re: [squid-users] ACL is used in context without an HTTP response. Assuming mismatch On 13/05/2016 7:06 p.m., David Touzeau wrote: > Thanks Alex > > Any ACLs tips to avoid these warning ? or just assume it's normal in this > situation... ? > Ye

Re: [squid-users] ACL is used in context without an HTTP response. Assuming mismatch

Thanks Alex Any ACLs tips to avoid these warning ? or just assume it's normal in this situation... ? -Message d'origine- De : Alex Rousskov [mailto:rouss...@measurement-factory.com] Envoyé : vendredi 13 mai 2016 00:40 À : squid-users@lists.squid-cache.org Cc : David Touz

[squid-users] ACL is used in context without an HTTP response. Assuming mismatch

Hi I did not want squid to log it's TCP_DENIED/407 when sending authentication to browsers I think this acl should work acl CODE_TCP_DENIED http_status 407 access_log none CODE_TCP_DENIED But squid claim : 2016/05/12 23:44:07 kid1| WARNING: CODE_TCP_DENIED ACL is used in conte

Re: [squid-users] High CPU usage

We have the same issue when upgrading to 3.5.16 3.5.16 -> squid take 100% CPU Back to 3.5.13 -> 12% CPU -Message d'origine- De : squid-users [mailto:squid-users-boun...@lists.squid-cache.org] De la part de Amos Jeffries Envoyé : vendredi 15 avril 2016 13:23 À : squid-users@lists.squid-ca

Re: [squid-users] Possible SSL Bug in v3.5.13?

,CIPHER_SERVER_PREFERENCE I don't know if this is a bug or expected behavior, so defer to you. If you'd like me to submit a bug request, I can do so. Thanks again for the assistance, Dave On Wed, Jan 13, 2016 at 6:26 AM, David Marcos wrote: > Eliezer, Amos, > > Thanks very

[squid-users] Possible SSL Bug in v3.5.13?

I recently upgraded to Squid v3.5.13 and am encountering at least two errors when processing certain HTTPS connections. I am not sure if it is a bug or a configuration error on my part. The first error I am seeing is when shutterfly.com is accessed by a user. The issue occurs regardless of whethe

[squid-users] Basic auth - cache credentials

(credentialsttl) and (authenticate_ttl), but not sure if this can be accomplished. auth_param basic credentialsttl 8 hours -- David J. Berkes Piper Jaffray & Co. 800 Nicollet Mall, Suite 1000 Minneapolis, MN 55402 Office: 612.303.6412 Mobile: 612.845.5483 Email:david.j.ber...@pjc

[squid-users] pattern match on User-Agent header

Hello. I'm trying to create an ACL browser type to allow any User-Agent header with the string iPhone. I have tried this ACL various ways and cannot get it to work. Any help with the correct setup and/or regexp would be much appreciated. I have the ACL's commented out as when they are enabled,

[squid-users] [Squid 3.5.10] - Unable to cache objects from Cloudflare

Hi It seems that squid is not able to save in cache objects from CloudFlare websites. Here it is the header information: Connecting to 127.0.0.1:8182... connected. Proxy request sent, awaiting response... HTTP/1.1 200 OK Date: Thu, 19 Nov 2015 18:03:31 GMT Content-Type: image/png Set-

[squid-users] squid ACL based on OS type

I'm trying to find a way to setup an ACL to filter on only Apple IPhone (IOS). Is there a method for implementation. I'm assuming it would find the information in the header and filter on that. Thank you David Piper Jaffray & Co. Since 1895. M

Re: [squid-users] Slow read for ICAP REQMOD body

on. -Original Message- From: Alex Rousskov [mailto:rouss...@measurement-factory.com] Sent: 16 November 2015 15:07 To: squid-users@lists.squid-cache.org Cc: David Smith Subject: Re: [squid-users] Slow read for ICAP REQMOD body On 11/16/2015 07:30 AM, David Smith wrote: > I’m in the midd

[squid-users] Slow read for ICAP REQMOD body

Hi, I'm in the middle of writing an ICAP server. Reading the encapsulated body of a REQMOD message from Squid is taking 300ms. Reading the ICAP headers / HTTP headers is extremely quick. When I send a test message to the server it takes under 30ms so I don't think this is my implementation (obvi

[squid-users] icap SOPHOS SAVDI and custom errorpage

%20%20%20%20%20%20-%0D%0A%20%20%20%20%20%20EICAR-AV-Test%0D%0A%20%20%20%20%20%20-%0D%0A%20%20%20%20%20%200%0D%0AEncapsulated:%20res-hdr=0,%20null-body=345%0D%0A Is there anyway of getting this reported virusname (Virus-ID) into the custom error page ? Has anyone else got SAVDI working with Squi

Re: [squid-users] 4.0.2: ALE missing URL

Le 07/11/2015 15:07, Amos Jeffries a écrit : On 7/11/2015 11:55 p.m., David Touzeau wrote: Hi Alex, I'm using extra token %>ha{X-Forwarded-For} in helper configuration Is it help ? Where you are using that ACL is also needed. Amos _

