Paul Regan | 14 Aug 12:22 2014
Picon

CDN / JS 503 Service Unavailable

Dev is trying to use a remote script in their page :

https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.9.1/jquery-ui.min.js

Which is failing through the proxy (3.3.6) w/ a 503 Service
Unavailable, either in code browser and cli.

Nothing obvious in the squid logs, I see the connection made.

1408011292.226     11 10.2.76.1 TCP_MISS/503 0 CONNECT
cdnjs.cloudflare.com:443 - HIER_NONE/- -

a wget debug :

---request end---
proxy responded with: [HTTP/1.1 503 Service Unavailable
Server: squid/3.3.6
Mime-Version: 1.0
Date: Thu, 14 Aug 2014 10:14:52 GMT
Content-Type: text/html
Content-Length: 3115
X-Squid-Error: ERR_CONNECT_FAIL 101
Vary: Accept-Language
Content-Language: en

Proxy tunneling failed: Service Unavailable Unable to establish SSL connection.

If I put the script on another non site everything works fine.  So
this seems more like an issue with the CDN provider, and maybe Squid.
But its got me stumped and my GoogleFu is failing so putting it out
(Continue reading)

Picon

store_id and key in store.log

Hi All!

I'm try use store_id helper, and i'm try debug regexp for url (which
processed by helper) I'm turn on store.log and I expect to see in store log
changed key value. But key in store.log is original URL for object.
Maybe I'm wrong and this normal behavior?
My squid version 3.4.5

Stepanenko Sergey

babajaga | 14 Aug 00:15 2014
Picon

Re: writing storeid.pl file

Real, but obsolete example (squid2.7):

#!/usr/bin/perl
$|=1;
while (<>) {
    chomp;
     <at> X = split;
if ($X[0] =~ /(youtube|google).*videoplayback\?/){
         <at> itag = m/[&?](itag=[0-9]*)/;
         <at> id = m/[&?](id=[^\&\s]*)/;
         <at> range = m/[&?](range=[^\&\s]*)/;
         <at> begin = m/[&?](begin=[^\&\s]*)/;
         print
"http://video-srv.youtube.com.SQUIDINTERNAL/ <at> id& <at> itag <at> range <at> begin\n";
    } else {
        print $X[0] . "\n";
    }
}

Send me a beer :-)

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/writing-storeid-pl-file-tp4667206p4667208.html
Sent from the Squid - Users mailing list archive at Nabble.com.

Daniel Reif | 13 Aug 22:13 2014
Picon

Squid + Kerberos Auth

Hello guys,

I'm having problems when trying to authenticate using squid squid_kerb_auth.

In access.log only denies the request and the browser keeps requesting
credentials.

In cache.log get the following in return:

08/13/2014 16:58:27 kid1 | ERROR: Negotiate Authentication validating user.
Result: {result = BH, notes = {message: received type 1 NTLM token; }}

Has anyone faced this problem?

This is the lines on my squid.conf

*auth_param negotiate program /app/squid/libexec/squid_kerb_authauth_param
negotiate children 10auth_param negotiate keep_alive onacl authenticated
proxy_auth REQUIREDhttp_access allow authenticated*

keytab files is /app/squid/etc/HTTP.keytab
I already ran the kinit command

Att

Daniel William Reif

Eliezer Croitoru | 13 Aug 19:52 2014
Picon

what Squid access.log analyzer are you using?

Since squid has new outputs in the access log I was wondering what 
analyzer are you using?

I also wanted to get a bit help about the things that are needed from 
squid access.log.

Calamaris has a per domain stats in the form of bytes and urls.
It also has basic bytes counters for downloads, HIT\MISS, request 
methods and more.

I want to write a simple scripting (for practice) tool that will do 
things in a similar way that calamaris do.

What statistics would be needed from such a tool?

Thanks,
Eliezer

P.S.
If someone knows about a nice site that has some scripting "challenges" 
for the practicing sysadmin I will be happy to hear about it.

Warren Baker | 13 Aug 12:09 2014
Picon

Log Daemon (queue is too large)

HI all,

I noticed this error message (multiple entries) for yesterday and
today on Squid 3.3.11

2014/08/13 00:01:06 kid1| Logfile:
daemon:/util/var/squid/log/access.log: queue is too large; some log
messages have been lost.

Its not a very high utilized proxy so I was a little surprised this
happened. I assume something may have caused a spike in traffic
resulting in the log buffer filling up but whats concerning is that it
never recovers until a -k reconfigure was issued, a -k rotate didnt
help. So all log entries for yesterday and today are gone.

