[squid-users] receive 504 from googlecode.com

Hello, I met gateway timeout when I request pages which need resources from googlecode. I use squid-3.0.STABLE18.tar.gz and here is the squid.conf file: http_port 3128 icp_port 3130 http_access allow all icp_access allow all visible_hostname node70 #cache_mem 200 MB #cache_peer 10.1.1.95 sibl

Re: [squid-users] Squid 3.5: internal-static icons on ftp:// requests

On Tue, 19-May-2015 at 19:52:14 +1200, Amos Jeffries wrote: > On 19/05/2015 6:29 p.m., Andre Albsmeier wrote: > > When browsing e.g. > > > > ftp://ftp.mozilla.org/pub/thunderbird/releases/31.5.0/win32/en-GB/ > > > > > and now the icons on ftp://ftp.mozilla.org/ appear but I wonder if it > > is r

Re: [squid-users] Squid 3.3 to 3.5 url_rewrite_program changes

Hi Amos, Thanks for the reply. It's weird that the <=2.4 operation still worked all the time. Anyway, I don't think what my helper is doing is exactly equivalent of that because: deny_info 301: https://api.domain.com%R site is a redirect, which the client will be aware of. We want to continue

Re: [squid-users] New server_name acl causes fatal error starting Squid 3.5.4

On 21/05/2015 6:03 a.m., Stanford Prescott wrote: > I think I finally figured out how to not bump certain sites and to bump all > others. I put this in squid.conf > > > > > > > > *acl step1 at_step SslBump1acl step2 at_step SslBump2acl nobumpSites > ssl::server_name .wellsfargo.com

Re: [squid-users] need help plissss

On 21/05/2015 5:17 a.m., Israel Romero Garcia wrote: > Hello people, sorry but my english that no is very good,although squid is a > lenguaje international. > > I need help because my squid does not allow a group of users on the LAN to > connect to an FTPS (FTP + SSL) with passive port range 1

Re: [squid-users] Custom User-Agent header based on domain?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 acl you_dom dstdomain .youdomain.com request_header_access User-Agent deny you_dom request_header_replace User-Agent Nutscrape/1.0 (CP/M; 8-bit) 21.05.15 0:14, Shenan Hawkins пишет: > Is it possible to construct a stanza for squid such that a cust

[squid-users] Custom User-Agent header based on domain?

Is it possible to construct a stanza for squid such that a custom User-Agent request header is sent based upon the requested domain? It seems easy enough to add a custom header for that situation, but not replace one. For instance, the idea would be "all requests to google.ca get User-Agent: blah

Re: [squid-users] New server_name acl causes fatal error starting Squid 3.5.4

I think I finally figured out how to not bump certain sites and to bump all others. I put this in squid.conf *acl step1 at_step SslBump1acl step2 at_step SslBump2acl nobumpSites ssl::server_name .wellsfargo.com ssl_bump peek step1ssl_bump splice step2 nobumpSitesssl_bu

Re: [squid-users] New server_name acl causes fatal error starting Squid 3.5.4

Never mind. I figured the acl out. I was using someone else's instructions who accidentally left out the double :: *ssl::server_name* using just a single :. On Wed, May 20, 2015 at 12:36 PM, Stanford Prescott wrote: > After a diversion getting SquidClamAV working, i am back to trying to get > pe

[squid-users] New server_name acl causes fatal error starting Squid 3.5.4

After a diversion getting SquidClamAV working, i am back to trying to get peek and splice working. I am trying to put together information from previous recommendations I have received. Right now, I can't get the server_name acl working. When I put this in my squid.conf *acl nobumpSites ssl:server

[squid-users] need help plissss

Hello people, sorry but my english that no is very good,although squid is a lenguaje international. I need help because my squid does not allow a group of users on the LAN to connect to an FTPS (FTP + SSL) with passive port range 1 to 12000, I would appreciate any help, Greetings _

Re: [squid-users] Storage mem in 3.5.4, not sure what is happening

Hello Amos, Here's up time Start Time:Wed, 20 May 2015 14:33:02 GMT Current Time:Wed, 20 May 2015 14:41:46 GMT It's a short period of time because we've been restariting it. /var/run/squid and /dev/shm exist # ls /var/run/squid -1 squid-coordinator.ipc squid-kid-1.ipc squid-kid-2.ipc

