On 22/2/22 9:45 μ.μ., Eliezer Croitoru wrote:
Just To mention that once Squid is not splicing the connection it would have
full control in the URL level.
Exactly.
For many HTTP2 sites the SNI does not provide enough info for
splicing/bumping decision.
The google sites is one of them. You
Hi Ben,
When HTTP/2 is used, requests for two different domains may served using
the same TLS connection if both domains are served from the same remote
server and use the same TLS certificate.
There is a description here:
https://daniel.haxx.se/blog/2016/08/18/http2-connection-coalescing/
Hi Vieri,
I attached a patch to bug5084 which may help us to debug the issue:
https://bugs.squid-cache.org/attachment.cgi?id=3772
The patch is for squid-v5 and produces debug messages at debug level 1.
Regards,
Christos
On 17/10/20 11:36 μ.μ., Alex Rousskov wrote:
On 10/16/20 11:58
On 11/16/2015 08:00 AM, Eugene M. Zheganin wrote:
Hi.
On 16.11.2015 00:14, Yuri Voinov wrote:
It's common knowledge. Squid is unable to pass an unknown protocol on
the standard port. Consequently, the ability to proxy this protocol does
not exist.
If it was simply a tunneling ... It is not
On 11/04/2015 08:34 AM, Murat K wrote:
Hi guys,
please can someone tell me if it is possible to send url category info
from c-icap to squid access log?
The ICAP response headers can be logged using the "adapt::
Hi Steve,
We have similar crashes.
I created a new bug report in squid bugzilla (I did not found any other
similar report), using your stack trace:
http://bugs.squid-cache.org/show_bug.cgi?id=4238
Also I attached a patch here, which probably fixes this problem. Can you
please test it?
On 11/04/2014 02:26 PM, James Lay wrote:
Thanks a bunch Christos,
That list of IP's is things like apple.com, textnow.me, and windows
updates...IP's that simply don't bump well. My setup is a linux box
that's a router...one NIC internal IP, the other external IP. Via
iptables redirect, I'm
On 10/30/2014 02:06 PM, James Lay wrote:
Hello all,
Here is my complete config for trying out peek/splice. This currently
does not work..is there something obvious that I'm mission? Current
error is:
Oct 30 06:03:14 gateway squid: 192.168.1.110 - - [30/Oct/2014:06:03:14
-0600] GET
A patch for this bug attached to 4102 bug report.
Please test it and report any problem.
Regards,
Christos
On 10/16/2014 12:14 PM, Amm wrote:
On 10/16/2014 02:35 PM, Jason Haar wrote:
On 16/10/14 20:54, Jason Haar wrote:
I also checked the ssl_db/certs dir and
removed the facebook
On 03/06/2013 06:15 AM, Amm wrote:
On 03/04/2013 10:11 PM, Amm wrote:
# Let user specify domains to avoid decrypting, such as internet
banking
acl bump-bypass dstdomain .commbank.com.au
ssl_bump none bump-bypass
ssl_bump server-first all
This will not work for intercepting
On 01/06/2012 01:46 PM, alex sharaz wrote:
Squid 3.2.0.14 snapshot
2012/01/06 11:29:46 kid7| Accepting HTTP Socket connections at
local=150.237.85.249:3128 remote=[::] FD 9 flags=1
2012/01/06 11:29:46 kid7| Accepting HTTP Socket connections at
local=150.237.85.249:8080 remote=[::] FD
with the error details.
The error details for an SSL error can be customized using the
error-details.txt templates.
MimicSslServerCert: I'll followup separately on that, thanks.
Regards,
Sean
On 21 December 2011 18:02, Christos Tsantilas chris...@chtsanti.net wrote:
On 12/20
regenerated from the template?
If I am not wrong, you should fix them manually..
Opened a bug to track this: http://bugs.squid-cache.org/show_bug.cgi?id=3457
OK.
Sean
On 22 December 2011 14:38, Christos Tsantilas chris...@chtsanti.net wrote:
On 12/22/2011 11:01 AM, Sean Boran wrote:
Thanks
On 12/20/2011 04:34 PM, Sean Boran wrote:
Hi,
sslbump allows me to interrupts ssl connections and run an AV check on them.
