Hello,
The solution is to install libssl1.0-dev instead of libssl-dev of the Debian
repo. Squid don’t support libssl > 1.0.
Tanguy
> http://squid-web-proxy-cache.1019090.n4.nabble.com/Build-errors-with-Squid-3-5-24-under-Debian-td4681637.html
>
> said you have to use libssl1.0-dev for compiling squid3
ok , worked successfully..
thanks..
On Sun, Feb 11, 2018 at 11:36 PM, Ulf Volmer wrote:
> On 11.02.2018
> http://squid-web-proxy-cache.1019090.n4.nabble.com/Build-errors-with-Squid-3-5-24-under-Debian-td4681637.html
>
> said you have to use libssl1.0-dev for compiling squid3
Thanks.. Now i try...
On Sun, Feb 11, 2018 at 11:36 PM, Ulf Volmer wrote:
> On 11.02.2018 21:28, Gokan Atmaca w
On 11.02.2018 21:28, Gokan Atmaca wrote:
> I am getting an error like the following while compiling Squid3. (I
> want to install it with SSL-BUMP.)
>
> What can be the problem ?
>
> packages:
> apt-get install libssl-dev libcrypto++-dev
> apt-get build-dep squid3
Hello
I am getting an error like the following while compiling Squid3. (I
want to install it with SSL-BUMP.)
What can be the problem ?
packages:
apt-get install libssl-dev libcrypto++-dev
apt-get build-dep squid3
apt-get install build-essential sharutils ccze libzip-dev libssl-dev
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, Feb 08, 2016 at 01:24:24PM +0100, Willy Ted MANGA wrote:
> Hi,
[...]
> In my case the firewall rules are OK. Squid do not listen at all.
[...]
> Jessie comes with systemd by default.
[...]
> The conf files remain at the same place. But I
Hi,
Le 08/02/2016 12:28, Ron Leach a écrit :
> On 08/02/2016 10:20, Willy Ted MANGA wrote:
>> Hello,
>> I just upgraded my server from wheezy to jessie and my squid3 doesn't
>> listen to any port . :-\
>>
>[...]
>
> We just had a similar problem with
On 08/02/2016 10:20, Willy Ted MANGA wrote:
Hello,
I just upgraded my server from wheezy to jessie and my squid3 doesn't
listen to any port . :-\
We just had a similar problem with a new squid 3 install on another
distro. (For historical reasons we have one old server running
Fedora,
Hello,
Le 08/02/2016 11:17, to...@tuxteam.de a écrit :
> On Mon, Feb 08, 2016 at 11:20:30AM +0100, Willy Ted MANGA wrote:
>> [...] 2016/02/08 09:39:17 kid1| ERROR: No forward-proxy ports
>> configured. 2016/02/08 09:39:17 kid1| ERROR: No forward-proxy
>> ports configured.
>
> I can't say this is t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, Feb 08, 2016 at 11:20:30AM +0100, Willy Ted MANGA wrote:
> Hello,
> I just upgraded my server from wheezy to jessie and my squid3 doesn't
> listen to any port . :-\
>
> I even remove all my settings and just modify `htt
Hello,
I just upgraded my server from wheezy to jessie and my squid3 doesn't
listen to any port . :-\
I even remove all my settings and just modify `http_port` directive to
`http_port 3128 intercept` . But I doesn't work either .
I have attached an excerpt of the cache.log .
I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 26 Jan 2016 22:17:54 +1300
Chris Bannister wrote:
>On Fri, Jan 22, 2016 at 09:37:52PM +0300, Michael Tokarev wrote:
>> 15.01.2016 22:47, startrekfan wrote:
>>
>> > *squid3 Version 3.4.8* is deployed in the Jessi
On Fri, Jan 22, 2016 at 09:37:52PM +0300, Michael Tokarev wrote:
> 15.01.2016 22:47, startrekfan wrote:
>
> > *squid3 Version 3.4.8* is deployed in the Jessie stable
> > repository.*This version is outdated and has some security risks!!*.
> > Version 3.5 is more secure but
15.01.2016 22:47, startrekfan wrote:
> *squid3 Version 3.4.8* is deployed in the Jessie stable repository.*This
> version is outdated and has some security risks!!*. Version 3.5 is more
> secure but unfortunately it's only marked as unstable
I wonder how many times this ques
Hi,
The link you provided refers to an issue with proxy certificates for SSL
interception. This feature is disabled in Debian squid3 package due to
licensing issues with OpenSSL, thus this is not a bug in Debian squid3 packages.
The only way this bug could affect a Debian user would be if the
squid 3.5
ref: https://forum.pfsense.org/index.php?topic=99141.0 (I think it's the
same problem with debian jessie. The certificates are only generated with
sha1)
2016-01-18 12:53 GMT+01:00 Martin Wuertele :
>
> * startrekfan [2016-01-15 23:39]:
>
> > squid3 3.4.8 has some secur
Hi,
startrekfan wrote:
> *squid3 Version 3.4.8* is deployed in the Jessie stable repository.* This
> version is outdated and has some security risks!!*. Version 3.5 is more
> secure but unfortunately it's only marked as unstable
Have you checked
https://packages.qa.debian.org
Hello startrekfan,
please don't do top posting.
Am 15.01.2016 um 23:19 schrieb startrekfan:
> squid3 3.4.8 has some security issues(risks)/bugs so an upgrade to 3.5 is
> actually only a fix of this bugs/security issues.
Which issues do you refer? What bugs in detail? Have you look
squid3 3.4.8 has some security issues(risks)/bugs so an upgrade to 3.5 is
actually only a fix of this bugs/security issues. There is no patch for
3.4.8 because it's outdated. Debian Jessie is the current active release.
So why not fixing squid3 in Debian Jessie with an stable 3.5 update?
On Fri, 2016-01-15 at 19:47 +, startrekfan wrote:
> Hello,
>
> I'm not sure which mailing list I should chose. So I'll try my luck here.
>
> I didn't subscribed to the mailing list. So* please put my mail address
> into cc*. thanks.
>
> *squid3 V
Hello,
I'm not sure which mailing list I should chose. So I'll try my luck here.
I didn't subscribed to the mailing list. So* please put my mail address
into cc*. thanks.
*squid3 Version 3.4.8* is deployed in the Jessie stable repository.* This
version is outdated and has some
I have fixed with the following in squid.conf
http_port 0.0.0.0:3128 transparent
Sorry
On 15.06.2015 10:42, basti wrote:
> Hello,
>
> last weekend I have try to run squid3 on my raspberry.
> Squid3 listen to IPv6 only even if IPv6 is disabled.
>
> I have found this bug-report
Hello,
last weekend I have try to run squid3 on my raspberry.
Squid3 listen to IPv6 only even if IPv6 is disabled.
I have found this bug-report which is marked as fixed:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584223
How can i fix this, that squid3 also listen on IPv4?
Thanks a lot
> The best thing is to educate your children instead of trying to
> shelter them from those sites.
"Why choose"
or
"Security in depth"
Stefan
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debi
[Please don't top post. Please trim unnecessary content.]
On Thu, Mar 26, 2015 at 02:29:08PM +0100, Peter Viskup wrote:
> It's the way you look at.
> For me it's about prevention...your child can click on some link somewhere
> and see some pictures/videos which will remain in his/her mind (let's
On Thu, 26 Mar 2015 15:53:04 -0600, Bob Proulx wrote:
> rog...@queernet.org wrote:
>> Michael Graham wrote:
>> > As MITM proxies in school/business seem to be pretty common in the US
>> > and the UK.
>>
>> I bet your proxy firewall does it too.
>
> I bet not! I think you are confusing https wit
Unfortunately we are living in real (not ideal) world and there are cases
where the SSL split is definitely needed or should be considered at least.
For example Squid 3.5 coming with new design of SSLBump allowing to do some
inspection of the connection prior the real SSLSplit. That gives you
possi
Michael Graham wrote:
> Reco wrote:
> > Ow. Exactly which kind of consumer-grade hardware comes with SSL bump
> > preinstalled? That's very interesting to me as I like know which
> > hardware to avoid in the future.
>
> It's way more common than you seem to think. CERT recently did a blog post
> a
On Thu, 26 Mar 2015 17:18 Reco wrote:
>
> Hi.
>
> On Thu, 26 Mar 2015 12:44:11 -0700
> rog...@queernet.org wrote:
>
> > On 3/26/15 12:42 PM, Michael Graham wrote:
> > > On 26 March 2015 at 14:18, Reco wrote:
> > >> Then it's even worse that I thought. I don't know about Germany, but
> > >> wh
rog...@queernet.org wrote:
> Michael Graham wrote:
> > As MITM proxies in school/business seem to be pretty common in the
> > US and the UK.
>
> I bet your proxy firewall does it too.
I bet not! I think you are confusing https with http. We are talking
about https here not http. And even then
Hi.
On Thu, 26 Mar 2015 12:44:11 -0700
rog...@queernet.org wrote:
> On 3/26/15 12:42 PM, Michael Graham wrote:
> > On 26 March 2015 at 14:18, Reco wrote:
> >> Then it's even worse that I thought. I don't know about Germany, but
> >> where I live tampering with public communications is considere
On 3/26/15 12:42 PM, Michael Graham wrote:
On 26 March 2015 at 14:18, Reco wrote:
Then it's even worse that I thought. I don't know about Germany, but
where I live tampering with public communications is considered a
criminal offense. I strongly suggest you to seek a legal advice before
doing a
On 26 March 2015 at 14:18, Reco wrote:
> Then it's even worse that I thought. I don't know about Germany, but
> where I live tampering with public communications is considered a
> criminal offense. I strongly suggest you to seek a legal advice before
> doing anything like SSL bump.
Just out of cu
Reco wrote:
> On Thu, 26 Mar 2015 18:18:24 +0100 "Michael I."
> wrote:
>> for private usage I am think a filter isn't good, children need trust
>> and a filter is the opposite of trust.
>>
>> But in usage for a school I think a filter is better, a teacher can't
>> look on all computers. The ki
Hi.
On Thu, 26 Mar 2015 18:18:24 +0100
"Michael I." wrote:
> Hello,
>
> for private usage I am think a filter isn't good, children need trust
> and a filter is the opposite of trust.
>
> But in usage for a school I think a filter is better, a teacher can't
> look on all computers. The kids
Michael I. wrote:
> This are not my children, the filter is used for a school.
Aha, important information.
Do not proceed any further with breaking encrypted connections or, for
the matter, transparently proxiing _any_ connections until you had a
talk with a) the Justitiar and b) the Datenschut
On Thu, 26 Mar 2015 08:49:37 -0500, John Hasler wrote:
> Why don't you just get rid of the computers?
I tried that route one time ... got looked at like I had 7 heads for even
suggesting that the kids go back to "textbooks and paper".
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.deb
Hello,
for private usage I am think a filter isn't good, children need trust
and a filter is the opposite of trust.
But in usage for a school I think a filter is better, a teacher can't
look on all computers. The kids are trying out thinks in school which is
good but when nobody is there to
Sven Hartge wrote:> Michael I.
wrote:
Sven Hartge wrote:
Michael I. wrote:
But I have a new problem, I want to have a transparent proxy for
http this works fine but when I add the iptables rule for https the
loading won't work.
Of course not. That this is not working is the _whole point
Hi.
On Thu, 26 Mar 2015 16:48:00 +0100
Peter Viskup wrote:
> Hello Reco,
>
> On Thu, Mar 26, 2015 at 4:13 PM, Reco wrote:
>
> > Hi.
> > And just as well child can see a naughty picture on TV. Or a phone ad.
> > Or a magazine/newspaper. Anywhere, once you start thinking about it.
> >
>
> An
Hello Reco,
On Thu, Mar 26, 2015 at 4:13 PM, Reco wrote:
> Hi.
> And just as well child can see a naughty picture on TV. Or a phone ad.
> Or a magazine/newspaper. Anywhere, once you start thinking about it.
>
And that's just sad, disturbingly and one of the main reasons of so many
people facin
Hi.
On Thu, 26 Mar 2015 14:29:08 +0100
Peter Viskup wrote:
> It's the way you look at.
> For me it's about prevention...your child can click on some link somewhere
> and see some pictures/videos which will remain in his/her mind (let's say)
> forever and can harm even if it was only seconds the
Why don't you just get rid of the computers?
--
John Hasler
jhas...@newsguy.com
Elmwood, WI USA
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87y4mjswb2@thump
Peter Viskup wrote:
> It's the way you look at. For me it's about prevention...your child
> can click on some link somewhere and see some pictures/videos which
> will remain in his/her mind (let's say) forever and can harm even if
> it was only seconds they were seen...I am speaking about childr
Michael I. wrote:
> Sven Hartge wrote:
>> Michael I. wrote:
>>> But I have a new problem, I want to have a transparent proxy for
>>> http this works fine but when I add the iptables rule for https the
>>> loading won't work.
>>
>> Of course not. That this is not working is the _whole point_ of
> -Ursprüngliche Nachricht-
> Von: Reco [mailto:recovery...@gmail.com]
> Gesendet: Donnerstag, 26. März 2015 13:52
> An: debian-user@lists.debian.org
> Betreff: Re: Redirect HTTPS with Squid3+Squidguard
>
> Hi.
>
> On Thu, 26 Mar 2015 13:21:57 +0100
> Peter Vis
Without the SSL splitting the only option is to install some software on
the client side. Some "endpoint" security software doing the inspection of
the web data transfers on the fly before they pass the TLS tunnel. It's the
same like SSL split on Squid, but let's say more transparent. Unfortunately
will spend your evenings to make your blacklists up2date.
Greetings
Sascha
-Ursprüngliche Nachricht-
Von: Reco [mailto:recovery...@gmail.com]
Gesendet: Donnerstag, 26. März 2015 13:52
An: debian-user@lists.debian.org
Betreff: Re: Redirect HTTPS with Squid3+Squidguard
Hi.
On Thu, 26 Mar
Sven Hartge wrote:
Michael I. wrote:
But I have a new problem, I want to have a transparent proxy for http
this works fine but when I add the iptables rule for https the loading
won't work.
Of course not. That this is not working is the _whole point_ of any
end-to-end encrypted connection.
Hi.
On Thu, 26 Mar 2015 13:21:57 +0100
Peter Viskup wrote:
> Hi,
> just jumped into SSLBump/Split features some months ago. I don't find these
> features harmful. Especially when protecting your children from access of
> YouTube or other possibly harmful sites. Once you are logged with Google
>
Hi,
just jumped into SSLBump/Split features some months ago. I don't find these
features harmful. Especially when protecting your children from access of
YouTube or other possibly harmful sites. Once you are logged with Google
account they redirect your communication to https which makes the
inspec
Michael I. wrote:
> But I have a new problem, I want to have a transparent proxy for http
> this works fine but when I add the iptables rule for https the loading
> won't work.
Of course not. That this is not working is the _whole point_ of any
end-to-end encrypted connection.
What you are ef
y for http
this works fine but when I add the iptables rule for https the loading
won't work.
With the config now you can bypass the blocking with using https, this
is not so good.
I think it's the same as the other problem I had, squid3 is not able to
read and understand the https tr
Sven Hartge wrote:
> Michael I. wrote:
> > I tested around a bit with squid3+squidguard and I found out that the
> > redirect works with the Internet Explorer (IE 11).
>
> > Then I tested some other browser (firefox, chrome, ..) and with all
> > the other browser
Michael I. wrote:
> I tested around a bit with squid3+squidguard and I found out that the
> redirect works with the Internet Explorer (IE 11).
> Then I tested some other browser (firefox, chrome, ..) and with all
> the other browser the redirect didn't work.
> Is there a
Hello again,
I tested around a bit with squid3+squidguard and I found out that the
redirect works with the Internet Explorer (IE 11).
Then I tested some other browser (firefox, chrome, ..) and with all the
other browser the redirect didn't work.
Is there a bug in the Internet Explor
Liam O'Toole wrote:
> On 2015-03-23, linux-michae...@abwesend.de
> wrote:
>> I thought there is a simple and secure way to redirect to an 'This
>> Site has been blocked' Page for HTTP and HTTPS. But when I must
>> destroy the safety from HTTPS this isn't an option.
> [SNIP}
> You could simply
Hello Liam,
thanks for the hint, but the error page I get is a browser error page (it's the
connection failed error page) and not a squid error page.
--
Michael
> "Liam O'Toole" wrote:
>
> On 2015-03-23, linux-michae...@abwesend.de
> wrote:
> > Hello Sven and the other,
> >
> > thanks for he
On 2015-03-23, linux-michae...@abwesend.de
wrote:
> Hello Sven and the other,
>
> thanks for help.
>
> I thought there is a simple and secure way to redirect to an 'This
> Site has been blocked' Page for HTTP and HTTPS. But when I must
> destroy the safety from HTTPS this isn't an option.
[SNIP}
he user can see this site has
been blocked and there are no connection troubles (the browser error page).
Greetings,
Michael
> "Sven Hartge" wrote:
> Bob Proulx wrote:
> > Sven Hartge wrote:
> >> Michael I. wrote:
>
> >>> Is there really no wa
Bob Proulx wrote:
> Sven Hartge wrote:
>> Michael I. wrote:
>>> Is there really no way to redirect https request to an errorpage
>>> with squid3+squidguard?
>> Long answer: The only way is to setup a transparent proxy,
>> intercepting any outbound connecti
Sven Hartge wrote:
> Michael I. wrote:
> > Is there really no way to redirect https request to an errorpage with
> > squid3+squidguard?
>
> Short answer: No, there is not.
+1, No there is not for the reasons Sven described.
> Long answer: The only way is to s
Michael I. wrote:
> I have a problem with my squid3 + squidguard. I can't redirect https
> requests to an errorpage. When I request a blocked https page it
> always says the site isn't available.
> I searched on the internet an there it says, it is an problem with the
&g
Hello list,
I have a problem with my squid3 + squidguard. I can't redirect https
requests to an errorpage. When I request a blocked https page it always
says the site isn't available.
I searched on the internet an there it says, it is an problem with the
https protocol becaus
Squid3 on Debian
Alguien me puede sugerir algún buen manual para instalar y configurar el
squid3 en Debian.
Uso Debian Lenny
Saludos
Cosme
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.
Hi People,
I'm trying to compile the squid3 the option --enable-ssl, I am doing the
following:
apt-get source squid3
vim Debian/rules add
--enable-ssl
then in
debuild-uc-us-b
always fails, which is the process, as it works perfectly for the squid2.
--
Márcio Luciano Donada
Aurora Alim
Hello,
I've tried both squid and squid3 (via apt-get). My current config file
(used for a transparent proxy) works well with both.
Is there any advantage using one over the other? For a transparent proxy
setup, which is better?
Thanks
-Will
--
To UNSUBSCRIBE, email to [EMAIL PROT
67 matches
Mail list logo