I did not know that I had the option set to disable Squid ICMP pinger helper.
MSS and MTU values are set to what the tunnel broker requires on the interface,
can you also set the MTU inside of Squid configurations?
I enabled ping helper I show a good socket for my IPV6 interface address but
Does this also auto solve for IPv6 connections changing it to just
http_port 3128
https_port 3129??
> On Jul 12, 2024, at 04:57, Amos Jeffries wrote:
>
> On 12/07/24 11:50, Jonathan Lee wrote:
>>> I recommend changing your main port to this:
>>>
>>> http_port 3128 ssl-bump
>> This is
On 27/07/24 10:10, Jonathan Lee wrote:
Hello fellow squid users can you please help me??
I know I have good IPV6 internet if I use the IPV4 proxy address, and
the IPv6 test sites pass 10 out of 10. If I make the client IPV6 only
and have the rules set to use the proxy with the proxy IPV6
Do I need to add ::1 as a http port? for transparent I can’t get anything to
work I sees the attempts with ipv6 pure mode however nothing connects..
[2001:470:8052:192::]:3128 is my proxy
I can’t get any connections from ipv6 only hosts.
I can get ipv4 all day and they can access ipv6 sites
Hello fellow squid users can you please help me??
I know I have good IPV6 internet if I use the IPV4 proxy address, and the IPv6
test sites pass 10 out of 10. If I make the client IPV6 only and have the rules
set to use the proxy with the proxy IPV6 address for the proxy I get no
internet.
I
Shows a miss 403 in the cache logs for it
- -
26.07.2024 10:57:01 192.168.1.5 NONE_NONE_ABORTED/200
dc1.ksn.kaspersky-labs.com:443 - -
26.07.2024 10:56:48 127.0.0.1 TCP_MISS/403
http://localhost:3128/squid-internal-mgr/menu - 127.0.0.1
26.07.2024
Shell Output - curl -u anything:REDACTED
http://localhost:3128/squid-internal-mgr/menu
% Total% Received % Xferd Average Speed TimeTime Time Current
Dload Upload Total SpentLeft Speed
0 00 00 0 0 0
On 2024-07-26 03:31, Francesco Chemolli wrote:
Have you considered
https://wiki.squid-cache.org/Features/HelperMultiplexer
Just in case you do not know how to find the actual helper program
described on the above page, it is installed as libexec/helper-mux. That
helper has a manual page.
On 2024-07-26, Andre wrote:
How to know if the helper supports concurrent requests?
Good question! You need to consult helper documentation. If that does
not exist or does not document concurrency, one can analyze helper
source code and/or test concurrency support, but those two activities
Have you considered
https://wiki.squid-cache.org/Features/HelperMultiplexer
?
If I remember correctly, it can start new helpers on demand up to a
configured maximum.
@mobile
On Fri, 26 Jul 2024 at 8:23 AM, Andrey K wrote:
> Hello, Andre,
>
>
> > How to know if the helper supports concurrent
Hello, Andre,
> How to know if the helper supports concurrent requests?
You are using /usr/bin/ntlm_auth, and, as far as I know, it does not
support concurrency. But I do not know other ntlm-authentication helpers.
> winbindd: Exceeding 500 client connections, no idle connection found
> I will
Hi
We have 5 squid workers, we need to handle around 8k concurrent users.
Based on this, what's the auth_param values that you recommend for
children, idle and startup?
How to know if the helper supports concurrent requests?
winbindd: Exceeding 500 client connections, no idle connection found
On 2024-07-23 19:20, Andre Bolinhas wrote:
winbindd: Exceeding 500 client connections, no idle connection found
auth_param ntlm children 500 ...
I know virtually nothing about WINDBIND and the authentication helper
you are using, but configuring Squid to have 500 helper processes is
On 2024-07-23, Andre Bolinhas wrote:
> I'm using SQUID 5.9 + windbindd 4.9.5, the authentication method is NTLM.
>
> Every day, around 5pm, the internet speed becomes very slow, with users
> reporting that websites takes too long to open.
>
> Also, the time that the issue occur is very strange,
Hello, Andre,
Your logs say:
> winbindd: Exceeding 500 client connections, no idle connection found
So In addition to Francesco's suggestion, you can try to increase the
"winbind max clients" parameter in your smb.conf
Your squid.conf record:
auth_param ntlm children 500 startup=5 idle=1
limits
Hi Jonathan,
could you try:
curl -u anything:redacted http://localhost:3128/squid-internal-mgr/menu
?
