Hey,
Did you had the chance to see this page:
http://findproxyforurl.com/example-pac-file/
Eliezer
On 13/01/2015 06:22, Simon Dcunha wrote:
Dear Sarfraz,
appreciate your immediate reply
Heres attached is my pac file
i am accessing the 10.101.101.10 server
regards
simon
Dear Sarfraz,
appreciate your immediate reply
Heres attached is my pac file
i am accessing the 10.101.101.10 server
regards
simon
From: "***some text missing***"
To: "simon" , "squid-users"
Sent: Monday, January 12, 2015 1:18:06 PM
Subject: {Disarmed} Re: [squi
Hey hack,
From the comments in the past I am unsure what you are after...
If you are using ssl-bump you should first learn about how ssl works and
about the differences between encrypted traffic to verification of a
public key.
I must admit that these topic are not marked as an easy one.
Since
how it didnt work while i found articles in google saying that it work for
them
like this one:
http://www.linuxquestions.org/questions/linux-server-73/ssl-intermediate-chain-warning-917476/
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-cert-wiki-tp46690
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 13/01/2015 12:00 a.m., HackXBack wrote:
> in this case the clear question is what https_port line must
> contain ?
>
The basic config for a reverse proxy is supposed to be just this:
https_port 443 accel no-vhost \
defaultdomain=example.com
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 13/01/2015 1:15 a.m., Yuri Voinov wrote:
>
> Yep.
>
> Memory leaking - if it really it - will be occurs on all
> platforms.
>
> If not - this is OS-specific issue. libc, malloc library problem.
> But not squid itself.
>
By definition a memory l
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yep.
Memory leaking - if it really it - will be occurs on all platforms.
If not - this is OS-specific issue. libc, malloc library problem. But
not squid itself.
12.01.2015 18:06, Eugene M. Zheganin пишет:
> Hi.
>
> On 12.01.2015 16:41, Eugene M.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yep.
Memory leaking - if it really it - will be occurs on all platforms.
If not - this is OS-specific issue. libc, malloc library problem. But
not squid itself.
12.01.2015 18:06, Eugene M. Zheganin пишет:
-BEGIN PGP SIGNATURE-
Version:
Hi.
On 12.01.2015 16:41, Eugene M. Zheganin wrote:
> I'm now also having a strong impression that squid is leaking memory.
> Now, when 3.4.x is able to handle hundreds of users during several
> hours I notice that it's memory usage is constantly increasing. My
> patience always ends at the point o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yep :)
12.01.2015 17:53, Eliezer Croitoru пишет:
> Hey,
>
> This is not a reverse proxy...
> It's a ssl-bump server and which you cannot use any bought certificate
for it.
>
> Eliezer
>
> On 12/01/2015 13:20, HackXBack wrote:
>> https_port 3127 inte
Hey,
This is not a reverse proxy...
It's a ssl-bump server and which you cannot use any bought certificate
for it.
Eliezer
On 12/01/2015 13:20, HackXBack wrote:
https_port 3127 intercept ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/CA.pem
ke
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Looks like an OS-specific issue.
I don't see any memory leaking on my boxes (running Solaris 10, yes ;)).
Moreover, helpers is corrrectly got an release memory.
12.01.2015 17:41, Eugene M. Zheganin пишет:
> Hi.
>
> On 09.01.2015 06:12, Amos Jeffrie
Hi.
On 09.01.2015 00:10, Doug Sampson wrote:
> Man, I empathize with you. Have you tried running Squid 3.4.x on
> FreeBSD 9.3? Sometimes I wonder if it's FreeBSD 10.x that's causing
> the issue...
It's not. FreeBSD 9.x branch was a crappy release from it's start.
Eugene.
_
Hi.
On 09.01.2015 06:12, Amos Jeffries wrote:
> Grand total:
> => 9.5 GB of RAM just for Squid.
>
> .. then there is whatever memory the helper programs, other software
> on the server and operating system all need.
>
I'm now also having a strong impression that squid is leaking memory.
Now, whe
Hi.
On 12.01.2015 16:03, Eugene M. Zheganin wrote:
> Hi.
>
> Just to point this out in the correct thread - to all the people who
> replied here - Steve Hill has provided a patch for a 3.4.x that solves
> the most performance degradation issue. 3.4.x is still performing poorly
> comparing to the 3
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
AFAIK,
you can't be use SERVER certificate (almost signed trusted CA) for SSL
bumping. You need root CA exactly. Self-signed root CA.
12.01.2015 17:28, HackXBack пишет:
> if it is self-signed CA certificate + import to browser
> then it will worke
if it is self-signed CA certificate + import to browser
then it will worked
but if it is Trusted CA cert it giving me error like i said in first post
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-cert-wiki-tp4669016p4669037.html
Sent from the Squid - Us
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The similar like me config. It is HTTP/HTTPS interception proxy, right?
