Thank you for the reply and information Sent from my iPhoneOn Apr 11, 2025, at 20:28, Amos Jeffries wrote:On 11/04/25 03:47, Jonathan Lee wrote:Hello fellow Squid users,Does anyone use pfSense squid package that knows a possible solution to this issue ? I have went as far as to remove all custom
Clamd successfully notified about the update.
whitelist.fp is up-to-date (version: custom database)
shell.ldb is up-to-date (version: custom database)
interservertopline.db is up-to-date (version: custom database)
interserver256.hdb is up-to-date (version: custom database)
urlhaus.ndb updated (ver
Hello fellow Squid users,Does anyone use pfSense squid package that knows a possible solution to this issue ? I have went as far as to remove all custom config and go to complete splice all and it still occurs with or without cache enabled and or squid guard enabled. It is something I just don’t kn
[ answering because nobody else has, I have no direct experience with
that particular setup. ]
On 5/03/25 18:03, Jonathan Lee wrote:
> Hello fellow Squid Users can you please help?
>
> Does anyone know how to set ssl_engine to use devcrypto for use with a
> safexcel accelerator?
>
Do you mind explaining or expanding on what these two products do in terms of
functionality they could in turn be marked block because they are being abused
on a proxy system for example they’re staging and or using that product to
abuse a proxy and pivot off of it thus clam antivirus is blockin
# h1:m1 must be less than h2:m2
You can add any ACL with time based needs…
Is this what you're looking for?
> On Mar 16, 2025, at 08:41, Jonathan Lee wrote:
>
> This would block everything during a time frame
>
> acl block_hours time 00:30-05:00
> ssl_bump te
This would block everything during a time frame acl block_hours time 00:30-05:00ssl_bump terminate all block_hourshttp_access deny all block_hoursSquid’s time directive is what you need. Sent from my iPhoneOn Mar 16, 2025, at 01:52, NgTech LTD wrote:I was wondering if there is a ready to use solu
Hello fellow Squid users,
Has anyone attempted to block DoH with mime?
If not, this is how I have done this.
The only issue is MS Teams, requires doh, so I am confused as to how to add an
override for specific by need sites.
Here is how I did this.
Please if anyone knows how to add a bypass f
Hello fellow Squid Users can you please help?
Does anyone know how to set ssl_engine to use devcrypto for use with a safexcel
accelerator?
The example area is empty
Ref:
Configuration Details:
Option Name:ssl_engine <>
Replaces:
Requires: --with-openssl
Default Value: none
S
You know like..
localnet deny to_ipv6
localnet deny from_ipv6
Or any acl at that point any network what ever acl you want with it.
> On Feb 26, 2025, at 06:27, Jonathan Lee wrote:
>
> Try this too
> acl to_ipv6 dst ipv6
> acl from_ipv6 dst ipv6
>
> After just block it
Try this too
acl to_ipv6 dst ipv6
acl from_ipv6 dst ipv6
After just block it with another acl like …
http_access deny to_ipv6
http_access deny from_ipv6
Sent from my iPhone
> On Feb 26, 2025, at 06:17, Nishant Sharma wrote:
>
>
>
> On 26 February 2025 1:44:49 pm UTC, Matus UHLAR - fantomas
Hello Fellow Squid Users,
I am currently a computer science major and I would love to have the honor of
helping this project, plus learn at the same time.
Can someone show me an example of doing one of these requests on the to do
list? I am currently taking a class that on the syllabus states w
Hello Fellow Squid Users can you please help?
Is there a better way to configure the access control lists?
ssl_bump peek step1
ssl_bump terminate SSL_Intercept_Terminate
miss_access deny no_miss active_use
ssl_bump splice splice_main active_use
ssl_bump bump bump_main active_use
acl activated not
ata structure in the regular file.Kind regards, Ankor.ср, 15 янв. 2025 г. в 07:42, <jonathanlee...@gmail.com>:Thanks that fixed my issue
-Original Message-
From: Amos Jeffries <squ...@treenet.co.nz>
Sent: Tuesday, January 14, 2025 2:23 PM
To: Jonathan Lee <jonathanlee...@gm
Yes, in that you can restrict the cache_dir line with "if ${process_number} =
N" conditions so only **one** worker will attempt to use that storage location.
I did this and created a new location for a second cache however it would not
allow me to create the folders it would not generate them I
Thank you all for your help in my computer science educational research trials
and errors.
This helped a lot.
Sent from my iPhone
> On Jan 13, 2025, at 17:52, Alex Rousskov
> wrote:
>
> On 2025-01-13 13:29, Jonathan Lee wrote:
>
>> Is there anyway to use more workers
Hello fellow squid users, can you please help?
Is there anyway to use more workers on a non rock system, without disabling the
cache? I can use them when cache is disabled. Without it I get assertion
failed: controller:cc:930: EX"
I researched this and found you can only use workers with rock c
ki.squid-cache.org/ConfigExamples/BlockingMimeTypes
-Original Message-
From: Jonathan Lee <jonathanlee...@gmail.com>
Sent: Friday, January 10, 2025 2:38 PM
To: squid-users <squid-users@lists.squid-cache.org>
Subject: Squid url redirector and DoH
Hello fellow Squid users, can you please
It's more about how many squid workers to start. Then the OS will do the
allocation
Thanks for the reply I only have one worker.
I can’t do workers 3 on my system because I would have to disable the cache as
it won’t do rock cache. This system does not support rock cache.
Worker directive doe
Hello fellow Squid users, can you please help? I was wondering about this for
years, I have a massive block list with DoH servers. Do you really need to
block DoH if you want Squid to use a specific dns? Let’s say you are using a
dns over tls, to Google or cloudflare and your system sometimes wa
et
# Default block all to be sure
http_access deny allsrc
Does delay pool setting cause any issues? They seem to be default values one
pool.
> On Jan 10, 2025, at 00:25, Francesco Chemolli wrote:
>
>
>
> On Fri, Jan 10, 2025 at 7:22 AM Jonathan Lee <mailto:jonathanlee...@gmail
, time to ask the community.
Thanks again sorry for the weird email before.
> On Jan 9, 2025, at 15:24, Jonathan Lee wrote:
>
> After trying every setting I am still asking the same question on a SG2100MAX
> 4GB ram 128GB disk and a NVMe 250 Optane m.2 drive over mpcie adapter
After trying every setting I am still asking the same question on a SG2100MAX
4GB ram 128GB disk and a NVMe 250 Optane m.2 drive over mpcie adapter. What is
recommended disk cache ? Ufs aufs or diskd? What is the recommended memory
cache?
I currently have it set to ufs 16 level 1 folders
For
Hello fellow Squid users,
Can you please help I have noticed for a long time under information page that
Store Disk Files Open is a lot of the times showing 0
Is this of concern? I thought I should email and ask as I have not found any
information that gives clarity on what this section of the
Hello fellow Squid Users,
I understand this directive is removed in Squid7 again I am still trying to
understand more about what it did and does in the older versions of software.
pipeline_prefetch historically was on or off for settings however today it is
n+1 or a numerical value for the var
Thanks everyone I guess my next question I am mulling over is do I still need
custom refresh patterns ontop of the storeid text file items?
Sent from my iPhone
> On Jan 1, 2025, at 08:18, Amos Jeffries wrote:
>
> On 1/01/25 21:27, Robin Wood wrote:
>> I've not got time to read your whole email
database every
> page load is fine. If the pages are for anything sensitive, for example a
> user's account, then definitely do not cache it.
>
> Robin
>
> On Tue, 31 Dec 2024 at 17:55, Jonathan Lee <mailto:jonathanlee...@gmail.com>> wrote:
>> What are you
Hello Fellow Squid Users,
Can you please help? I have been researching this for a long time and cannot
find any information on this "what is the $ mean” within StoreID?
Below is my failed attempt to make StoreID work correctly. Sorry it's a mess. I
have since disabled my customized StoreID patt
What are your thoughts? This is in relation to ssl intercept with certificates installed and bump active.Keep in mind I am still a student and learning.Is a rule like this recommended? Does anyone have a better version of this? Sent from my iPhoneOn Dec 30, 2024, at 14:10, Jonathan Lee
Hello fellow Squid Users,
Can you please help?
What are your thoughts on this rule? Should cgi-bin aspx and jsp files be
excluded from the web-cache? They are dynamic correct? This could help speed up
systems right?
acl QUERY urlpath_regex cgi-bin \? asp aspx jsp
## Prevent caching jsp, cgi
Thanks, Merry Christmas and Happy New Year everyone. That answered my question.
Again thank you.
> On Dec 30, 2024, at 10:28, Alex Rousskov
> wrote:
>
> latter
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache
l_bump terminate SSL_Intercept_Terminate
miss_access deny no_miss active_use
ssl_bump splice splice_main active_use
ssl_bump bump bump_main active_use
acl activated note active_use true
ssl_bump terminate !activated
> On Dec 30, 2024, at 08:46, Jonathan Lee wrote:
>
> Hello Fellow Squid Users,
>
Hello Fellow Squid Users,
I wanted to try to speed up my SSL interception caching, or optimize it
I have some small issues with some websites loading slowly not really bad just
a small lag and I started to play around with
all-of and any-of to create new concatenated acls.
I have arp mac add
Great Job sorry I assumed this was related to ssl bump issues.
Sent from my iPhone
> On Dec 22, 2024, at 11:47, Alex Rousskov
> wrote:
>
> On 2024-12-22 08:13, A. Pechenin wrote:
>> The reason and solution were not simple and obvious at first glance.
>> I have two providers accessing the gatew
request you would need to watch the traffic and look for when it fails on squid cache logs Sent from my iPhoneOn Dec 21, 2024, at 12:19, A. Pechenin wrote:
OK, but how can ACL data be applied in practice to solve the problem I described?
сб, 21 дек. 2024 г. в 22:57, Jonathan Lee <jonathan
>
> сб, 21 дек. 2024 г. в 22:57, Jonathan Lee <mailto:jonathanlee...@gmail.com>>:
>> You can use the following
>>
>> acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/reg.url.nobump"
>> acl NoBumpDNS dstdomain "/usr/local/pkg/dn
works.
support.apple.com
________
From: Jonathan Lee
Sent: Saturday, December 21, 2024 11:57
To: A. Pechenin
Cc: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] SQUID problem with unavailability of Google services
You can use the following
acl NoSSLIntercept ssl::server_name_
googleapis.com
Make sure you follow the enterprise policy for Google Android based products.
Some sites simply can not and or should not be bumped and you only should look
at the get header.
From: A. Pechenin
Sent: Saturday, December 21, 2024 11:46
To: Jonathan
Have you created a splice only file with lists of items that must be spliced at
all times, Google mail ethically should be spliced just as an example. Some
know sites must be spliced.
Sent from my iPhone
> On Dec 21, 2024, at 09:32, A. Pechenin wrote:
>
>
> This week, when connecting users
Thanks it is not easy getting Squid proxy to work with ssl intercept and to
have ClamAV scan for issues inside a firewall. It’s impressive. Thanks for all
you do ClamAV team.
Sent from my iPhone
> On Dec 18, 2024, at 01:27, Ralf Hildebrandt via clamav-users
> wrote:
>
> * Jona
WARNING DO NOT USE GITHUB TO FIND INFORMATION someone has infected a GitHub so
when you search for info it has a virus also
> On Dec 17, 2024, at 13:38, Jonathan Lee wrote:
>
> Hello fellow clam users,
>
> Can you please help me?
>
> How do I find information on this bug
Hello fellow clam users,
Can you please help me?
How do I find information on this bug?
instream(local): vhxtdQ.sigs.InterServer.net.SHA256.21881.UNOFFICIAL FOUND
instream(local): vhxtdQ.sigs.InterServer.net.SHA256.21881.UNOFFICIAL FOUND
instream(local): sigs.InterServer.net.HEX.Topline.194.150.
Is there anything I should set after I moved to an external box to handle wpad, should I still have settings for wpad included on the proxy also? Sent from my iPhoneOn Dec 10, 2024, at 15:40, Jonathan Lee wrote:Changed over the lighttpd Apache2 is overkill for what I need. We used lighttpd in
Changed over the lighttpd Apache2 is overkill for what I need. We used lighttpd in cybersecurity classes it is lightweight and great for what I need. Sent from my iPhoneOn Dec 10, 2024, at 13:30, Jonathan Lee wrote:Thanks for the reply, I purchased a Raspberry Pi to run an Apache2 server on it
rk.
>> Is this an intercept proxy or a simple forward proxy?
>> Is the 192.168.1.1 the proxy ip and port? Also is the client on the same
>> subnet?
>>
>> I understand that you are trying to use the proxy to serve the wpad file
>> somehow.
>>
>> Th
return 'DIRECT';
}
}
if (url.substring(0, 5) == 'http:' || url.substring(0, 6) == 'https:' ||
url.substring(0, 4) == 'ftp:')
{
return 'PROXY 192.168.1.1:3128';
}
return 'DIRECT';
}
> On Dec 1, 2024, at 13:
Thank you again this works perfectly for my issues I had
> On Oct 2, 2024, at 20:51, Amos Jeffries wrote:
>
> On 2/10/24 05:05, Jonathan Lee wrote:
>> Hello fellow squid users,
>> Can you please help? I am attempting to run wpad on the same machine as
>> squid howeve
Thanks for the update.
Sent from my iPhone
> On Nov 27, 2024, at 17:12, Amos Jeffries wrote:
>
> Please notice that the Squid page says the displayed time has "GMT" timezone.
>
> Apparently you are in timezone UTC-0800. Which means your "local time" is hrs
> different from GMT/UTC.
>
> This
Local is correct and acls that are time based function
Sent from my iPhone
> On Nov 27, 2024, at 16:22, Stuart Henderson wrote:
>
> On 2024-11-27, Jonathan Lee wrote:
>>
>> --===8430038489510697630==
>> Content-Type: multipart/alternative;
>>
/usr/local/etc/squid/errors/templates/ERR_ACCESS_DENIEDI think this is the file I need change T to t Sent from my iPhoneOn Nov 27, 2024, at 07:39, Jonathan Lee wrote:Feature: Customizable Error Messagewiki.squid-cache.orgWhere is this file and or the file name to adapt this? I have already
Feature: Customizable Error Messagewiki.squid-cache.orgWhere is this file and or the file name to adapt this? I have already created a custom squid guard one again this error page only shows up when my ACL on time based blocks run. Sent from my iPhoneOn Nov 27, 2024, at 00:44, Jonathan Lee
Is this the fix?
%t
local time
%T
UTC
Sent from my iPhone
> On Nov 27, 2024, at 00:43, Jonathan Lee wrote:
>
>
> Hello fellow squid users can some please help?
>
> My url errors for time lock outs work perfectly however I have a time stamp
> issue.
>
>
Hello fellow squid users can some please help?
My url errors for time lock outs work perfectly however I have a time stamp
issue.
On the bottom of the page
Generated Wed, 27 Nov 2024 08:38:04 GMT by Lee_Family.home.arpa (squid)
But the time is 00:38:04 it blocks at the correct times I need bu
Hello fellow Squid users,
For acls and use of -n is this considered faster over non use of the flag? What
would be better for a system that is using its own DNS? When would we use -n
versus when would we not?
Also with use of caching updates would it be better to use -n ?
Sent from my iPhone
I did this with the local dns. Unbound for example you can set specific items
to resolve only ipv4, if Squid points to a dns that provides the resolves for
it, it can be controlled on that side, again requires NAT a firewall with ACLs
etc
Sent from my iPhone
> On Nov 21, 2024, at 05:52, Ralf H
Hello, thank you for the update Francesso, there is also some chatter about
bugs within the Netgate community. Is this also related to the fixes in V7
(please see Redmine attached)?
I admit, I have a bias and assumption that that Big-Tech does not like Squid
functional, and that most of what i
Give it time to cache miss means it stored items Sent from my iPhoneOn Oct 10, 2024, at 15:27, Bryan Seitz wrote:I removed the header mods and changed the refresh pattern to:refresh_pattern . 15 20% 1800 override-expire ignore-no-cache ignore-no-store ignore-privateAnd I
Thanks Jeffries
Jonathan Lee
Sent from my iPhone
> On Oct 3, 2024, at 01:07, Amos Jeffries wrote:
>
> On 2/10/24 05:05, Jonathan Lee wrote:
>> Hello fellow squid users,
>> Can you please help? I am attempting to run wpad on the same machine as
>> squid however por
Hello fellow squid users,
Can you please help? I am attempting to run wpad on the same machine as squid
however port 80 443 is blocked, I have a url redirect 192.168.1.1/wpad.dat to
https://192.168.1.1:8080/wpad.dat this is done with use of squid guard, however
you must disable bypass for 192.1
I use bump splice, with split acls and access lists that match MAC addresses,
plus cachemgr, I hate to admit I am using 5.8 because 6.6 has issues with so
many errors showing and is so much slower. I do not want to reissue all my
certificates, it works perfect for what I need in my mini firewall
ncesco Chemolli wrote:
>
> Hi Jonathan,
> could you try:
> curl -u anything:redacted http://localhost:3128/squid-internal-mgr/menu
>
> ?
>
> On Mon, Jul 22, 2024 at 8:52 PM Jonathan Lee wrote:
>>
>> Also I have tested
>>
>> curl 127.0.0.1:3128/squid-
The directive
cachemgr_passwd
does not allow the ability to add a username right?
> On Aug 1, 2024, at 12:30, Jonathan Lee wrote:
>
> client << " requesting '" <<
>actionName << "'" );
>
> // speci
rl hostname_here:3128/squid-internal-mgr -u :redacted (per bug notes use
>> hostname in place of localhost)
>>
>> and testing with no password same commands lock up the system with no
>> response and if I do them outside of the host with a web browser I get the
>> erro
Does it require
acl localnet src fc00::/7
acl localnet src fe80::/10
With the pfsense packages or is that coded into the php code?
Sent from my iPhone
> On Jul 31, 2024, at 13:18, Jonathan Lee wrote:
>
> I forgot to mention this is over a he tunnel broker gif interface with IPv4
&
I forgot to mention this is over a he tunnel broker gif interface with IPv4
only isp
Sent from my iPhone
> On Jul 31, 2024, at 12:03, Jonathan Lee wrote:
>
> I show HTTP/1.1 409 conflict when it try to reply from the firewall back to
> the client.
>
> I do not know if yo
The error it shows when I activate IPv6 only mode not dual stack is
Error: no forward proxy ports configured
Squid terminated
Sent from my iPhone
> On Jul 30, 2024, at 20:16, Amos Jeffries wrote:
>
> On 30/07/24 08:47, Jonathan Lee wrote:
>> I did not know that I had th
Hello fellow squid users can you please help? I have noticed that I get 409
errors with IPv6 only clients this leads me to believe that it’s DNS related.
My firewall has both IPV4 and IPV6 DNS. I wonder if when an IPV6 only client is
trying to access the proxy it defaults to IPv4 dns. How can on
result. I have removed my MAC address matching and the
terminate options same result also.
I get 409 errors on ssl bumps
> On Jul 29, 2024, at 00:17, Amos Jeffries wrote:
>
> On 27/07/24 10:10, Jonathan Lee wrote:
>> Hello fellow squid users can you please help me??
>> I
Does this also auto solve for IPv6 connections changing it to just
http_port 3128
https_port 3129??
> On Jul 12, 2024, at 04:57, Amos Jeffries wrote:
>
> On 12/07/24 11:50, Jonathan Lee wrote:
>>> I recommend changing your main port to this:
>>>
>>> htt
> On Jul 26, 2024, at 15:10, Jonathan Lee wrote:
>
> Hello fellow squid users can you please help me??
>
> I know I have good IPV6 internet if I use the IPV4 proxy address, and the
> IPv6 test sites pass 10 out of 10. If I make the client IPV6 only and have
> the rules
Hello fellow squid users can you please help me??
I know I have good IPV6 internet if I use the IPV4 proxy address, and the IPv6
test sites pass 10 out of 10. If I make the client IPV6 only and have the rules
set to use the proxy with the proxy IPV6 address for the proxy I get no
internet.
I
gt; On Mon, Jul 22, 2024 at 8:52 PM Jonathan Lee wrote:
>>
>> Also I have tested
>>
>> curl 127.0.0.1:3128/squid-internal-mgr -u :redacted
>> curl localhost:3128/squid-internal-mgr -u :redacted
>> curl hostname_here:3128/squid-internal-mgr -u :redacted (p
Shell Output - curl -u anything:REDACTED
http://localhost:3128/squid-internal-mgr/menu
% Total% Received % Xferd Average Speed TimeTime Time Current
Dload Upload Total SpentLeft Speed
0 00 00 0 0 0 --:--:
Tested thanks for the reply and idea access denied and tested with a firewall
rule to approve everything to port 80 same result with or without mgr_passord
configured, it is like the page is missing in Squid 6.6 or something
Shell Output - curl localhost:3128/squid-internal-mgr/info -u admin:re
#x27;s just to make sure
> that curl sends all the data
>
> On Mon, Jul 22, 2024 at 7:21 PM Jonathan Lee wrote:
>>
>> That would require a username for the cachemgr_password account right? I
>> have no usernames set up for this.
>>
>> How does one add a
ctice to
> put flags ('-u user:redacted') before arguments (the URL)
>
> On Mon, Jul 22, 2024 at 5:12 PM Jonathan Lee wrote:
>>
>> Thanks for the info
>>
>> I tried it and this also failed. Dang
>>
>> Shell Output - curl localhost:3128/squid
with no response
and if I do them outside of the host with a web browser I get the errors below
seen they are new..
> HTTP/1.1 Expect: feature is being asked from an HTTP/1.0 software.
>
> On Jul 22, 2024, at 09:01, Jonathan Lee wrote:
>
> Thanks for the info
>
> I t
Thanks for the info
I tried it and this also failed. Dang
Shell Output - curl localhost:3128/squid-internal-mgr/info -u :redacted
% Total% Received % Xferd Average Speed TimeTime Time Current
Dload Upload Total SpentLeft Speed
0
without password enabled
Shell Output - curl http://127.0.0.1:3128/squid-internal-mgr/info
% Total% Received % Xferd Average Speed TimeTime Time Current
Dload Upload Total SpentLeft Speed
0 00 00 0 0 0 -
Do I use
curl http://localhost:3128/squid-internal-mgr/info
Where would I place the password?
> On Jul 17, 2024, at 21:08, Jonathan Lee wrote:
>
> 2024/07/17 21:07:37| Processing Configuration File:
> /usr/local/etc/squid/squid.conf (depth 0)
> 2024/07/17 21:07:37| Proces
and it worked however
now nothing….
Also
squidclient -l 127.0.0.1 -h localhost mgr:info
I get nothing with password removed
> On Jul 17, 2024, at 21:08, Jonathan Lee wrote:
>
> 2024/07/17 21:07:37| Processing Configuration File:
> /usr/local/etc/squid/squid.conf (depth 0)
&g
Squid 6.6
Hello fellow Squid users,
What would be the correct way to convert cache_dir disks to rock?
cache_dir diskd /var/squid/cache 64000 256 256
Would it be as simple as..
cache_dir rock /var/squid/cache 64000 256 256?
___
squid-users mail
How do we enable tproxy in Squid 6.6 in 5.8 we could just adapt the Squid.conf
and it would enable tproxy
2024/07/17 21:22:41| Processing Configuration File:
/usr/local/etc/squid/squid.conf (depth 0)
2024/07/17 21:22:41| Processing: http_port 192.168.1.1:3128 ssl-bump
generate-host-certificat
recommendations to try to get the password to work?
> On Jul 17, 2024, at 21:08, Jonathan Lee wrote:
>
> 2024/07/17 21:07:37| Processing Configuration File:
> /usr/local/etc/squid/squid.conf (depth 0)
> 2024/07/17 21:07:37| Processing: http_port 192.168.1.1:3128 ssl-bump
21:07:37| ERROR: Unsupported TLS option SINGLE_ECDH_USE
I removed the : and it processed
> On Jul 12, 2024, at 09:52, Amos Jeffries wrote:
>
> On 13/07/24 04:16, Jonathan Lee wrote:
>> tested with removal of IP and port failed If I leave port I get this
>&g
IPv4 only ips, I have a BE with tunnel broker that I test out but my IPS IDS
can’t inspect the tunnel
Sent from my iPhone
> On Jul 14, 2024, at 22:49, Andrea Venturoli wrote:
>
> On 7/13/24 20:48, Jonathan Lee wrote:
>> It works 6.6 it just have a different requirement to
Best way to describe it is transparent intercept maybe… tproxy takes place of
intercept on the http_port directive
Sent from my iPhone
> On Jul 13, 2024, at 11:49, Jonathan Lee wrote:
>
> It works 6.6 it just have a different requirement to enable it. I am using a
> Netga
It works 6.6 it just have a different requirement to enable it. I am using a
Netgate 2100 with pfSense. The difference is that it spoofs the IP of the
client so the host doesn’t see the IP of the firewall when using intercept I am
told. So transparent with more of a hidden layer
Sent from my iP
For the HTTP and https derivative is it better to use tproxy or intercept on
FreeBSD?
Sent from my iPhone
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
Sorry that test was on the 5.8 version I am using that boot environment right
now. All others were on 6.6 does 6.6 support no IP port combo?
Sent from my iPhone
> On Jul 12, 2024, at 09:16, Jonathan Lee wrote:
>
> tested with removal of IP and port failed If I leave port I get this
at 09:09, Jonathan Lee wrote:
>
> Thanks I fixed the firewall rules, I am trying tproxy and it seems to help
> with speed right now.
> Sent from my iPhone
>
>> On Jul 12, 2024, at 04:57, Amos Jeffries wrote:
>>
>> On 12/07/24 11:50, Jonathan Lee wrote:
>
Thanks I fixed the firewall rules, I am trying tproxy and it seems to help with
speed right now.
Sent from my iPhone
> On Jul 12, 2024, at 04:57, Amos Jeffries wrote:
>
> On 12/07/24 11:50, Jonathan Lee wrote:
>>> I recommend changing your main port to this:
>>>
Squid.
Thanks again
Sent from my iPhone
> On Jul 11, 2024, at 22:02, Amos Jeffries wrote:
>
> On 12/07/24 06:43, Jonathan Lee wrote:
>> What is Vary Object loop??
>
> In HTTP URLs can point at a set or "variants" of a resource.
>
> Squid "Vary Object
Here is how it is set
http_port 192.168.1.1:3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=20MB cert=/usr/local/etc/squid/serverkey.pem
cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/
cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+S
> I recommend changing your main port to this:
>
> http_port 3128 ssl-bump
This is set to this when it processes
http_port 192.168.1.1:3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=20MB cert=/usr/local/etc/squid/serverkey.pem
cafile=/usr/local/share/certs/ca-ro
1 14:09:28| Loaded signing certificate:
/CN=internal-ca/C=US/ST=California/L=Roseville/O=Homeuse
2024/07/11 14:09:29| Not requiring any client certificates
2024/07/11 14:09:29| Loaded signing certificate:
/CN=internal-ca/C=US/ST=California/L=Roseville/O=Homeuse
2024/07/11 14:09:30| Not requiring a
Ok I sent output prior email that shows the right path but says access denied
Sent from my iPhone
> On Jul 11, 2024, at 12:59, Amos Jeffries wrote:
>
> On 12/07/24 05:27, Jonathan Lee wrote:
>> Thanks what about the password is it set with@ or -p where would I place
>> t
does not match any domain IP)
31.12.1969 16:00:00
11.07.2024 11:36:16 SECURITY ALERT: on URL: mask-h2.icloud.com:443
31.12.1969 16:00:00
11.07.2024 11:36:16 SECURITY ALERT: Host header forgery detected on
conn9975 local=17.248.245.229:443 remote=192.168.1.10:55721 FD 102 flags=33
(lo
Could this cause the issue?
acl https_login url_regex -i ^https.*(login|Login).*
cache deny https_login
> On Jul 11, 2024, at 11:12, Jonathan Lee wrote:
>
> cachemgr_passwd disable offline_toggle reconfigure shutdown
> cachemgr_passwd PASSWORDREDCATED all
> eui_lookup o
e 1 seconds
negative_dns_ttl 5 minutes
Does the MAC address and bump have anything to do with it? This worked in the
older versions without having to input a MAC for the loopback
> On Jul 11, 2024, at 11:08, Jonathan Lee wrote:
>
> I use http access acl set as followed
>
> ac
1 - 100 of 335 matches
Mail list logo