On Mon, Jul 22, 2024 at 8:52 PM Jonathan Lee wrote:
>
> Also I have tested
>
> curl 127.0.0.1:3128/squid-internal-mgr -u :redacted
> curl localhost:3128/squid-internal-mgr -u :redacted
> curl
Hi Andre,
The chain of services here is:
browser <-> squid <-> ntlm_auth <-> winbindd <-> active directory
In order to bisect the problem, could you try using `wbinfo -a` on one
of the affected machiens to authenticate against Active Directory and
see if the performance is on the winbindd <->
Hi Team.
I'm using SQUID 5.9 + windbindd 4.9.5, the authentication method is NTLM.
Every day, around 5pm, the internet speed becomes very slow, with users
reporting that websites takes too long to open.
Also, the time that the issue occur is very strange, since is when most
of the users are
On 2024-07-23 13:34, Anton Kornexl wrote:
Squid starts, shows a segmentation fault and continues working normally.
Squid forks a worker child and probably this child works, but the parent
process dies with segmentation fault. There is no sign of this
segmention fault in the cache log.
You
Hi,the problem is difficult.Squid starts, shows a segmentation fault and continues working normally.Squid forks a worker child and probably this child works, but the parent process dies with segmentation fault. There is no sign of this segmention fault in the cache log.Only this failure
Hi Anton,
no, segmentation fault shouldn't happen at any time.
Could you try to follow the instructions at
https://wiki.squid-cache.org/SquidFaq/BugReporting#crashes-and-core-dumps
?
What are the last lines in the cache.log when the segmentation fault happens?
Thanks
On Tue, Jul 23, 2024 at
On 20/07/24 03:19, Alex Rousskov wrote:
On 2024-07-19 09:20, Rafał Stanilewicz wrote:
Thank you. It worked.
Glad to hear that!
Seconded.
I incorrectly assumed all dependencies would be captured by aptitude
build-dep squid and ./configure.
AFAIK that is a correct assumption for
Tested thanks for the reply and idea access denied and tested with a firewall
rule to approve everything to port 80 same result with or without mgr_passord
configured, it is like the page is missing in Squid 6.6 or something
Shell Output - curl localhost:3128/squid-internal-mgr/info -u
Ok thanks let me boot that environment and test again, my concern is that is
looks like it is attempting it from my WAN side address that is my wan address
and not the loopback
> On Jul 22, 2024, at 11:22, Francesco Chemolli wrote:
>
> Not really, no. Username is not considered, it's just to
Not really, no. Username is not considered, it's just to make sure
that curl sends all the data
On Mon, Jul 22, 2024 at 7:21 PM Jonathan Lee wrote:
>
> That would require a username for the cachemgr_password account right? I have
> no usernames set up for this.
>
> How does one add a username
That would require a username for the cachemgr_password account right? I have
no usernames set up for this.
How does one add a username for this directive ?
> On Jul 22, 2024, at 11:13, Francesco Chemolli wrote:
>
> Can you try supplying a username to curl? It's also common practice to
> put
Can you try supplying a username to curl? It's also common practice to
put flags ('-u user:redacted') before arguments (the URL)
On Mon, Jul 22, 2024 at 5:12 PM Jonathan Lee wrote:
>
> Thanks for the info
>
> I tried it and this also failed. Dang
>
> Shell Output - curl
Also I have tested
curl 127.0.0.1:3128/squid-internal-mgr -u :redacted
curl localhost:3128/squid-internal-mgr -u :redacted
curl hostname_here:3128/squid-internal-mgr -u :redacted (per bug notes use
hostname in place of localhost)
and testing with no password same commands lock up the system
Thanks for the info
I tried it and this also failed. Dang
Shell Output - curl localhost:3128/squid-internal-mgr/info -u :redacted
% Total% Received % Xferd Average Speed TimeTime Time Current
Dload Upload Total SpentLeft Speed
0
Hello,
I have tested the two installations further
Opnsense 23.x with squid 6.6 on freebsd 13.2-Release-p9 produces the
same segmentation fault, but it does not popup as red window in the
dashboard.