Any ideas on why it doesn't recover and possibly what could have
caused the issue? As looking at the access logs leading up to the
event there is nothing that stands out.

Thanks,
Warren

agent_js03 | 13 Aug 06:33 2014
Picon

HTTP/HTTPS transparent proxy doesn't work

Hello,

I am having trouble with my squid setup. Here is exactly what I am trying to
do: I am setting up a VPN server and I want all VPN traffic to be
transparently proxied by squid with ssl bumping enabled. Right now when I
try to do this I get an access denied page from the client.

Here are lines from my squid.conf:

=================================================
acl localnet src 192.168.1.0/24 # local network
acl localnet src 192.168.3.0/24 # vpn network
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 192.168.1.145:3127 intercept
http_port 192.168.1.145:3128 intercept ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
key=/etc/squid3/ssl/private.pem cert=/etc/squid3/ssl/public.pem
always_direct allow all
ssl_bump allow all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
sslcrtd_program /usr/lib/squid3/ssl_crtd -s /var/lib/ssl_db -M 4MB
sslcrtd_children 5

=================================================

Here are my iptables rules:

(Continue reading)

Robert Cicerelli | 12 Aug 11:42 2014
Picon

Request Entity Too Large Error in Squid Reverse Proxy

I'm having a problem that just started after I implemented squid reverse 
proxy. I have a couple of applications on one of the apache servers 
behind the reverse proxy. Every time someone tries to upload relatively 
large files to the application (7 MB, 30 MB), they get the following error:

Request Entity Too Large

If I try to perform the same operation without going through the squid 
reverse proxy, the uploads work with no problems.

I'm using proxy 3.1.20 
<https://github.com/pfsense/pfsense-packages/commits/master/config/31> 
on pfsense. I tried posting this issue on the pfsense support forums and 
I have gotten zero replies so I'm trying the squid mailing list. The 
situation has become a big problem so I would appreciate some help on this.

A few parameters I've adjusted to various values with no success:

Minimum object size
Maximum object size
Memory cache size
Maximum download size
Maximum upload size

Thanks a lot

Sarah Baker | 11 Aug 19:59 2014

squid authentication failing

Background:
Squid: squid-3.1.23-2.el6.x86_64
OS: CentOS 6.5 - Linux 2.6.32-431.23.3.el6.x86_64 #1 SMP Thu Jul 31 17:20:5=
1 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

Issue:
I have two boxes, same OS, same squid binary, same config file, same squid-= passwd file.
Configuration is setup for ncsa_auth.  Squid runs as user squid.

Both systems return OK to use of command line of ncsa_auth as squid user to=  the login and password in the
squid-passwd file.

Using squid however via a curl thru one of the proxy ips/port of the system=
: one system gives 403 forbidden, the other works just fine.

Tried removing authentication entirely, a fully open squid.  It fails - same message.

Also looked at thusfar:
rpm -q query_options --requires squid-3.1.23-2.el6.x86_64 
the same on both boxes. 
Ran yum update on both to insure everything was up to latest - no change.

Any ideas what I should look far?
-
S. Baker
Manager of Technical Operations, BrightEdge

Sapan Shah | 11 Aug 09:33 2014
Picon

How to configure Squid as Secure Proxy Server

Dear All,

I would like to configure squid as secured Proxy Server for securing
communication between web browser and SQUID so SQUID will use SSL or secured
connection to web browser for handling HTTPS and HTTP requests. 

Example:  
  1.  When user is trying to access web site like: www.abc.com,
  2.  The browser will create SSL/secured connection like HTTPS with SQUID,
  3.  The SQUID will manipulate the request,
  4.  The SQUID will connect to web site http://www.abc.com as normal HTTP
request/connection.
  5.  The SQUID will send response returned from site www.abc.com to the web
browser securely through SSL.

Kindly send me possible solutions with sample configuration file for squid. 

Furthermore, I have already configured SQUID as transparent proxy for
handling HTTP request on Port 3128 and HTTPS request on Port 3129.

Regards,

Sapan Shah

Mark jensen | 9 Aug 14:39 2014
Picon

find the cached pages by squid?


We know that squid is a cache engine (it caches the requested pages in a a cache memory)

I have tried to see the cached pages from cache.log file, but I didn't find any page.

and from squid wiki:

The cache.log file contains the debug and error messages that Squid generates.(not the cached pages).

So where can I find the cached pages (url at least)?

 		 	   		  

Gmane