Thanks for the quick reply Yuri,
I made a few changes to make sure that I was doing the right thing with
respect what port I'm using, and this is my current configuration. Both my
certificate as well as my key are in the same file, which from my
understanding should work, however I'm sure I'm mis
Hello Yuri,
The build from December 22 does work with SSLBump when running it as explicit
proxy. I am able to see the blocked page from HTTPS searches on Google for
example.
Of course I test with ICAP server but all builtin ACLs, SquidGuard and other
filters should also be able to get the HTTPS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Raf,
this version doesn't work with SSL-bump (I've tested, now it runs on my
notebook ;)) and yes, this is not latest version. :) Also I miss
storeid helper (it is absent in this release).
I've tried to build 3.5.0.4 with MinGW on Windows 7, but I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Matt,
you need self-signed root CA certificate with private key to HTTPS
interception work with ssl-bump.
Config lines must looks like this:
http_port 3127
http_port 3128 intercept
https_port 3129 intercept ssl-bump generate-host-certificates=on
Hello Everyone,
I'm not to this forum and using Squid. I've downloaded and installed Squid
3.4 on OpenBSD. I'm currently attempting to get the program to run as a
transparent proxy. I'm currently getting the following error message, and
I'm not quite sure what is causing it, I've verified that
Hello Rutvik,
Please see http://squid.diladele.com/. This is not the *latest* squid (and btw
*not an official one*) but we are doing what we can. Hopefully 3.5 will soon
run as MSI on Windows for the benefits of all community.
Best regards,
Raf
From: squid-users [mailto:squid-users-boun...@li
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
How can that be?
All HSTS sites cry with 3.5 bump option - they don't like host IP as CN,
other sites behaviour depending they (and browsers) settings.
Is it possible to keep server-first behaviour in 3.5.x ?
WBR, Yuri
09.01.2015 16:57, Amos Jeff
Speed tests will always enforce "nocache" so you will always see
overhead from a speed test site.
That's just the way proxies work. You can't make a single, "new"
download any quicker that it would be, and since it has a flag telling
Squid not to cache it, Squid has to go the the trouble of bo
I have a VM that is running Ubuntu 14.04 LTS 2.5G RAM 32-bit, that is serving
up our Squid proxy 3.3. We recently upgraded our internet connecting to
100Mbps/100Mbps+. When running a speed test from the server, the results are
100Mbps/100Mbps+. But when running the speed test from a proxy client
Hello!.
I am completely new to the Squid Software.
I need information (steps/guidance) how to install the latest version of squid
on windows server 2008.
If this is not the right contact, please help with correct contact for this
Query
Thanks,
Rutvik Chowdhary | Windows Engineering
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ok,
does it mean, that I can't using old bump configuration?
So, the right config for 3.5.x must contains what?
The IP's against server hostnames in mimicking certificates is
equivalence no bump. Every stupid browser will be cry on it.
WBR, Yuri
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 9/01/2015 11:45 p.m., Yuri Voinov wrote:
>
> I have working production 3.4.10 with working ssl bumping.
>
> Config was the same as working 3.4.10. I've just want to take a
> look on new release.
>
> in squid.documented said, than backward compati
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I have working production 3.4.10 with working ssl bumping.
Config was the same as working 3.4.10. I've just want to take a look on
new release.
in squid.documented said, than backward compatibility server-first and
none options for ssl_bump are kep
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 9/01/2015 7:33 p.m., Florian Huber wrote:
> So there is no way to distinguish between up and download?
Correct. At least if its being transferred as FTP.
If it is being translated to HTTP *by the client* then it should be
using PUT/POST requests t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 9/01/2015 9:36 p.m., Yuri Voinov wrote:
>
> Hi,
>
> gents.
>
> I've try to test last daily-generated 3.5.0.4 and meet different
> behaviour (different from 3.4.10).
>
> All squid-generated mimicked certs contains in CN only server IP,
> not hos
Hello Chris,
Perfect!!
I will see how this can be integrated in Surfing Now as it seems the squid
manager interface make this info directly usable.
Added issue for this
https://github.com/ra-at-diladele-com/qlproxy_external/issues/716.
Thanks a lot!
Best regards,
Rafael
_
Hi Rafael,
> as if I am not mistaken the data get's written to the log
> *after* each session is completed
You are correct about squids access_log file, but sqtop uses squid's
manager interface to report on active HTTP(S) connections. i.e for
the download of a large (1GB) file, sqtop will report
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
gents.
I've try to test last daily-generated 3.5.0.4 and meet different
behaviour (different from 3.4.10).
All squid-generated mimicked certs contains in CN only server IP, not
hostname.
Following, all client browsers are unhappy. :)
What I'
Hello Chris,
The ICAP session is happening inlined with HTTP(S) sessions (i.e. the proxy
user will not get any bytes until ICAP server tells Squid to proceed). In this
sense looking at sessions from ICAP is almost the same (or even better) as
having this info from within Squid's logs (as if I a
19 matches
Mail list logo