It generates a certs for the target domain (via sslcrtd), so that the
users browser sees a server cert signed by the proxy.
If the target domain has a certificate
I am afraid you should fill a bugreport.
Can you please execute the following inside gdb:
(gdb) frame 11
(gdb) print *this
On 07/20/2011 04:09 PM, Ralf Hildebrandt wrote:
I'm running Squid3-HEAD, and got this one crash today:
For bug reporting instructions, please see:
Hi,
The url_check c-icap service supports only reqmod ICAP requests
(Request modification requests). You must not using it with the
respmod_* squid options.
You should remove the following line (and the related icap_access and
icap_class lines):
icap_service service_resp
On 05/11/2011 07:58 PM, Ming Fu wrote:
Hi,
A few questions about sslbump:
1. Can ssl_crtd from different squids on the same hardware shared the same
ssl_crtd certificate cache directory?
Yes
2. If the certificate used to sign the dynamic cert is altered, should the
ssl_db be recreated
Niall O'Cuilinn wrote:
Hi,
I have recently moved from Squid 3.0 to Squid 3.1. I am trying to integrate it
with an ICAP server.
I am having a problem where Squid 3.1 is rejecting some responses from the
ICAP server which Squid 3.0 accepted.
The response in question is a REQMOD response
Hi frax,
On Fri, Feb 05, 2010 at 11:26:48AM +1300, Amos Jeffries wrote:
Of course, and I understand that this list is primarily for pure squid
setups, but my hope was that somebody here had encountered the same
prob, and had a better understanding of c-icap and possibly a
resolution on how
, write your own logging modules or pay someone to do. Please
ask about c-icap in c-icap-users mailing list.
Regards,
Christos
Anuj Singh wrote:
Thanks a lot Christos Tsantilas,
It worked!.
Another thing I want to ask is, I wonder if we can decrase the size of
c-icap logs as well as get
You can use squid acl's to bypass an icap server for certain sites
For example if you have define the icap class class_respmod use
something like the following in your squid.conf file:
acl microsoft dstdomain .microsoft.com
icap_access class_respmod deny microsoft
icap_access class_respmod
Hi Alan,
Alan Lehman wrote:
squid-3.1.0.3 is periodically aborting with 'signal 6'. This system is
running both regular and reverse proxy functions. Any ideas? What is
lost DNS error info?
I think the DNS lookup failed.
Thanks,
Alan
/var/log/messages:
Mar 31 08:19:00 proxy3
da...@davidwbrown.name wrote:
Hello squid users, I have read the ICAP RFC but I cannot see a way to devise a
ICAP query to the Squid server to extract ICAP information. It appears the
squid 3.0.STABLE13 does not communicate with my ICAP server what-so-ever. I
have run ./squid -N -X and the
Hi Thomas,
Thomas Meier wrote:
Hello
just compiled Squid 3.1, but the same error (assertion failed +
tunnelReadServer )
About tunnelReadServer error, I think you can ignore it.
The first reload now after only 3 Minutes.
What kind of trace do you need ??
Is it possible to collect and
Hi Christos,
I installed squid 3.0 stable 9 and with fresh configuration things are
working fine.
Thanks for the patience and support :).
I have one more query. Are we supporting the ICAP response 201 with this
build? I am referring to bud ID 2085 here.
Yes,
201 responses should
Hi Shailesh,
you are giving too little info.
Which is your ICAP server? Are you sure it is not ICAP server
bug/misconfiguration?
If you think it is a squid3 bug please try to:
- enable debug. To enable squid ICAP client debug use the following
line in your squid config file:
Hi Shailesh,
Shailesh Mishra wrote:
Hi ,
I have a SQUID 3.0 installation on Linux acting as a proxy. Everything
was working fine but when I enabled the ICAP service I am unable to
access web pages.
ICAP server here is a scanning software which is running fine and taking
request (checked
Hi All,
Need help on how to configure c-icap to scan http,https and ftp request
Sample virus to test
http://www.eicar.org/download/eicar.com
my configuration is as below
to test my setup I used the above link but it was not scanned for virus
and I was able to downloaded it nothing is
all
The icap_class and icap_access are deprecated but should work too.
