Hey, I am unsure on how to answer your questions. Squid-Cache is a proxy server “source code”. It comes bundled with sources for a set of utilities (helpers) that extends Squid ACLs capabilities by a very simple STDIN\STDOUT api. I know that SquidGuard is the most “famous” external ACL helper for allying big blacklists. However there are tools and technologies to enforce these. I have also seen ufdbguard which is the successor of SquidGuard in this area. Depends on you environment these might or might not be enough. Both SquidGuard and ufdbguard are based on a “compiled” DB. When you update or compile the DB you have what so called “down time”. For some it’s acceptable while for others it’s not. Squid by itself allows and gives you what ever you need to apply couple black or white lists, both customized and others. Depends on your workload and your ideals or vision you might decide to apply different list. I don’t know if this: https://github.com/andihofmeister/squidGuard is the most up-to-date version of SquidGuard. These days the most and up-to-date blacklists are via DNS services such as: With the help of a dns cahing proxy service you can define 1 to 3 layers of protection on you clients. 1 - static lists(black or white) located on the server(SquidGuard or other) 2 –helper which checks against external DNS services 3 – Others All these layers can help you to get the best shield you might need. Squid have the ability to cache individual result for a domain/url/client etc . My suggestion is for you to start with something that makes sense for your business and move forward. If you need help to setup something let me know what do you prefer. Eliezer ---- Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1ltd@xxxxxxxxx From: DIXIT Ankit Eliezer, I have some queries for Blacklist DB on Squid.
Regards, Ankit Dixit|IS Cloud Team Eurostar International Ltd Times House | Bravingtons Walk | London N1 9AW Office: +44 (0)207 84 35550 (Extension– 35530) From: DIXIT Ankit Eliezer, I have some queries for Blacklist DB on Squid.
Regards, Ankit Dixit|IS Cloud Team Eurostar International Ltd Times House | Bravingtons Walk | London N1 9AW Office: +44 (0)207 84 35550 (Extension– 35530) From: Eliezer Croitoru <ngtech1ltd@xxxxxxxxx>
Hey, (Is your private name Dixit?)
SSLCRTDDB="/var/spool/squid/ssl_db"
rm -rf "${SSLCRTDDB}"
${SSLCRTD} -c -s "${SSLCRTDDB}" -M 16MB
echo "changing ownership for ssl_db" chown -R nobody "${SSLCRTDDB}" I do believe that the above lines should help you to resolve the issues you are having now. Eliezer ---- Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1ltd@xxxxxxxxx From: DIXIT Ankit Eliezer, If I summarize last 2-3 emails, below is my understanding.
FATAL: The /usr/lib64/squid/security_file_certgen -s /var/spool/squid/ssl_db -M 4MB helpers are crashi...eed help!
Then, we will need to reinitialize the certificate directory as per below link Take a peek at: (We tried above link to initialize ssl cache but I don’t see anything inside /var/spool/squid/ssl_db , its blank)
https://gist.github.com/elico/206857f628088c2359c10d58278b7bcd
And as you mentioned cleanup below directories before running above script. I am concerned about cleaning /etc/squid/ because main installation is present inside this path and we may lose it.