[squid-users] Novice question on TPROXY and SSL-BUMP behavior

I've been tasked with preventing a client's users from accessing consumer Gmail accounts while only accessing their corporate Google Apps accounts. Google gives an overview here: https://support.google.com/a/answer/1668854?hl=en. So, I've setup Squid 3.54 on CentOS 7 with ssl-bump and dynamic

Re: [squid-users] ssl_bump and SNI

Hi Vadim, I've tried using these options - did not help. I've even tried to add %rd to logs, but still, IPs are show: Vadim Rogoziansky wrote > Hi, > > check something like this > > acl step1 at_step SslBump1 > ssl_bump stare step1 all > > acl sslBumpDeniedDstDomain ssl::server_name google

Re: [squid-users] Squid 3.4.10 and sslcrtd

On 20/05/15 14:06, Amos Jeffries wrote: Ouch, sorry. Maybe this will work: sslcrtd_children 1 startup=0 Otherwise you are left with re-building Squid. --disable-ssl-crtd would do if you never want to use the helper. Or the patch now applied on Squid-4 (

Re: [squid-users] ssl_bump and SNI

Hi, check something like this acl step1 at_step SslBump1 ssl_bump stare step1 all acl sslBumpDeniedDstDomain ssl::server_name google.com ssl_bump splice sslBumpDeniedDstDomain ssl_bump bump all On 5/20/2015 2:33 PM, sp_ wrote: I have tried to remove all the restrictions, but still: -SP

Re: [squid-users] ssl_bump and SNI

I have tried to remove all the restrictions, but still: -SP -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-bump-and-SNI-tp4670207p4671306.html Sent from the Squid - Users mailing list archive at Nabble.com.

Re: [squid-users] squid with sslump compile

On 20/05/2015 10:18 p.m., Tony Peña wrote: > Hi i'm compiling squid 3.4.8 with ssl but not create the ssl_crtd to use it > after . > the compile process runn fine.. and works ok but > > i use --enable-ssl and checking on lists of squid i found was old way to > compile > then i try it again with --

Re: [squid-users] Squid 3.4.10 and sslcrtd

On 19/05/2015 10:43 p.m., Veiko Kukk wrote: > On 18/05/15 15:28, Amos Jeffries wrote: >> Having a directive commented out means the default value for it is used. >> There is a default helper built by --enable-ssl-crtd that gets used >> unless you specify otherwise. >> >> Currently Squid is not dete

Re: [squid-users] Squid 3.5.4 + OpenBSD 5.7 + ROCK store = kid1 registration timed out

On 20/05/2015 5:44 p.m., Henri Wahl wrote: > Good morning, > > I try to use rock store for cache in OpenBSD 5.7 with Squid 3.5.4. This > should require SMP for the disker processes. Apparently the kids start, > but what I get further is this: > > May 20 07:40:26 squid02 squid[29404]: Starting Squ

Re: [squid-users] ssl_bump and SNI

On 20/05/2015 8:22 p.m., sp_ wrote: > Hello Amos, > > I still get IP-addresses instead of domain names: > That appears to be because the request are just denied. Not peeked or spliced. When a new TCP connection is intercepted Squid starts with only the IP address. Generates a fake CONNECT reque

Re: [squid-users] pass ssl through Squid reverse proxy

On 20/05/2015 5:03 p.m., Дмитрий Лозицкий wrote: > Hello, > > I have a requirement to setup a reverse proxy for a secure connection to a > server where tomcat is working. > Services on tomcat already have ssl setup, but as tomcat doesn't have > explicit certificate and a key file for ssl connectio

[squid-users] squid with sslump compile

Hi i'm compiling squid 3.4.8 with ssl but not create the ssl_crtd to use it after . the compile process runn fine.. and works ok but i use --enable-ssl and checking on lists of squid i found was old way to compile then i try it again with --with-openssl and nothing on the /usr/lib/squid3/ not app

Re: [squid-users] ssl_bump and SNI

Hello Amos, I still get IP-addresses instead of domain names: -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-bump-and-SNI-tp4670207p4671299.html Sent from the Squid - Users mailing list archive at Nabble.com. __