of squidguard, i stored all blacklists DB
to a memory fs (mfs) this improve massively squidguard performance
I have wrote an article to improve squid perfs on OpenBSD:
http://www.unix-experience.fr/2013/monter-un-proxy-cache-performant-avec-squid-et-openbsd/
--
Best regards,
Loïc BLOT,
UNIX systems
--
Best regards,
Loïc BLOT,
UNIX systems, security and network engineer
http://www.unix-experience.fr
Le lundi 04 novembre 2013 à 21:27 +0100, Marko Cupać a écrit :
On Mon, 4 Nov 2013 20:15:17 +0100
Marc Sontowski m...@sontowski.net wrote:
# The internal interface (connected to the local
Hello,
i think if you set:
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 3128
each output request (included squid requests) are nated to local 3128
port.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network engineer
http://www.unix-experience.fr
Le dimanche 22
:
http_port 3128
http_port 0.0.0.0:3129 intercept
http_port [::]:3129 intercept
port 3128 is opened both IPv4 and IPv6
port 3129 is opened in IPv4 only
It seems there is a problem with intercept and IPv6
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix
Then, if i add my own CA to firefox warning will disappear ?
--
Best regards,
Loïc BLOT,
UNIX systems, security and network engineer
http://www.unix-experience.fr
Le mercredi 11 septembre 2013 à 23:04 +1200, Amos Jeffries a écrit :
On 11/09/2013 9:07 p.m., Job wrote:
Hi,
i read
regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Are your file descriptors limit correctly configured ? Let squid have 6
descriptors per client minimum to be cool.
Is squid limit under user limit ?
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le mercredi 03 juillet 2013 à 11:34 -0700
Hello mike,
please look at the number of system file descriptors opened, the squid
limit and the squid user limit. I have this problem on 3.2 and 3.3
because squid was at the FD limit. (look at the system fd limit for
squid, ulimit -n with the squid user)
--
Best regards,
Loïc BLOT,
UNIX systems
Hello Rob,
no this is the same machine :)
--
Cordialement,
Loïc BLOT,
Expertise en Systèmes UNIX, Sécurité et Réseaux
http://www.unix-experience.fr
Le vendredi 31 mai 2013 à 04:58 -0700, Rob Sheldon a écrit :
On 2013-05-30 21:34, Loïc BLOT wrote:
Hello Rob,
I use OpenBSD and squid 3.3.4
proto tcp to $lan_ip port 3129
You mustn't redirecto to localhost iface it's bad.
For normal and transparent you are correct. Have you compiled squid with
--enable-pf-transparent option ? (/usr/local/squid/sbin/squid -v show
you)
--
Best regards,
Loïc BLOT,
UNIX systems, security and network
What is your squid fd limit and your system ulimit (ulimit -n) for squid
user ?
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le mercredi 29 mai 2013 à 14:03 -0400, Ron Wheeler a écrit :
Have you looked at garbage collection as a possible
Hello Rob,
I use OpenBSD and squid 3.3.4 in production environment, you'll exactly
what you need here:
http://www.unix-experience.fr/2013/create-a-powerfull-proxy-cache-with-squid-and-openbsd-2/#sthash.9SpWE1kn.dpbs
Have a nice day
--
Best regards,
Loïc BLOT,
UNIX systems, security and network
For me the problem is resolved.
It happens when squid reach the maximum FD, squid has more and more
requests to process and then it's blocked and very very slow. I have
increased system FD to 16K and squid FD to 10K, i haven't the problem
since this modification.
--
Best regards,
Loïc BLOT,
UNIX
you think about it ?
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le jeudi 16 mai 2013 à 23:10 +0200, Loïc BLOT a écrit :
Hi Alex,
thanks for your reply. I have tried to analyse my logs, but... nothing
and this is also disapointed because
.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le jeudi 16 mai 2013 à 14:55 -0600, Alex Rousskov a écrit :
On 05/16/2013 07:08 AM, loic.blot wrote:
after tests and debug level increased to 5, i am sorry to say: nothing
found...
When
I Forget to precise: access.log and cache.log doesn't reveal anything.
Loic Blot
Le 15 mai 2013 à 18:51, George Herbert george.herb...@gmail.com a écrit :
Two questions -
One, what are in the logs from when this starts?