I have set "debug_options ALL,5" in squid.conf:
I have found the following lines in
Hello, Jonathan,
> curl http://localhost:3128/squid-internal-mgr/info
> Where would I place the password?
I use the following configuration:
http_access allow localhost manager
cachemgr_passwd redacted config
The command to read the current running config is:
curl
On Mon, Jul 22, 2024 at 12:12 PM Anton Kornexl
wrote:
> Hello
>
> i try to use squid (6.10) with opnsense 24.x on freebsd 13-2-Release-p11.
>
> It produces a "segmentation fault" at start and restart but the process
> runs.
>
> The "segmentation fault" occurs even with squid -k parse.
>
> A
Hello
i try to use squid (6.10) with opnsense 24.x on freebsd 13-2-Release-p11.
It produces a "segmentation fault" at start and restart but the process
runs.
The "segmentation fault" occurs even with squid -k parse.
A "service squid reload" runs OK, but a "service squid restart" produces
On 2024-07-19 09:20, Rafał Stanilewicz wrote:
Thank you. It worked.
Glad to hear that!
I incorrectly assumed all dependencies would be captured by aptitude
build-dep squid and ./configure.
Your assumption is not wrong for dependencies that are necessary to
build and install Squid.
On 2024-07-19 05:04, Rafał Stanilewicz wrote:
Next step was make check, and it failed with this error:
../include/unitTestMain.h:16:10: fatal error:
cppunit/BriefTestProgressListener.h: No such file or directory
I found out that I need to do
apt install libcppunit-dev
So i did it.
I
Good morning Gentlemen,
that's my first time here, so please forgive me for any mistakes.
I decided to make a test run of Squid 7 on our test server, running Ubuntu
24.04, but stumbled upon some issue during the "make check" step
I downloaded the squid-7.0.0-20240706-r314e430471.tar.bz2,
(BTW -
Hi Eliezer,
Pls find my comments inline.
From: ngtech1...@gmail.com
Sent: Friday, July 19, 2024 12:51 AM
To: squid-users@lists.squid-cache.org
Cc: M, Anitha (CSS)
Subject: RE: [squid-users] Squid Version squid-5.7-150400.3.6.1.x86_64 -- Squid
is crashing
Hey Anitha,
There are couple missing details.
Is it a brand new proxy? What OS are you using? What Distro?
It looks like a very simple forward proxy setup.
When is the proxy crashing? At startup? After a while?
Thanks,
Eliezer
From: squid-users On Behalf Of
M, Anitha (CSS)
Sent: Thursday, July
On 19/07/24 04:23, M, Anitha (CSS) wrote:
Hi Team,
We are seeing squid is continuously crashing with signal 6.
"signal 6" in system log means there should be an "assertion" error
message in the cache.log. Please look for that.
Any known
issues with this version?
Many. It is not clear
Hi Team,
We are seeing squid is continuously crashing with signal 6. Any known issues
with this version? Pls help. Attached is the squid.conf file we are using it.
regards,
Anitha
gl-mh-dcb-die-squidproxy01:~ # cat /etc/squid/squid.conf
# Recommended minimum configuration:
acl localnet src
On 2024-07-18 00:55, Jonathan Lee wrote:
curl http://localhost:3128/squid-internal-mgr/info
Where would I place the password?
See "man curl" or online manual pages for curl. They will point you to
two relevant options: --user and --proxy-user. AFAICT, your particular
cache manager
On 2024-07-18 00:33, Jonathan Lee wrote:
What would be the correct way to convert cache_dir disks to rock?
One cannot convert a cache_dir of another type to rock cache_dir. You
will need to start from scratch, using a rock-dedicated cache_dir path
(initialized by running "squid -z" after
On 2024-07-18 00:25, Jonathan Lee wrote:
How do we enable tproxy in Squid
2024/07/17 21:22:41| Processing: http_port 127.0.0.1:3128 tproxy ...
...
