santosh | 15 Nov 05:21 2014

Removing cache credentials

Hello Team,

I have set-up squid proxy server with ldap authentication , the
infrastructure is setup in such a way that users have to access the internet
through the proxy .In Internet explorer there's an option to save the
credntials and once its saved during the prompt squid wont ask for
credentials the user will have direct access to internet . I understand this
is an browser issue is there a way in squid which can prevent the caching of
credentials or give a timeout so that the user is prompted to reauthenticate
from squid . I have searched on web all i get is help on disabling the
credential cache of windows .

Any help or suggestions to solve this problem would be great .

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Removing-cache-credentials-tp4668398.html
Sent from the Squid - Users mailing list archive at Nabble.com.
_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Ahmed Allzaeem | 15 Nov 05:14 2014

Re: using squid 3.head for large rock , but i still have mean object size is 32 !!!!!


Hi Amos :

by kid1 {
Store Directory Statistics:
Store Entries          : 599
Maximum Swap Size      : 0 KB
Current Store Swap Size: 0.00 KB
Current Capacity       : 0.00% used, 0.00% free

Shared Memory Cache
Maximum Size: 6144000 KB
Current Size: 4700672.00 KB 76.51%
Maximum entries:    192000
Current entries: 71708 37.35%
Maximum slots:      192000
Used slots:         146896 76.51%
} by kid1

by kid2 {
Store Directory Statistics:
Store Entries          : 675875
Maximum Swap Size      : 92160000 KB
Current Store Swap Size: 22297020.00 KB
Current Capacity       : 24.19% used, 75.81% free

Shared Memory Cache
Maximum Size: 6144000 KB
Current Size: 4700672.00 KB 76.51%
Maximum entries:    192000
(Continue reading)

Ahmed Allzaeem | 15 Nov 02:35 2014

using squid 3.head for large rock , but i still have mean object size is 32 !!!!!

 

Hi ,

 

I migrated from squid 3.4.3 so that I wish to have a chance to save bw.

 

Im using : Squid Cache: Version 3.HEAD-20141105-r13687

 

 

With options below :

 

Service Name: squid

configure options:  '--prefix=/usr' '--includedir=/include' '--mandir=/share/man' '--infodir=/share/info' '--sysconfdir=/etc' '--enable-cachemgr-hostname=drx' '--localstatedir=/var' '--libexecdir=/lib/squid' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' '--srcdir=.' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--mandir=/usr/share/man' '--enable-inline' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-underscores' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth' '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam,squid_radius_auth,multi-domain-NTLM' '--enable-ntlm-auth-helpers=smb_lm' '--enable-digest-auth-helpers=ldap,password' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-arp-acl' '--enable-esi' '--disable-translation' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' '--with-filedescriptors=131072' '--with-large-files' '--with-default-user=squid' '--enable-linux-netfilter' 'CFLAGS=-g -O2 -g -Wall -O2' 'LDFLAGS=' 'CPPFLAGS=' 'CXXFLAGS=-g -O2 -g -Wall -O2' '--enable-ltdl-convenience'

 

 

I have 16 cores and I have set 6 workes and used aufs cahe dir for bw saving but still no luck ….. the out traffc in general is less than in traffic.

 

This idea is getting me a headache !!!!

 

Here is my cache manager :

Connection information for squid:

        Number of clients accessing cache:    8967

        Number of HTTP requests received:     455542

        Number of ICP messages received:      0

        Number of ICP messages sent:   0

        Number of queued ICP replies:  0

        Number of HTCP messages received:     0

        Number of HTCP messages sent:  0

        Request failure ratio: 0.00

        Average HTTP requests per minute since start: 35706.3

        Average ICP messages per minute since start:  0.0

        Select loop called: 14737492 times, 0.345 ms avg

Cache information for squid:

        Hits as % of all requests:     5min: 10.4%, 60min: 10.6%

        Hits as % of bytes sent:       5min: -0.6%, 60min: -0.8%

        Memory hits as % of hit requests:     5min: 37.1%, 60min: 36.9%

        Disk hits as % of hit requests:       5min: 28.0%, 60min: 28.4%

        Storage Swap size:     29253956 KB

        Storage Swap capacity: 10.6% used, 89.4% free

        Storage Mem size:      2434400 KB

        Storage Mem capacity:  39.6% used, 60.4% free

        Mean Object Size:      32.60 KB

        Requests given to unlinkd:     0

Median Service Times (seconds)  5 min    60 min:

        HTTP Requests (All):   0.15616  0.15748

        Cache Misses:          0.18340  0.19003

        Cache Hits:            0.00030  0.00030

        Near Hits:             0.08938  0.08686

        Not-Modified Replies:  0.00000  0.00000

        DNS Lookups:           0.00000  0.00000

        ICP Queries:           0.00000  0.00000

Resource usage for squid:

        UP Time:       765.486 seconds

        CPU Time:      1333.285 seconds

        CPU Usage:     174.18%

        CPU Usage, 5 minute avg:       176.56%

        CPU Usage, 60 minute avg:      176.15%

        Maximum Resident Size: 22667056 KB

        Page faults with physical i/o: 0

Memory accounted for:

        Total accounted:       1568707 KB

        memPoolAlloc calls:      1830

        memPoolFree calls:  133080611

File descriptor usage for squid:

        Maximum number of file descriptors:   393216

        Largest file desc currently in use:   6574

        Number of file desc currently in use: 23510

        Files queued for open:                   0

        Available number of file descriptors: 369706

        Reserved number of file descriptors:   600

        Store Disk files open:                  37

Internal Data Structures:

        899673 StoreEntries

          2442 StoreEntries with MemObjects

        39600 Hot Object Cache Items

        897283 on-disk objects

 

 

 

And here is iptraf :

 

| Total rates:     752700.3 kbits/sec        Broadcast packets:            0                                                         |

|                   90466.8 packets/sec      Broadcast bytes:              0                                                         |

|                                                                                                                                    |

| Incoming rates:  378217.1 kbits/sec                                                                                                |

|                   54377.4 packets/sec                                                                                              |

|                                            IP checksum errors:           0                                                         |

| Outgoing rates:  375640.1 kbits/sec                                                                                                |

|                   36089.4 packets/sec                                                                                              |

|                                                                                                                                    |

|                                           

 

 

Any help ?????

 

BTW , I used both squid3.4.3 and squid3.head and same issue !!!! why I cant save bw !!!

 

 

regards

_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Ulises Nicolini | 14 Nov 15:41 2014
Picon

How to make squid proxy server cache response with vary: * in header?

HI All!!!

I'm building a system based on squid 2.7 for cache all software updates. I have a problem when the origin server response with vary:* in header, for example for this url (Chrome updates)

http://r20---sn-x1x7sn7r.c.pack.google.com/edgedl/chrome/win/BD7EFFAED0C46EB9/38.0.2125.111_chrome_installer.exe

Without  squid, use direct download, the response header has

HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 41100368 Content-Type: application/x-msdos-program Etag: "4a5cd" Server: downloads Vary: * x-content-type-options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Date: Sat, 08 Nov 2014 05:41:10 GMT Alternate-Protocol: 80:quic,p=0.01 Last-Modified: Mon, 27 Oct 2014 18:10:00 GMT Connection: keep-alive If i use Squid in transparent proxy mode in the middle, i don't have hits for this url. ¿Can squid ignore the Vary header for store object in cache? Of course my refresh pattern has

# Cache Update
refresh_pattern -i pack\.google\.com\/.*\.(exe|crx) 10080 80% 43200 override-expire override-lastmod ignore-no-cache  ignore-reload reload-into-ims ignore-private

#Specific App
refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|pdf|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private

Thanks in Advance,

Ulises


_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
John Killimangalam Jacob | 14 Nov 08:02 2014

Is it safe to set number of sslcrtd_children to 50?

Hi All,

 

For my configuration to use the ssl bump, I am setting the number of sslcrtd_children to 50. But in the documentation it is written that   “The maximum this may be safely set to is 32” . When I set it to 32, I am getting warning that all 32/32 helpers are busy, consider increasing the number of helpers. So I increased it to 50 and the warnings are no longer appearing. So is it safe to fix  the number of sslcrtd helpers to 50?I am aware that this setting may take more resources compared to the recommended one. Also  is there any restriction from the squid code/implementation on the maximum number of sslcrtd children?

 

Please find below the configuration line.

 

sslcrtd_children 50 startup=5 idle=1

 

Thanks in Advance,

John

Visit our Website at www.rmesi.co.in

This message is confidential. You should not copy it or disclose its contents to anyone. You may use and apply the information for the intended purpose only. Internet communications are not secure; therefore, RMESI does not accept legal responsibility for the contents of this message. Any views or opinions presented are those of the author only and not of RMESI. If this email has come to you in error, please delete it, along with any attachments. Please note that RMESI may intercept incoming and outgoing email communications.

Freedom of Information Act 2000
This email and any attachments may contain confidential information belonging to RMESI. Where the email and any attachments do contain information of a confidential nature, including without limitation information relating to trade secrets, special terms or prices these shall be deemed for the purpose of the Freedom of Information Act 2000 as information provided in confidence by RMESI and the disclosure of which would be prejudicial to RMESI’s commercial interests.

This email has been scanned for viruses by Trend ScanMail.

_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Hector Chan | 13 Nov 19:50 2014
Picon

Squid going through another forward proxy

Hi,

Does anyone have any idea how to setup squid (reverse proxy) behind a forward proxy ? 