--
Christos
//Remy
On Thu, 2008-11-27 at 07:53 -0500, Christos Tsantilas wrote:
Hi All,
Need help on how to configure c-icap to scan http,https and ftp
request
Sample virus to test
http://www.eicar.org
[EMAIL PROTECTED] wrote:
Hi Christos,
I think I have not made my self clear
first of all I don't have icap_class and icap_access in my squid.conf file
since you said
Your configuration should also contain something like the following:
icap_class class_avi service_avi
icap_access
/usr/local/c_icap/var/log/server.log
Thu Nov 27 23:09:48 2008, general, VIRUS DETECTED:Eicar-Test-Signature.
Take action...
//Remy
On Thu, 27 Nov 2008 19:50:16 +0200, Christos Tsantilas
[EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] wrote:
Hi Christos,
I think I have not made my self clear
Hi Remy,
OK so squid use the ICAP server and probably the squid part of your
configuration is OK.
Please look on both squid logs and icap server logs for error messages.
Should exist something in the logs which explains the reason of the error.
Also look in your c-icap configuration. For
Hi Remy,
2nd any idea where am i failing to compile it in ubuntu 8.10
errors
g++ -DHAVE_CONFIG_H -DDEFAULT_CONFIG_FILE=\/etc/squid/squid.conf\ -I.
-I. -I../include -I. -I. -I../include -I../include
-I../lib/libTrie/include -I../lib -I../lib -I/usr/include/libxml2
-Werror
Masaru AKAI wrote:
Hello Mr. Tsantilas Squid Developers,
I reinstall Squid3.0.STABLE8, and changed squid.conf.
#delete adaptation_service_set and adaptation_access
squid.conf(summary)
icap_service service_1 respmod_precache 1
icap://192.168.10.231:1344/interscan
icap_service service_2
Hi,
S.KOBAYASHI wrote:
Dear developer,
I'm using the squid-3.HEAD-20080811, and trying to deliver icap connections
properly as I expected.
It means to activate icap or not by using adaptation_access with ACL.
However, adaptation_access didn't seem worked properly.
Yes this is a squid3-HEAD
Hi,
S.KOBAYASHI wrote:
Hello developer,
I'm trying to use ICAP fail-over function, however it didn't do.
in my tests this thing works well.
icap_service service_1 respmod_precache 0
icap://192.168.10.231:1344/interscan
icap_service service_2 respmod_precache 0
Hi Evan,
I am not seeing any unusual in your logs. From your logs I am seeing
that squid sentv all headers and some body data to the ICAP server.
evan gozali wrote:
Hi, my name is Evan. I'm currently trying to connect an open source ICAP server Poesia
3.5 with Squid 3.0 STABLE4. While
Hi Yuval,
I think this is the bug 1632:
http://www.squid-cache.org/bugs/show_bug.cgi?id=1632
Regards,
Christos
yuval wrote:
Hi All
I am Squid3 newbie and I need some help.
I have web server that require user credentials and therefore reply:
HTTP/1.1 401 Authorization Required\r\n
Amos Jeffries wrote:
Christos Tsantilas wrote:
I think you can safely ignore this error message.
Yes but maybe I might have some problems to convince my customer to
ignore
it! :)
This message can appeared when the squid 3.0 shutdown while the ICAP
subsystem shutdown the ICAP services
Hi Amos,
Christos Tsantilas wrote:
johan firdianto wrote:
dear guys,
I reading in release notes of squid-3.0stable8,
there's note in New Tags section, in ICAP subsection
Note: reqmod_precache and respmod_postcache is not yet implemented
Only reqmod_precache and respmod_precache vectoring
I think you can safely ignore this error message.
Yes but maybe I might have some problems to convince my customer to ignore
it! :)
This message can appeared when the squid 3.0 shutdown while the ICAP
subsystem shutdown the ICAP services and in this case this message can
ignored.