Re: [squid-users] 4.0.2: ALE missing URL

Hi Alex, I'm using extra token %>ha{X-Forwarded-For} in helper configuration Is it help ? Le 07/11/2015 01:15, Alex Rousskov a écrit : On 11/06/2015 04:36 PM, David Touzeau wrote: Hi I'm testing the new 4.0.2 version.. Now i'm receive many errors like this in cache.log Wh

[squid-users] 4.0.2: ALE missing URL

Hi I'm testing the new 4.0.2 version.. Now i'm receive many errors like this in cache.log Whats wrong ? 2015/11/07 00:33:16 kid1| ALE missing URL 2015/11/07 00:33:16 kid1| ALE missing adapted HttpRequest object 2015/11/07 00:33:16 kid1| ALE missing URL 2015/11/07 00:33:16 kid1| ALE missing ad

Re: [squid-users] [Squid 4.x]: Truncated accounts when there is spaces in usernames

Le 25/10/2015 09:01, Amos Jeffries a écrit : On 25/10/2015 5:47 a.m., David Touzeau wrote: auth_param ntlm program /usr/bin/ntlm_auth --domain=TOUZEAU.BIZ --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 20 startup=5 idle=3 auth_param ntlm keep_alive on authenticate_ttl 14400

Re: [squid-users] [Squid 4.x]: Truncated accounts when there is spaces in usernames

Le 24/10/2015 05:44, Amos Jeffries a écrit : On 24/10/2015 1:29 p.m., David Touzeau wrote: Hi all. I'm testing squid 4.x with Active Directory connection. When there are spaces in logged accounts eg : "Jhon Rambo" squid use only the last string in logon user "Rambo"

[squid-users] [Squid 4.x]: Truncated accounts when there is spaces in usernames

Hi all. I'm testing squid 4.x with Active Directory connection. When there are spaces in logged accounts eg : "Jhon Rambo" squid use only the last string in logon user "Rambo". This corrupted account is used in all ACLS and events too and all acls matches Rambo and not "Jhon Rambo" This b

Re: [squid-users] [feature request]: Transparent FTP Proxy

There was a product that perform this way called Frox http://frox.sourceforge.net/ But this project did not support modern kernels. Currently create iptables rules on 21 port and forward to squid port did not working. FTP clients turn to timed out.. Le 04/10/2015 07:11, Amos Jeffries a écrit

[squid-users] [feature request]: Transparent FTP Proxy

Hi Since the 3.5.x branch allows FTP gateway, is there any plan to support transparent FTP proxy ? Best regards ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] [3.5.9]: Error negotiating SSL connection on FD 12: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown (1/0)

Le 02/10/2015 04:49, Amos Jeffries a écrit : On 2/10/2015 11:18 a.m., David Touzeau wrote: Dear I'm using Squid Cache: Version 3.5.9-20150922-r13918 in transparent mode with SSL hooked In my config, i did not bump any site ( just to pass SSL protocol to squid in transparent mode) I

[squid-users] [3.5.9]: Error negotiating SSL connection on FD 12: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown (1/0)

Dear I'm using Squid Cache: Version 3.5.9-20150922-r13918 in transparent mode with SSL hooked In my config, i did not bump any site ( just to pass SSL protocol to squid in transparent mode) I'm trying to connect to https://raj2796.wordpress.com In cache.log 2015/10/02 00:07:05 kid1| Accept

[squid-users] [3.5.7]: NTLM/Kerberos Account contains space

Hi, Windows Active Directory server ( such as LDAP too) allow to create account using space : "Jhon MacDoo" When using NTLM/Kerberos and when logged with an account contains space, Only the first part of the account is displayed and sent to helpers If an user is called Jhon[space]MacDoo the

Re: [squid-users] forward proxy - many users with one login/passwd.

- many users with one login/passwd. On 31/07/2015 8:55 p.m., Kinkie wrote: > On Thu, Jul 30, 2015 at 11:57 PM, Berkes, David > > wrote: > >> >> Just a basic question. I have a 3.5.0.4 forward proxy setup with >> basic authentication for my MDM proxy (iphones). All ipho

[squid-users] forward proxy - many users with one login/passwd.

Just a basic question. I have a 3.5.0.4 forward proxy setup with basic authentication for my MDM proxy (iphones). All iphones are set with the global proxy and identical user-name/password. They will be on an LTE network and will be switching IP's often. The forward proxy user-name/password

Re: [squid-users] random forward proxy authentication pop-up

Of Antony Stone Sent: Monday, July 27, 2015 11:57 AM To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] random forward proxy authentication pop-up On Monday 27 Jul 2015 at 17:21, Berkes, David wrote: > Here is the information requested. From the log, everything looks to >

Re: [squid-users] random forward proxy authentication pop-up

proxy authentication pop-up On Monday 27 Jul 2015 at 16:53, Berkes, David wrote: > I have squid configured as a forward proxy with basic authentication. > All traffic flows as expected, but periodically I get an > authentication pop-up indicating an origin server is requiring > credentials.

[squid-users] random forward proxy authentication pop-up

I have squid configured as a forward proxy with basic authentication. All traffic flows as expected, but periodically I get an authentication pop-up indicating an origin server is requiring credentials. I check the URL via non-proxy browser and does not ask for proxy credentials? So to summa

<    1   2   3   >