Re: [squid-users] Splice certain SNIs which served by the same IP

On 22/2/22 9:45 μ.μ., Eliezer Croitoru wrote: Just To mention that once Squid is not splicing the connection it would have full control in the URL level. Exactly. For many HTTP2 sites the SNI does not provide enough info for splicing/bumping decision. The google sites is one of them. You

Re: [squid-users] Splice certain SNIs which served by the same IP

Hi Ben, When HTTP/2 is used, requests for two different domains may served using the same TLS connection if both domains are served from the same remote server and use the same TLS certificate. There is a description here: https://daniel.haxx.se/blog/2016/08/18/http2-connection-coalescing/

Re: [squid-users] websockets through Squid

Hi Vieri, I attached a patch to bug5084 which may help us to debug the issue: https://bugs.squid-cache.org/attachment.cgi?id=3772 The patch is for squid-v5 and produces debug messages at debug level 1. Regards, Christos On 17/10/20 11:36 μ.μ., Alex Rousskov wrote: On 10/16/20 11:58

Re: [squid-users] sslBump adventures in enterprise production environment

On 11/16/2015 08:00 AM, Eugene M. Zheganin wrote: Hi. On 16.11.2015 00:14, Yuri Voinov wrote: It's common knowledge. Squid is unable to pass an unknown protocol on the standard port. Consequently, the ability to proxy this protocol does not exist. If it was simply a tunneling ... It is not

Re: [squid-users] how to get c-icap url category from squid access lo

On 11/04/2015 08:34 AM, Murat K wrote: Hi guys, please can someone tell me if it is possible to send url category info from c-icap to squid access log? The ICAP response headers can be logged using the "adapt::

Re: [squid-users] Assert(call-dialer.handler == callback)

Hi Steve, We have similar crashes. I created a new bug report in squid bugzilla (I did not found any other similar report), using your stack trace: http://bugs.squid-cache.org/show_bug.cgi?id=4238 Also I attached a patch here, which probably fixes this problem. Can you please test it?

Re: [squid-users] Correctly implementing peak-splice

On 11/04/2014 02:26 PM, James Lay wrote: Thanks a bunch Christos, That list of IP's is things like apple.com, textnow.me, and windows updates...IP's that simply don't bump well. My setup is a linux box that's a router...one NIC internal IP, the other external IP. Via iptables redirect, I'm

Re: [squid-users] Correctly implementing peak-splice

On 10/30/2014 02:06 PM, James Lay wrote: Hello all, Here is my complete config for trying out peek/splice. This currently does not work..is there something obvious that I'm mission? Current error is: Oct 30 06:03:14 gateway squid: 192.168.1.110 - - [30/Oct/2014:06:03:14 -0600] GET

Re: [squid-users] squid-3.4.8 sslbump breaks facebook

A patch for this bug attached to 4102 bug report. Please test it and report any problem. Regards, Christos On 10/16/2014 12:14 PM, Amm wrote: On 10/16/2014 02:35 PM, Jason Haar wrote: On 16/10/14 20:54, Jason Haar wrote: I also checked the ssl_db/certs dir and removed the facebook

Re: [squid-users] Bypassing SSL Bump for dstdomain

On 03/06/2013 06:15 AM, Amm wrote: On 03/04/2013 10:11 PM, Amm wrote: # Let user specify domains to avoid decrypting, such as internet banking acl bump-bypass dstdomain .commbank.com.au ssl_bump none bump-bypass ssl_bump server-first all This will not work for intercepting

Re: [squid-users] squid 3.2 URL too large Segment violation

On 01/06/2012 01:46 PM, alex sharaz wrote: Squid 3.2.0.14 snapshot 2012/01/06 11:29:46 kid7| Accepting HTTP Socket connections at local=150.237.85.249:3128 remote=[::] FD 9 flags=1 2012/01/06 11:29:46 kid7| Accepting HTTP Socket connections at local=150.237.85.249:8080 remote=[::] FD

