Re: [squid-users] X-Forwarded-For

Interesting. I will check later. Thanks! On Fri, Nov 9, 2018 at 9:54 PM Amos Jeffries wrote: > On 10/11/18 3:15 PM, Michael Pelletier wrote: > > Perhapse your Squid has been patched to remove it ? > > > > I am running 3.5.28. I have not installed any patches. > > &

Re: [squid-users] X-Forwarded-For

on" On Fri, Nov 9, 2018 at 7:35 PM Amos Jeffries wrote: > On 10/11/18 9:05 AM, Michael Pelletier wrote: > > Hello, > > I am running squid 3.5.28 and for some reason I can not get > > X-Forwarded-For added to the http headers. I have "forwarded_for on" and > &g

[squid-users] X-Forwarded-For

Hello, I am running squid 3.5.28 and for some reason I can not get X-Forwarded-For added to the http headers. I have "forwarded_for on" and "via on" set in the squid.conf. Any ideas why this will not work? -- *Disclaimer: *Under Florida law, e-mail addresses are public records. If you do

Re: [squid-users] Collecting squid logs to DB

Check out Logstash *https://www.elastic.co/products/logstash * On Sat, May 5, 2018 at 2:25 AM, Amos Jeffries wrote: > On 05/05/18 17:19, Amos Jeffries wrote: > > On 05/05/18 10:20, Alex K wrote: > >> Hi all, > >> > >> I had a

Re: [squid-users] No matter what I do I can not get %ssl:>sni (or other %ssl) to log

Thanks! On Thu, Sep 29, 2016 at 11:12 PM, Amos Jeffries <squ...@treenet.co.nz> wrote: > On 30/09/2016 12:55 p.m., Alex Rousskov wrote: > > On 09/29/2016 05:44 PM, Michael Pelletier wrote: > >> In the squid.conf.documented, it looks like I can log the server > >>

Re: [squid-users] How to log url_rewrite_program results

I tried %{message}note %{status}note -- and -- %note{message}note %note{status} But I do not get results... On Mon, Sep 26, 2016 at 10:59 PM, Michael Pelletier < michael.pellet...@palmbeachschools.org> wrote: > OK. I will try this. Really, All I am trying to log is the ACL that was

Re: [squid-users] How to log url_rewrite_program results

OK. I will try this. Really, All I am trying to log is the ACL that was matched and the result. Is the default in *url_rewrite_extras good enough?* On Mon, Sep 26, 2016 at 5:04 PM, Amos Jeffries <squ...@treenet.co.nz> wrote: > On 27/09/2016 2:50 a.m., Michael Pelletier wrote:

[squid-users] How to log url_rewrite_program results

Hello, I have a custom logformat and I would like to log the results of my url rewriter (urlfilterdb). I can't seem to get this to work. Can someone tell me the basics? Michael -- *Disclaimer: *Under Florida law, e-mail addresses are public records. If you do not want your e-mail address

[squid-users] How to log url_rewrite results

Hello, I can not get %et to log anything. What am I missing? -- *Disclaimer: *Under Florida law, e-mail addresses are public records. If you do not want your e-mail address released in response to a public records request, do not send electronic mail to this entity. Instead, contact this

[squid-users] How to log ACL to custom log

Hello, I would like to log ACLs Pass \ Blocks in the access.log. I am using Logstash for a monitoring system and being able to pass this information allows me to do some nice graphing. Does any know how this can be done? Michael -- *Disclaimer: *Under Florida law, e-mail addresses are public

Re: [squid-users] Recommended Multi-CPU Configuration

> Hi Michael, > > Can you share with us what you ended up with? > > Thanks > Marcus > > On 06/18/2015 12:28 AM, Michael Pelletier wrote: > >> Which one would be good for capacity\load? I have a very, very large >> environment. I have 220,000 users on 8 Gig to

[squid-users] Good Home Cable Modem Blacklist

Hello, Does anyone know of a good blacklist of home cable modems? -- *Disclaimer: *Under Florida law, e-mail addresses are public records. If you do not want your e-mail address released in response to a public records request, do not send electronic mail to this entity. Instead, contact

Re: [squid-users] Changing negotiate_kerberos_auth default location forrcache

ache type. > > Markus > > "Michael Pelletier" <michael.pellet...@palmbeachschools.org> wrote in > message > news:caencsg74pkxndiasr4yfgy9uuzqhk21jl5uytzxp6_tmpeu...@mail.gmail.com... > Hello, > I am using squid 3.4 and need to change the default location fr

[squid-users] Changing negotiate_kerberos_auth default location for rcache

Hello, I am using squid 3.4 and need to change the default location from /var/tmp to a tmpfs filesystem. The current version does not have the "-c" option to change the default location. I was wondering if there was another way. Michael -- *Disclaimer: *Under Florida law, e-mail addresses are

[squid-users] grove.microsoft.com

I am blocking grove.microsoft.com. Even though I am blocking it, I am seeing large, 2 Gig, uploads from the client to the proxy (which indeed blocks it). It is almost like the connection request (explicit) contains the 2 gig post request. Why is this happening? Has anyone seen this? Michael --

Re: [squid-users] Problems filtering specific plus.google.com (application/x-www-form-urlencoded)

Jeffries <squ...@treenet.co.nz> wrote: > On 15/12/2015 10:59 a.m., Michael Pelletier wrote: > > Hello, > > Today we found a site that needed to be blocked while allowing the rest > at > > plus.google.com. I went to block the URL but it did not block. I looked > >

[squid-users] Problems filtering specific plus.google.com (application/x-www-form-urlencoded)

Hello, Today we found a site that needed to be blocked while allowing the rest at plus.google.com. I went to block the URL but it did not block. I looked deeper into the problem and it seems application/x-www-form-urlencoded never sends the url so I can't block it. Can someone help? Michael --

[squid-users] negotiate_wrapper: Return 'AF = * username

Hello, I have squid in the production environment and everything is running well. I am building a new server that will be used as a new template of squid in our virtual environment. for some reason on the new template server I am getting negotiate_wrapper inserting a "*" before the username.

