JP Greyling | 11 Dec 23:26 2014
Picon

Help with Windows updates

Good day,

 

I am trying to configure Squid to cache all windows updates, I have followed the instructions on Squid’s recommendations for Windows updates but I downloaded 10GB of updates and only 665MB got cached. My cache dir is 100GB. The Windows 8.1 upgrade did also not cache.

 

Can anyone please share their squid.conf windows updates settings with me including their referesh_paterns.

 

Kind Regards

JP

_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Eliezer Croitoru | 11 Dec 15:04 2014
Picon

Re: Caching based on header/etag


If you have access to the apache server it's very simple to remove the
headers.

I do have a question about the docs:
http://www.squid-cache.org/Versions/v3/3.4/cfgman/reply_header_access.html

Will the reply_header_access will affect the stored cache object?
If so or not what suppose to happen?

Thanks,
Eliezer

On 05/20/2014 07:51 PM, Amos Jeffries wrote:
> On 21/05/2014 3:43 a.m., Tom Holder wrote:
>> Hi all,
>> 
>> I've setup squid to proxy everything to a single server I have.
>> 
>> Based on a header, I might want to serve a different version of a
>> file for example for:
>> 
>> X-MY-HEADER: 1 URL: /css/style.css
>> 
>> Would not be the same as:
>> 
>> X-MY-HEADER: 2 URL: /css/style.css
>> 
>> Ideally though I'd like to be able to cache both.
>> 
>> Can I get squid to somehow differentiate based on an incoming
>> header?
>> 
>> Failing that, I'm generating an etag on the server that's a hash
>> of the content. Will this be enough to distinguish between the
>> different files?
> 
> Not by itself. ETag is used to confirm correct variant is being 
> revalidated or fetched once one is chosen.
> 
> You need the server to emit "Vary: X-MY-HEADER" on all responses
> to enable Squid to perform the initial selection.
> 
> Between them Vary, ETag and Last-Modified permit Squid to target a 
> specific object variant inside the set of possible responses to
> any dynamic resource URL.
> 
> Amos
> 

Eliezer Croitoru | 11 Dec 15:03 2014
Picon

Re: Caching based on header/etag


If you have access to the apache server it's very simple to remove the
headers.

I do have a question about the docs:
http://www.squid-cache.org/Versions/v3/3.4/cfgman/reply_header_access.html

Will the reply_header_access will affect the stored cache object?
If so or not what suppose to happen?

Thanks,
Eliezer

On 05/20/2014 07:51 PM, Amos Jeffries wrote:
> On 21/05/2014 3:43 a.m., Tom Holder wrote:
>> Hi all,
>> 
>> I've setup squid to proxy everything to a single server I have.
>> 
>> Based on a header, I might want to serve a different version of a
>> file for example for:
>> 
>> X-MY-HEADER: 1 URL: /css/style.css
>> 
>> Would not be the same as:
>> 
>> X-MY-HEADER: 2 URL: /css/style.css
>> 
>> Ideally though I'd like to be able to cache both.
>> 
>> Can I get squid to somehow differentiate based on an incoming
>> header?
>> 
>> Failing that, I'm generating an etag on the server that's a hash
>> of the content. Will this be enough to distinguish between the
>> different files?
> 
> Not by itself. ETag is used to confirm correct variant is being 
> revalidated or fetched once one is chosen.
> 
> You need the server to emit "Vary: X-MY-HEADER" on all responses
> to enable Squid to perform the initial selection.
> 
> Between them Vary, ETag and Last-Modified permit Squid to target a 
> specific object variant inside the set of possible responses to
> any dynamic resource URL.
> 
> Amos
> 

Siva Prakash | 11 Dec 11:31 2014
Picon

Maximum Bandwidth a squid server can Handle

Hi All,

I have searched lot but i could not get clear statistics regrading how much bandwidth a squid can handle.

Consider, I have a server of 4 GB RAM, Multicore processor and centos or ubuntu operarting system.

Can any one guide me how much amount of bandwidth single squid sever can handle?

or else help me out with how much request/second can be handled by squid?

Thanks in advance.

_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Amos Jeffries | 10 Dec 15:37 2014
Picon

[squid-announce] Squid 3.4.10 is available


The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-3.4.10 release!

This release is a bug fix release resolving several issues found in
the prior Squid releases.

