Hi Amos!
I hear what you are saying (especially about the http_response_access), but:
The thing with the config I have sent is that as soon as I have icap-service
down the http_access deny all triggers and I get Status 403 plus in the body:
you are not allowed to access.
But with this
Stupid me - I forgot the following ACLs:
aclerror500http_status 500
http_reply_access denyerror500
(but I had removed the deny_info error500 component).
And that http_reply_access triggers a reset of the previous ICAP_ERROR and
moves it to ACCESS_DENIED
Hi Amos!
I had a final ide, which works: Checking on the response header for squid
errors and matching them in the http_reply_access path...
acl ICAPERROR rep_header X-Squid-Error ERR_ICAP
http_reply_access denyICAPERROR
BUT, I would have to do this kind of
On 26/03/2013 9:57 p.m., Martin Sperl wrote:
Hi Amos!
I had a final ide, which works: Checking on the response header for squid
errors and matching them in the http_reply_access path...
acl ICAPERROR rep_header X-Squid-Error ERR_ICAP
http_reply_access deny
Hello,
We have a Squid 3.1.23 running on a FreeBSD 8.3 (amd64)
The proxy is used to handle web access for ~2500 workstations and in
pure proxy/filter (squidGaurd) mode with no cache (all disk caching is disabled)
It's not a tranparent/intercepting proxy, just a plain
Hi,
you can activate the full debug
launch
squid -k debug
with the service running, and check what comes in the cache.log.
squid -k parse will audit your config file. Look for WARNING in the
output of this command.
the cachemanager can be usefull to see the actual activity of your squid :
Hi,
FYI ... I got the two squids working behind the (Kemp) load balancer
with kerberos auth
Procedure:
0. myproxy.vptt.ch points to the IP of the load balancer. This is
referenced in wpad.dat or browser settings. Squid runs on port 80, so
the URL of the proxy is http://myproxy.ch:80
1. create
Are you using delay_pool ?
The first step in debugging any problem like this is to upgrade to the
latest version and see if it has been resolved.
The current latest is Squid-3.3.3.
Amos
On 27/03/2013 1:33 a.m., Alexandre Chappaz wrote:
Hi,
you can activate the full debug
launch
squid -k debug
with the service running,
in this scope
Intercept.cc:217: error: 'leave_suid' was not declared in this scope
gmake[3]: *** [Intercept.lo] Error 1
gmake[3]: Leaving directory
`/usr/home/wash/Tools/Squid/3.3/squid-3.3.3-20130326-r12517/src/ip'
gmake[2]: *** [all-recursive] Error 1
gmake[2]: Leaving directory
`/usr/home/wash/Tools
On Mar 26, 2013, at 1:50 PM, FredB fredbm...@free.fr wrote:
Are you using delay_pool ?
Nope, we are not using delay_pools.
The current FreeBSD ports available for squid are squid31 and squid32
I'll be able to upgrade to the latest 3.2 but not further.
Youssef
-
On Mar 26, 2013, at 1:50 PM, Amos Jeffries squ...@treenet.co.nz wrote:
The first step in debugging any problem like this is to upgrade to
Hi All,
My squid is restarting due to following as shown in cache log.
2013/03/26 20:14:02| TunnelStateData::Connection::error: FD 1767: read/write
failure: (32) Broken pipe
2013/03/26 20:14:12| TunnelStateData::Connection::error: FD 3896: read/write
failure: (32) Broken pipe
2013/03/26
On Mar 26, 2013, at 1:33 PM, Alexandre Chappaz alexandrechap...@gmail.com
wrote:
Hi,
you can activate the full debug
launch
squid -k debug
with the service running, and check what comes in the cache.log.
I'll give it a try.
How to stop debug by the way ? just squid -k debug again ?
the cachemanager can be usefull to see the actual activity of your squid :
squidclient localhost mgr:5min
gives you the last 5 min stats. (see if the n° of req/s is coherent
with what you expect )
Here after the output of the mgr:5min
It show that we are around 168 req/s
for a cpu
On Mar 26, 2013, at 1:19 PM, Youssef Ghorbal d...@pasteur.fr wrote:
Hello,
We have a Squid 3.1.23 running on a FreeBSD 8.3 (amd64)
The proxy is used to handle web access for ~2500 workstations and in
pure proxy/filter (squidGaurd) mode with no cache (all disk caching is
I can't find thorough info about what is implemented in squid 3 so i would
like to know is this implemented:
1) Sharepoint from outside with squid proxy acting as http proxy with NTLM
support
2) Outlook anywhere - RPC over HTTPS with NTLM auth
3) Can i use multiple SSL certificates for proxy
Consider this, you do not need dansguardian to use
blacklists. I know thats not really addressing your issue, I just
thought I would mention it since I host http://squidblacklist.org
-
Signed,
Fix Nichols
http://www.squidblacklist.org
Hi,
is there something you have to do to turn on happy eyeballs is
squid? We are running 3.3.1 and currently there is a site
(karen.net.nz) that is advertising both v6 and v4 addresses but not
reachable on the v6 and its taking ages before squid serves up the
page from the v4 address.
Hi Andy, Sorry to bug you, but I finally got round to trying the
qos_flows feature and I think my understanding is completely back to front?
What I need is to copy the packet/connection mark from the client
request, and apply it to the upstream request. So for example I mark
clients that have
On 27/03/2013 12:15 p.m., Mark Davies wrote:
Hi,
is there something you have to do to turn on happy eyeballs is
squid? We are running 3.3.1 and currently there is a site
(karen.net.nz) that is advertising both v6 and v4 addresses but not
reachable on the v6 and its taking ages before squid
On 27/03/2013 7:02 a.m., Damir Reic wrote:
I can't find thorough info about what is implemented in squid 3 so i would
like to know is this implemented:
1) Sharepoint from outside with squid proxy acting as http proxy with NTLM
support
This is very unlikely to work. ... NTLM auth proper name
On 27/03/2013 4:28 a.m., Farooq Bhatti wrote:
Hi All,
My squid is restarting due to following as shown in cache log.
2013/03/26 20:14:02| TunnelStateData::Connection::error: FD 1767: read/write
failure: (32) Broken pipe
2013/03/26 20:14:12| TunnelStateData::Connection::error: FD 3896:
On Wed, 27 Mar 2013, Amos Jeffries wrote:
Squid has a partial implementation of happy eyeballs added to 3.2+
which performs the parallel DNS lookup portion of the algorithm
but does not perform the parallel v6+v4 SYN portion which halves
the server TCP capacity for only rare gains (like
First If I were in your position, I would test the disk with the
manufacturers diagnostic tool and make sure I wasnt dealing with a
failing disk. Maybe run fschk as well.
-
Signed,
Fix Nichols
http://www.squidblacklis
* Vosto has quit (Quit: Leaving)
* RedHelper (~d...@fear.me) has joined
On 03/24/2013 01:39 AM, Robert Mason wrote:
Hi Alex! Thanks for the reply.
It seems to see the CONNECT yes.. but still no joy.
192.168.99.100 TCP_MISS/200 114940 CONNECT mail.google.com:443
Good. This means that Squid intercepts HTTPS traffic from the browser.
The next step is to figure
On 03/20/2013 12:51 PM, Ed W wrote:
I'm picking up an old thread from some time back. I remain interested
in getting support for etag into squid (and related revalidate support).
My main requirement is that I have two proxies on either side of a
bandwidth limited link (with high cost). I
27 matches
Mail list logo
