Re: squid-users Digest, Vol 37, Issue 50

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: squid-users Digest, Vol 37, Issue 50

Sukhbaatar T
Hello. Yesterday virus attack my squid proxy server. Lost my all config. Can you give me congfig file normal for Windows. 50gb size on hdd for cash, youtube, fb cashing, 8 gb ram. Forgot many command line for quick access. Forgot link for example.


Sent from Yahoo Mail for iPhone

On Friday, September 22, 2017, 9:03 AM, [hidden email] wrote:

Send squid-users mailing list submissions to

To subscribe or unsubscribe via the World Wide Web, visit
or, via email, send a message with subject or body 'help' to

You can reach the person managing the list at

When replying, please edit your Subject line so it is more specific
than "Re: Contents of squid-users digest..."


Today's Topics:

  1. Re: When the redirect [301, 302, 307] is cached by Squid?
      (Amos Jeffries)
  2. time error problem (Alex Gutiérrez Martínez)
  3. Re: When the redirect [301, 302,    307] is cached by Squid?
      (kAja Ziegler)
  4. delay pool not workin (Alex Gutiérrez Martínez)
  5. Re: time error problem (Amos Jeffries)
  6. Re: delay pool not workin (Amos Jeffries)


----------------------------------------------------------------------

Message: 1
Date: Fri, 22 Sep 2017 00:24:11 +1200
From: Amos Jeffries <[hidden email]>
Subject: Re: [squid-users] When the redirect [301, 302, 307] is cached
    by Squid?
Message-ID: <[hidden email]>
Content-Type: text/plain; charset=utf-8; format=flowed

On 21/09/17 22:16, kAja Ziegler wrote:
>    Thats what the "must-revalidate" means. It should work better with
>    just max-age or Expires header - and with a longer value than 60 sec
>    since this is supposed to be a *permanent* situation.
>
>
> As I know "must-revalidate" mean "refuse to return stale responses to
> the user even if they say that stale responses are acceptable" - cached
> object must be revalidated.
>
> Max-age=60 was only used for testing.
>
> The results of my testing:
>
> - redirect 302 or 307 - to be cached needs Cache-Control max-age > 0 or
> Expires "access plus 1 seconds"
> - redirect 301 - to be cached needs Cache-Control max-age > 60 or
> Expires "access plus 61 seconds"
>

There is no >60 need on the 301. Just me suggesting that 60sec is too
short caching time for a _permanent_ thing.

> This is strange because I thought that 301 is always cached without
> Cache-Control or Expires headers. And I can't find any information in
> the documentation which describes such behaviour.

It should be, so long as it is fresh so that means it does depend on
refresh_pattern saying it is fresh when no controls are present.

Amos


------------------------------

Message: 2
Date: Thu, 21 Sep 2017 08:50:57 -0400
From: Alex Gutiérrez Martínez <[hidden email]>
Subject: [squid-users] time error problem
Message-ID: <[hidden email]>
Content-Type: text/plain; charset="utf-8"; Format="flowed"

Hello everyone, i have an ubuntu 14.04 configured for time zone "Havana"
on meridian -5. But when i get an error page on my squid, for whatever
reason, it puts the time zone as if it were in meridian 0. Any idea why?


Thanks in advance

--
Saludos Cordiales

Lic. Alex Gutiérrez Martínez

-------------- next part --------------
An HTML attachment was scrubbed...

------------------------------

Message: 3
Date: Thu, 21 Sep 2017 15:16:04 +0200
From: kAja Ziegler <[hidden email]>
Subject: Re: [squid-users] When the redirect [301, 302,    307] is cached
    by Squid?
Message-ID:
Content-Type: text/plain; charset="utf-8"

>
> There is no >60 need on the 301. Just me suggesting that 60sec is too
> short caching time for a _permanent_ thing.


There is - may be some misconfiguration in my squid.conf.

If I set max-age to values from interval <1;60> only 302 and 307 redirects
were cached (HIT) and no 301. When I increased the max-age value to 61 then
the 301 redirect was cached too.


But you are right, that the cause of no-caching the 301 redirect is the min
value of:

refresh_pattern .        0    20%    4320

But for redirects 302 and 307 the above-mentioned refresh_pattern is ignored.


My source server is Apache and the corresponding configuration is:

RewriteRule /img301.jpg /img.svg [R=301,L,E=rcache:1]

RewriteRule /img302.jpg /img.svg [R=302,L,E=rcache:1]
RewriteRule /img307.jpg /img.svg [R=307,L,E=rcache:1]

Header always set Cache-Control "max-age=3" env=rcache

zigi

On Thu, Sep 21, 2017 at 2:24 PM, Amos Jeffries <[hidden email]> wrote:

> On 21/09/17 22:16, kAja Ziegler wrote:
>
>>    Thats what the "must-revalidate" means. It should work better with
>>    just max-age or Expires header - and with a longer value than 60 sec
>>    since this is supposed to be a *permanent* situation.
>>
>>
>> As I know "must-revalidate" mean "refuse to return stale responses to the
>> user even if they say that stale responses are acceptable" - cached object
>> must be revalidated.
>>
>> Max-age=60 was only used for testing.
>>
>> The results of my testing:
>>
>> - redirect 302 or 307 - to be cached needs Cache-Control max-age > 0 or
>> Expires "access plus 1 seconds"
>> - redirect 301 - to be cached needs Cache-Control max-age > 60 or Expires
>> "access plus 61 seconds"
>>
>>
> There is no >60 need on the 301. Just me suggesting that 60sec is too
> short caching time for a _permanent_ thing.
>
> This is strange because I thought that 301 is always cached without
>> Cache-Control or Expires headers. And I can't find any information in the
>> documentation which describes such behaviour.
>>
>
> It should be, so long as it is fresh so that means it does depend on
> refresh_pattern saying it is fresh when no controls are present.
>
> Amos
> _______________________________________________
> squid-users mailing list
>
-------------- next part --------------
An HTML attachment was scrubbed...

