On 5/06/2015 5:58 a.m., Tory M Blue wrote:
> I am running HDCP or at least testing with it and thus have ICP disabled. I
> know it's disabled but I don't need it yelling at me every few
> minutes/seconds. How can I tell Squid, yes thank you, I'm aware I'm not
> using ICP and it's disabled, now quie
On 5/06/2015 10:22 a.m., Amos Jeffries wrote:
> On 5/06/2015 3:59 a.m., Atman Sense wrote:
>> Hi,
>>
>> I'm using privoxy in transparent/intercepting mode to filter tracking
>> sites. Because many sites switched to https I want to block https sites,
>> too (only by hostnames, I don't want to decryp
On 5/06/2015 2:50 a.m., Klavs Klavsen wrote:
> Amos Jeffries wrote on 06/04/2015 04:19 PM:
>> On 5/06/2015 1:45 a.m., Klavs Klavsen wrote:
>>> after moving it here:
>>>
>>> http_access allow okweb-urls testsrv1
>>> http_access allow CONNECT bumpedPorts
>>> http_access deny all
>>>
>>> it still allo
On 5/06/2015 3:59 a.m., Atman Sense wrote:
> Hi,
>
> I'm using privoxy in transparent/intercepting mode to filter tracking
> sites. Because many sites switched to https I want to block https sites,
> too (only by hostnames, I don't want to decrypt the SSL connections).
>
> My idea was to use squi
On 5/06/2015 3:34 a.m., Klavs Klavsen wrote:
> I would be perfectly fine with allowing the SSL bumping to finish for
> ALL https sites - and then only block when the http request comes..
>
> I'm hoping someone can tell me what I've done wrong in my config.. I'm
> obviously not understanding how it
I am running HDCP or at least testing with it and thus have ICP disabled. I
know it's disabled but I don't need it yelling at me every few
minutes/seconds. How can I tell Squid, yes thank you, I'm aware I'm not
using ICP and it's disabled, now quiet?!
Thanks
Tory
__
Hi,
I'm using privoxy in transparent/intercepting mode to filter tracking
sites. Because many sites switched to https I want to block https sites,
too (only by hostnames, I don't want to decrypt the SSL connections).
My idea was to use squid to intercept https connections and peek/splice
to
I would be perfectly fine with allowing the SSL bumping to finish for
ALL https sites - and then only block when the http request comes..
I'm hoping someone can tell me what I've done wrong in my config.. I'm
obviously not understanding how it works when https is envolved.. it
works as intended wi
Hi Amos this is the output error
*2015/06/04 16:18:22 kid1| Logfile: opening log
stdio:/var/log/squid/error.log
FATAL: xcalloc: Unable to allocate 18446744073689603781 blocks of 1 bytes!
2015/06/04 16:18:37 kid4| Logfile: opening log
stdio:/var/log/squid/error.log
FATAL: xcalloc: Unable to
Amos Jeffries wrote on 06/04/2015 04:19 PM:
On 5/06/2015 1:45 a.m., Klavs Klavsen wrote:
after moving it here:
http_access allow okweb-urls testsrv1
http_access allow CONNECT bumpedPorts
http_access deny all
it still allows everything..
Sigh. Sorry I must be half aslep right now.
Your rules
On 5/06/2015 1:45 a.m., Klavs Klavsen wrote:
> after moving it here:
>
> http_access allow okweb-urls testsrv1
> http_access allow CONNECT bumpedPorts
> http_access deny all
>
> it still allows everything..
Sigh. Sorry I must be half aslep right now.
Your rules say:
allow ...
allow ...
a
Thank you Amos, really. I own you a wine (?)
Have a nice day
Cheers
Jonathan
El 04/06/15 a las 11:01, Amos Jeffries escibió:
On 5/06/2015 1:26 a.m., Jonathan Filogna wrote:
And if i want to make exceptions to memberships on AD, how can i do it?
That's what i need.
You can do it two ways.
A
On 5/06/2015 1:27 a.m., Marcel Fossua wrote:
> Cool Thanks
> but I have an error while doing that maybe it could be the HDD size
> By the way Amos what could you suggest me to handle disks
> I have a jbod with 15 disks (4TB) each
> I read on of your comment stipulating to set a cache_dir per driv
Amos, i'll test it
Thank you very, very much
El 04/06/15 a las 11:01, Amos Jeffries escibió:
On 5/06/2015 1:26 a.m., Jonathan Filogna wrote:
And if i want to make exceptions to memberships on AD, how can i do it?