If you
Hi Daniele,
daniele.piaggesi wrote:
Hi guys
i'm quite new in Squid but I have a little problem. This is my situation
I have one parent installation of Squid on one machine on my DMZ net-zone
who will be connected on internet (now it doesn't).
I have one child installation of Squid on another
johan firdianto wrote:
dear guys,
anybody here have done modification request method from POST to GET
using ICAP and squid.
Will work only if the web page designed to handle both GET and POST
requests with the same parameters. Why do you need something like that?
Could put the squid.conf
johan firdianto wrote:
dear guys,
I reading in release notes of squid-3.0stable8,
there's note in New Tags section, in ICAP subsection
Note: reqmod_precache and respmod_postcache is not yet implemented
Only reqmod_precache and respmod_precache vectoring points are currently
implemented in
Hi Jones,
Yu Jones wrote:
I am using Squid 3.0 Stable 7 + ICAP client and GreasySpoon (ICAP server) to
customize the page. It works pretty well in Debian.
However, when I browse the page, which has a form with POST method,the
page will load repeatedly without finishing, such as
Hi Roy,
Roy M. wrote:
I am using Squid as HTTP accelerator, occasally my Squid3 (stable6)
will have error in cache.log, e.g.
Failed to select source for http://www.example.com
But I am sure that the URL is reachable in backend web server, and
sometimes it will immediately followed by an
Hi Marcel,
Try to report the bugs to squid bugzilla:
http://bugs.squid-cache.org/
WITH the related debug info ( core,backtrace, logs, configurations)
Informations about collecting debug info there are here:
Henrik K wrote:
On Mon, Apr 21, 2008 at 12:11:49AM +0200, Henrik Nordstrom wrote:
tor 2008-04-17 klockan 08:02 -0300 skrev Cassiano Martin:
Its a anti-virus proxy wich uses clamav. You can use it together with squid.
Or better yet, if using Squid-3 you can plug clamav directly into Squid
It is again the chunked encoding issue.It is not really a squid3 bug.
Look here:
http://www.squid-cache.org/bugs/show_bug.cgi?id=1148
Here you will find a patch which solves this problem.
This patch already applied in squid3-HEAD.
Regards,
Christos
Using transparent proxy stuff, in
Hi Selvi,
Yes, I had already tried that.
But since, i had heard that Squid 2.6 version had better performance
than Squid 3.0, i would like to try that also as a backup.
Squid 3 is enough fast for most cases. You will not see any difference in
performance unless you have a very-very busy
selvi wrote:
Will c-icap server help me better in this case? Is that suitable for
production use?
I do not know. It depends from what you want to do.
You have to try it :-) !
Regards,
Christos
Hi Selvi,
selvi wrote:
I am using the Python based ICAP Server.
Is the icap-server from the following location?
http://sourceforge.net/projects/icap-server/
I try to use it some months ago with squid3 but I had problems too.
From the debug messages I am seeing that at least one
Hi Bert,
In the case you want this feature, it is not so difficult to apply a
patch and compile the squid3 from sources. In this case I must inform
you that this patch is not enough tested. But maybe you want to test it
and inform the mailing list how works. And if there is a problem squid3
The problem is that the server responds with chunked encoding response.
It is not squid3.0 bug but http server bug. The server should not
respond with such response to an HTTP 1.0 request.
The related entry in squid3 bugzila is the bug#1148:
Hi Selvi,
selvi wrote:
Hello All,
I am in the process of integrating squid-3.0.STABLE1 with Python based
ICAP Server. Here, i am not able to get the response modification.
Is it a custom ICAP server?
ICAP related configurations given are:
icap_enable on
icap_send_client_ip on
Hi,
Uto Cen wrote:
Hi,
I#65533;ve recently upgraded to Squid 3.0.STABLE1 with coss and aufs.
If I am not wrong, the coss is marked as experimental in Squid 3.0 and
should not used in production systems.
Also it is under discussion if coss will be included in the 3.1 release
or not:
Hi Ralf,
You should also define the
auth_param digest realm An realm for my Squid3 Caching proxy
to enable digest authentication.