Two, I forget the *bsd tool, but can you run the appropriate strace
466 read 261 bytes
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
signature.asc
Description: This is a digitally signed message part
, then it seems all works fine, very
strange... Anyway kdump file grows in size in the time when this event
happened.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le mercredi 15 mai 2013 à 15:53 -0600, Alex Rousskov a écrit :
On 05/15/2013 01:07 PM
it
(BSD, Linux) to verify if it's FD limit is over system FD limits.
What do you think about this ?
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
signature.asc
Description: This is a digitally signed message part
I also have the problem in the past.
Use dedicated port for http_port xxx intecept/transparent
This resolves the issue.
If you use:
http_port 3128
http_port 3128 intercept
you get your error.
But with:
http_port 3128
http_port 3129 intercept
no error !
--
Best regards,
Loïc BLOT,
UNIX systems
present un 3.2.9)
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le lundi 29 avril 2013 à 10:35 +0200, Loïc Blot a écrit :
Precision:
same problem on 3.3.4 version.
My configure command is ./configure '--enable-pf-transparent
basic_ldap_auth.cc
basic_ldap_auth.cc:125:18: error: lber.h: No such file or directory
basic_ldap_auth.cc:126:18: error: ldap.h: No such file or directory
Moreover, squid compile doesn't look at /usr/local/lib
and /usr/local/libexec directories
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security
You are right !
But this doesn't resolve the openbsd /usr/local/include/ldap.h
and /usr/local/include/sasl.h issue :)
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le mardi 30 avril 2013 à 00:04 +1200, Amos Jeffries a écrit :
On 29
in -lsasl2... no
checking for sasl_errstring in -lsasl... no
configure: error: Neither SASL nor SASL2 found
With squid 3.2.9 i haven't this problem
cyrus-sasl is installed but i don't need SASL.
Have you got an idea ?
Thanks for advance
--
Best regards,
Loïc BLOT,
UNIX systems, security and network
Hello amos,
The command Line you give didn't work. It always tries to compile all helpers.
I must disable compile in the makefile and disable Sasl check in the configure
file.
Loic Blot
Le 29 avr. 2013 à 03:11, Amos Jeffries squ...@treenet.co.nz a écrit :
On 29/04/2013 5:50 a.m., Loïc BLOT
-for' '--with-large-files' '--enable-ssl'
'--disable-ipv6' '--enable-esi' '--enable-kill-parent-hack'
'--disable-snmp' '--with-pthreads' --enable-ltdl-convenience
Thanks for advance.
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
current loaded
http_port directives) Then the configuration mistake cannot be possible.
For the DoS problem when i use http_port 3128 transparent only, it's
right that squid is started and all his child but he refuses all
connections.
--
Best regards,
Loïc BLOT,
UNIX systems, security
Hi
This error appears when cache_mem cache_dir.
Loic Blot
Le 21 mars 2013 à 07:11, Squidblacklist webmas...@squidblacklist.org a écrit :
Try this instead
cache_dir aufs /opt/var/spool/squid 57 32 256
then do squid3 -z rebuild the cache, reload squid.
Signed,
Fix Nichols
argc is not
available.
) at main.cc:1216
#11 0x004a52c1 in ___start ()
#12 0x in ?? ()
Any idea ?
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Yes sorry,
i would say disable disk cache. Is this possible in 3.2 series ?
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le lundi 04 février 2013 à 20:28 +1300, Amos Jeffries a écrit :
On 4/02/2013 8:07 p.m., Loïc BLOT wrote:
Hi
:)
--
Best regards,
Loïc BLOT, UNIX systems, security and network expert
http://www.unix-experience.fr
Le lundi 04 février 2013 à 16:43 +1300, Amos Jeffries a écrit :
On 4/02/2013 7:54 a.m., Eliezer Croitoru wrote:
snip
Why squid should not create a cache_dir if one dosn't exits at startup
BLOT, UNIX systems, security and network expert
http://www.unix-experience.fr
Le jeudi 24 janvier 2013 à 03:06 +, RW a écrit :
On Sun, 20 Jan 2013 12:42:37 +0100
Loïc BLOT wrote:
under OpenBSD i have switched from FFS2 disk cache to mfs disk cache
and performances were massively
Hi Farooq,
For debugging purpose launch squid with gdb.
gdb
file path/squid
run args
and when squid crashes, type bt full
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le lundi 21 janvier 2013 à 15:32 +0500, Farooq Bhatti a écrit
Args are not passed to gdb.