Re: Fwd: [squid-users] stopping sslbump to domains with invalid or unsigned certs

with the error details. The error details for an SSL error can be customized using the error-details.txt templates. MimicSslServerCert: I'll followup separately on that, thanks. Regards, Sean On 21 December 2011 18:02, Christos Tsantilas chris...@chtsanti.net wrote: On 12/20

Re: Fwd: [squid-users] stopping sslbump to domains with invalid or unsigned certs

regenerated from the template? If I am not wrong, you should fix them manually.. Opened a bug to track this: http://bugs.squid-cache.org/show_bug.cgi?id=3457 OK. Sean On 22 December 2011 14:38, Christos Tsantilas chris...@chtsanti.net wrote: On 12/22/2011 11:01 AM, Sean Boran wrote: Thanks

Re: [squid-users] stopping sslbump to domains with invalid or unsigned certs

On 12/20/2011 04:34 PM, Sean Boran wrote: Hi, sslbump allows me to interrupts ssl connections and run an AV check on them. It generates a certs for the target domain (via sslcrtd), so that the users browser sees a server cert signed by the proxy. If the target domain has a certificate

Re: [squid-users] Squid3-HEAD crash (SIGABRT)

I am afraid you should fill a bugreport. Can you please execute the following inside gdb: (gdb) frame 11 (gdb) print *this On 07/20/2011 04:09 PM, Ralf Hildebrandt wrote: I'm running Squid3-HEAD, and got this one crash today: For bug reporting instructions, please see:

Re: [squid-users] squid+c-icap+check_url FAILED

Hi, The url_check c-icap service supports only reqmod ICAP requests (Request modification requests). You must not using it with the respmod_* squid options. You should remove the following line (and the related icap_access and icap_class lines): icap_service service_resp

Re: [squid-users] squid ssl certificate db for ssl_bump

On 05/11/2011 07:58 PM, Ming Fu wrote: Hi, A few questions about sslbump: 1. Can ssl_crtd from different squids on the same hardware shared the same ssl_crtd certificate cache directory? Yes 2. If the certificate used to sign the dynamic cert is altered, should the ssl_db be recreated

Re: [squid-users] Squid 3.1 ICAP Issue with REQMOD 302

Niall O'Cuilinn wrote: Hi, I have recently moved from Squid 3.0 to Squid 3.1. I am trying to integrate it with an ICAP server. I am having a problem where Squid 3.1 is rejecting some responses from the ICAP server which Squid 3.0 accepted. The response in question is a REQMOD response

Re: [squid-users] c-icap + squid 3.0, StartSendPercentDataAfter lets viruses through

Hi frax, On Fri, Feb 05, 2010 at 11:26:48AM +1300, Amos Jeffries wrote: Of course, and I understand that this list is primarily for pure squid setups, but my hope was that somebody here had encountered the same prob, and had a better understanding of c-icap and possibly a resolution on how

Re: [squid-users] windows update problem, c-icap+squid+dansguardian

, write your own logging modules or pay someone to do. Please ask about c-icap in c-icap-users mailing list. Regards, Christos Anuj Singh wrote: Thanks a lot Christos Tsantilas, It worked!. Another thing I want to ask is, I wonder if we can decrase the size of c-icap logs as well as get

Re: [squid-users] windows update problem, c-icap+squid+dansguardian

You can use squid acl's to bypass an icap server for certain sites For example if you have define the icap class class_respmod use something like the following in your squid.conf file: acl microsoft dstdomain .microsoft.com icap_access class_respmod deny microsoft icap_access class_respmod

Re: [squid-users] 3.1.0.3 aborting

Hi Alan, Alan Lehman wrote: squid-3.1.0.3 is periodically aborting with 'signal 6'. This system is running both regular and reverse proxy functions. Any ideas? What is lost DNS error info? I think the DNS lookup failed. Thanks, Alan /var/log/messages: Mar 31 08:19:00 proxy3

Re: [squid-users] Can squidclient ping or query Squid for ICAP configuration? RESPMOD REQMOQ or service vector?

da...@davidwbrown.name wrote: Hello squid users, I have read the ICAP RFC but I cannot see a way to devise a ICAP query to the Squid server to extract ICAP information. It appears the squid 3.0.STABLE13 does not communicate with my ICAP server what-so-ever. I have run ./squid -N -X and the

Re: [squid-users] Squid reload -- assertion failed: store_client.cc:

Hi Thomas, Thomas Meier wrote: Hello just compiled Squid 3.1, but the same error (assertion failed + tunnelReadServer ) About tunnelReadServer error, I think you can ignore it. The first reload now after only 3 Minutes. What kind of trace do you need ?? Is it possible to collect and

RE: [squid-users] Problem accessing web with ICAP enabled.