2024/07/17 21:22:41| ERROR: configuration failure: requires TPROXY feature to
be enabled by ./configure
As strongly implied by the error
On 17.07.24 21:12, Jonathan Lee wrote:
Shell Output - squidclient -v -h 127.0.0.1 -p 3128 -U cachemgr -W REDACTED
mgr:info
Request:
GET http://127.0.0.1:3128/squid-internal-mgr/info HTTP/1.0
Host: 127.0.0.1:3128
User-Agent: squidclient/6.6
Accept: */*
Authorization: Basic redacted==
Connection:
without password enabled
Shell Output - curl http://127.0.0.1:3128/squid-internal-mgr/info
% Total% Received % Xferd Average Speed TimeTime Time Current
Dload Upload Total SpentLeft Speed
0 00 00 0 0 0
Do I use
curl http://localhost:3128/squid-internal-mgr/info
Where would I place the password?
> On Jul 17, 2024, at 21:08, Jonathan Lee wrote:
>
> 2024/07/17 21:07:37| Processing Configuration File:
> /usr/local/etc/squid/squid.conf (depth 0)
> 2024/07/17 21:07:37| Processing: http_port
Again still no status page
This is the active php code used
function squid_status() {
if (is_service_running('squid')) {
init_config_arr(array('installedpackages',
'squidcache','config'));
$proxy_ifaces = explode(",",
Squid 6.6
Hello fellow Squid users,
What would be the correct way to convert cache_dir disks to rock?
cache_dir diskd /var/squid/cache 64000 256 256
Would it be as simple as..
cache_dir rock /var/squid/cache 64000 256 256?
___
squid-users
How do we enable tproxy in Squid 6.6 in 5.8 we could just adapt the Squid.conf
and it would enable tproxy
2024/07/17 21:22:41| Processing Configuration File:
/usr/local/etc/squid/squid.conf (depth 0)
2024/07/17 21:22:41| Processing: http_port 192.168.1.1:3128 ssl-bump
Same result
Shell Output - squidclient -v -h 127.0.0.1 -p 3128 -U cachemgr -W REDACTED
mgr:info
Request:
GET http://127.0.0.1:3128/squid-internal-mgr/info HTTP/1.0
Host: 127.0.0.1:3128
User-Agent: squidclient/6.6
Accept: */*
Authorization: Basic redacted==
Connection: close
.
HTTP/1.1 403
2024/07/17 21:07:37| Processing Configuration File:
/usr/local/etc/squid/squid.conf (depth 0)
2024/07/17 21:07:37| Processing: http_port 192.168.1.1:3128 ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=20MB
cert=/usr/local/etc/squid/serverkey.pem
On 2024-07-17 02:22, Rasmus Horndrup wrote:
why it went with the ipv4 conn over ipv6 in the second case.
Squid went with IPv4 because Squid established the corresponding
TCP/IPv4 connection before it could establish the corresponding TCP/IPv6
connection. Squid started with an IPv4
Thank you. I’ll look into that.
But is there anything from the logs I’m missing, for an indication as to why it
went with the ipv4 conn over ipv6 in the second case. As I understood, it
should prefer ipv6?
> On 16 Jul 2024, at 20.46, Alex Rousskov
> wrote:
>
> On 2024-07-16 09:31, Rasmus
On 2024-07-16 09:31, Rasmus Horndrup wrote:
how can I basically force squid to use IPv6?
One can modify Squid source code to enforce that rule OR
* ban requests targeting raw IPv4 addresses _and_
* ensure your /etc/hosts is not in the way _and_
* use a DNS resolver that never sends IPv4
On 17/07/24 01:31, Rasmus Horndrup wrote:
Hi,
On a dual stack network interface I’m interested in using squid as a ipv6 only
forward proxy.
My general understanding was that squid will prefer to use ipv6 whenever
available, but I’m having issues with squid seemingly preferring ipv4 in some
Hello Rasmus,
squid has implemented the happy eyeballs algorithm, so squid uses the
best protocol to reach the server.
More infos about happy eyeball can be found here:
https://datatracker.ietf.org/doc/html/rfc8305
On Tue, Jul 16, Rasmus Horndrup wrote:
> Hi,
> On a dual stack network
Hi,
On a dual stack network interface I’m interested in using squid as a ipv6 only
forward proxy.
My general understanding was that squid will prefer to use ipv6 whenever
available, but I’m having issues with squid seemingly preferring ipv4 in some
cases.
I have two examples, where it proceeds
Thanks, Alex.