The major changes to be aware of:

* Bug 4033: Rebuild corrupted ssl_db/size file

The certificate DB size file may become empty (for reasons beyond Squid
control such as server reboots, and possibly some unknown Squid bugs).
When it becomes empty, all ssl_crtd helpers (and then Squid) quit.

* Fixes Segmentation Fault in ACLUrlPathStrategy::match

This segmentation fault would occur when urlpath_regex ACL was used in
access controls to test transactions where no URL path is available.
 eg CONNECT or OPTIONS requests, some WebDAV requests, etc.

* Fixes Alternate-Protocol header behaviour

Certain servers emit the non-standard Alternate-Protocol header
without listing it as Connection header and popular client software
will attempt to follow its instructions regardless of the presence of
a proxy. This may result in loss of administrative information about
client traffic, increased network bandwidth, unpredictable client
failures, loss of connectivity for the client, information leakage
and/or other security vulnerabilities in experimental protocols.

Squid now handles this non-standard header on the clients behalf and
will cause it to only have any effect if the protocol it instructs to
be used is supported by Squid.

 All users of Squid are encouraged to upgrade to this release as
time permits.

 See the ChangeLog for the full list of changes in this and earlier
 releases.

Please refer to the release notes at
http://www.squid-cache.org/Versions/v3/3.4/RELEASENOTES.html
when you are ready to make the switch to Squid-3.4

Upgrade tip:
  "squid -k parse" is starting to display even more
   useful hints about squid.conf changes.

This new release can be downloaded from our HTTP or FTP servers

 http://www.squid-cache.org/Versions/v3/3.4/
 ftp://ftp.squid-cache.org/pub/squid/
 ftp://ftp.squid-cache.org/pub/archive/3.4/

or the mirrors. For a list of mirror sites see

 http://www.squid-cache.org/Download/http-mirrors.html
 http://www.squid-cache.org/Download/mirrors.html

If you encounter any issues with this release please file a bug report.
http://bugs.squid-cache.org/

Amos Jeffries

Stephen Young-Work | 10 Dec 17:19 2014

Parent Proxy Cache Problem

Hi, We have an upstream (parent) proxy that we have no control over and I am trying to get squid to cache .ipa files and other large updates.

I have tested this offsite where there is no proxy and i get TCP_HIT on all of the content when I download it for the second time (downloaded from cache). However when i'm behind the parent proxy my squid doesn't seem able to cache any data that is coming from upstream resulting in TCP_MISS every time we download the file. This is resulting in our internet slowing to a crawl.

If anyone has a way to enable this that would be great or additonally if i can request a change to the parent proxy to allow this. I can post my config if necessary.

Thanks 


_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Steve Hill | 10 Dec 17:18 2014

Debugging slow access


I'm looking for advice on figuring out what is causing intermittent high 
CPU usage.

I'm seeing this on multiple servers - most of the time everything is 
fine and I see the Squid workers using maybe 20% CPU each, but every so 
often all the workers sit at the top of the process list in "top", using 
 > 97% CPU each and users report very sluggish web access.

Using squidclient during "sluggish" periods is also very slow, with 
Squid taking several seconds to respond to the http requests.  The 
number of requests being handled by squid during the slow periods isn't 
especially high (maybe ~20 / second) and is certainly lower than the 
number of requests at other times - probably because it is taking so 
long to answer requests, but this seems to indicate that it isn't simply 
overloaded and having to deal with too many requests at once.

The during the "slow" periods, squid's servicing of requests seems very 
bursty in nature - I see a whole bunch of requests over a few hundred 
milliseconds and then nothing for maybe half a second.  There are no log 
entries that seem to coincide with these problems.

If I firewall off the clients, the load drops back to zero, so it seems 
this is something a client is doing that is causing Squid to expend a 
huge amount of CPU handling the request, rather than Squid getting stuck 
in a loop or similar.

Restarting squid seems to temporarily fix the problem, but it invariably 
comes back again at some point.