Hi Christos, I installed squid 3.0 stable 9 and with fresh configuration things are working fine. Thanks for the patience and support :). I have one more query. Are we supporting the ICAP response 201 with this build? I am referring to bud ID 2085 here. Yes, 201 responses should

Re: [squid-users] Problem accessing web with ICAP enabled.

Hi Shailesh, you are giving too little info. Which is your ICAP server? Are you sure it is not ICAP server bug/misconfiguration? If you think it is a squid3 bug please try to: - enable debug. To enable squid ICAP client debug use the following line in your squid config file:

Re: [squid-users] Problem accessing web with ICAP enabled.

Hi Shailesh, Shailesh Mishra wrote: Hi , I have a SQUID 3.0 installation on Linux acting as a proxy. Everything was working fine but when I enabled the ICAP service I am unable to access web pages. ICAP server here is a scanning software which is running fine and taking request (checked

Re: [squid-users] ICAP help

Hi All, Need help on how to configure c-icap to scan http,https and ftp request Sample virus to test http://www.eicar.org/download/eicar.com my configuration is as below to test my setup I used the above link but it was not scanned for virus and I was able to downloaded it nothing is

Re: [squid-users] ICAP help

all The icap_class and icap_access are deprecated but should work too. -- Christos //Remy On Thu, 2008-11-27 at 07:53 -0500, Christos Tsantilas wrote: Hi All, Need help on how to configure c-icap to scan http,https and ftp request Sample virus to test http://www.eicar.org

Re: [squid-users] ICAP help

[EMAIL PROTECTED] wrote: Hi Christos, I think I have not made my self clear first of all I don't have icap_class and icap_access in my squid.conf file since you said Your configuration should also contain something like the following: icap_class class_avi service_avi icap_access

Re: [squid-users] ICAP help

/usr/local/c_icap/var/log/server.log Thu Nov 27 23:09:48 2008, general, VIRUS DETECTED:Eicar-Test-Signature. Take action... //Remy On Thu, 27 Nov 2008 19:50:16 +0200, Christos Tsantilas [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: Hi Christos, I think I have not made my self clear

Re: [squid-users] ICAP help

Hi Remy, OK so squid use the ICAP server and probably the squid part of your configuration is OK. Please look on both squid logs and icap server logs for error messages. Should exist something in the logs which explains the reason of the error. Also look in your c-icap configuration. For

Re: [squid-users] compilation errors on rhel 5

Hi Remy, 2nd any idea where am i failing to compile it in ubuntu 8.10 errors g++ -DHAVE_CONFIG_H -DDEFAULT_CONFIG_FILE=\/etc/squid/squid.conf\ -I. -I. -I../include -I. -I. -I../include -I../include -I../lib/libTrie/include -I../lib -I../lib -I/usr/include/libxml2 -Werror

Re: [squid-users] Can't controle adaptation_access properly in ICAP.

Masaru AKAI wrote: Hello Mr. Tsantilas Squid Developers, I reinstall Squid3.0.STABLE8, and changed squid.conf. #delete adaptation_service_set and adaptation_access squid.conf(summary) icap_service service_1 respmod_precache 1 icap://192.168.10.231:1344/interscan icap_service service_2

Re: [squid-users] Can't controle adaptation_access properly in ICAP.

