Re: [squid-users] X-Forwarded-For

Interesting. I will check later. Thanks! On Fri, Nov 9, 2018 at 9:54 PM Amos Jeffries wrote: > On 10/11/18 3:15 PM, Michael Pelletier wrote: > > Perhapse your Squid has been patched to remove it ? > > > > I am running 3.5.28. I have not installed any patches. > > >

Re: [squid-users] X-Forwarded-For

" On Fri, Nov 9, 2018 at 7:35 PM Amos Jeffries wrote: > On 10/11/18 9:05 AM, Michael Pelletier wrote: > > Hello, > > I am running squid 3.5.28 and for some reason I can not get > > X-Forwarded-For added to the http headers. I have "forwarded_for on" and > &g

[squid-users] X-Forwarded-For

Hello, I am running squid 3.5.28 and for some reason I can not get X-Forwarded-For added to the http headers. I have "forwarded_for on" and "via on" set in the squid.conf. Any ideas why this will not work? -- *Disclaimer: *Under Florida law, e-mail addresses are public records. If you do n

Re: [squid-users] Collecting squid logs to DB

Check out Logstash *https://www.elastic.co/products/logstash * On Sat, May 5, 2018 at 2:25 AM, Amos Jeffries wrote: > On 05/05/18 17:19, Amos Jeffries wrote: > > On 05/05/18 10:20, Alex K wrote: > >> Hi all, > >> > >> I had a previous setup on Debian 7

Re: [squid-users] sslpassword_program

Check your file permissions on the key. On Dec 18, 2016 2:13 PM, wrote: > I'm having trouble getting the sslpassword_program working for an > encrypted key. Config looks like this: > > sslpassword_program /usr/local/bin/pass.sh > https_port 10.10.10.1:443 accel vhost cert=/etc/squid/www.crt > k

Re: [squid-users] No matter what I do I can not get %ssl:>sni (or other %ssl) to log

Thanks! On Thu, Sep 29, 2016 at 11:12 PM, Amos Jeffries wrote: > On 30/09/2016 12:55 p.m., Alex Rousskov wrote: > > On 09/29/2016 05:44 PM, Michael Pelletier wrote: > >> In the squid.conf.documented, it looks like I can log the server > >> certificate as wel

Re: [squid-users] No matter what I do I can not get %ssl:>sni (or other %ssl) to log

In the squid.conf.documented, it looks like I can log the server certificate as well as the client certificate # %ssl::>sniSSL client SNI sent to Squid # %ssl::{Header}HTTP request header "Header" On Thu, Sep 29, 2016 at 7:09 PM, Michael Pelletier <

Re: [squid-users] No matter what I do I can not get %ssl:>sni (or other %ssl) to log

I misspoke. I am getting %ssl::>sni but not %ssl::cert_subject and %ssl::>cert_issuer. gives me a parse error Note the "<" instead of the ">" On Thu, Sep 29, 2016 at 7:01 PM, Alex Rousskov < rouss...@measurement-factory.com> wrote: > On 09/29/2016 0

[squid-users] No matter what I do I can not get %ssl:>sni (or other %ssl) to log

Hello, I am trying to log some data during the ssl flow. I have this for my logformat logformat custom %>a %>p %>lp %la %st %rd %>ru %>Hs %{Referer}>h [%{User-Agent}>h] [%{Host}>h] %ssl::>sni %ssl::>cert_subject %ssl::>cert_issuer sq_err:[%{X-Squid-Error}h] s_hdr:[%

Re: [squid-users] How to log url_rewrite_program results

I tried %{message}note %{status}note -- and -- %note{message}note %note{status} But I do not get results... On Mon, Sep 26, 2016 at 10:59 PM, Michael Pelletier < michael.pellet...@palmbeachschools.org> wrote: > OK. I will try this. Really, All I am trying to log is the ACL that was

Re: [squid-users] How to log url_rewrite_program results

OK. I will try this. Really, All I am trying to log is the ACL that was matched and the result. Is the default in *url_rewrite_extras good enough?* On Mon, Sep 26, 2016 at 5:04 PM, Amos Jeffries wrote: > On 27/09/2016 2:50 a.m., Michael Pelletier wrote: > > Hello, > > >

[squid-users] How to log url_rewrite_program results

Hello, I have a custom logformat and I would like to log the results of my url rewriter (urlfilterdb). I can't seem to get this to work. Can someone tell me the basics? Michael -- *Disclaimer: *Under Florida law, e-mail addresses are public records. If you do not want your e-mail address re

[squid-users] How to log url_rewrite results

Hello, I can not get %et to log anything. What am I missing? -- *Disclaimer: *Under Florida law, e-mail addresses are public records. If you do not want your e-mail address released in response to a public records request, do not send electronic mail to this entity. Instead, contact this of

