Re: [squid-users] Problems with squid 3.5.1

Is it happening on all websites? or a specific one? I am using 3.4.11 for most of my daily uses now. In order to reproduce it I will need the OS and version, and if I assume it is a self compiled so the "squid -v" details. Eliezer On 04/02/2015 12:22, FredB wrote: >I have some issue with s

Re: [squid-users] FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

am still cant find any solution for this problem , also in faq am bumping about 1500 client , 80% certificates are imported to browsers and mobiles -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/FATAL-The-ssl-crtd-helpers-are-crashing-too-rapidly-need-help-t

Re: [squid-users] Alert unknown CA

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I was shaking in my boots :)) While HTTPS bullshit - you can have nothing to fear. ;) It not me - Bruce opinion. :) 05.02.2015 1:19, Daniel Greenwald пишет: > squid beware, the pins and staples are coming > > --- > Daniel I Gree

Re: [squid-users] Alert unknown CA

squid beware, the pins and staples are coming --- Daniel I Greenwald On Wed, Feb 4, 2015 at 1:03 PM, Yuri Voinov wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > 04.02.2015 21:39, Amos Jeffries пишет: > > On 4/02/2015 7:32 p.m., Jason Haar wrote: > >> On 04/02/15 1

[squid-users] The SSL certificate database is corrupted. Please rebuild

Amos, thanks for your quick reply! I ´ve got news: i recompiled squid with your suggestions, remove the corrupted database but the same thing happens. my squid -v now is: Squid Cache: Version 3.4.11-20150124-r13214 configure options: '--prefix=/export/squid-3.4.11-20150124-r13214' '--with-ma

Re: [squid-users] Alert unknown CA

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 04.02.2015 21:39, Amos Jeffries пишет: > On 4/02/2015 7:32 p.m., Jason Haar wrote: >> On 04/02/15 18:47, Daniel Greenwald wrote: >>> And happens to be one that squid desperately needs to remain in order >>> to continue ssl bumping.. >> ...and is one

Re: [squid-users] FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

also a lot error in cache.log 2015/02/04 19:40:47 kid1| clientNegotiateSSL: Error negotiating SSL connection on FD 720: Closed by client 2015/02/04 19:40:48 kid1| clientNegotiateSSL: Error negotiating SSL connection on FD 1098: Broken pipe (32) 2015/02/04 19:41:33 kid1| clientNegotiateSSL: Error n

Re: [squid-users] The SSL certificate database is corrupted. Please rebuild

On 5/02/2015 4:33 a.m., Ortega Gustavo Martin wrote: > Hello, i found multiple times this error in cache.log and then squid > crashed and enter in a loop. > > I found one corrupted line in "index.txt" in the database directory. > Last two lines are: > > V 150828132043Z > 1BDA35020BA8933E63

Re: [squid-users] FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

i have this conf sslcrtd_program /usr/lib/squid/ssl_crtd -s /etc/squid/ssl_db/certs/ -M 16MB sslcrtd_children 50 startup=40 idle=1 ssl_unclean_shutdown on sslproxy_version 1 always_direct allow all sslproxy_cert_error allow all sslproxy_flags DONT_VERIFY_PEER ssl_bump server-first all Squid ru

Re: [squid-users] Resolution Locker Plugin for Squid Proxy Cache 3.x

Hi All, New build 2.05 including Dailymotion... Still a free 1 year license on the website Bye Fred -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Resolution-

Re: [squid-users] Hypothetically comparing SATA\SAS to NAS\SAN for squid.

On 02/04/2015 04:24 AM, Omid Kosari wrote: The only reason for extend is more capacity . Currently there is no problem with current setup except capacity . I can replace each SSD with new 500GB which doubles the capacity and it is not enough . and old SSDs will be unusable . So i prefer a long

Re: [squid-users] Alert unknown CA

On 4/02/2015 7:32 p.m., Jason Haar wrote: > On 04/02/15 18:47, Daniel Greenwald wrote: >> And happens to be one that squid desperately needs to remain in order >> to continue ssl bumping.. > ...and is one that diminishes in value as cert pinning becomes more > popular... > > It's a tough life: on

[squid-users] The SSL certificate database is corrupted. Please rebuild

Hello, i found multiple times this error in cache.log and then squid crashed and enter in a loop. I found one corrupted line in "index.txt" in the database directory. Last two lines are: V 150828132043Z 1BDA35020BA8933E63507E7D5A59386C8329A3D3 unknown /CN=zqnvza.bay.livef