Hi, S.KOBAYASHI wrote: Dear developer, I'm using the squid-3.HEAD-20080811, and trying to deliver icap connections properly as I expected. It means to activate icap or not by using adaptation_access with ACL. However, adaptation_access didn't seem worked properly. Yes this is a squid3-HEAD

Re: [squid-users] Can't treat fail-over function in ICAP

Hi, S.KOBAYASHI wrote: Hello developer, I'm trying to use ICAP fail-over function, however it didn't do. in my tests this thing works well. icap_service service_1 respmod_precache 0 icap://192.168.10.231:1344/interscan icap_service service_2 respmod_precache 0

Re: [squid-users] Help: ICAP problem

Hi Evan, I am not seeing any unusual in your logs. From your logs I am seeing that squid sentv all headers and some body data to the ICAP server. evan gozali wrote: Hi, my name is Evan. I'm currently trying to connect an open source ICAP server Poesia 3.5 with Squid 3.0 STABLE4. While

Re: [squid-users] WWW-Authenticate

Hi Yuval, I think this is the bug 1632: http://www.squid-cache.org/bugs/show_bug.cgi?id=1632 Regards, Christos yuval wrote: Hi All I am Squid3 newbie and I need some help. I have web server that require user credentials and therefore reply: HTTP/1.1 401 Authorization Required\r\n

Re: [squid-users] Problems with ICAP and parent-child configuration

Amos Jeffries wrote: Christos Tsantilas wrote: I think you can safely ignore this error message. Yes but maybe I might have some problems to convince my customer to ignore it! :) This message can appeared when the squid 3.0 shutdown while the ICAP subsystem shutdown the ICAP services

Re: [squid-users] reqmod_precache and respmod_postcache is not yet implemented in SQUID3stable8 ?

Hi Amos, Christos Tsantilas wrote: johan firdianto wrote: dear guys, I reading in release notes of squid-3.0stable8, there's note in New Tags section, in ICAP subsection Note: reqmod_precache and respmod_postcache is not yet implemented Only reqmod_precache and respmod_precache vectoring

Re: [squid-users] Problems with ICAP and parent-child configuration

I think you can safely ignore this error message. Yes but maybe I might have some problems to convince my customer to ignore it! :) This message can appeared when the squid 3.0 shutdown while the ICAP subsystem shutdown the ICAP services and in this case this message can ignored. If you

Re: [squid-users] Problems with ICAP and parent-child configuration

Hi Daniele, daniele.piaggesi wrote: Hi guys i'm quite new in Squid but I have a little problem. This is my situation I have one parent installation of Squid on one machine on my DMZ net-zone who will be connected on internet (now it doesn't). I have one child installation of Squid on another

Re: [squid-users] change method POST to GET using ICAP

johan firdianto wrote: dear guys, anybody here have done modification request method from POST to GET using ICAP and squid. Will work only if the web page designed to handle both GET and POST requests with the same parameters. Why do you need something like that? Could put the squid.conf

Re: [squid-users] reqmod_precache and respmod_postcache is not yet implemented in SQUID3stable8 ?

johan firdianto wrote: dear guys, I reading in release notes of squid-3.0stable8, there's note in New Tags section, in ICAP subsection Note: reqmod_precache and respmod_postcache is not yet implemented Only reqmod_precache and respmod_precache vectoring points are currently implemented in

Re: [squid-users] Need help with POST problem in Squid 3.0 + ICAP client

Hi Jones, Yu Jones wrote: I am using Squid 3.0 Stable 7 + ICAP client and GreasySpoon (ICAP server) to customize the page. It works pretty well in Debian. However, when I browse the page, which has a form with POST method,the page will load repeatedly without finishing, such as

Re: [squid-users] Failed to select source for ...assert failure...