In squid3 there is not default value for the realm
Regards,
Christos
PS. Sorry for the duplicated mail
And another problem :)
auth_param digest program
Hi Thomas,
ThomasSimon wrote:
Hi All
I have installed icap on a Mandriva 2007 server with squid.
But i get an error in the server.log file as follows,
Mon Dec 10 08:05:52 2007, general, Can not open temporary filename:
/var/www/html/icap/downloads/update.ver
Mon Dec 10 08:06:36 2007,
Hi John,
both ICAP patch for squid2 and squid3 are in beta state.
Nobody works on ICAP patch for squid2 any more. In the other hand squid3
is actively developed,the bugs fixed and is not so bad. Moreover the
squid3 ICAP client is better than ICAP patch for squid2 in many aspects
(design,features,
Hi Matus,
On 25.10.07 21:04, Christos Tsantilas wrote:
The ICAP patch for squid2 is outdated.
outdated in what way?
There is not squid developer who continue the development for this patch.
The patch as is maybe can applied to squid2-HEAD but it can not applied as
is to squid-2.6
Hi John,
The ICAP patch for squid2 is outdated.
Squid3 has support for ICAP protocol use squid3 instead.
Regards,
Christos
John Mok wrote:
Hi,
I am using squid 2.6 STABLE16 running on Ubuntu 6.06 LTS. I would like
to enable ICAP support. Is there is any patch for squid 2.6 STABLE16?
Hi Brian,
Are you using the cache created by squid2.6 with squid3?
The squid 3.0 before release PRE7 has problems using caches created with
squid2.6.
The squid-3.0.RC1 is supposed to be compatible with caches created with
squid2.6, and also has many bug fixes.
Regards,
Christos
Brian J.
Hi Sekar,
Sekar wrote:
Hello All,
I have a problem when i run the squid-3.0.RC1-20071003.tar.gz with c-icap.
Possibly it is a configuration problem.
I have downloaded the c-icap from
http://downloads.sourceforge.net/c-icap/c_icap-180407.tar.gz
I ran the c-icap with default
Hi,
Works very well for me. How are you testing it?
Maybe the problem is repeated ICAP service failures. In this case squid
stops using the service.
if you change the line:
icap_service service_2 respmod_precache 0 .
to
icap_service service_2 respmod_precache 1 .
What are you seeing?
Hi Shailesh,
Do you know any product which using these type of responses?
I think the best is to fill a bug report here:
http://www.squid-cache.org/bugs/
Regards,
Christos
Hi,
I got to know that only ICAP responses 100, 200 and 204 are supported.
Any idea when the responses 201 will be
Hi Henrik,
I was hoping you remembered... but it was a couple of years since your
squid-2.5 icap change the comment refers to...
http://devel.squid-cache.org/changesets/squid/patches/7021.patch
Yep, true...
I remembered 201 responses but not exactly why they needed ...
Symantec scan engine
Hi,
Hi Henrik,
For a AV scenario where any anti-virus solution scans a repairable file
and repairs it , the file is not returned to the client as the ICAP
response for this case is 201 which is not understood by squid. Whereas it
works fine if AV solution is configured for not repairing the
Hi Shailesh,
The squid icap client before start using an ICAP server sends an OPTIONS
request to this server to retrieve some information about this server
(eg if previews supported, which file types must send etc). If the
server does not respond correctly, the squid icap client will not use
Hi Shailesh,
Can you provide me with some more details to examine the Squid/ICAP
negotiation?
You can use tcpdump (or better wireshark) to examine squid/ICAP
negotiation. Look Henriks notes about tcpdump usage here:
http://marc.info/?l=squid-usersm=118936426216901w=2
Maybe you can post some
Hi Shailesh,
Shailesh Mishra wrote:
http://www.squid-cache.org/Versions/v3/3.0/ . After executing the
command in the following manner:-
1) ./configure -enable-icap-support
To enable icap support for squid3 use the --enable-icap-client
command line parameter:
./configure
Hi Lars,
Hi there,
..
I set up the combo Squid3 and c-icap and it works for most. However, I
get a couple of ICAP protocol errors during downloads.
The version of squid3 you are using is about 10 months old, please
upgrade to a newer version:
71 matches
Mail list logo