/var/lib/ssl_db /etc/squid/ /etc/squid/ssl_cert/
Please go through above points and let me know if my understanding is correct. Regards, Ankit Dixit|IS Cloud Team Eurostar International Ltd Times House | Bravingtons Walk | London N1 9AW Office: +44 (0)207 84 35550 (Extension– 35530) From: Eliezer Croitoru <ngtech1ltd@xxxxxxxxx>
If for some reason you are having trouble initializing ssl-bump use the next script: https://gist.github.com/elico/206857f628088c2359c10d58278b7bcd And cleanup before the relevant directories: /var/lib/ssl_db /etc/squid/ /etc/squid/ssl_cert/ I have tested this setup script a lot of times(k’s) and it works with all of my packages. All The Bests, Eliezer ---- Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1ltd@xxxxxxxxx From: DIXIT Ankit Croitoru, Dependencies are resolved and squid installed successfully but during squid process start, we are getting below error. Screen shot also attached. Please suggest. FATAL: The /usr/lib64/squid/security_file_certgen -s /var/spool/squid/ssl_db -M 4MB helpers are crashi...eed help! Regards, Ankit Dixit|IS Cloud Team Eurostar International Ltd Times House | Bravingtons Walk | London N1 9AW Office: +44 (0)207 84 35550 (Extension– 35530) From: Eliezer Croitoru <ngtech1ltd@xxxxxxxxx>
Hey, What you should do is: yum localinstall squid-helpers-4.12-1.amzn2.x86_64.rpm perl-Crypt-OpenSSL-X509-0.1-1.amzn2.noarch.rpm and it should resolve the dependencies automatically. Eliezer ---- Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1ltd@xxxxxxxxx From: DIXIT Ankit Croitoru, When I am installing these packages, its not able to resolve dependencies. Below is the error. [root@ squid_package]# rpm -ivh squid-helpers-4.12-1.amzn2.x86_64.rpm error: Failed dependencies: perl(DBI) is needed by squid-helpers-7:4.12-1.amzn2.x86_64 perl(Data::Dumper) is needed by squid-helpers-7:4.12-1.amzn2.x86_64 perl(Digest::MD5) is needed by squid-helpers-7:4.12-1.amzn2.x86_64 perl(Digest::SHA) is needed by squid-helpers-7:4.12-1.amzn2.x86_64 perl(URI::URL) is needed by squid-helpers-7:4.12-1.amzn2.x86_64 Before above error, I had to resolve one more dependency by installing below lip package. yum install libtool-ltdl-2.4.2-22.2.amzn2.0.2.x86_64 Please suggest. Regards, Ankit Dixit|IS Cloud Team Eurostar International Ltd Times House | Bravingtons Walk | London N1 9AW Office: +44 (0)207 84 35550 (Extension– 35530) From: Eliezer Croitoru <ngtech1ltd@xxxxxxxxx>
Hey, Squid 4 is tested on Amazon Linux 2. I have tested it in the lat year.. and I believe that there is no reason to run a full set of tests now. Squid 4 only needs a basic “dry-run” to make sure what you need to change in your squid.conf. I do suggest to first run it whiteout any cache-dir for maybe an hour. Do not go back to CentOS 7. To my knowledge Amazon Linux 2 receives a better over-all support then CentOS 7. From my tests in the past Amazon Linux 2 is faster and is a LTS distribution so you will have someone to contact in any case of trouble. Compared to CentOS X which you will be in the grace of your own efforts and “google foo”. I believe that you would not want to find your self in a situation which you try to contact upstream RH for help. Feel free to send me or the mailing lists any email you want. I will try to at-least read them if I cannot respond on the spot. Eliezer ---- Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1ltd@xxxxxxxxx From: DIXIT Ankit Hi, Thanks for providing the rpm information but I was having some questions as per my last email. ============================================================================== Does it mean, Squid 4 is not tested on Amazon Linux 2, yet? How much time, testing will take? If it will take time , then I am thinking to change the Operating system to Centos 7 from Amazon Linux 2 and then install Squid 4? Regards, Ankit Dixit|IS Cloud Team Eurostar International Ltd Times House | Bravingtons Walk | London N1 9AW Office: +44 (0)207 84 35550 (Extension– 35530) From: Eliezer Croitoru <ngtech1ltd@xxxxxxxxx>
## The last email got corrupted for some reason so.. First save the existing config files. The RPM files are at: https://1drv.ms/u/s!AoiLG1Jyh7JqoiBbOtBMb9wuAfjS?e=9XeXCS You will need to install: perl-Crypt-OpenSSL-X509-0.1-1.amzn2.noarch.rpm It’s a dummy recursive package that installs basic dependencies. You will not be able to install the squid-helpers packages without it. Then install the RPM’s: squid-4.12-1.amzn2.x86_64.rpm squid-helpers-4.12-1.amzn2.x86_64.rpm If you have installed squid RPM’s from other sources/repositories you will need to first uninstall/remove then and only then install the ngtech RPM’s. If for any reason you need the sources for the RPM’s take a peek at: https://github.com/elico/squid-docker-build-nodes https://gist.github.com/elico/5fa3050ed1a7247fbf2f6810c74933cc Eliezer ---- Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1ltd@xxxxxxxxx From: DIXIT Ankit Hi, We have two squid servers running in our environment.