Notably the median service time go up:
	HTTP Requests (All):   0.30178  0.40454
	Cache Misses:          0.70906  0.65348
	Cache Hits:            0.00000  0.00000
	Near Hits:             0.00000  0.00000
	Not-Modified Replies:  0.00000  0.00000
	DNS Lookups:           0.02893  0.03092
	ICP Queries:           0.00000  0.00000

	UP Time:	11657.399 seconds
	CPU Time:	8843.268 seconds
	CPU Usage:	111.23%
	CPU Usage, 5 minute avg:	144.81%
	CPU Usage, 60 minute avg:	153.58%
	Maximum Resident Size: 2937536 KB
	Page faults with physical i/o: 3

Compared to (recently restarted):
	HTTP Requests (All):   0.09477  0.09477
	Cache Misses:          0.11465  0.11465
	Cache Hits:            0.00000  0.00000
	Near Hits:             0.00000  0.00000
	Not-Modified Replies:  0.00000  0.00000
	DNS Lookups:           0.00953  0.00953
	ICP Queries:           0.00000  0.00000

	UP Time:	293.336 seconds
	CPU Time:	127.775 seconds
	CPU Usage:	43.56%
	CPU Usage, 5 minute avg:	47.40%
	CPU Usage, 60 minute avg:	47.40%
	Maximum Resident Size: 799808 KB
	Page faults with physical i/o: 0

Is there any advice on how to track down what the problem is?

This Squid is doing:
  - No caching
  - ICAP
  - External ACLs
  - Auth (Negotiate and Basic)
  - SSL bump
  - Both TPROXY and non-transparent (majority of the traffic is 
non-transparent)
  - Uses an upstream proxy for most HTTP (not HTTPS)

-- 
  - Steve Hill
    Technical Director
    Opendium Limited     http://www.opendium.com

Direct contacts:
    Instant messager: xmpp:steve <at> opendium.com
    Email:            steve <at> opendium.com
    Phone:            sip:steve <at> opendium.com

Sales / enquiries contacts:
    Email:            sales <at> opendium.com
    Phone:            +44-1792-824568 / sip:sales <at> opendium.com

Support contacts:
    Email:            support <at> opendium.com
    Phone:            +44-1792-825748 / sip:support <at> opendium.com
_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Dieter Bloms | 8 Dec 16:48 2014
Picon

Squid doesn't do a fallback from ipv6 to ipv4, if the ipv6 connect fails

Hello,

we use squid 3.4.9 as proxy for our company with ipv4 and ipv6 dual
stack.
It works good, but if a destination has an A and AAAA record and the
webserver isn't reachable via ipv6, squid generates an error page
instead of trying a connection via ipv4.

One example is the url:

https://ssl.ratsinfo-online.net/pirna-ri/logon.asp

where squid tries to reach the webside via the ip
2001:8d8:87c:5f00::6e:72d6, but without success, because it isn't
reachable.

Now I want, that squid does a fallback to ipv4 after connect_timeout,
but squid returns an error page (ERR_CONNECT_FAIL) to the client.

--

-- 
Regards

  Dieter

--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
From field.
_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Ahmed Allzaeem | 11 Dec 00:42 2014

squid with kerberos

Hi ,

I have a Kerberos protected website. I am making a Kerberos enabled browser. 
I need to test my browser for proxy support. 
At least, I must do these 2 tests:

1. make some of my servers only accessible via a proxy (to test my software's proxy support)

2. have the proxy require authentication via Kerberos

I want you to prepare my environment, so I can do these 2 tests.

 

How can squid help me ???

_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Ulises Nicolini | 9 Dec 18:04 2014
Picon

Check if object is already cached

Hello,

I'm working with some scripts to prefetch content but having some trouble, what I can't work out is a way to check if a given object is already cached, in other words, I want to check if the object I'm going to download is going to hit, in which case I can ignore it.
I've read squidclient man page but could not find something like it

Thanks

Ulises
_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Jason Haar | 8 Dec 13:35 2014
Picon

anyone transparently proxying ipv6?

Hi there

We're not even running ipv6 yet so this is a curiosity question for me
:-) We're using transparent proxy for ipv4 (via WCCP); ipv6 will show up
at some stage - so forewarned is forearmed and all that

I see from the squid documentation that the normal transparent proxy
options disable ipv6 - except if it's TPROXY - in which case it's
"disables authentication and maybe IPv6 on the port"

It does look like TPROXY (via iptables) does support transparently
modifying packets in non-NAT mode, but the "maybe" makes me think it
isn't tested? Is anyone successfully transparently proxying ipv6
traffic? Can TPROXY be used over WCCP?

Thanks!

--

-- 
Cheers

Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Gmane