Dear Squid users,
I have a problem with Squid 3.1 on Debian
Squeeze.
squid3 -v
Squid Cache: Version 3.1.6
When I use the syslog
Log module for access_log the syslog lines have a funky program name
called (squid) i.s.o. squid.
This is different from syslog lines of
Squid v2. ( Squid Cache:
Not sure if this will help you, but I saw 503s on my squid when the origin
server has an invalid SSL certificate -- expired cert, self-signed cert,
etc.
On Tue, Jun 23, 2015 at 7:25 PM, HackXBack wrote:
> The requested URL could not be retrieved
>
>
>
> --
> View this message in context:
> http:
On 25/06/15 06:05, James Lay wrote:
> openssl s_client -connect x.x.x.x:443
Just a FYI but you can make openssl do SNI which helps debugging (ie
doing it your way and then doing it with SNI)
openssl s_client -connect x.x.x.x:443 -servername www.site.name
(that will allow squid to see www.site.na
Hi
why this, doesn't this block all traffic getting to the squid port.
iptables -t mangle -A PREROUTING -p tcp --dport $SQUIDPORT -j DROP
what I would do to test is run tcpdump on the squid box and capture
all traffic coming to it on the squid listening port, then go to a
test machine on the eth
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Amos,
we are don't care about experts in the IETF.
What is the Squid Team position about SSL bumping and caching? Will
Squid be only content filtering proxy or remains caheable? What will be
next milestone?
3.5. now less used to cache SSL, only
Em 24/06/15 15:28, Henry S. Thompson escreveu:
I've searched the documentation and mailing list archives w/o success,
and am not competent to read the source, so asking here: what is
logged as the 'remotehost' in Squid logs when a request that has been
encapsulated, as in from a machine on a loca
I've searched the documentation and mailing list archives w/o success,
and am not competent to read the source, so asking here: what is
logged as the 'remotehost' in Squid logs when a request that has been
encapsulated, as in from a machine on a local network behind a router
implementing NAT, or fr
On 2015-06-24 11:46 AM, Tom Mowbray wrote:
James,
Yes, as a matter of fact I have read through those exact posts and
modeled my config very similarly. What I have found is that, however,
when the line "http_access allow SSL_ports" is placed above the
ssl_bump stuff and other acl's (as you have
James,
Yes, as a matter of fact I have read through those exact posts and modeled
my config very similarly. What I have found is that, however, when the
line "http_access allow SSL_ports" is placed above the ssl_bump stuff and
other acl's (as you have it), it seems to simply allow ALL https witho
On 2015-06-24 09:41 AM, Tom Mowbray wrote:
Squid 3.5.5
I seem to have some confusion about how acl lists are processed in
squid.conf regarding the handling of SSL (HTTPS) traffic, attempting
to use ssl_bump directives with transparent proxy.
Based on available documentation, I believe my squid.
Thanks for the response. Our understanding was that by using the "peek and
splice" options, we could transparently filter https traffic using the SNI
at the very least (though perhaps the issue lies with our external ACL?),
without having to decrypt the SSL session or use MITM cert. Our results i
On 25/06/2015 4:00 a.m., Yuri Voinov wrote:
>
> Tom,
>
> one simple question.
>
> Soon, all or almost all the Internet go into HTTPS. Why do you then need
> caching proxy?
Because HTTPS is more cacheable than HTTP. A lot of misguided developers
that go needlessly out of their way to prevent cac
On 25/06/2015 3:41 a.m., Tom Mowbray wrote:
> Squid 3.5.5
>
> I seem to have some confusion about how acl lists are processed in
> squid.conf regarding the handling of SSL (HTTPS) traffic, attempting to use
> ssl_bump directives with transparent proxy.
>
> Based on available documentation, I beli
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Never mind, Tom. I have own cockroaches in my head. Just only for
content filtering, I would not put a caching proxy. Once that's it.
24.06.15 22:22, Tom Mowbray пишет:
> Yuri,
>
> The proxy is being used as a content filter, i.e. domain and URL
>
Yuri,
The proxy is being used as a content filter, i.e. domain and URL
whitelisting and blacklisting.
I guess my real question is simply regarding how this traffic is processed
in regards to where I've defined options in my squid.conf?
Also, why does it appear to "bump" all sites when my config
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Tom,
one simple question.
Soon, all or almost all the Internet go into HTTPS. Why do you then need
caching proxy? The tunnel connection and process ACLs?
My second question to Amos. Amos, what the hell do we under these
conditions caching proxy?
Squid 3.5.5
I seem to have some confusion about how acl lists are processed in
squid.conf regarding the handling of SSL (HTTPS) traffic, attempting to use
ssl_bump directives with transparent proxy.
Based on available documentation, I believe my squid.conf is correct,
however it never seems to ac
squid 3.3.8 and ubuntu 15.04 server
2015-06-24 15:04 GMT+03:00 Yuri Voinov :
> Squid 3.5.x?
>
> 24.06.15 18:03, Dalmar пишет:
>
> Hi,
> For over two weeks i am having a really headache in configuring squid
> transparent/intercept.
> I have tried different options and configurations but i couldn
Hi
Below is my squid file , I have configured squid 3.5.3 with ssl, but I
cant filter https traffic and also in access log I cant see https in access
logs.
#
# Recommended minimum configuration:
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networ
Squid 3.5.x?
24.06.15 18:03, Dalmar пишет:
Hi,
For over two weeks i am having a really headache in configuring squid
transparent/intercept.
I have tried different options and configurations but i couldn't get
it to work.
i think the problems lies in the Iptables / NAT but i really couldn't
so
Squid 3.5.x?
24.06.15 17:59, Dalmar пишет:
Hi,
For over two weeks i am having a really headache in configuring squid
transparent/intercept.
I have tried different options and configurations but i couldn't get
it to work.
i think the problems lies in the Iptables / NAT but i really couldn't
so
Hi,
For over two weeks i am having a really headache in configuring squid
transparent/intercept.
I have tried different options and configurations but i couldn't get it to
work.
i think the problems lies in the Iptables / NAT but i really couldn't solve
it.
I have tried different iptable rules incl
Hi,
For over two weeks i am having a really headache in configuring squid
transparent/intercept.
I have tried different options and configurations but i couldn't get it to
work.
i think the problems lies in the Iptables / NAT but i really couldn't solve
it.
I have tried different iptable rules incl
On 24/06/2015 2:25 p.m., HackXBack wrote:
> The requested URL could not be retrieved
>
Which means exactly what it says. That is the category of problem at
least. The page should also contain a set of possible reasons and
details about the particular transaction message(s) or action failing.
Amo
On 24/06/2015 11:03 a.m., Mike wrote:
> We have a server setup using squid 3.5 and e2guardian (newer branch of
> dansguardian), the issue is now google has changed a few things around
> and google is no longer filtered which is not acceptable. We already
> have the browser settings for SSL Proxy se
25 matches
Mail list logo