I think you are right, please provide the Squid rpm version 4 for Amazon Linux 2 Or link to download. Regards, Ankit Dixit|IS Cloud Team Eurostar International Ltd Times House | Bravingtons Walk | London N1 9AW Office: +44 (0)207 84 35550 (Extension– 35530) From: Eliezer Croitoru <ngtech1ltd@xxxxxxxxx>
I have tested v4 to work properly on Amazon Linux 2 in the past. If RPM’s are needed, let me know. Eliezer ---- Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1ltd@xxxxxxxxx From: Alex Rousskov On 6/5/20 2:38 PM, DIXIT Ankit wrote: > We are facing memory issues on Squid proxy. We have squid proxy server > running on AWS Cloud(Amazon Linux 2). Server is having total 8 GB RAM > and 100 GB hard disk. > > The problem is that squid is eating all of system memory and not freeing > up the objects. Server memory lasts for maximum 15 days and after that > squid process start crashing. Please suggest. I would start by making sure that you are not suffering from Squid bug #4005: https://bugs.squid-cache.org/show_bug.cgi?id=4005 After that, if you are sure that there is a memory leak, then I suggest upgrading to v4 (or v5) as the next step. IMHO, it is unlikely that somebody would volunteer to triage a v3.5 memory leak these days. HTH, Alex. > [root@eaa-lpx-003-p ~]# squid -version > > Squid Cache: Version 3.5.27-20180318-r1330042 > > Service Name: squid > > This binary uses OpenSSL 1.0.2k-fips 26 Jan 2017. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
This email (including any attachments) is intended only for the addressee(s), is confidential and may be legally privileged. If you are not the intended recipient, do not use, disclose, copy, or forward this email. Please notify the sender immediately and then delete it. Eurostar International Limited and its affiliates ("EIL") do not accept any liability for action taken in reliance on this email. EIL makes no representation that this email is free of viruses and addressees should check this email for viruses. The comments or statements expressed in this email are not necessarily those of EIL.
This email (including any attachments) is intended only for the addressee(s), is confidential and may be legally privileged. If you are not the intended recipient, do not use, disclose, copy, or forward this email. Please notify the sender immediately and then delete it. Eurostar International Limited and its affiliates ("EIL") do not accept any liability for action taken in reliance on this email. EIL makes no representation that this email is free of viruses and addressees should check this email for viruses. The comments or statements expressed in this email are not necessarily those of EIL.
This email (including any attachments) is intended only for the addressee(s), is confidential and may be legally privileged. If you are not the intended recipient, do not use, disclose, copy, or forward this email. Please notify the sender immediately and then delete it. Eurostar International Limited and its affiliates ("EIL") do not accept any liability for action taken in reliance on this email. EIL makes no representation that this email is free of viruses and addressees should check this email for viruses. The comments or statements expressed in this email are not necessarily those of EIL.
This email (including any attachments) is intended only for the addressee(s), is confidential and may be legally privileged. If you are not the intended recipient, do not use, disclose, copy, or forward this email. Please notify the sender immediately and then delete it. Eurostar International Limited and its affiliates ("EIL") do not accept any liability for action taken in reliance on this email. EIL makes no representation that this email is free of viruses and addressees should check this email for viruses. The comments or statements expressed in this email are not necessarily those of EIL.
This email (including any attachments) is intended only for the addressee(s), is confidential and may be legally privileged. If you are not the intended recipient, do not use, disclose, copy, or forward this email. Please notify the sender immediately and then delete it. Eurostar International Limited and its affiliates ("EIL") do not accept any liability for action taken in reliance on this email. EIL makes no representation that this email is free of viruses and addressees should check this email for viruses. The comments or statements expressed in this email are not necessarily those of EIL.
This email (including any attachments) is intended only for the addressee(s), is confidential and may be legally privileged. If you are not the intended recipient, do not use, disclose, copy, or forward this email. Please notify the sender immediately and then delete it. Eurostar International Limited and its affiliates ("EIL") do not accept any liability for action taken in reliance on this email. EIL makes no representation that this email is free of viruses and addressees should check this email for viruses. The comments or statements expressed in this email are not necessarily those of EIL.
|
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
