PSA4444 | 19 May 02:33 2015

Squid 3.3 to 3.5 url_rewrite_program changes

I tried to upgrade from squid 3.2.x to 3.5.x and found my url rewrite script
no longer works.
After trial and error, I found the latest version it works in is the latest
3.3.x so I've upgraded to this for now.

Here is my url_rewrite_program: http://pastebin.com/uaYUCkyY

I haven't been able to figure out how to port this over to the new
url_rewrite_program format.

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-3-3-to-3-5-url-rewrite-program-changes-tp4671274.html
Sent from the Squid - Users mailing list archive at Nabble.com.
_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Stakres | 18 May 22:58 2015
Picon

How to cache Chrome Installer ?

Hi All,

Has someone of you already cached this object ?
*http://r8---sn-n4g-jqbe.gvt1.com/edgedl/chrome/win/776B03BEAFB2810D/42.0.2311.152_chrome_installer.exe*

I know this is a dynamic object provided by Google, we tried with the
StoreID by not yet able to get a TCP_HIT from Squid.
If any idea, let me/us know, thanks in advance.

Bye Fred

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/How-to-cache-Chrome-Installer-tp4671271.html
Sent from the Squid - Users mailing list archive at Nabble.com.
_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Amaury Viera Hernández | 18 May 21:05 2015
Picon

about squid trouble

Hi everyone:

I recently subscribe to this list and I'm going to introduce myself briefly.

I work at the University of Computer Sciences at Havana, Cuba (6000 
users aproximately). We surf using squid, but in many ocassions when we 
are surfing I get an error page of exceed quota telling me that the 
cuota of other user is finished. I'm worried, because I think that is 
possible that others users will be surfing with my account and i will be 
surfing with the account of others users. Could you help me please. 
Thanks in advance.
Best regards, Amaury.
_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Andres Granados | 18 May 19:52 2015
Picon

block inappropriate images of google

hello!
I need help on how to block pornographic images of google, I was trying different options and still do not succeed, try: http_reply_access with request_header_add, and even with a configuration dns, I think is to request_header_add the best, though not it has worked for me, I hope your help, is to implement a school, thanks!
.ExternalClass .ecxhmmessage P { padding:0px; } .ExternalClass body.ecxhmmessage { font-size:12pt; font-family:Calibri; }
_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Andres Granados | 18 May 19:49 2015
Picon

block inappropriate images of google

hello!
I need help on how to block pornographic images of google, I was trying different options and still do not succeed, try: http_reply_access with request_header_add, and even with a configuration dns, I think is to request_header_add the best, though not it has worked for me, I hope your help, is to implement a school, thanks!
<!-- .ExternalClass .ecxhmmessage P { padding:0px; } .ExternalClass body.ecxhmmessage { font-size:12pt; font-family:Calibri; } -->
_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Yan Seiner | 18 May 13:55 2015

Saving memory cache to disk on reboot?

The title says it all - is it possible to save the memory cache to disk 
on reboot?

I reboot my systems weekly and I wonder if this would be any advantage.
_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Veiko Kukk | 18 May 13:23 2015

Squid 3.4.10 and sslcrtd

Hi

I'd like to know if I understand Squid documentation properly.
I have following http_port and sslbump configuration:

http_port 127.0.0.1:3128 ssl-bump generate-host-certificates=off 
cert=/var/spool/squid/ssl_cert/squid_ca.pem
ssl_bump server-first all

 From documentation:
generate-host-certificates[=<on|off>]
Dynamically create SSL server certificates for the destination hosts of 
bumped CONNECT requests. When enabled, the cert and key options are used 
to sign generated certificates. Otherwise generated certificate will be 
selfsigned.

I guess, that means, if generate-host-certificates=off, there is no need 
for sslcrtd_program. Do I understand this correctly?

Unfortunately, Squid exits with fatal error when trying to start without 
sslcrtd_program configuration option.