Nothing jumps out in the logs when set to ALL, 9.. redacted snippet below:
2024/07/16 09:13:18.072 kid1| 11,5| http.cc(1181) readReply: conn12
local=squid.cache.ip:57824 remote=origin.server.ip:443 FIRSTUP_PARENT FD 14
flags=1
2024/07/16 09:13:18.072 kid1| 11,7| http.cc(1674)
On 2024-07-15 17:19, Amos Jeffries wrote:
On 12/07/24 10:10, Alex Rousskov wrote:
On 2024-07-11 17:03, Amos Jeffries wrote:
On 11/07/24 00:49, Alex Rousskov wrote:
On 2024-07-09 18:25, Fiehe, Christoph wrote:
I hope that somebody has an idea, what I am doing wrong.
AFAICT from the
On 12/07/24 10:10, Alex Rousskov wrote:
On 2024-07-11 17:03, Amos Jeffries wrote:
On 11/07/24 00:49, Alex Rousskov wrote:
On 2024-07-09 18:25, Fiehe, Christoph wrote:
I hope that somebody has an idea, what I am doing wrong.
AFAICT from the debugging log, it is your parent proxy that
On 2024-07-13 16:02, Ben Toms wrote:
with debug_options ALL,4 set.. the cache.log shows:
2024/07/13 18:55:03.595 kid1| 5,3| Read.cc(93) ReadNow: conn17
local=squid.cache.ip:37046 remote=origin.server.ip:443 FIRSTUP_PARENT FD
14 flags=1, size 65536, retval -28, errno 0
2024/07/13
IPv4 only ips, I have a BE with tunnel broker that I test out but my IPS IDS
can’t inspect the tunnel
Sent from my iPhone
> On Jul 14, 2024, at 22:49, Andrea Venturoli wrote:
>
> On 7/13/24 20:48, Jonathan Lee wrote:
>> It works 6.6 it just have a different requirement to enable it. I am
On 7/13/24 20:48, Jonathan Lee wrote:
It works 6.6 it just have a different requirement to enable it. I am using a
Netgate 2100 with pfSense. The difference is that it spoofs the IP of the
client so the host doesn’t see the IP of the firewall when using intercept I am
told. So transparent
I did some more debugging and I think that I have found the cause why the issue
occurs in case (A). As Alex already explained, in case (A) the child proxy
forwards the rewritten request e.g. a GET request containing a HTTPS URL, to
the parent proxy. Now the parent proxy is in charge to
Hi Alex,
sorry, I have not seen your message, yet. Thank you very much for your helping
support.
(A) I will try to find a way to test, how a new Squid build based on OpenSSL
behaves under those circumstances. It will take some time.
(B) Yes, Squid does nothing wrong, it is a very specific use
The only solution I was currently able to get working, was to make use of an
Apache server installed locally beside Squid. It acts as a reverse proxy and
gets queried by Squid when the client requests an external resource via HTTP,
but that resource must be accessed transparently for the client
Apologies, Alex. Hadn’t realised that somewhere in my replies things went
direct to you and not the list.
Anyways.. with debug_options ALL,4 set.. the cache.log shows:
2024/07/13 18:55:03.581 kid1| 11,2| http.cc(2472) sendRequest: HTTP Server
conn17 local=squid.cache.ip:37046
Best way to describe it is transparent intercept maybe… tproxy takes place of
intercept on the http_port directive
Sent from my iPhone
> On Jul 13, 2024, at 11:49, Jonathan Lee wrote:
>
> It works 6.6 it just have a different requirement to enable it. I am using a
> Netgate 2100 with
It works 6.6 it just have a different requirement to enable it. I am using a
Netgate 2100 with pfSense. The difference is that it spoofs the IP of the
client so the host doesn’t see the IP of the firewall when using intercept I am
told. So transparent with more of a hidden layer
Sent from my
On 7/13/24 17:04, Jonathan David Lee FreeBSD Alpine wrote:
Do you consider pfsense freebsd or openbsd based
I know nothing about pfsense.
becaause it does work,
Good to know.
What kind of firewall do you use? ipfw? pf? other?
it does not in squid 6.6 requires a different ./ command in
Do you consider pfsense freebsd or openbsd based, becaause it does work,
it does not in squid 6.6 requires a different ./ command in squid 5.8 you
can just enable it
On Sat, 13 Jul 2024, Andrea Venturoli wrote:
On 7/13/24 00:28, Jonathan Lee wrote:
For the HTTP and https derivative is it
On 7/13/24 00:28, Jonathan Lee wrote:
For the HTTP and https derivative is it better to use tproxy or intercept on
FreeBSD?