That's what i need.
You can do it two ways.
A) place the "!administrador" test
On 5/06/2015 1:26 a.m., Jonathan Filogna wrote:
> And if i want to make exceptions to memberships on AD, how can i do it?
> That's what i need.
You can do it two ways.
A) place the "!administrador" test on the end of each of the skype deny
lines.
B) place an "allow administrador" line above the
Cool Thanks
but I have an error while doing that maybe it could be the HDD size
By the way Amos what could you suggest me to handle disks
I have a jbod with 15 disks (4TB) each
I read on of your comment stipulating to set a cache_dir per drive (o I'm
totaly wrong)
with this worker/disk distribut
after moving it here:
http_access allow okweb-urls testsrv1
http_access allow CONNECT bumpedPorts
http_access deny all
it still allows everything..
Amos Jeffries wrote on 06/04/2015 03:42 PM:
On 5/06/2015 1:20 a.m., Klavs Klavsen wrote:
Hi,
I added the bumpedports - and now traffic works and
On 5/06/2015 1:20 a.m., Klavs Klavsen wrote:
> Hi,
>
> I added the bumpedports - and now traffic works and is allowed.. but it
> allows everything on https.. :(
>
> Log says:
> 10.xx.130.50 - - [04/Jun/2015:15:16:07 +0200] "CONNECT 72.51.34.34:443
> HTTP/1.1" lwn.net - 200 28189 TCP_TUNNEL:ORIGIN
I tried this:
http_access allow CONNECT testurls testsrv1
But that doesn't work.
Klavs Klavsen wrote on 06/04/2015 03:20 PM:
Hi,
I added the bumpedports - and now traffic works and is allowed.. but it
allows everything on https.. :(
Log says:
10.xx.130.50 - - [04/Jun/2015:15:16:07 +0200] "CON
On 5/06/2015 1:18 a.m., Iruma Keisuke wrote:
> Thank you Amos.
>
> 2015-06-02 23:07 GMT+09:00, Amos Jeffries :
>> On 2/06/2015 9:15 p.m., Irimajiri keisuke wrote:
>>> Dear all,
>>>
>>> I have to build a proxy server by using the squid.
>>> The number of clients is 400 people.
>>>
>>> I do not know
And if i want to make exceptions to memberships on AD, how can i do it?
That's what i need.
El 04/06/15 a las 10:08, Amos Jeffries escibió:
On 5/06/2015 12:05 a.m., rocaembole wrote:
here's my squid.conf
##NTLM
#
##DECLARED
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.
Thank you Amos.
2015-06-02 23:07 GMT+09:00, Amos Jeffries :
> On 2/06/2015 9:15 p.m., Irimajiri keisuke wrote:
>> Dear all,
>>
>> I have to build a proxy server by using the squid.
>> The number of clients is 400 people.
>>
>> I do not know the cause of the error message that appears in the
>> cac
Hi,
I added the bumpedports - and now traffic works and is allowed.. but it
allows everything on https.. :(
Log says:
10.xx.130.50 - - [04/Jun/2015:15:16:07 +0200] "CONNECT 72.51.34.34:443
HTTP/1.1" lwn.net - 200 28189 TCP_TUNNEL:ORIGINAL_DST peek
so it doesn't seem to check the http_access
On 5/06/2015 12:55 a.m., Reet Vyas wrote:
> Thank you everyone for helping me to setup squid , Now its working but in
> access.logs I only see tcp_miss if m using same website. I mean squid is
> not caching
You will get MISS a fair bit more with intercepted traffic than with
normal proxied traffi
On 5/06/2015 12:05 a.m., rocaembole wrote:
> here's my squid.conf
>
> ##NTLM
> #
> ##DECLARED
> auth_param ntlm program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5
> auth_param ntlm keep_alive on
>
> external_acl_type ntlm_group ttl=f3600 children=100 %LOGI
oops.. forget it.. I missed I had two access logs.. the format from
James Lay - works perfectly.. sorry :)
Klavs Klavsen wrote on 06/04/2015 03:06 PM:
One thing.. now when access a site.. f.ex. https://www.dr.dk
the access log says:
1433423013.540196 10.47.171.244 TCP_TUNNEL/200 187877 CON
One thing.. now when access a site.. f.ex. https://www.dr.dk
the access log says:
1433423013.540196 10.47.171.244 TCP_TUNNEL/200 187877 CONNECT
159.20.6.6:443 - ORIGINAL_DST/159.20.6.6 -
instead of logging the url that was accessed..