Re: [squid-users] Antwort: Re: Antwort: Re: Order of http_access allow/deny

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 http://www.squid-cache.org/Doc/config/debug_options/ http://wiki.squid-cache.org/KnowledgeBase/DebugSections 04.02.2015 18:54, andreas.resc...@mahle.com пишет: > "squid-users" schrieb am > 04.02.2015 13:41:17: > > > Von: Yuri Voinov > > An: squid

[squid-users] Antwort: Re: Antwort: Re: Order of http_access allow/deny

"squid-users" schrieb am 04.02.2015 13:41:17: > Von: Yuri Voinov > An: squid-users@lists.squid-cache.org > Datum: 04.02.2015 13:41 > Betreff: Re: [squid-users] Antwort: Re: Order of http_access allow/deny > Gesendet von: "squid-users" > > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1

Re: [squid-users] Antwort: Re: Order of http_access allow/deny

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 As you can see (and warning your get shown it) the problem is not in ACL's. But in auth helper or near it: ext_ldap_group_acl: WARNING: could not bind to binddn 'Invalid credentials 04.02.2015 18:34, andreas.resc...@mahle.com пишет: > "squid-user

[squid-users] Antwort: Re: Order of http_access allow/deny

"squid-users" schrieb am 04.02.2015 13:13:49: > Von: Leonardo Rodrigues > An: squid-users@lists.squid-cache.org > Datum: 04.02.2015 13:14 > Betreff: Re: [squid-users] Order of http_access allow/deny > Gesendet von: "squid-users" > > On 04/02/15 09:19, andreas.resc...@mahle.com wrote: > Hi the

Re: [squid-users] ssl-bump doesn't like valid web server

On 02.02.15 13:23, Eliezer Croitoru wrote: On what OS are you running squid? is it self compiled one? Scientific Linux 6.6. And yes, it's a self-compiled Squid. I'm quite happy to change to using the helper if that is the preferred method (until recently I was unaware that the helper existe

Re: [squid-users] Order of http_access allow/deny

On 04/02/15 09:19, andreas.resc...@mahle.com wrote: Hi there, Is there a order of http_access allow/deny? If I activate "http_access deny !chkglwebhttp" nobody can use the proxy, squid allways ask for user and password (user and password is correct) ## acl chkglwebhttp external LDAPLookup

[squid-users] Order of http_access allow/deny

Hi there, Is there a order of http_access allow/deny? If I activate "http_access deny !chkglwebhttp" nobody can use the proxy, squid allways ask for user and password (user and password is correct) ## acl chkglwebhttp external LDAPLookup GGPY-LO-Web-Http acl sellingUser external LDAPLookup G

Re: [squid-users] Problems with squid 3.5.1

> I have some issue with squid 3.5.1: sometimes the browser loads the > page partially (for example: header/footer without styles or missing > images); other times the browser display a "cannot connect to the > proxy (proxy refused connection)" page. > The problem seems to appear more often with

[squid-users] Problems with squid 3.5.1

Hi, first message here. I have some issue with squid 3.5.1: sometimes the browser loads the page partially (for example: header/footer without styles or missing images); other times the browser display a "cannot connect to the proxy (proxy refused connection)" page. The problem seems to appear mor

Re: [squid-users] SQUID3 HTTPs forward proxy and sha256/512 authentication

Guys, I just need an HTTPS proxy that can handle both http and https connections for authorised clients only. I tried to configure something like it's described here http://www.mail-archive.com/squid-users@squid-cache.org/msg93592.html Forward HTTPs proxy with digest_pw_auth for example. But I am

Re: [squid-users] Alert unknown CA

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 04.02.2015 9:16, Amos Jeffries пишет: > On 4/02/2015 7:50 a.m., Yuri Voinov wrote: > > > Now I have: > > > root @ cthulhu /etc/opt/csw/ssl/certs # ls -al *.pem|wc -l 210 > > > root and intermediate CA's. Most known I can found. > > > Note: all of th

Re: [squid-users] help with regard to http/https filtering

Hi Rajkumar, You need SSLBump feature (http://wiki.squid-cache.org/Features/SslBump) configured in order to use url_regex acl against https traffic. Best wishes, Pavel On 02/04/2015 09:38 AM, Rajkumar Prasad wrote: Hi Everyone, Have been working on very basic squid configurations and need