AFAIK TProxy does not work on FreeBSD, but I'd be glad to be proven wrong.
bye
av.
___
squid-users mailing list
Hello, Jonathan,
>> Does anyone know the path to this file "modified file
'src/client_side_request.cc" so I can test it with the patches application
if it doesn’t work no big deal I can just restore it to to prior and or use
an older boot environment
You can find it in the squid sources:
tar
For the HTTP and https derivative is it better to use tproxy or intercept on
FreeBSD?
Sent from my iPhone
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
On 2024-07-12 13:38, Ben Toms wrote:
Where would I find those headers?
If you have access to the parent Squid proxy, they will be in its
debugging cache.log. You can also get them by capturing network packets
between the parent Squid and origin, but for HTTPS traffic that requires
giving
Thanks, Alex.
Where would I find those headers?
Looking at the origin servers apache logs.. it’s sending a 200 response.
Regards,
Ben
On Fri, 12 Jul 2024 at 18:26, Alex Rousskov <
rouss...@measurement-factory.com> wrote:
> On 2024-07-12 13:03, Ben Toms wrote:
>
> > So the issue seems to be
On 2024-07-12 13:03, Ben Toms wrote:
So the issue seems to be caching content that requires authentication
The client is getting an error response from Squid. That error is
probably not related to caching decisions. I do not recommend focusing
on caching at this stage of triage. I recommend
And, just to confirm.. if I change public.server.fqdn to that my blog
(macmule.com).. I can curl down a file from that via squid-cache fine:
curl -D - https://local.server.fqdn/AutoCasperNBI-AppCast.xml -o /dev/null
% Total% Received % Xferd Average Speed TimeTime Time Current
So, with the below config:
https_port 443 accel protocol=HTTPS tls-cert=/usr/local/squid/client.pem
tls-key=/usr/local/squid/client.key
cache_peer public.server.fqdn parent 443 0 no-query originserver no-digest
no-netdb-exchange tls login=PASSTHRU name=myAccel
forceddomain=public.server.fqdn
On 13/07/24 04:16, Jonathan Lee wrote:
tested with removal of IP and port failed If I leave port I get this
2024/07/12 09:15:17| Processing: http_port :3128 intercept
No ":" before thr port number.
Amos
___
squid-users mailing list
On 2024-07-12 12:14, Ben Toms wrote:
Which log should those be found?
cache.log (if they are present)
Can’t see “HTTP Server RESPONSE” in the access.log or cache.log.
Sigh. This is one of the reasons I avoid asking folks to study logs
themselves, even ALL,2 logs...
If that line is not
On 2024-07-12 11:18, Brian Cook wrote:
Picking up squid again and trying to look at what's going on inside..
Squid on OpenWRT.. wanted to look at mgr:info for file desc, etc..
trying to access the cachemgr.cgi.. as this looks like the new squidclient
FWIW, I do not recommend using
Sorry that test was on the 5.8 version I am using that boot environment right
now. All others were on 6.6 does 6.6 support no IP port combo?
Sent from my iPhone
> On Jul 12, 2024, at 09:16, Jonathan Lee wrote:
>
> tested with removal of IP and port failed If I leave port I get this
>
>
Per your subject question "cachemgr.cgi isn't mgr:info ?"
Correct.
cachemgr.cgi is an old tool to access multiple proxies manager reports.
"mgr:info" is a command line parameter for the squidclient tool to
access a proxies "info" manager report.
Also, commonly used shorthand in Squid
tested with removal of IP and port failed If I leave port I get this
2024/07/12 09:15:17| Processing: http_port :3128 intercept ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=20MB
cert=/usr/local/etc/squid/serverkey.pem
cafile=/usr/local/share/certs/ca-root-nss.crt
Hi Alex,
Which log should those be found?
Can’t see “HTTP Server RESPONSE” in the access.log or cache.log.
Regards,
Ben.
