Re: [squid-users] Externel IP & ports

Just as a side note: webmin mainly being used over https ie CONNECT from squid point of view. So the addition should be to the SSL_ports acl and not the Safe_ports acl. All The Bests, Eliezer On 16/10/2015 07:55, Amos Jeffries wrote: On 16/10/2015 5:25 p.m., Filip Maroul wrote: Hello, I run sq

Re: [squid-users] Safari 9 vs. SSL Bump

Can you please add to the Troubleshooting section at the end of ? a brief sentence describing the symptom(s), then what what done to resolve it would be great. Amos ___ squid-users mailing list sq

Re: [squid-users] Safari 9 vs. SSL Bump

So after all that, it was my choice of keychain that was the problem. Every HTTPS site works with the CA cert in the System keychain as opposed to login. I’ll put that down to OS X probably using some system-level processes to do some of Safari’s work, or something. Thanks Alex, Amos, and Jason

Re: [squid-users] Externel IP & ports

On 16/10/2015 5:25 p.m., Filip Maroul wrote: > Hello, > I run squid on network 192.168.6.0/24 > I want open webmin on my server via openvpn on port 1 but squid is > blocking connection. I was try add acl Safe_ports port 1 but this > didn't work. Ports 1025-65535 are all open in Safe_ports

Re: [squid-users] Redirect site.ca to site.qc.ca

On 16/10/2015 9:54 a.m., Sebastien.Boulianne wrote: > Hi, > > Thanks for your answer. > > If I want to do a redirection from http to http, do I need to use a > url_rewrite_program or can I use the deny_info 302: ? > Deny_info should work fine. Amos ___

[squid-users] Externel IP & ports

Hello, I run squid on network 192.168.6.0/24 I want open webmin on my server via openvpn on port 1 but squid is blocking connection. I was try add acl Safe_ports port 1 but this didn't work. Same as GTK app. openweather this app couldn't connect here is the log entry: 192.168.6.8 TCP_MISS/4

Re: [squid-users] Safari 9 vs. SSL Bump

Great, thanks. Don’t know why I didn’t think of it before but I’ll try elevating it from Login -> System keychain and see what happens. > On 16 Oct 2015, at 11:51 AM, Jason Haar wrote: > > On 16/10/15 13:34, Dan Charlesworth wrote: >> Thanks! >> >> So ignoring the “bumpable” helper check, it’s

Re: [squid-users] Safari 9 vs. SSL Bump

On 16/10/15 13:34, Dan Charlesworth wrote: > Thanks! > > So ignoring the “bumpable” helper check, it’s effectively peeking at step1 > and then bumping it like my config’s doing. > > I wonder what else could be differentiating it. Is your proxy CA just > installed in the Login keychain? Nope - di

Re: [squid-users] Safari 9 vs. SSL Bump

Thanks! So ignoring the “bumpable” helper check, it’s effectively peeking at step1 and then bumping it like my config’s doing. I wonder what else could be differentiating it. Is your proxy CA just installed in the Login keychain? > On 16 Oct 2015, at 11:26 AM, Jason Haar wrote: > > On 16/10/

Re: [squid-users] Safari 9 vs. SSL Bump

On 16/10/15 13:08, Dan Charlesworth wrote: > ORLY > > I seem to recall this happening on 10.10 as well, but it could be an El > Capitan thing. Do you mind reminding me of your squid config Jason? With my config I trying to "aggressively" figure out if the transaction is safely going to be bump-ab

Re: [squid-users] Safari 9 vs. SSL Bump

ORLY I seem to recall this happening on 10.10 as well, but it could be an El Capitan thing. Do you mind reminding me of your squid config Jason? Thanks! > On 16 Oct 2015, at 11:06 AM, Jason Haar wrote: > > Just a data point, but I've just got up Safari on Yosemite connecting > through squid-3

Re: [squid-users] Safari 9 vs. SSL Bump

Just a data point, but I've just got up Safari on Yosemite connecting through squid-3.5.10 to https://wikipedia.org/ with full bump-ing with no problems. Same with twitter.com and github.com. Click on the padlock shows the server cert chaining to my squidCA cert (which is trusted of course) ie th

Re: [squid-users] Redirect site.ca to site.qc.ca

Hi, Thanks for your answer. If I want to do a redirection from http to http, do I need to use a url_rewrite_program or can I use the deny_info 302: ? Sébastien -Message d'origine- De : squid-users [mailto:squid-users-boun...@lists.squid-cache.org] De la part de Eliezer Croitoru En

[squid-users] normal squid , can we cahce fcebook vidoes ?

Hello Guys In the past , the videos were http in youtube & facebook Im asking simple question here Is it possible for me as a normal squid user to be able to cache youtube & facebook vidoes in https ? I hear that the old companies that were caching youtube in the pas still working

Re: [squid-users] squidaio_queue_request: WARNING - Queue congestion

On 15/10/2015 7:34 p.m., Reet Vyas wrote: > HI > > I am getting this error in my squid, > > Squid Version : 3.5.3, > > Can anyone help me out with this cause browsing is slow when I get this in > cache.log file. > Two problems; #0 it is not an error. Errors get logged with the word "error" or

Re: [squid-users] TCP_DENIED/403

On 15/10/2015 8:42 p.m., Filip Maroul wrote: > Hello I am try to configure squid3 on debian 8 x64 version of squid is 3.4.8 > Here is the conf file: How certain are you that is the config file being used? The access.log says things are explicitly being denied, which that config says are allowed.

squid-users@lists.squid-cache.org

On 15/10/2015 7:25 p.m., Бараблин Дмитрий wrote: > Hello all! > > im trying to configure squid 3.5.8 as intercept with Whitelist ACLs on > HTTP and HTTPS. > > what my config: > > acl localnet src 10.0.0.0/8 # RFC1918 possible internal network > acl whitelist dstdom_regex -i "/etc/squid/white

[squid-users] TCP_DENIED/403

Hello I am try to configure squid3 on debian 8 x64 version of squid is 3.4.8 Here is the conf file: http_port 3128 hierarchy_stoplist cgi-bin ? visible_hostname proxy.HlubinaMysleni.42.local append_domain .HlubinaMysleni.42.local refresh_pattern ^ftp: 144020% 10080 refresh_patte

Re: [squid-users] debug skype ssl_bump numeric ips to be spliced

On 15/10/15 14:25, Amos Jeffries wrote: > All those lines imply is a certificate verify problem inside the SSL > library. Would it be possible to put the ip:port in those error messages? Would certainly help answer those questions... -- Cheers Jason Haar Corporate Information Security Manager, T