[squid-users] negotiate_wrapper: Return 'AF = * username

Hello, I am building a new squid virtual template for my environment. I already have squid up and running and everything is well. When building a new template and testing it I keep getting negotiate_wrapper: Return 'AF = * username'. I can not figure out why. Can anyone help? All the software is

[squid-users] How can I change the location of the kerberos cache file?

Hello, Squid is keeping the kerberos cache file in /var/tmp. How can I change the location? # ls -al /var/tmp/ total 864 drwxrwxrwt. 3 root root 36864 Jun 22 11:43 . drwxr-xr-x. 22 root root4096 May 9 23:55 .. -rw-r--r-- 1 root root 0 Jun 21 20:09 .fsrlast_xfs drwx--. 2

[squid-users] Recommended Multi-CPU Configuration

Hello, I am looking to had some more power to squid. I have seen two different types of configurations to do this: 1. Adding workers directive equal to the number of cpus. Then adding a special wrapper around the AUFS disk cache so that the correct worker can only access the correct cache. Yes,

Re: [squid-users] Recommended Multi-CPU Configuration

Jeffries squ...@treenet.co.nz wrote: On 18/06/2015 8:53 a.m., Michael Pelletier wrote: Hello, I am looking to had some more power to squid. I have seen two different types of configurations to do this: 1. Adding workers directive equal to the number of cpus. Then adding a special wrapper

Re: [squid-users] assertion failed: Read.cc:69: fd_table[conn-fd].halfClosedReader != NULL

OK. I went back to 3.4.13 for prod. I will try upgrading one proxy this weekend. On Wed, Jun 10, 2015 at 12:11 PM, Amos Jeffries squ...@treenet.co.nz wrote: On 10/06/2015 5:24 a.m., Michael Pelletier wrote: Hello, I am getting these errors on 3.5.5 any ideas? Here is my build

Re: [squid-users] assertion failed: DestinationIp.cc:64: checklist-conn() checklist-conn()-clientConnection != NULL

I can try. I only saw it once under heavy load. I will see what I can do... Michael On Thu, May 14, 2015 at 12:40 AM, Amos Jeffries squ...@treenet.co.nz wrote: On 14/05/2015 9:34 a.m., Michael Pelletier wrote: Squid does recover. What do you think? I think its a bug that needs fixing

Re: [squid-users] assertion failed: DestinationIp.cc:64: checklist-conn() checklist-conn()-clientConnection != NULL

I am running 3.4.12 On Wed, May 13, 2015 at 3:23 PM, Amos Jeffries squ...@treenet.co.nz wrote: On 14/05/2015 5:42 a.m., Michael Pelletier wrote: Hello, What does this warning mean? assertion failed: DestinationIp.cc:64: checklist-conn() checklist-conn()-clientConnection != NULL

Re: [squid-users] assertion failed: DestinationIp.cc:64: checklist-conn() checklist-conn()-clientConnection != NULL

Squid does recover. What do you think? On Wed, May 13, 2015 at 5:25 PM, Michael Pelletier michael.pellet...@palmbeachschools.org wrote: I am running 3.4.12 On Wed, May 13, 2015 at 3:23 PM, Amos Jeffries squ...@treenet.co.nz wrote: On 14/05/2015 5:42 a.m., Michael Pelletier wrote: Hello

[squid-users] assertion failed: DestinationIp.cc:64: checklist-conn() checklist-conn()-clientConnection != NULL

Hello, What does this warning mean? assertion failed: DestinationIp.cc:64: checklist-conn() checklist-conn()-clientConnection != NULL Michael -- *Disclaimer: *Under Florida law, e-mail addresses are public records. If you do not want your e-mail address released in response to a public

[squid-users] Any Greasyspoon iCAP users out there?

Hello, I am having some difficulties with the greasyspoon icap server. The demo scripts don't work and I can not find any api documentation. The plan is to use greasyspoon icap server now then migrate to ecap later. Who is using greasyspoon icap server? I could sure use some help. Michael --

Re: [squid-users] adding a header by group membership

a user has matched a user group? Michael On Sat, May 2, 2015 at 1:37 AM, Amos Jeffries squ...@treenet.co.nz wrote: On 2/05/2015 3:12 p.m., Michael Pelletier wrote: Hello, I wish to modify a request header if the user is a member of a group. The example below I am trying to restrict

[squid-users] Looking for a good tutorial for writing a custom eCap filter

Hello, I wish to write a custom eCap filter and I am looking for some documentation.Basically, I wish to add the X-GoogApps-Allowed-Domains ONLY when a user matches an AD group else no header should be added. We are a school and we restrict students' email but not employees. I tried

[squid-users] adding a header by group membership

Hello, I wish to modify a request header if the user is a member of a group. The example below I am trying to restrict people at work to ONLY the work email address UNLESS they are in the group FullEmailAccess. Is this correct? acl FullEmailAccess proxy_auth -i [a file containing users. One per