From: squid-users on behalf of Alex
Rousskov
Date: Friday, 12 July 2024 at 17:11
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] TCP_MISS_ABORTED/502
On
On 2024-07-12 11:38, Ben Toms wrote:
Think I made the changes Alex requested:
12/Jul/2024:15:36:31 +.640 local.server.ip TCP_MISS_ABORTED/502 3974
GET https://local.server.fqdn/path/to/file -
FIRSTUP_PARENT/public.ip.of.public.server text/html
ERR_READ_ERROR/WITH_SERVER
Thank you for
Thanks I fixed the firewall rules, I am trying tproxy and it seems to help with
speed right now.
Sent from my iPhone
> On Jul 12, 2024, at 04:57, Amos Jeffries wrote:
>
> On 12/07/24 11:50, Jonathan Lee wrote:
>>> I recommend changing your main port to this:
>>>
>>> http_port 3128
Think I made the changes Alex requested:
12/Jul/2024:15:36:31 +.640 local.server.ip TCP_MISS_ABORTED/502 3974 GET
https://local.server.fqdn/path/to/file -
FIRSTUP_PARENT/public.ip.of.public.server text/html ERR_READ_ERROR/WITH_SERVER
Regards,
Ben.
From: Ben Toms
Date: Friday, 12 July
Picking up squid again and trying to look at what's going on inside..
Squid on OpenWRT.. wanted to look at mgr:info for file desc, etc..
trying to access the cachemgr.cgi.. as this looks like the new squidclient
Wasn't working etc..
..
debug_options ALL,2
cache_log /tmp/squid_cache.log
..
Logs below:
--
2024/07/12 14:57:08.678 kid1| 11,2| http.cc(1263) readReply: conn17
local=squid.cache.ip:42848 remote=public.ip.of.public.server:443 FIRSTUP_PARENT
FD 14 flags=1: read failure: (0) No error.
2024/07/12 14:57:08.678 kid1| 11,2| Stream.cc(273) sendStartOfMessage: HTTP
On 13/07/24 01:52, Alex Rousskov wrote:
On 2024-07-12 08:06, Ben Toms wrote:
Seems that my issue is similar to -
https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication
You are facing up to two problems:
1. Some authenticated responses are not cachable by
On 2024-07-12 08:06, Ben Toms wrote:
Seems that my issue is similar to -
https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication
You are facing up to two problems:
1. Some authenticated responses are not cachable by Squid. Please share
HTTP headers of the
On 2024-07-12 06:58, paolo.pr...@gmail.com wrote:
We are having some stability issues with our squid farms after a recent
upgrade from Centos/Squid 3.5.x to Ubuntu/Squid 5.7/6.9.
In short, after running for a certain period the servers run out of file
descriptors. We see a slowly growing
Thanks. We have limits set at 100K, squid can easily reach that. The problem is
that the number of FD in use keeps increasing. A workaround is to restart squid
every time it goes over a certain value, but it’s not really a solution. In the
same situation, with centos and squid 3.5, we seldom
Seems that my issue is similar to -
https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication
Regards,
Ben.
From: Ben Toms
Date: Friday, 12 July 2024 at 12:07
To: squid-users@lists.squid-cache.org
Subject: Re: TCP_MISS_ABORTED/502
To test, I changed the parent
Hi,
I my setup (also ubuntu) I have made these changes :
root@proxy: # cat /etc/security/limits.d/squid.conf
squidsoftnofile 64000
squidhardnofile 65500
root@proxy: # cat /etc/squid/squid.conf | grep max_file
max_filedesc 64000
This force the system limits for squid
On 12/07/24 11:50, Jonathan Lee wrote:
I recommend changing your main port to this:
http_port 3128 ssl-bump
This is set to this when it processes
http_port 192.168.1.1:3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=20MB cert=/usr/local/etc/squid/serverkey.pem
To test, I changed the parent url to my blog.. and was able to download an item
there via squid-cache.. so the issue seems to be when downloading from a parent
which requires authentication.
Regards,
Ben.
From: Ben Toms
Date: Friday, 12 July 2024 at 10:29
To:
Hello, apologies in advance for the silly question.
We are having some stability issues with our squid farms after a recent upgrade
from Centos/Squid 3.5.x to Ubuntu/Squid 5.7/6.9. I wonder if anyone here has
seen something similar, and might have some suggestion about what we are
obviously
1 - 100 of 112909 matches
Mail list logo