How can I make it log the url as it did in 3.4.12?
A
Amos Jeffries wrote on 06/04/2015 01:24 PM:
acl bumpedPorts myportname 3129
acl bumpedPorts myportname 3130
http_access allow CONNECT bumpedPorts
Adding that worked.. I did not have any of that ssl_stuff in my 3.4
config (and it worked without).
Thank you very much.
--
Regards,
Klavs
Thank you everyone for helping me to setup squid , Now its working but in
access.logs I only see tcp_miss if m using same website. I mean squid is
not caching
Logs
43 192.168.0.198 TCP_MISS/200 384461 GET
http://www.horlicksquad.com/images/tc-pic.png - HIER_DIRECT/52.74.133.61
image/png
14334220
here's my squid.conf
##NTLM
#
##DECLARED
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5
auth_param ntlm keep_alive on
external_acl_type ntlm_group ttl=f3600 children=100 %LOGIN
/usr/lib/squid3/wbinfo_group.pl
##SRC
acl administrador ext
I have a proxy squid 3.5.2 that has an app to connect to it remotely to
access YouTube Links
This App some time works and open the link without problems and its response
as below :
==
1433246384.626245 195.154.200.58 TCP_MISS/200 38660 GET
http://www.youtube.com
On 4/06/2015 8:05 p.m., Eliezer Croitoru wrote:
> Hey Marcel,
>
> First goes first... update to latest 3.5.5.
> After the update We might be able to see the full picture.
>
FYI: This is another duplicate thread. I've been following up in the
other one started a few minutes after this.
Amos
___
On 3/06/2015 10:46 p.m., Marcel Fossua wrote:
> Hi Amos not really
> after setting TOS config on Squid the idea is to allow Mikrotik router
> recognize
> marked paquets (as on previous squid 3.1.x)
> and then mark cache content, so that it can later pick by Mikrotik
> to deliver the already cache
On 4/06/2015 7:55 p.m., Klavs Klavsen wrote:
> Hi Amos,
>
> I tried taking the config from James.. but I have the exact same issue
> as described below :(
>
> After adding the extra logging from James config - I get this in
> access_log:
> 1433404085.331 0 10.47.171.244 TCP_DENIED/200 0 CONN
On 4/06/2015 6:29 p.m., sp_ wrote:
> Hello Amos,
>
> thank you for your reply.
>
> Let's take for instance this line:
>
> 192.168.78.31 - - [04/Jun/2015:09:41:22 +0300] "CONNECT 173.194.122.233:443
> HTTP/1.1" 200 0 "-" "-" TCP_DENIED:HIER_NONE
>
>
> I have dumped the traffic passing through
On 4/06/2015 6:43 p.m., Reet Vyas wrote:
> Hi,
>
> I changed the iptables still no luck :( but I am using squid 3.3 only can I
> didn't understand why you have configured 3129 ,3130 and 3128 port?
Because due to historic (browser war politics) reasons there are three
different protocol message sy
On 4/06/2015 9:39 p.m., Carlo Filippetto wrote:
> Hi all,
> how can I restore production server on quiescent machine on a DR site?
> I need to have a DR site that is a copy of the production one, how can I
> restore Incremental BCK on those servers (that must be offline)?
>
Hi Carlo, I think you
Hi all,
how can I restore production server on quiescent machine on a DR site?
I need to have a DR site that is a copy of the production one, how can I
restore Incremental BCK on those servers (that must be offline)?
Thank you
___
squid-users mailing lis
Hi
I got it half working My chat is working I can search google, but I cant
browse websites ,
My configuration now
acl mynet src 116.72.152.37 192.168.0.0/16# RFC1918 possible internal
network
acl SSL_ports port 443
acl Safe_ports port 80# http
acl Safe_ports port 21# ftp
acl
Hey Marcel,
First goes first... update to latest 3.5.5.
After the update We might be able to see the full picture.
Eliezer
On 31/05/2015 14:24, Marcel wrote:
Hi All
let see if some of you can help me troubleshoot the issue I have with
squid-3.5.0.4
on centos 6.6 configure with tproxy
in fact t
Hi Amos,
I tried taking the config from James.. but I have the exact same issue
as described below :(
After adding the extra logging from James config - I get this in access_log:
1433404085.331 0 10.47.171.244 TCP_DENIED/200 0 CONNECT
216.58.209.106:443 - HIER_NONE/- -
which makes it s
41 matches
Mail list logo