[squid-users] How to log ACL to custom log

Hello, I would like to log ACLs Pass \ Blocks in the access.log. I am using Logstash for a monitoring system and being able to pass this information allows me to do some nice graphing. Does any know how this can be done? Michael -- *Disclaimer: *Under Florida law, e-mail addresses are public

Re: [squid-users] Recommended Multi-CPU Configuration

e with us what you ended up with? > > Thanks > Marcus > > On 06/18/2015 12:28 AM, Michael Pelletier wrote: > >> Which one would be good for capacity\load? I have a very, very large >> environment. I have 220,000 users on 8 Gig to the INTERNET. I am running a >> lo

[squid-users] Good Home Cable Modem Blacklist

Hello, Does anyone know of a good blacklist of home cable modems? -- *Disclaimer: *Under Florida law, e-mail addresses are public records. If you do not want your e-mail address released in response to a public records request, do not send electronic mail to this entity. Instead, contact thi

Re: [squid-users] Changing negotiate_kerberos_auth default location forrcache

Thanks!! On Tue, Apr 19, 2016 at 3:30 PM, Markus Moeller wrote: > Hi Michael, > >Yes you should be able to set a environment variable KRB5RCACHEDIR in > your startup script. You can also use KRB5RCACHETYPE to set (or disable) > the cache type. > > Markus &

[squid-users] Changing negotiate_kerberos_auth default location for rcache

Hello, I am using squid 3.4 and need to change the default location from /var/tmp to a tmpfs filesystem. The current version does not have the "-c" option to change the default location. I was wondering if there was another way. Michael -- *Disclaimer: *Under Florida law, e-mail addresses are

Re: [squid-users] grove.microsoft.com

loads 2G? Did you change squid's logging to support > that (it doesn't log upload sizes - only download sizes by default). Are > you simply referring to the Content-Length header - as that would say 2G - > even if the upload is then blocked. > > On Fri, Apr 15, 2016 at 4:04 PM,

[squid-users] grove.microsoft.com

I am blocking grove.microsoft.com. Even though I am blocking it, I am seeing large, 2 Gig, uploads from the client to the proxy (which indeed blocks it). It is almost like the connection request (explicit) contains the 2 gig post request. Why is this happening? Has anyone seen this? Michael --

Re: [squid-users] Problems filtering specific plus.google.com (application/x-www-form-urlencoded)

Jeffries wrote: > On 15/12/2015 10:59 a.m., Michael Pelletier wrote: > > Hello, > > Today we found a site that needed to be blocked while allowing the rest > at > > plus.google.com. I went to block the URL but it did not block. I looked > > deeper into the problem and i

[squid-users] Problems filtering specific plus.google.com (application/x-www-form-urlencoded)

Hello, Today we found a site that needed to be blocked while allowing the rest at plus.google.com. I went to block the URL but it did not block. I looked deeper into the problem and it seems application/x-www-form-urlencoded never sends the url so I can't block it. Can someone help? Michael --

[squid-users] negotiate_wrapper: Return 'AF = * username

Hello, I have squid in the production environment and everything is running well. I am building a new server that will be used as a new template of squid in our virtual environment. for some reason on the new template server I am getting negotiate_wrapper inserting a "*" before the username. This

[squid-users] negotiate_wrapper: Return 'AF = * username

Hello, I am building a new squid virtual template for my environment. I already have squid up and running and everything is well. When building a new template and testing it I keep getting negotiate_wrapper: Return 'AF = * username'. I can not figure out why. Can anyone help? All the software is

Re: [squid-users] How can I change the location of the kerberos cache file?

/testuser/krb5_cache_file_$(id -u) > > Regards, > Tom > > On Mon, Jun 22, 2015 at 5:48 PM, Michael Pelletier > wrote: > > Hello, > > > > Squid is keeping the kerberos cache file in /var/tmp. How can I change > the > > location? > > > > # ls

Re: [squid-users] How can I change the location of the kerberos cache file?

gt; real solution > > - Original Message - > From: "Michael Pelletier" > To: "squid-users" > Sent: Monday, June 22, 2015 11:48:20 AM > Subject: [squid-users] How can I change the location of the kerberos > cache file? > > Hello, > > Squi

[squid-users] How can I change the location of the kerberos cache file?

