Re: [squid-users] connecting directly to ssl-bump intercept port causes runaway CPU

2014-11-11 Thread Amos Jeffries
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/11/2014 5:49 p.m., Jason Haar wrote: > Hi there > > I was reading this list about the issue with google.com and was > playing around - and I used telnet to connect directly to the > intercept ssl-bump port. End result was squid immediately went

[squid-users] connecting directly to ssl-bump intercept port causes runaway CPU

2014-11-11 Thread Jason Haar
Hi there I was reading this list about the issue with google.com and was playing around - and I used telnet to connect directly to the intercept ssl-bump port. End result was squid immediately went to 99% CPU, and the cache.log started reporting WARNING! Your cache is running out of filedescripto

Re: [squid-users] Problem with https://www.google.com and squid interception

2014-11-11 Thread Yogesh Gawankar
hello peter can you check if your squid does gre return? It is unrelated to your issue though :) Thanks and regards Yogesh Gawankar On Wednesday, November 12, 2014 9:02 AM, Amos Jeffries wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/11/2014 7:47 a.m., Peter Gross w

Re: [squid-users] Problem with https://www.google.com and squid interception

2014-11-11 Thread Amos Jeffries
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/11/2014 7:47 a.m., Peter Gross wrote: > Hi, I am a new user of Squid and would first like to thank the > developers for this excellent software. This is my first post to > the mailing list ... I have been tasked with setting up quite > restrictiv

Re: [squid-users] R: Problem with Squid 3.4 and transparent SSL proxy

2014-11-11 Thread Amos Jeffries
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/11/2014 5:40 a.m., Job wrote: >> That means in your case avoid directly connecting to the >> intercepting port. Connect to port 80/443 on some Internet server >> instead and see > if> the packets are properly delivered through Squid. >> Also, avo

Re: [squid-users] Squid 3.3.12, Multiple process, requests serviced by process.

2014-11-11 Thread Amos Jeffries
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/11/2014 9:28 a.m., Oleg Chomenko wrote: > Hello, > > We use a squid cache for our robots to collects an information > from client's web sites. > > The squid running on FreeBSD 9.3 , squid version 3.3.13 > > the configuration is like this: > >

[squid-users] Problem with https://www.google.com and squid interception

2014-11-11 Thread Peter Gross
Hi, I am a new user of Squid and would first like to thank the developers for this excellent software. This is my first post to the mailing list ... I have been tasked with setting up quite restrictive web access control at work. I plan to use an intercepting squid proxy with SSL bump. There w

[squid-users] R: Problem with Squid 3.4 and transparent SSL proxy

2014-11-11 Thread Job
>That means in your case avoid directly connecting to the intercepting >port. Connect to port 80/443 on some Internet server instead and see if> the packets are properly delivered through Squid. >Also, avoid telnet for the 443 tests. Use an HTTPS client. Hello Amos and thank you, first of all. I

Re: [squid-users] Problem with Squid 3.4 and transparent SSL proxy

2014-11-11 Thread Amos Jeffries
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/11/2014 4:06 a.m., Job wrote: > Hello Elizier, > > first of all thank you for your patience and help! I use this > directives in iptables: > > iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT > --to-port 3128 (for http) iptables -t n

Re: [squid-users] Squid3 config on Ubuntu remains even after uninstall and ignore the new config

2014-11-11 Thread Amos Jeffries
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/11/2014 1:37 a.m., Efe wrote: > I tried on different browser but it's the same. Clearing browser > cache and stopping the service made no difference either. I don't > know if Squid does change Ubuntu network settings. Any particular > place/file

[squid-users] Problem with Squid 3.4 and transparent SSL proxy

2014-11-11 Thread Job
Hello Elizier, first of all thank you for your patience and help! I use this directives in iptables: iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128 (for http) iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 3129 (for https) In a normal http-on

Re: [squid-users] Problem with Squid 3.4 and transparent SSL proxy

2014-11-11 Thread Eliezer Croitoru
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey, Your configuration seems to not include any iptables and other relevant details. What is this machine details? Eliezer On 11/11/2014 04:20 PM, Job wrote: > Hello, > > i initialize correctly SSL Bump with Squid 3.4.4, following some > guides. I

[squid-users] Problem with Squid 3.4 and transparent SSL proxy

2014-11-11 Thread Job
Hello, i initialize correctly SSL Bump with Squid 3.4.4, following some guides. In iptables i redirect 80 and 443 ports to squid ports. Squid starts with no error, lines involving SSL bump are the following: http_port 3128 intercept https_port 3129 intercept ssl-bump generate-host-certificates=o

Re: [squid-users] Squid 3.4.x Videos/Music Booster

2014-11-11 Thread Stakres
Hi All, New release 1.07 including the Netflix video streams, all countries... Enjoy Bye Fred -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-3-4-x-Videos-Music-Booster-tp4666154p4668310.html

[squid-users] Fallback auth method

2014-11-11 Thread schinken
Hi there, i'm trying to use basic_ncsa_auth as a fallback to my ntlm/kerberos and LDAP authentification. The problem here is, that even if my user is successfully authenticated by ncsa_auth, its denied by the memberof external_acl rule. Is there a way to skip this acl rule if ncsa_auth was the