-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Did you had the chance to take look at bug 3997:
http://bugs.squid-cache.org/show_bug.cgi?id=3997
The issue is being tested and there is something that causing it and
from my understanding squid does something wrong but I cannot confirm
it as the sour
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 6/01/2015 6:01 a.m., Priya Agarwal wrote:
> Thank you for the reply.
>
> I do not intend to change its functionality. I just want to make it
> run on a processor (Freescale's T4240). For that it has to use some
> new architectural features (Data Pa
On 05.01.15 16:35, Eliezer Croitoru wrote:
Can you share the "squid -v" output and the OS you are using?
Scientific Linux 6.6, see below for the squid -v output.
I've now more or less confirmed that this is the cause of my performance
problems - every so often I see Squid using all the CPU w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Agreed.
I'm expert on shell, not Perl/Python. :)
But will try to make some useful with it.
05.01.2015 22:28, Eliezer Croitoru пишет:
> On 01/05/2015 05:18 PM, Yuri Voinov wrote:
> > We haven't filtering non_HTTP over port-443. Just recognize and
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey Steve,
Can you share the "squid -v" output and the OS you are using?
Eliezer
On 01/05/2015 06:29 PM, Steve Hill wrote:
> On 10.12.14 17:09, Amos Jeffries wrote:
>
>>> I'm looking for advice on figuring out what is causing
>>> intermittent high
On 10.12.14 17:09, Amos Jeffries wrote:
I'm looking for advice on figuring out what is causing intermittent
high CPU usage.
It appears that the connections gradually gain more and more notes with
the key "token" (and values containing Kerberos tokens). I haven't been
able to reproduce the p
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/05/2015 05:18 PM, Yuri Voinov wrote:
> We haven't filtering non_HTTP over port-443. Just recognize and
> pass.
So let's separate security which is one of the goals of squid and
which some like and other don't.
For now squid 3.4 is stable and 3.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 6/01/2015 2:27 a.m., Priya Agarwal wrote:
> Hi.
>
> I am Priya. I want to modify the squid code only in places where it
> is actually communicating with the hardware to send or receive
> packets. I do not intent to change its functionality or how i
Hi.
I am Priya. I want to modify the squid code only in places where it is
actually communicating with the hardware to send or receive packets. I do
not intent to change its functionality or how it works.
I am facing some difficulty in understanding the full code. If I could get
some hints on for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
We haven't filtering non_HTTP over port-443. Just recognize and pass.
05.01.2015 21:15, Marcus Kool пишет:
>
>
> On 01/05/2015 12:38 PM, Douglas Davenport wrote:
>> Marcus, not to distract from the very important main points being
discussed here but
On 01/05/2015 12:38 PM, Douglas Davenport wrote:
Marcus, not to distract from the very important main points being discussed
here but I have to question your last line:
"i.e. there is not yet an interface for this type of traffic inspection."
Is that not the whole point of Squid's ICAP interf
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Wait a minute, gents.
What about ICAP? What I skipped?
05.01.2015 20:38, Douglas Davenport пишет:
> Marcus, not to distract from the very important main points being discussed
> here but I have to
question your last line:
> "i.e. there is not yet
Marcus, not to distract from the very important main points being discussed
here but I have to question your last line:
"i.e. there is not yet an interface for this type of traffic inspection."
Is that not the whole point of Squid's ICAP interface and HTTPS bumping? Or
do you just mean that ufdbgu
On 01/05/2015 11:11 AM, Yuri Voinov wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
And also:
don't forget about bogus homebrew internet-bankings. Which is uses bogus
SSL-certs with bogus GOST realisations. And bogus Java-based clients. All of
them also uses 443 port. And often HTTPS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
May be.
Now on my production server hit ratio is:
http://i.imgur.com/7E6RXq7.png
Yes, regular expressions takes long time to debug for me. :) Also, this
is not at all - I also use very custom refresh_pattern rules. Which is
violates HTTP. ;)
BTW,
Yuri,
Do not worry, I need more ot be offended
Yes regexp is great but this is not clear for all, I mean they have to
understand regexp and speak Perl...