Hello, Squid is keeping the kerberos cache file in /var/tmp. How can I change the location? # ls -al /var/tmp/ total 864 drwxrwxrwt. 3 root root 36864 Jun 22 11:43 . drwxr-xr-x. 22 root root4096 May 9 23:55 .. -rw-r--r-- 1 root root 0 Jun 21 20:09 .fsrlast_xfs drwx--. 2 ro

Re: [squid-users] Recommended Multi-CPU Configuration

Jeffries wrote: > On 18/06/2015 8:53 a.m., Michael Pelletier wrote: > > Hello, > > > > I am looking to had some more power to squid. I have seen two different > > types of configurations to do this: > > > > 1. Adding workers directive equal to the number of

[squid-users] Recommended Multi-CPU Configuration

Hello, I am looking to had some more power to squid. I have seen two different types of configurations to do this: 1. Adding workers directive equal to the number of cpus. Then adding a special wrapper around the AUFS disk cache so that the correct worker can only access the correct cache. Yes, I

Re: [squid-users] assertion failed: Read.cc:69: "fd_table[conn->fd].halfClosedReader != NULL"

OK. I went back to 3.4.13 for prod. I will try upgrading one proxy this weekend. On Wed, Jun 10, 2015 at 12:11 PM, Amos Jeffries wrote: > On 10/06/2015 5:24 a.m., Michael Pelletier wrote: > > Hello, > > > > I am getting these errors on 3.5.5 any ideas? Here is my

[squid-users] assertion failed: Read.cc:69: "fd_table[conn->fd].halfClosedReader != NULL"

Hello, I am getting these errors on 3.5.5 any ideas? Here is my build configuration INSTALL_DIR=/opt/Squid INSTALL_DIR_CACHE=/opt/Squid/Cache/AUFS MAN_DIR=/opt/man USER=squid LOG_FILE=/var/log/Squid PID_FILE=/var/run/Squid/squid.pid NUMBER_OF_FILE_DESCRIPTORS=65536 OPENSSL_DIR=/opt/OpenSSL CC=

Re: [squid-users] assertion failed: DestinationIp.cc:64: checklist->conn() && checklist->conn()->clientConnection != NULL

I can try. I only saw it once under heavy load. I will see what I can do... Michael On Thu, May 14, 2015 at 12:40 AM, Amos Jeffries wrote: > On 14/05/2015 9:34 a.m., Michael Pelletier wrote: > > Squid does recover. What do you think? > > > > I think its a bug that needs fi

Re: [squid-users] assertion failed: DestinationIp.cc:64: checklist->conn() && checklist->conn()->clientConnection != NULL

Squid does recover. What do you think? On Wed, May 13, 2015 at 5:25 PM, Michael Pelletier < michael.pellet...@palmbeachschools.org> wrote: > I am running 3.4.12 > > > On Wed, May 13, 2015 at 3:23 PM, Amos Jeffries > wrote: > >> On 14/05/2015 5:42 a.m., Micha

Re: [squid-users] assertion failed: DestinationIp.cc:64: checklist->conn() && checklist->conn()->clientConnection != NULL

I am running 3.4.12 On Wed, May 13, 2015 at 3:23 PM, Amos Jeffries wrote: > On 14/05/2015 5:42 a.m., Michael Pelletier wrote: > > Hello, > > > > What does this warning mean? > > assertion failed: DestinationIp.cc:64: checklist->conn() && > > checklis

[squid-users] assertion failed: DestinationIp.cc:64: checklist->conn() && checklist->conn()->clientConnection != NULL

Hello, What does this warning mean? assertion failed: DestinationIp.cc:64: checklist->conn() && checklist->conn()->clientConnection != NULL Michael -- *Disclaimer: *Under Florida law, e-mail addresses are public records. If you do not want your e-mail address released in response to a publi

[squid-users] Any Greasyspoon iCAP users out there?

Hello, I am having some difficulties with the greasyspoon icap server. The demo scripts don't work and I can not find any api documentation. The plan is to use greasyspoon icap server now then migrate to ecap later. Who is using greasyspoon icap server? I could sure use some help. Michael --

[squid-users] Looking for a good tutorial for writing a custom eCap filter

Hello, I wish to write a custom eCap filter and I am looking for some documentation.Basically, I wish to add the X-GoogApps-Allowed-Domains ONLY when a user matches an AD group else no header should be added. We are a school and we restrict students' email but not employees. I tried request_heade

Re: [squid-users] adding a header by group membership

r add\mods with ECap when a user has matched a user group? Michael On Sat, May 2, 2015 at 1:37 AM, Amos Jeffries wrote: > On 2/05/2015 3:12 p.m., Michael Pelletier wrote: > > Hello, > > > > I wish to modify a request header if the user is a member of a group. The > >

[squid-users] adding a header by group membership

Hello, I wish to modify a request header if the user is a member of a group. The example below I am trying to restrict people at work to ONLY the work email address UNLESS they are in the group "FullEmailAccess". Is this correct? acl FullEmailAccess proxy_auth -i "[a file containing users. One pe