2015/05/18 11:10:40 kid1| Accepting SSL bumped HTTP Socket connections 
at local=127.0.0.1:3128 remote=[::] FD 27 flags=9
2015/05/18 11:10:40 kid1| Done reading /var/spool/squid swaplog (0 entries)
2015/05/18 11:10:40 kid1| Store rebuilding is 0.00% complete
2015/05/18 11:10:40 kid1| Finished rebuilding storage from disk.
2015/05/18 11:10:40 kid1|         0 Entries scanned
2015/05/18 11:10:40 kid1|         0 Invalid entries.
2015/05/18 11:10:40 kid1|         0 With invalid flags.
2015/05/18 11:10:40 kid1|         0 Objects loaded.
2015/05/18 11:10:40 kid1|         0 Objects expired.
2015/05/18 11:10:40 kid1|         0 Objects cancelled.
2015/05/18 11:10:40 kid1|         0 Duplicate URLs purged.
2015/05/18 11:10:40 kid1|         0 Swapfile clashes avoided.
2015/05/18 11:10:40 kid1|   Took 0.01 seconds (  0.00 objects/sec).
2015/05/18 11:10:40 kid1| Beginning Validation Procedure
2015/05/18 11:10:40 kid1|   Completed Validation Procedure
2015/05/18 11:10:40 kid1|   Validated 0 Entries
2015/05/18 11:10:40 kid1|   store_swap_size = 0.00 KB
2015/05/18 11:10:40 kid1| WARNING: ssl_crtd #Hlpr0 exited
2015/05/18 11:10:40 kid1| Too few ssl_crtd processes are running (need 1/32)
2015/05/18 11:10:40 kid1| Closing HTTP port 127.0.0.1:3128
2015/05/18 11:10:40 kid1| storeDirWriteCleanLogs: Starting...
2015/05/18 11:10:40 kid1|   Finished.  Wrote 0 entries.
2015/05/18 11:10:40 kid1|   Took 0.00 seconds (  0.00 entries/sec).
FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

Why does it still need sslcrtd_program? Note that error message WARNING: 
ssl_crtd #Hlpr0 exited is misleading, because currently, all sslcrtd 
related configuration options are commented out and none of the ssl_crtd 
processes are started.

Best regards,
Veiko
_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
HackXBack | 15 May 20:56 2015
Picon

squid stop working without any error

in cache.log i found this,

2015/05/15 21:06:41 kid1| clientNegotiateSSL: Error negotiating SSL
connection on FD 11185: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca (1/0)
2015/05/15 21:06:41 kid1| clientNegotiateSSL: Error negotiating SSL
connection on FD 14703: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca (1/0)
2015/05/15 21:06:41 kid1| clientNegotiateSSL: Error negotiating SSL
connection on FD 14416: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca (1/0)
2015/05/15 21:06:41 kid1| clientNegotiateSSL: Error negotiating SSL
connection on FD 12458: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca (1/0)
2015/05/15 21:06:41 kid1| clientNegotiateSSL: Error negotiating SSL
connection on FD 10336: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca (1/0)
2015/05/15 21:06:41 kid1| clientNegotiateSSL: Error negotiating SSL
connection on FD 597: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca (1/0)
2015/05/15 21:06:41 kid1| clientNegotiateSSL: Error negotiating SSL
connection on FD 6053: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca (1/0)
2015/05/15 21:06:41 kid1| clientNegotiateSSL: Error negotiating SSL
connection on FD 13730: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca (1/0)
2015/05/15 21:06:41 kid1| clientNegotiateSSL: Error negotiating SSL
connection on FD 11108: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca (1/0)
2015/05/15 21:06:41 kid1| clientNegotiateSSL: Error negotiating SSL
connection on FD 8037: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca (1/0)
2015/05/15 21:06:41 kid1| clientNegotiateSSL: Error negotiating SSL
connection on FD 14745: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca (1/0)
2015/05/15 21:06:41 kid1| ctx: enter level  0:
'http://storeid.cdn.fbcdn/p100x100/10348376_806835629388827_6352898774493962027_n.png'
2015/05/15 21:06:41 kid1| Closing HTTP port 0.0.0.0:3129
2015/05/15 21:06:41 kid1| Closing HTTP port 0.0.0.0:3128
2015/05/15 21:06:41 kid1| Closing HTTPS port 0.0.0.0:3127
2015/05/15 21:06:41 kid1| storeDirWriteCleanLogs: Starting...
2015/05/15 21:06:41 kid1|     65536 entries written so far.
2015/05/15 21:06:41 kid1|    131072 entries written so far.
2015/05/15 21:06:41 kid1|    196608 entries written so far.
2015/05/15 21:06:41 kid1|    262144 entries written so far.
2015/05/15 21:06:41 kid1|    327680 entries written so far.
2015/05/15 21:06:41 kid1|    393216 entries written so far.
2015/05/15 21:06:41 kid1|    458752 entries written so far.
2015/05/15 21:06:42 kid1|    524288 entries written so far.
2015/05/15 21:06:42 kid1|    589824 entries written so far.
2015/05/15 21:06:42 kid1|    655360 entries written so far.
2015/05/15 21:06:42 kid1|    720896 entries written so far.
2015/05/15 21:06:42 kid1|    786432 entries written so far.