Hi Roy, Roy M. wrote: I am using Squid as HTTP accelerator, occasally my Squid3 (stable6) will have error in cache.log, e.g. Failed to select source for http://www.example.com But I am sure that the URL is reachable in backend web server, and sometimes it will immediately followed by an

Re: [squid-users] Squid 3.0Stable5 ESI and a lot of crashes

Hi Marcel, Try to report the bugs to squid bugzilla: http://bugs.squid-cache.org/ WITH the related debug info ( core,backtrace, logs, configurations) Informations about collecting debug info there are here:

Re: [squid-users] how to check virus using squid

Henrik K wrote: On Mon, Apr 21, 2008 at 12:11:49AM +0200, Henrik Nordstrom wrote: tor 2008-04-17 klockan 08:02 -0300 skrev Cassiano Martin: Its a anti-virus proxy wich uses clamav. You can use it together with squid. Or better yet, if using Squid-3 you can plug clamav directly into Squid

RE: [squid-users] cache seems to fail - live.com and evga.com

It is again the chunked encoding issue.It is not really a squid3 bug. Look here: http://www.squid-cache.org/bugs/show_bug.cgi?id=1148 Here you will find a patch which solves this problem. This patch already applied in squid3-HEAD. Regards, Christos Using transparent proxy stuff, in

Re: [squid-users] Patching Squid 2.6 icap patch with Squid-2.6.STABLE10 - problem

Hi Selvi, Yes, I had already tried that. But since, i had heard that Squid 2.6 version had better performance than Squid 3.0, i would like to try that also as a backup. Squid 3 is enough fast for most cases. You will not see any difference in performance unless you have a very-very busy

Re: [squid-users] Problem with Squid-3.0.STABLE1 and ICAP

selvi wrote: Will c-icap server help me better in this case? Is that suitable for production use? I do not know. It depends from what you want to do. You have to try it :-) ! Regards, Christos

Re: [squid-users] Problem with Squid-3.0.STABLE1 and ICAP

Hi Selvi, selvi wrote: I am using the Python based ICAP Server. Is the icap-server from the following location? http://sourceforge.net/projects/icap-server/ I try to use it some months ago with squid3 but I had problems too. From the debug messages I am seeing that at least one

Re: [squid-users] Re: IMPORTANT: Problems with Squid 2.6.17 and ICAP using Kaspersky HTTTP Proxy for Squid

Hi Bert, In the case you want this feature, it is not so difficult to apply a patch and compile the squid3 from sources. In this case I must inform you that this patch is not enough tested. But maybe you want to test it and inform the mailing list how works. And if there is a problem squid3

Re: [squid-users] Re: Re: Re: WMP 11 Album info not working under Squid3-STABLE1

The problem is that the server responds with chunked encoding response. It is not squid3.0 bug but http server bug. The server should not respond with such response to an HTTP 1.0 request. The related entry in squid3 bugzila is the bug#1148:

Re: [squid-users] Problem with Squid-3.0.STABLE1 and ICAP

Hi Selvi, selvi wrote: Hello All, I am in the process of integrating squid-3.0.STABLE1 with Python based ICAP Server. Here, i am not able to get the response modification. Is it a custom ICAP server? ICAP related configurations given are: icap_enable on icap_send_client_ip on

Re: [squid-users] Squid-3.0.STABLE1 dies repeatedly

Hi, Uto Cen wrote: Hi, I#65533;ve recently upgraded to Squid 3.0.STABLE1 with coss and aufs. If I am not wrong, the coss is marked as experimental in Squid 3.0 and should not used in production systems. Also it is under discussion if coss will be included in the 3.1 release or not:

Re: [squid-users] squid-3 problem with auth_param digest

Hi Ralf, You should also define the auth_param digest realm An realm for my Squid3 Caching proxy to enable digest authentication. In squid3 there is not default value for the realm Regards, Christos PS. Sorry for the duplicated mail And another problem :) auth_param digest program

Re: [squid-users] c-icap error

Hi Thomas, ThomasSimon wrote: Hi All I have installed icap on a Mandriva 2007 server with squid. But i get an error in the server.log file as follows, Mon Dec 10 08:05:52 2007, general, Can not open temporary filename: /var/www/html/icap/downloads/update.ver Mon Dec 10 08:06:36 2007,

Re: [squid-users] squid3 WindowsUpdate failed

Hi John, both ICAP patch for squid2 and squid3 are in beta state. Nobody works on ICAP patch for squid2 any more. In the other hand squid3 is actively developed,the bugs fixed and is not so bad. Moreover the squid3 ICAP client is better than ICAP patch for squid2 in many aspects (design,features,

