Re: [squid-users] Squid Deployment Questions

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey Evan, I am missing couple things in my head to get the picture: How big is the lan? how many clients? Allowing port 80 and 443 from then lan to the dmz depends on the services that will be or are there. Squid default port is 3128. If the ICAP, NTP

[squid-users] Squid Deployment Questions

Hey all, Wondering if I could get some advice on potentially setting up a Squid forward proxy on my network. I'm not a Linux novice by any means, but I'm not experienced in server administration, log review, etc. We're needing to deploy a simple non-caching, non-peering forward proxy to integrate

Re: [squid-users] Squid 3 SSL bump: Google drive application could not connect

On Dec 30, 2014 7:04 PM, "Amos Jeffries" wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 31/12/2014 6:30 a.m., shawn wilson wrote: > > On Dec 30, 2014 8:57 AM, "Amos Jeffries" wrote: > >> > > > >> > >> As bumping gets more popular we are hearing about a number of > >> services ab

Re: [squid-users] Proxy to proxy authentication

I thought it wasn't trivial, otherwise it would have been already done. ;-) Thank you Markus "Amos Jeffries" wrote in message news:54a3416f.9060...@treenet.co.nz... -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 31/12/2014 7:59 a.m., Markus Moeller wrote: Hi Amos, On 30/12/2014 3:31 p

Re: [squid-users] Proxy to proxy authentication

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 31/12/2014 7:59 a.m., Markus Moeller wrote: > Hi Amos, > >> On 30/12/2014 3:31 p.m., Markus Moeller wrote: >>> Hi, >>> >>> Can squid authenticate to an upstream proxy using digest ? If >>> I saw it right cache_peer allows basic and negotiate only

Re: [squid-users] Squid 3 SSL bump: Google drive application could not connect

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 31/12/2014 6:30 a.m., shawn wilson wrote: > On Dec 30, 2014 8:57 AM, "Amos Jeffries" wrote: >> > >> >> As bumping gets more popular we are hearing about a number of >> services abusing port 443 for non-HTTPS protocols on the false >> assumption t

Re: [squid-users] https bug slow browsing

Correction: cache_dir rock /cache01/rock 5 120 256 max-size=31744 cache_dir aufs/cache01/aufs 200 4808 256 min-size=31745 cache_dir rock /cache02/rock 5 120 256 max-size=31744 cache_dir aufs/cache02/aufs 200 4808 256 min-size=31745 cache_dir rock /cache03/rock 5 120 256 max-s

Re: [squid-users] https bug slow browsing

hello , just one more question for this installation like what Amos told me to do , is this cache_dir formula right : cache_dir rock /cache01/rock 5 120 256 max-size=31744 cache_dir aufs/cache01/aufs 200 4808 256 min-size=31745 cache_dir rock /cache01/rock 5 120 256 max-size=31744 cac

Re: [squid-users] Squid 3 SSL bump: Google drive application could not connect

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 No problem. ;) 31.12.2014 2:30, Rafael Akchurin пишет: > > Perfect thanks a lot!!! > > Raf :) > > > > *From:*Yuri Voinov [mailto:yvoi...@gmail.com] > *Sent:* Tuesday, December 30, 2014 9:23 PM > *To:* Rafael Akchurin; squid-users@lists.squid-cache.

Re: [squid-users] Squid 3 SSL bump: Google drive application could not connect

Perfect thanks a lot!!! Raf :) From: Yuri Voinov [mailto:yvoi...@gmail.com] Sent: Tuesday, December 30, 2014 9:23 PM To: Rafael Akchurin; squid-users@lists.squid-cache.org Subject: Re: [squid-users] Squid 3 SSL bump: Google drive application could not connect -BEGIN PGP SIGNED MESSAGE-

Re: [squid-users] Squid 3 SSL bump: Google drive application could not connect

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 WCCP only, of course. To reduce Cisco CPU usage. Also, iOS version 15.4 with SECURITYK9 techno pack activated. 31.12.2014 2:21, Rafael Akchurin пишет: > > Just for me to completely clarify: > > > > - how exactly your Squid gets the traffic from yo

Re: [squid-users] Squid 3 SSL bump: Google drive application could not connect

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sure. Squid 3 WCCP key config part: # WCCPv2 parameters wccp2_router 192.168.200.2 wccp2_forwarding_method l2 wccp2_return_method l2 wccp2_service standard 0 wccp2_rebuild_wait off wccp2_service standard 0 wccp2_service dynamic 70 wccp2_service_inf

Re: [squid-users] Squid 3 SSL bump: Google drive application could not connect

Just for me to completely clarify: - how exactly your Squid gets the traffic from your clients? (explicit proxy or cisco WCCP?) raf From: Yuri Voinov [mailto:yvoi...@gmail.com] Sent: Tuesday, December 30, 2014 9:16 PM To: Rafael Akchurin; squid-users@lists.squid-cache.org Subject: Re: [squid-use

Re: [squid-users] Squid 3 SSL bump: Google drive application could not connect

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 To finalize a solution, see the our favorite: http://www.squid-cache.org/mail-archive/squid-users/201406/0369.html Why use iptables, ipfilter,Cisco, etc?! Only Squid, only hardcore! Revert cisco config back: R2911(config)#no access-list 121 R29