Thanks,
Hector
_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
santosh | 13 Nov 19:39 2014

Squid Log file rotation

Hello Team ,

I have a doubt with squid log file rotation ,my squid log file rotation is
configured this way in  /etc/logrotate.d/squid3

/var/log/squid3/*.log {
        daily
        compress
        delaycompress
        rotate 2
        missingok
        nocreate
        sharedscripts
        prerotate
                test ! -x /usr/sbin/sarg-reports || /usr/sbin/sarg-reports
        endscript
        postrotate
                test ! -e /var/run/squid3.pid || /usr/sbin/squid3 -k rotate
        endscript
}

by this i can understand that the the log is rotated daily and once the log
is rotated Old log files are renamed with numeric extensions. For example,
when a log  rotates , Squid renames log.6 to log.7, then log.5 to log.6, and
so on and it compresses too .

earlier i had logs from Oct 25 th to Oct 27th and i didnt use the server for
long and started using it from 7th november till today ie Nov 13th , i have
log files only from 7th till today where did the old log files go ? .

As per my understanding they should be archived in the squid log directory
itself rite ? . how to archive and keep the old log files ?

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Log-file-rotation-tp4668374.html
Sent from the Squid - Users mailing list archive at Nabble.com.
_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Garth Lancaster | 13 Nov 11:29 2014
Picon

Icap Squid Https/Http

Hi There

Is anyone able to confirm that https requests to squid proxy will be sent on to the icap service? I am able to get normal http requests into icap which displays a banner on the page.
I have tried the whole transparent ssl-bump route as well.

Thanks
Garth


_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
jcourtois | 13 Nov 09:39 2014
Picon

Enable to create a encrypted connexion between browser and squid

Hi everyone,

I've been trying to create a simple encrypted connexion in between a browser
(that support https proxy connexion, I use Firefox 33 to do my test because
it's supose to support it:
https://bugzilla.mozilla.org/show_bug.cgi?id=378637) and my squid located
ona remote server.

I don't want to use ssl_bump (if it's not necessary, I don't want to
uncrypt, read, or make any rule related to the requests. I just want the
tunnel in between the browser and the squid server to be encrypted and the
rest (squid to internet) depending of the request http/https.

I always receive the same error with a little difference in the error code
if it's an http or https request.

I've been reading a lot about this errors on the internet and try many
things without success. One thing I'm not sure is do I need to use ssl_bump
or is it something else ? From what I read, I think we can create a https
proxy connexion without ssl_bump.

On Firefox I use this configuration for all protocol : mysquid.com:443 (I
replace my real domain name that have a wild card SSL certificate by this
fake domain to not publish here the real name).

And on my server I have the following configuration. Also I have an
authentication of user (login/password).

Thank you very much for your help.

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Enable-to-create-a-encrypted-connexion-between-browser-and-squid-tp4668366.html
Sent from the Squid - Users mailing list archive at Nabble.com.
_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Alberto Klocker | 13 Nov 04:11 2014
Picon

mgr:info question

Looking at the squidclient mgr:info command output I was wondering what the difference between these two entries are?

Cache information for squid:
        Hits as % of all requests:      5min: 0.7%, 60min: 0.3%
        Hits as % of bytes sent:        5min: 51.3%, 60min: 25.5%


I can guess the first one means all requests but I'm stumped on the wording of the second entry.
_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
andrew williams | 13 Nov 02:07 2014
Picon

Squid not using all cache_mem/ Increase TCP_MEM_HIT squid 2.6

Hi,
I'm getting what I think is too low of MEM_HIT ratio..  I would like squid to use all of the cache_mem, thus increasing MEM_HIT?

Cache information for squid:

Request Hit Ratios: 5min: 83.2%, 60min: 81.7%

Byte Hit Ratios: 5min: 85.6%, 60min: 69.4%

Request Memory Hit Ratios: 5min: 31.0%, 60min: 33.5%

Request Disk Hit Ratios: 5min: 41.9%, 60min: 40.5%

Storage Swap size: 13824000 KB

Storage Mem size: 401884 KB

Mean Object Size: 61.24 KB

Requests given to unlinkd: 0



Memory usage for squid via mallinfo():

Total space in arena:  583740 KB

Ordinary blocks:       580311 KB  51632 blks

Small blocks:               0 KB      0 blks

Holding blocks:          4588 KB      3 blks

Free Small blocks:          0 KB

Free Ordinary blocks:    3428 KB

Total in use:          584899 KB 99%

Total free:              3428 KB 1%

Total size:            588328 KB

Memory accounted for:

Total accounted:       517938 KB

memPoolAlloc calls: 604503322

memPoolFree calls: 602248266




Config:
cache_replacement_policy heap LFUDA

memory_replacement_policy heap LFUDA

cache_dir aufs /var/squid/cache 15000 16 256

cache_mem 4096 MB



Why is squid not using all 4096 MB allocated? it's only using 590MB according to mgr:info.  
Is there something extra I need to do?  To me the HIT rate is reasonable... they hit's are just not coming from memory

Thanks!




_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Gmane