You must type:
gdb /usr/local/squid/sbin/squid
and in the gdb prompt
run -D
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le lundi 21 janvier 2013 à 16:02 +0500, Farooq Bhatti a écrit :
Hi Blot
Look at /var/log/squid/cache.log or /var/log/messages (under BSD) to get
the error. If squid stops at boot there is a problem in your config.
You can type also bt full when gdb give you the prompt.
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix
Hello Ralf,
under OpenBSD i have switched from FFS2 disk cache to mfs disk cache and
performances were massively improved.
Hot item is a very asked item, or recent cached item. For the size, i
remember there is min_object_size and max_object_size
--
Best regards,
Loïc BLOT, UNIX systems
Of course,
FFS is Fast File System, the classic OpenBSD FS
MFS is Memory File System
On Linux you can create tmpfs for this usage :)
--
Best regards,
Loïc BLOT, UNIX systems, security and network expert
http://www.unix-experience.fr
Le dimanche 20 janvier 2013 à 19:35 +0100, Ralf Hildebrandt
Hi amos,
your patch seems to be correct. I try it next monday.
--
Best regards,
Loïc BLOT, UNIX systems, security and network expert
http://www.unix-experience.fr
Le mardi 15 janvier 2013 à 09:32 +0100, Ralf Hildebrandt a écrit :
* Ralf Hildebrandt ralf.hildebra...@charite.de:
This mail
Thanks for the report, i will confirm on monday :)
--
Best regards,
Loïc BLOT, UNIX systems, security and network expert
http://www.unix-experience.fr
Le mardi 15 janvier 2013 à 14:34 +0100, Ralf Hildebrandt a écrit :
* Loïc BLOT loic.b...@unix-experience.fr:
Hi amos,
your patch seems
, so setting this may
# cause some Internet sites to become unavailable.
#
append_domain .mydomain.tld
--
Best regards,
Loïc BLOT, UNIX systems, security and network expert
http://www.unix-experience.fr
Le lundi 14 janvier 2013 à 18:47 +0100, Frank Lanitz a écrit :
Hi folks,
I've got
result on this
function :)
--
Cordialement,
Loïc BLOT, UNIX systems, security and network expert
http://www.unix-experience.fr
Le lundi 14 janvier 2013 à 15:21 +0100, Ralf Hildebrandt a écrit :
All over a sudden, all our squid proxies started crashing. I produced
a backtrace:
[Thread debugging
Hi Amos.
You mean it's possible to don't use disk cache ? My OpenBSD is already a
64bits system.
What's your recommandation ?
--
Cordialement,
Loïc BLOT, UNIX systems, security and network expert
http://www.unix-experience.fr
Le dimanche 13 janvier 2013 à 18:58 +1300, Amos Jeffries a écrit
Hello,
does this update fix problem i mentionned on GetAddrInfo on thread
Squid crash on OpenBSD 5.2 ? ?
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le jeudi 10 janvier 2013 à 20:57 +1300, Amos Jeffries a écrit :
The Squid HTTP
(memory file system), and i use 4G disk
cache and 3.5G memory cache. Perfs are very great.
My servers are also the main client routers for other traffic.
I hope that helps
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le jeudi 10
Le mercredi 09 janvier 2013 à 00:05 +1300, Amos Jeffries a écrit :
On 8/01/2013 8:06 p.m., Loïc BLOT wrote:
In my case, it seems the ASSERT is thrown when GetAddrInfo look at
inexistant DNS name. (in the backtrace the DNS name does'nt exists).
Before there is 2 conditions for IPv4 and IPv6
,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
0x004a5301 in ___start ()
#16 0x0004 in ?? ()
#17 0x7f7ca630 in ?? ()
#18 0x7f7ca64c in ?? ()
#19 0x7f7ca64f in ?? ()
#20 0x7f7ca652 in ?? ()
#21 0x in ?? ()
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security
:(.
http://bugs.squid-cache.org/show_bug.cgi?id=3732
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le lundi 07 janvier 2013 à 16:13 +0200, Eliezer Croitoru a écrit :
Hey Loïc,
I am not sure but a squid.conf will help a lot.
I want
means the program comes to an unattended area.
Since this patch, squid stability is now perfect
6104 _squid 20 3067M 3070M sleep/1 poll 20:53 0.73%
squid
20h uptime, 0 crash, whereas before 2 min only.
~45000 requests were treated during uptime.
--
Cordialement,
Loïc BLOT, UNIX
49 matches
Mail list logo