Re: [squid-users] Squid 3 SSL bump: Google drive application could not connect

Glad that it worked. May be useful to dump here your squid.conf to better understand how to configure squid to transparently work with wccp traffic coming from your Cisco router? Raf From: Yuri Voinov [mailto:yvoi...@gmail.com] Sent: Tuesday, December 30, 2014 8:48 PM To: Rafael Akchurin; squid-

Re: [squid-users] Squid 3 SSL bump: Google drive application could not connect

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Already found this lonely right post ;) I have Google-Fu too :) And it longer than you :) Anyway, all of these issues solved. I have snoop (not Windoze wireshark - all great things makes in console, ya!) and take a look on single client traffic du

Re: [squid-users] Proxy to proxy authentication

Hi Amos, On 30/12/2014 3:31 p.m., Markus Moeller wrote: Hi, Can squid authenticate to an upstream proxy using digest ? If I saw it right cache_peer allows basic and negotiate only (or passthrough) Thank you Markus Not yet. Amos Is it planned to add or no real interest in it ? Thank

Re: [squid-users] Squid 3 SSL bump: Google drive application could not connect

Hello Yuri, Luckily the same topic was just discussed on our forum – please see if this can help https://groups.google.com/d/msg/quintolabs-content-security-for-squid-proxy/GKIV3FpYSBE/9IET-4hg_tEJ It describes the iptables settings for successful SSL bump exclusions for Dropbox clients / Goog

Re: [squid-users] Squid 3 SSL bump: Google drive application could not connect

On Dec 30, 2014 8:57 AM, "Amos Jeffries" wrote: > > > As bumping gets more popular we are hearing about a number of services > abusing port 443 for non-HTTPS protocols on the false assumption that > the TLS layer goes all the way to the origin server without > inspection. That has never been a tr

Re: [squid-users] Skype bypass using ssl_bump peek

On 12/12/2014 02:31 AM, Yu-Hsuan Liao wrote: > I'm trying to using Squid 3.5's new feature peek-and-splice to bypass > Skype connection > I'm a little confused about ssl_bump steps, > the wiki says that > > peek Receive client (step SslBump1) or server (step SslBump2) > certificate while preservi

Re: [squid-users] Squid 3 SSL bump: Google drive application could not connect

Ask wireshark not me :) From: Yuri Voinov mailto:yvoi...@gmail.com>> Date: Tuesday 30 December 2014 17:00 To: R mailto:rafael.akchu...@diladele.com>>, "squid-users@lists.squid-cache.org" mailto:squid-users@lists.squid-cache.org>> Subject: Re: [squid-user

Re: [squid-users] Squid 3 SSL bump: Google drive application could not connect

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Captain Obvious. :) Say me something I don't know. The question 2 is - WHAT exactly I must exclude? Google Support's list could not help. 30.12.2014 21:22, Rafael Akchurin ?: > > ?Only exclusion from SSL Bump as far as I know. > > > raf > > -

Re: [squid-users] Squid 3 SSL bump: Google drive application could not connect

?Only exclusion from SSL Bump as far as I know. raf From: Yuri Voinov Sent: Tuesday, December 30, 2014 3:19 PM To: Rafael Akchurin; squid-users@lists.squid-cache.org Subject: Re: [squid-users] Squid 3 SSL bump: Google drive application could not connect -

Re: [squid-users] Squid 3 SSL bump: Google drive application could not connect

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 May be. Does workaround exists? 30.12.2014 20:09, Rafael Akchurin ?: > SSL Pinning? (I know Dropbox does this) > > my two cents only :) > > Raf > > > From: squid-users on behalf of Yuri Voinov > Sent:

Re: [squid-users] Squid 3 SSL bump: Google drive application could not connect

SSL Pinning? (I know Dropbox does this) my two cents only :) Raf From: squid-users on behalf of Yuri Voinov Sent: Tuesday, December 30, 2014 2:12 PM To: squid-users@lists.squid-cache.org Subject: [squid-users] Squid 3 SSL bump: Google drive application

Re: [squid-users] Memory Leak Squid 3.4.9 on FreeBSD 10.0 x64

Hi, I have the similar problem on FreeBSD 10.1-STABLE #1 r275861 with squid-3.4.10. I also applied MEMPOOLS=1 when starting squid. I experience the process slowing down and unacceptable performance. Squid is configured to use kerberos and ntlm authentication and lap group authentication. other

Re: [squid-users] Squid 3 SSL bump: Google drive application could not connect

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 31/12/2014 2:12 a.m., Yuri Voinov wrote: > > Hi gents, > > I found strange issue. > > Squid 3.4.10. Intercept. HTTPS bumping. All works fine. All configs > correct. > > Whenever all web https sites works perfectly - especially in > Chrome, most

[squid-users] Squid 3 SSL bump: Google drive application could not connect

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi gents, I found strange issue. Squid 3.4.10. Intercept. HTTPS bumping. All works fine. All configs correct. Whenever all web https sites works perfectly - especially in Chrome, most cloud clients works like charm (SpiderOak is!), Google Drive cl