Hi,
I've been running a squid 3.3 live with SSL inspection for over a week, AV
scanning with clamav+c-icap work fine until now (about 500k GETS per day).
Then users started seen icap errors in their browser::
In the squid logs:
essential ICAP service is suspended: icap://127.0.0.1:1344/squidclama
Dear Amos,
I downgraded to 2.6stable21 and it still the same issue with same
websites
Best Regards,
*Muhammad Shehata*
IT Network Security Engineer
TEData
Building A11- B90, Smart Village
Km 28 Cairo - Alex Desert Road, 6th October, 12577, Egypt
T: +20 (2) 33 32 0700 | Ext: 1532
F: +20 (2
For me it works fine on both 3.2.1-3 and others.
Try to check the headers that is being sent from you proxy such as
"X-Forward" etc.
Regards,
Eliezer
On 12/4/2012 12:37 PM, Muhammed Shehata wrote:
Dear Amos,
I downgraded to 2.6stable21 and it still the same issue with same
websites
Be
You will need to disable it for testing.
This can cause nasty troubles since many systems relay on that like you
yourself.
If this is the reason you will be able to check it and see the results
instantly.
Just make sure this is the problem.
from there to find the right solution is another t
Hi,
I have my system configuration with kerberos+ntlm+basic. All run
perfect!!! but when a Firefox user pulse CTRL+F5 show a popup where
the user have to put the username and password.
When this user use IE o Chrome and pulse CTRL+F5 doesn't show the popup.
The configuration Firefox change to:
Are you building the source on your production server?
If you're not building the source on the server, yet pointing to /usr/local,
then it would seem that you'd have to copy up all the individual directories
of files (e.g. bin/, sbin/, lib/, etc.) rather than being able to just tar
up on director
Hi Sean,
the conversion of squid 3.1 to 3.2, we had the same error.
We solved the problem with the parameter "icap_persistent_connections off"
Bye
UK
> -Ursprüngliche Nachricht-
> Von: bo...@boran.ch [mailto:bo...@boran.ch] Im Auftrag von Sean Boran
> Gesendet: Dienstag, 4. Dezember 2012
Hey Sean and Knop,
There was a bug in squid ICAP for a very long time since 3.1 and it
there was a patch tried and applied the last week.
If you had problems before you can try the last 3.3 revision 12500.
I will test it myself in the next month\year.
Eliezer
On 12/4/2012 4:22 PM, Knop, Uwe
I re-read the configuration scripts and I think I see that you probably did
build to /usr/local/squid and that I was wrong in thinking that the build
went into the individual /usr/local/bin, /usr/local/sbin, /usr/local/lib,
etc. directories. I should have seen that in the first place. Thanks.
HI,
I'm now running HEAD (for latest SSL bump fixes) on revision 8886 on a
new box pulled last Friday, so may it has those fixed. The above bug
was from HEAD from early august.
If that does not help, I'll try "icap_persistent_connections off".
I also found ready that one should have "bypass=1" t
Yes I build on production.
But I have several boxes, build and test new release on one box, and
only build on production once that works Ok.
Sean
On 4 December 2012 15:05, carteriii wrote:
> Are you building the source on your production server?
>
> If you're not building the source on the serv
Unless you have problems such as the bug mentioned or any other reason
dont use the bypass.
Be ware that bypass leave you with with no knowledge about existing problem.
You can have ICAP service almost "OFF" for weeks and you will not know
about it.
Regards,
Eliezer
On 12/4/2012 4:55 PM, Sea
Ah, I had presumes that squid would just retry on the next request.
You dont use bypass for either reqmod_precache or respmod_precache?
Sean
On 4 December 2012 16:08, Eliezer Croitoru wrote:
> Unless you have problems such as the bug mentioned or any other reason dont
> use the bypass.
>
> Be wa
No.
This is since I wrote a filtering solution ICAP service.
If I will use the bypass=1 when I will have problem with the ICAP
service the filtering service will seize to work.
It's the same for any ICAP service, you will loose it in a case of failure.
Eliezer
On 12/4/2012 5:10 PM, Sean Boran
Hi,
which was the bug id?
thx
UK
> -Ursprüngliche Nachricht-
> Von: Eliezer Croitoru [mailto:elie...@ngtech.co.il]
> Gesendet: Dienstag, 4. Dezember 2012 15:33
> An: squid-users@squid-cache.org
> Betreff: Re: AW: [squid-users] essential ICAP service is suspended
>
> Hey Sean and Knop,
>
http://bugs.squid-cache.org/show_bug.cgi?id=3688
Eliezer
On 12/4/2012 6:03 PM, Knop, Uwe wrote:
Hi,
which was the bug id?
thx
UK
--
Eliezer Croitoru
https://www1.ngtech.co.il
sip:ngt...@sip2sip.info
IT consulting for Nonprofit organizations
eliezer ngtech.co.il
All seems to go up well, squid process with the 10 squiguard childrens,
squiguard also says on logs is ready for requests, but when i try to
access a website that should be blocked, the website open anyways, and
when i check logs, i see this :
TCP_MISS_ABORTED/000 0 GET
http://www.redtube.com
On 05.12.2012 02:05, Esteban Torres Rodríguez wrote:
Hi,
I have my system configuration with kerberos+ntlm+basic. All run
perfect!!! but when a Firefox user pulse CTRL+F5 show a popup where
the user have to put the username and password.
When this user use IE o Chrome and pulse CTRL+F5 doesn't
Hello!
I run squid 3.3.0.2 (just installed, previous version had the same
problem too) on ubuntu 12.04 and have problem with files download over
https-
connection becomes closed after about 50 Mb of download from 4Gb or so
files.
Looks like there are some link quality problems at this time, bu
Hi,
Today, I built version 3.1.22, then started squid with or without
accept_filter directive in squid's configuration file and in both case
I got NO 500 MISS in the access log.
Moreover, the speed when access new links faster (not cached) than
version 3.2.3.
Best Regards,
Trung Kien
On Thu, N
20 matches
Mail list logo