after rebuilding squid stop working , when i start it again it work for
couple of hours then the same ...

and in the end of cache.log i found this

2015/05/15 22:09:39 kid1| Rebuilding storage in /cache05/4 (dirty log)
2015/05/15 22:09:39 kid1| Rebuilding storage in /cache06/1 (dirty log)
2015/05/15 22:09:39 kid1| Rebuilding storage in /cache06/2 (dirty log)
2015/05/15 22:09:39 kid1| Rebuilding storage in /cache06/3 (dirty log)
2015/05/15 22:09:39 kid1| Rebuilding storage in /cache06/4 (dirty log)
2015/05/15 22:09:39 kid1| Rebuilding storage in /cache07/1 (dirty log)
2015/05/15 22:09:39 kid1| Rebuilding storage in /cache07/2 (dirty log)
2015/05/15 22:09:39 kid1| Rebuilding storage in /cache07/3 (dirty log)
2015/05/15 22:09:39 kid1| Rebuilding storage in /cache07/4 (dirty log)
2015/05/15 22:09:39 kid1| Rebuilding storage in /cache08/1 (dirty log)
2015/05/15 22:09:39 kid1| Rebuilding storage in /cache08/2 (dirty log)
2015/05/15 22:09:39 kid1| Rebuilding storage in /cache08/3 (dirty log)
2015/05/15 22:09:39 kid1| Rebuilding storage in /cache08/4 (dirty log)
2015/05/15 22:09:39 kid1| Using Least Load store dir selection
2015/05/15 22:09:39 kid1| Set Current Directory to /var/spool/squid
2015/05/15 22:09:39 kid1| Finished loading MIME types and icons.

and no backtrace report found ...

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-stop-working-without-any-error-tp4671242.html
Sent from the Squid - Users mailing list archive at Nabble.com.
_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Walter H. | 15 May 20:14 2015

IPv6 and syntax?

Hello,

is IPv6 somewhat similar to IPv4?

e.g.

I would write

acl block_ipv4_range dst  84.84.84.0/24
deny_info errorpage block_ipv4_range
http_access deny block_ipv4_range

to block any hosts within this IPv4 range

how would be the syntax for blocking any hosts within a specific IPv6 subnet
e.g. [2408:8000::]/24

should it be this?

acl block_ipv6_subnet dst 2408:8000::/24
deny_info errorpage block_ipv6_subnet
http_access deny block_ipv6_subnet

Thanks,
Walter

Attachment (smime.p7s): application/pkcs7-signature, 8074 bytes
_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Rafael Akchurin | 15 May 14:47 2015

Squid 3.5.4 for Microsoft Windows 64-bit is available

Greetings everyone,

The CygWin based build of Squid proxy for Microsoft Windows version 3.5.4 is now available (amd64 only!).

* Ready to use MSI package can be downloaded from http://squid.diladele.com.

Thanks a lot for Squid developers for making this great software. 

Please join our humble efforts to provide ready to run MSI installer for Squid on Microsoft Windows with all required dependencies at GitHub – https://github.com/diladele/squid3-windows. Please report all issues/bugs/feature requests at GitHub project. Issues about the *MSI installer only* can also be reported to support <at> diladele.com.

Best regards,
Rafael

_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Walter H. | 14 May 11:47 2015

assertion Failed, when using dst_as

Hello,

following 3 lines

acl block_isps_list dst_as ###
deny_info ERR_ISP_BLOCKED block_isps_list
http_access deny block_isps_list

bring when starting squid like this
squid -N -d 1

the following messages
assertion failed: mem.cc:220: "MemPools[type]"
Aborted

my system: a VM with CentOS 6.5 (64-bit), using binary 3.4.10 from 
Eliezer Croitoru

when using without these 3 lines squid (with ssl-bump) runs stable 
without and problems;

Thanks in advance

Walter

Attachment (smime.p7s): application/pkcs7-signature, 8074 bytes
_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Gmane