------------------------------

Message: 4
Date: Thu, 21 Sep 2017 17:07:28 -0400
From: Alex Gutiérrez Martínez <[hidden email]>
Subject: [squid-users] delay pool not workin
Message-ID: <[hidden email]>
Content-Type: text/plain; charset="utf-8"; Format="flowed"

Could someone be so kind  to explain to me why my rules do not work on
my delays pools?


i got this acl "lento", in spanish means slow

acl lento url_regex -i "/etc/squid3/bloqueo/lento"

his format is the next:


.youtube.com

.facebook.com


My delay config is the next:


###############################################################################
#Delay#
###############################################################################
delay_pools 3

#Canal 1 extensiones.
delay_class 1 2
delay_parameters 1 32768/32768 32768/32768
delay_access 1 deny !sociales lento navegacion !extensiones
#delay_access 1 deny all

#Canal 2 para usuarios.
delay_class 2 2
delay_parameters 2 65536/65536 32768/32768
delay_access 2 deny !navegacion extensiones lento sociales
#delay_access 2 deny all

#Canal 2 para usuarios.
delay_class 3 1
delay_parameters 3 16384/16384
delay_access 3 deny extensiones navegacion sociales !lento
#delay_access 2 deny all



my problem is simple, on my sqstat show the url's of "lento" with 0 on
delay parameter, i do not understand why it happens. the program should
show 3


thanks in advance

--
Saludos Cordiales

Lic. Alex Gutiérrez Martínez

Tel. <a dir="ltr" href="tel:+53%207%202710327" x-apple-data-detectors="true" x-apple-data-detectors-type="telephone" x-apple-data-detectors-result="31">+53 7 2710327

-------------- next part --------------
An HTML attachment was scrubbed...

------------------------------

Message: 5
Date: Fri, 22 Sep 2017 12:59:12 +1200
From: Amos Jeffries <[hidden email]>
Subject: Re: [squid-users] time error problem
Message-ID: <[hidden email]>
Content-Type: text/plain; charset=utf-8; format=flowed

On 22/09/17 00:50, Alex Gutiérrez Martínez wrote:
> Hello everyone, i have an ubuntu 14.04 configured for time zone "Havana"
> on meridian -5. But when i get an error page on my squid, for whatever
> reason, it puts the time zone as if it were in meridian 0. Any idea why?
>

Because the Internet runs on UTC not your local timezone.
Error pages are sent to anyone trying to access your proxy regardless of
location (eg denying external access through it).

Amos


------------------------------

Message: 6
Date: Fri, 22 Sep 2017 13:03:49 +1200
From: Amos Jeffries <[hidden email]>
Subject: Re: [squid-users] delay pool not workin
Message-ID: <[hidden email]>
Content-Type: text/plain; charset=utf-8; format=flowed

On 22/09/17 09:07, Alex Gutiérrez Martínez wrote:
> Could someone be so kind  to explain to me why my rules do not work on
> my delays pools?
>
>
> i got this acl "lento", in spanish means slow
>
> acl lento url_regex -i "/etc/squid3/bloqueo/lento"
>
> his format is the next:
>
>
> .youtube.com
>
> .facebook.com
>

First problem: you are putting domains in dstdomain format into a
full-URL regex ACL.

Use dstdomain ACL type for these. Much faster.


>
> My delay config is the next:
>
>
> ###############################################################################
> #Delay#
> ###############################################################################
> delay_pools 3
>
> #Canal 1 extensiones.
> delay_class 1 2
> delay_parameters 1 32768/32768 32768/32768
> delay_access 1 deny !sociales lento navegacion !extensiones
> #delay_access 1 deny all
>
> #Canal 2 para usuarios.
> delay_class 2 2
> delay_parameters 2 65536/65536 32768/32768
> delay_access 2 deny !navegacion extensiones lento sociales
> #delay_access 2 deny all
>
> #Canal 2 para usuarios.
> delay_class 3 1
> delay_parameters 3 16384/16384
> delay_access 3 deny extensiones navegacion sociales !lento
> #delay_access 2 deny all
>
>

Second problem: deny, deny all. Nothing allowed to use these pools.


Amos


------------------------------

Subject: Digest Footer

_______________________________________________
squid-users mailing list


------------------------------

End of squid-users Digest, Vol 37, Issue 50
*******************************************

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: squid-users Digest, Vol 37, Issue 50

Amos Jeffries
Administrator
On 22/09/17 14:37, Sukhbaatar T wrote:
> Hello. Yesterday virus attack my squid proxy server. Lost my all config.
> Can you give me congfig file normal for Windows. 50gb size on hdd for
> cash, youtube, fb cashing, 8 gb ram. Forgot many command line for quick
> access. Forgot link for example.
>

Windows specific details can be found at:
  <https://wiki.squid-cache.org/KnowledgeBase/Windows>

For the MITM settings required to cache Facebook, info can be found here:
  <https://wiki.squid-cache.org/Features/SslPeekAndSplice>

YouTube is more difficult, the devs there are actively preventing
caching. You will have to find out whatever your previous solution was
and redo it.

The rest is general Squid use you should be able to find with a quick
web search, if not checkout the FAQ in the wiki linked above.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users