Try to create your own self-signed CA certificate (without CN field,
leave it empty), and try to connect via browser. Don't forget to install
publick key from your certificate t
https_port 3127 intercept ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/CA.pem
key=/etc/squid/ssl_cert/testkey.pem
http_port 3129
http_port 3128 intercept
where CA.pem is from trusted CA authoroties
--
View this message in context:
http://s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
May I take a look on your squid.conf?
Looks like you incorrect configure your proxy.
12.01.2015 17:07, HackXBack пишет:
> i dont know where you take me but my problem is not in any command !
> i used trusted cert that got it from trusted CA
> but w
i dont know where you take me but my problem is not in any command !
i used trusted cert that got it from trusted CA
but when i use it in https_port the browser give error like i mentioned in
my first post
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-c
okay great so what is my issue ?
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-cert-wiki-tp4669016p4669032.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squi
Are you using the command with facebook.com???
You should use your own server...
Eliezer
On 12/01/2015 13:02, HackXBack wrote:
openssl s_client -connect facebook.com:443 -CApath /var/squid/ssl_db/certs
CONNECTED(0003)
depth=2 C = US, O = DigiCert Inc, OU =www.digicert.com, CN = DigiCert Hig
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yep, openssl is ok and works.
12.01.2015 17:02, HackXBack пишет:
> openssl s_client -connect facebook.com:443 -CApath /var/squid/ssl_db/certs
> CONNECTED(0003)
> depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert
High
> Assur
openssl s_client -connect facebook.com:443 -CApath /var/squid/ssl_db/certs
CONNECTED(0003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High
Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High
Assurance CA-3
Hi.
Just to point this out in the correct thread - to all the people who
replied here - Steve Hill has provided a patch for a 3.4.x that solves
the most performance degradation issue. 3.4.x is still performing poorly
comparing to the 3.3.x branch, but I guess this is due to major code
changes. As
in this case the clear question is what https_port line must contain ?
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-cert-wiki-tp4669016p4669027.html
Sent from the Squid - Users mailing list archive at Nabble.com.
__
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://i.imgur.com/uFKQz5b.png
You got an error 20 because of your openssl client does not see any CA
certs.
To avoid that need to specify CA's.
openssl s_client -connect facebook.com:443 -CApath
12.01.2015 16:55, HackXBack пишет:
> what you mea
what you mean by specify -CAPath with trusted root CA's
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-cert-wiki-tp4669016p4669025.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
You need to specify -CAPath with trusted root CA's from openssl
installation to avoid error 20. :)
But looks like openssl connect works.
12.01.2015 16:50, HackXBack пишет:
> openssl s_client -connect facebook.com:443
> CONNECTED(0003)
> depth=1
openssl s_client -connect facebook.com:443
CONNECTED(0003)
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High
Assurance CA-3
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=CA/L=Menlo Park/O=Facebook, Inc./C
Can you try to use openssl s_client?
an exapmple:
"openssl s_client -connect facebook.com:443"
Eliezer
On 12/01/2015 11:41, HackXBack wrote:
hello,
according to this chapter
http://wiki.squid-cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate
i bought signed certificate
but no one acc
Share your PAC file please.
Regards,Sarfraz
From: Simon Dcunha
To: squid-users
Sent: Monday, January 12, 2015 11:41 AM
Subject: [squid-users] site cannot be accessed
Dear All,
I have squid-3.1.10-22.el6_5.x86_64 running on centos 6.5 64 bit for quite
sometime an
yes you are right
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-cert-wiki-tp4669016p4669020.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.s
Just to make sure I understand it right.
The certificate is for a reverse proxy?
Eliezer
On 12/01/2015 11:41, HackXBack wrote:
hello,
according to this chapter
http://wiki.squid-cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate
i bought signed certificate
but no one accept rsa:1024
s
On Mon, Jan 12, 2015 at 7:41 AM, Simon Dcunha wrote:
>
if I uncheck the proxy option in the browser the site works fine
> the above users also use internet and is working fine
>
> I am using the pac file to bypass local sites and the local intranet
> websites are alredy added in the pac file
>
>
Dear All,
I have squid-3.1.10-22.el6_5.x86_64 running on centos 6.5 64 bit for quite
sometime and working fine
just a couple of days back some users reported an issue
i have a intranet site which just stopped working .
if I uncheck the proxy option in the browser the site works fine
the above u
hello,
according to this chapter
http://wiki.squid-cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate
i bought signed certificate
but no one accept rsa:1024
so i generate the key with rsa:2048
after i got my crt from them
https_port 443 cert=/usr/newrprgate/CertAuth/signed.crt
key=/usr/
38 matches
Mail list logo
