===== [[http://www.squid-cache.org/|Squid]] =====

  * [[habrahabr>267851|«Прозрачный» Squid с фильтрацией HTTPS ресурсов без подмены сертификатов]]


=== How to enable GZIP compression for Squid? ===

<note tip>
Installation:

  * Download/clone [[github>yvoinov/squid-ecap-gzip|squid-ecap-gzip]]
  * ''apt-get install g++ libecap3-dev zlib1g-dev pkg-config''
  * ''./configure && make all install'' -- will install the library to ''/usr/local/lib''

<folded|Below information is obsolete>
See [[googlecode>p/squid-ecap-gzip]] -- [[http://wiki.squid-cache.org/Features/eCAP|eCAP]] module that compresses Squid reply to the client on the fly. Latest version of that module (1.3.0) is not adapted for ''libecap'' 0.2.0 thus needs to be patched with patch from [[googlecode>p/squid-ecap-gzip/issues/detail?id=8|issue #8]]. Download ''[[cloudmail>MWKc/StpQVSsCp|libsquidgzip_1.3.0_i386.deb]]''.
<code|/etc/squid/squid.conf>
acl GZIP_HTTP_STATUS http_status 200
ecap_service gzip_service respmod_precache 0 ecap://www.vigos.com/ecap_gzip
loadable_modules /usr/lib/squid/ecap_adapter_gzip.so
</code>
See also:
  * [[github>c-rack/squid-ecap-gzip/issues/4|segfault in ecap_adapter_gzip.so]]
</folded>
</note>


=== I get ''ERROR: No forward-proxy ports configured'' in ''/var/log/squid/cache.log'' ===

<note tip>
From [[http://www.squid-cache.org/mail-archive/squid-users/201204/0439.html|No forward-proxy ports error in 3.3]]:

Squid needs at least one port to serve the error page, FTP and gopher icons, and other proxy-proxy communications from:

  - When producing an error page there are CSS embedded images(s).
  - When generating FTP directory listing there are icons for each file on the list.
  - The ''cachemgr.cgi'' API can be accessed via HTTP or HTTPS protocol through this port.
  - URLs inside any HTML manager reports may use this port to target particular worker for servicing a request.
  - To exchange traffic between proxy peers a forward-proxy port is required by ''cache_peer'' as the ''http-port'' option. This gets used for all traffic fetched through that peer, including cache digests, netdb exchanges and background live/dead monitoring probes. 

Interception port mode now (3.2+) has security checks which cause problems for that traffic. The solution is to have Squid configured with forward-proxy port and transparent-proxy port:

<code|/etc/squid/squid.conf>
http_port 3128
http_port 3129 intercept
</code>

and then (provided that internal network is connected via ''eth2'' interface) forward the traffic to that port:

''%%iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j REDIRECT --to-port 3129%%''

If ''eth2'' is bridged, then use (see [[http://ebtables.sourceforge.net/br_fw_ia/br_fw_ia.html#section10|Using the iptables physdev match module]]):

''%%iptables -t nat -A PREROUTING -p tcp -m physdev --physdev-in eth2 --dport 80 -j REDIRECT --to-port 3129%%''

It is advised to close the interception port for direct access (it is important to perform it before ''nat'' table, as otherwise it will be blocked also for port forwarding):

''%%iptables -t mangle -A PREROUTING -p tcp --dport 3129 -j DROP%%''
</note>


=== Squid exits with the log message ''Too few redirector processes are running'' ===

<note tip>
From [[http://www.squid-cache.org/mail-archive/squid-users/200304/1499.html|squidGuard errors - too few redirectors]]:

When more then 50% of redirector helpers have crashed, Squid will shut down.
</note>


=== How to format squid log timestamps? ===

<note tip>
<code console>
$ cat /var/log/squid/access.log | perl -p -e 's/^([0-9]*)/"[".localtime($1)."]"/e' | less
</code>
</note>