Nice to see you reach 70% with your rules, I really doubt about the 70% with
those simple rules but I'm ready to believe you.
Maybe you could
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Just look at this one:
^http:\/\/[^\.]+\.c\.youtube\.com\/videoplayback\?.*?id=([^&]+)&.*?itag=([^&]+)&.*?range=([^&]+).*
http://video-srv.youtube.com.SQUIDINTERNAL/$1&$2&$3
^https:\/\/[^\.]+\.c\.youtube\.com\/videoplayback\?.*?id=([^&]+)&.*?ita
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sure :)
do not be offended. :)
But regexp is great, is it? ;)
05.01.2015 19:47, Stakres пишет:
> Hi Yuri,
>
> Does the "we don't need" means "you don't need" or do you speak for all
> users of Squid ?
>
> We have done tons of tests with the "store
Hi Yuri,
Does the "we don't need" means "you don't need" or do you speak for all
users of Squid ?
We have done tons of tests with the "storeid_file_rewrite", sorry to tell
you it does not achieve 70% because:
- The prog you provide is nude, I mean there is 1 example only
- Admins have to check hu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This is not right.
We HAVE good cache solution in our current Squid proxy.
It named storeid_file_rewrite. And it built in Squid by default.
All we need - right config for it.
We have it. It's quick and easy solution with half-dozen regular
expres
Hi.
I am Priya. I want to modify the squid code only in places where it is
actually communicating with the hardware to send or receive packets. I do
not intent to change its functionality or how it works.
I am facing some difficulty in understanding the full code. If I could get
some hints on for
Hi All,
Advanced Caching Add-On for Linux Squid Proxy Cache for Videos, Music,
Images, Libraries and CDNs.
By default your existing Squid Proxy Cache cannot properly cache most
popular multi-media websites like YouTube, Netflix, Facebook, DailyMotion,
Vimeo, Vevo, Google Maps & Apps, Apple, Tumbl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
And also:
don't forget about bogus homebrew internet-bankings. Which is uses bogus
SSL-certs with bogus GOST realisations. And bogus Java-based clients.
All of them also uses 443 port. And often HTTPS with homebrew bogus
features.
We don't know, ho
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I think,
non-HTTP/HTTPS security issues is never ever Squid function.
Squid is not all-in-one-security-solution. It's only HTTP proxy.
For others security breches (i.e SSH tunnels, various browser
tunnel-related plugins, Tor etc., ) we have anothe
Much of the discussion so far has been about bumping traffic on port 443,
bumping SSL-encapsulated HTTP traffic and not bumping (allowing)
other traffic. Since port 443 is used for many protocols, it is in many
cases dangerous to allow non-bumpable traffic: SSH tunnels using port 443
are common,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Don't think so.
AFAIK, the firewall-based/external router solution will be
OS/infrastructure-specific. Also, separate subsystem also will be heavy
and KISS-aware. I.e crutch. :)
So, I think all we need - good fast and scalable helper for external A
Wouldn't it be better to have a pipe option (a helper with persistence -
I'm thinking of postfix options here) and a totally separate project to
handle encryption and mitm? If you had something independent to help, you
might be able to detect other protocols and handle them properly vs
different pr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey Yuri,
Indeed there are other *NIX systems and for each and every one of them
there is a solution in need.
SSL Pinned destinations cannot be identified automatically since the
are pinned inside a software and the certificate will not show
anything
>
> On 01/01/15 00:11, James Harper wrote:
> > The helper connects to the IP:port and tries to obtain the certificate, and
> then caches the result (in an sqlite database). If it can't do so within a
> fairly
> short time it returns failure (but keeps trying a bit longer and caches it for
> next
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sounds good,
but server world is not end on Linux. ;)
Now exists another *NIX systems. And will exists further.
Also. I have an idea, gents.
Do we can easy and quickly detect SSL Pinned destinations? And remember
it, for example, in database?
In
30 matches
Mail list logo