Re: [squid-users] ICAP patch for squid 2.6 STABLE16

Hi Matus, On 25.10.07 21:04, Christos Tsantilas wrote: The ICAP patch for squid2 is outdated. outdated in what way? There is not squid developer who continue the development for this patch. The patch as is maybe can applied to squid2-HEAD but it can not applied as is to squid-2.6

Re: [squid-users] ICAP patch for squid 2.6 STABLE16

Hi John, The ICAP patch for squid2 is outdated. Squid3 has support for ICAP protocol use squid3 instead. Regards, Christos John Mok wrote: Hi, I am using squid 2.6 STABLE16 running on Ubuntu 6.06 LTS. I would like to enable ICAP support. Is there is any patch for squid 2.6 STABLE16?

Re: [squid-users] upgrade to squid3:

Hi Brian, Are you using the cache created by squid2.6 with squid3? The squid 3.0 before release PRE7 has problems using caches created with squid2.6. The squid-3.0.RC1 is supposed to be compatible with caches created with squid2.6, and also has many bug fixes. Regards, Christos Brian J.

Re: [squid-users] Problem in squid-3.0.RC1-20071003.tar.gz with c-icap.

Hi Sekar, Sekar wrote: Hello All, I have a problem when i run the squid-3.0.RC1-20071003.tar.gz with c-icap. Possibly it is a configuration problem. I have downloaded the c-icap from http://downloads.sourceforge.net/c-icap/c_icap-180407.tar.gz I ran the c-icap with default

Re: [squid-users] ICAP - not sending Respmod

Hi, Works very well for me. How are you testing it? Maybe the problem is repeated ICAP service failures. In this case squid stops using the service. if you change the line: icap_service service_2 respmod_precache 0 . to icap_service service_2 respmod_precache 1 . What are you seeing?

Re: [squid-users] Squid 3.0 ICAP response codes.

Hi Shailesh, Do you know any product which using these type of responses? I think the best is to fill a bug report here: http://www.squid-cache.org/bugs/ Regards, Christos Hi, I got to know that only ICAP responses 100, 200 and 204 are supported. Any idea when the responses 201 will be

Re: [squid-users] Squid 3.0 ICAP response codes.

Hi Henrik, I was hoping you remembered... but it was a couple of years since your squid-2.5 icap change the comment refers to... http://devel.squid-cache.org/changesets/squid/patches/7021.patch Yep, true... I remembered 201 responses but not exactly why they needed ... Symantec scan engine

RE: [squid-users] Squid 3.0 ICAP response codes.

Hi, Hi Henrik, For a AV scenario where any anti-virus solution scans a repairable file and repairs it , the file is not returned to the client as the ICAP response for this case is 201 which is not understood by squid. Whereas it works fine if AV solution is configured for not repairing the

RE: [squid-users] Configuring ICAP with Squid 3.0 Pre7

Hi Shailesh, The squid icap client before start using an ICAP server sends an OPTIONS request to this server to retrieve some information about this server (eg if previews supported, which file types must send etc). If the server does not respond correctly, the squid icap client will not use

RE: [squid-users] Configuring ICAP with Squid 3.0 Pre7

Hi Shailesh, Can you provide me with some more details to examine the Squid/ICAP negotiation? You can use tcpdump (or better wireshark) to examine squid/ICAP negotiation. Look Henriks notes about tcpdump usage here: http://marc.info/?l=squid-usersm=118936426216901w=2 Maybe you can post some

Re: [squid-users] Configuring ICAP with Squid 3.0 Pre7

Hi Shailesh, Shailesh Mishra wrote: http://www.squid-cache.org/Versions/v3/3.0/ . After executing the command in the following manner:- 1) ./configure -enable-icap-support To enable icap support for squid3 use the --enable-icap-client command line parameter: ./configure

Re: [squid-users] Squid3 and c-icap

Hi Lars, Hi there, .. I set up the combo Squid3 and c-icap and it works for most. However, I get a couple of ICAP protocol errors during downloads. The version of squid3 you are using is about 10 months old, please upgrade to a newer version: