-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/11/2014 5:00 p.m., Jason Haar wrote:
> Hi there
>
> Now that I've got ssl-bump working with port 443 intercept, I now
> find non-HTTPS apps that operate on port 443 no longer work. eg for
> ssl-bump in standard proxy mode I had an ACL to disable
Hi there
Now that I've got ssl-bump working with port 443 intercept, I now find
non-HTTPS apps that operate on port 443 no longer work. eg for ssl-bump
in standard proxy mode I had an ACL to disable bump when an application
(like Skype, which doesn't use HTTPS) tried CONNECT-ing to ip addresses,
b
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/11/2014 9:19 a.m., Jason Haar wrote:
> I applied the patch and now it works! I can transparently access
> port 443-based websites with ssl-bump :-)
>
> Thanks Amos :-)
>
>
Thank you for the report and quick feedback.
This will be fixed in the
Hello,
We use a squid cache for our robots to collects an information from
client's web sites.
The squid running on FreeBSD 9.3 , squid version 3.3.13
the configuration is like this:
if ${process_number} = 1
http_port 3001
cache_peer 1.1.1.1 parent 4567 0 no-query no-digest no-netdb-exchange
ro
I applied the patch and now it works! I can transparently access port
443-based websites with ssl-bump :-)
Thanks Amos :-)
On 11/11/14 02:20, Amos Jeffries wrote:
>
> You have an urlpath_regex ACL test depending on URIs containing paths.
> Which is not the case with CONNECT.
>
> The attached pat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/10/2014 07:41 PM, Marcus Kool wrote:
>
> Indeed but setting debug_options to ALL,9 does not work since the
> log file already is too big and unmanageable even before Squid
> begins to do thing that consumes CPU time.
I have suggested a full one
during our last tests (with 3.4.x) we also tried the worker
option. it does not matter if workers are enabled or not. with more
workers the cpu rise seems to be somewhat slower. so it is not
connected to (smp)workers. it is the external auth helper -
although the squid process and not the helper
On Monday 10 November 2014 at 17:12:23 (EU time), Efe wrote:
> acl myrule dstdom_regex "/etc/squid3/domainblock.txt"
> http_access deny myrule
>
> where domainblock.txt is
>
> someaddress.com
> blockthis.net
As Amos said, use dstdomain instead of dstdom_regex.
> Now whenever i
Hi All
Has anyone come across a compile issues for Squid 3+ and Ecap? I've tried the
following below.
http://www.e-cap.org/Documentation
squid-3.1 to squid-3.4 with libecap-0.2.0 and libecap-1.0.0
./configure --enable-ecap
./configure --enable-ecap --with-included-ltdl
When I use "make" I kee
Hi again,
just for documentation: I figured out what the problem was. According to
the previously mentioned configuration example [1] one can use these
encryption modes inside /etc/krb5.conf:
> ; for Windows 2003
>
> default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md
> default_tkt_enctypes =
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/11/2014 4:12 a.m., Rietzler, Markus (RZF, SG 324 /
) wrote:
>> -Ursprüngliche Nachricht- Von: squid-users
>> [mailto:squid-users-boun...@lists.squid-cache.org] Im Auftrag
>> von Amos Jeffries Gesendet: Montag, 10. November 2014 14:36 An:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/11/2014 2:58 a.m., Efe wrote:
> Thank you for your reply. I've managed to retrieve uncommented
> config lines:
>
> $ grep -P '^\s*\w' /etc/squid3/squid.conf
>
> acl localnet src 192.168.0.101 # RFC1918 possible internal
> network acl SSL_ports
Hi,
i recently configured a squid 3.3.8 on an ubuntu 14.04 trusty host using
NTLM/Kerberos auth. My configuration is mostly based on a config example
on squid-cache.org [1].
It took me a day to figure out why the following messages appeared in my
/var/log/squid3/cache.log:
> 2014/11/10 06:32:16|
> -Ursprüngliche Nachricht-
> Von: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] Im
> Auftrag von Amos Jeffries
> Gesendet: Montag, 10. November 2014 14:36
> An: squid-users@lists.squid-cache.org
> Betreff: Re: [squid-users] High CPU-Usage with squid 3.4.9 (and/or
> 3.4.4)
Traces are showing, that in the 401-response from squid, which
provides the ftp-prompt (3.3.11), the header-field 'WWW-Authenticate:
Basic realm="FTP Access"' exists. In the newer squid-version (ex.
3.3.13), the prompt doesn't appear and the header-field
"WWW-Authenticate" is not existent. Why does
Thanks
I have some achievement , but still no access.log
I have seen hits from router to wccp0 gre port , but cant see log file and no
browsing ??
I have from tcpdump traffic goin to wccp0 :
tcpdump -i wccp0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening
> On Nov 10, 2014, at 5:08 AM, Jatin Bhasin wrote:
>
> Hello,
>
> I am using squid 3.4.9 and the Dropbox client does not work with
> SSLBump feature of squid. Dropbox client gives a message that it
> cannot make a secure connection. Does anyone know fix or workaround or
> this issue?
>
>
> Th
Well, the problem with the helper-modules is that you have context switches
(icap, external_acl and reqwrite) and scheduler delays.
This is (as far as I understood) the great advantage of eCap: it does not run
in an external context with the corresponding context switches.
That was why I was aski
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 7/11/2014 2:50 a.m., Tom Tom wrote:
> Hi
>
> After migration from squid 3.3.13 to 3.4.4, I recognized a
> performance-issue. Squid is configured with 4 workers. They often
> have a CPU-Utilization between 50%-90% (each worker). With squid
> 3.3.13
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/11/2014 12:22 a.m., Efe wrote:
> OS: Ubuntu 14.04 LTS
>
> After i installed the squid3 package for the 1st time, i've add a
> list of domains to be blocked in squid.conf:
>
> acl myrule dstdom_regex "/etc/squid3/domainblock.txt" http_access
> d
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/11/2014 12:08 a.m., Jatin Bhasin wrote:
> Hello,
>
> I am using squid 3.4.9 and the Dropbox client does not work with
> SSLBump feature of squid. Dropbox client gives a message that it
> cannot make a secure connection. Does anyone know fix or
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/11/2014 12:25 a.m., Jason Haar wrote:
> On 11/11/14 00:06, Amos Jeffries wrote:
>> Grr, strdup bites again. Backtrace please if you can.
> I'm not a developer, so here's my attempt, let me know if I need to
> do something else
>
> #3 0x000
Info added to the bug report.
On Sun, Nov 9, 2014 at 7:53 PM, Diego Woitasen wrote:
> Hi,
> I have more information. The testing environment has a few users. We
> switched to basic authencation and it's been working for a week without any
> issues. A couple of days ago we enabled NTLM again and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey Martin,
As far as I can tell there is non of these ECAP modules available.
Also using ECAP for this might be very weird since the helpers modules
do exists.
If you want to use lua specifically it's doable to write a helper for
the current squid in
Hi!
Is there any eCap lua integration module available that one could use for
filtering - similar to apache mod_lua?
It then could get easily used as a URL-rewrite engine or to handle
session-affinity and similar without any context switches that is needed with
url_rewrite_program...
Thanks,
Here are the outputs:
$ egrep '^(https?_port|ssl)' /etc/squid3/squid.conf
http_port 3128
---
$ /usr/sbin/squid3 -N
WARNING: Cannot write log file: /var/log/squid3/cache.log
/var/log/squid3/cache.log:
On 10/11/14 23:43, Eliezer Croitoru wrote:
> Can you send all ssl_bump related settings?
> There are some missing parts in the settings.
How's this?
# egrep '^(https?_port|ssl)' /etc/squid/squid.conf
http_port 3128
http_port 3126 ssl-bump cert=/etc/squid/squid-CA.cert
capath=/etc/ssl/certs/ gene
On 11/11/14 00:06, Amos Jeffries wrote:
> Grr, strdup bites again. Backtrace please if you can.
I'm not a developer, so here's my attempt, let me know if I need to do
something else
(gdb) run
Starting program: /usr/sbin/squid -N
[Thread debugging using libthread_db enabled]
Detaching after fork fr
OS: Ubuntu 14.04 LTS
After i installed the squid3 package for the 1st time, i've add a list of
domains to be blocked in squid.conf:
acl myrule dstdom_regex "/etc/squid3/domainblock.txt"
http_access deny myrule
where domainblock.txt is
someaddress.com
blockthis.net
Which worked
Hello,
I am using squid 3.4.9 and the Dropbox client does not work with
SSLBump feature of squid. Dropbox client gives a message that it
cannot make a secure connection. Does anyone know fix or workaround or
this issue?
Thanks,
Jatin
___
squid-users ma
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/11/2014 11:26 p.m., Jason Haar wrote:
> On 10/11/14 23:02, Amos Jeffries wrote:
>>> acl SSL_nonHTTPS_sites dstdom_regex
>>> "/etc/squid/SSL_nonHTTPS_sites.txt" acl SSL_noIntercept_sites
>>> dstdom_regex "/etc/squid/SSL_noIntercept_sites.txt" ss
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Can you send all ssl_bump related settings?
There are some missing parts in the settings.
If there is a bug\error the full details are needed to analyze the
subject.
I need:
- - OS details
- - machine details
- - network topology
- - cache logs
- - acc
On 10/11/14 23:02, Amos Jeffries wrote:
> > acl SSL_nonHTTPS_sites dstdom_regex
> > "/etc/squid/SSL_nonHTTPS_sites.txt" acl SSL_noIntercept_sites
> > dstdom_regex "/etc/squid/SSL_noIntercept_sites.txt" ssl_bump none
> > SSL_nonHTTPS_sites ssl_bump none SSL_noIntercept_sites ssl_bump
> > server-firs
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/11/2014 10:17 p.m., Jason Haar wrote:
> Hi there, I've googled about for this but I think most of the
> squid intercept stuff refers to 3.2 and I think things have changed
> since then?
>
> I have squid-3.4.9 running with sslbump, and when I con
10.11.2014 10:46, Dmitry Melekhov пишет:
07.11.2014 13:29, Dmitry Melekhov пишет:
Hello!
I just found that I have problems with using google maps , i.e.
https://maps.google.com with firefox 33.0 ovr squid 3.4.9-
it works extremely slow, sometimes street view can't be loaded and
showed black s
Hi there, I've googled about for this but I think most of the squid
intercept stuff refers to 3.2 and I think things have changed since then?
I have squid-3.4.9 running with sslbump, and when I configure my browser
to use it as a proxy, it bumps the certs nicely, signing "fake"
certs/etc. I then a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/11/2014 8:53 p.m., Riccardo Castellani wrote:
> I think the request is http/1.1 because I captured it and it shows
> in the 'Hypertext Transfer Protocol' in the POST section, the field
> 'Request version' is HTTP/1.1 I understand Squid 2.7 is not
37 matches
Mail list logo
