Hi,
I have a question regarding the SSL Server Certificate Validator.
In the Wiki is written:
"The helper will be optionally consulted after an internal OpenSSL validation
we do now, regardless of that validation results."
What checks does the internal validation include ?
Couldn't find any in
Alex,
So what do you recommend to do here ? I just need a simple whitelist file for
both http/https. I have a config that works on 3.4 but would like to upgrade to
3.5 and the current config we have won't cut it. Just need a simple if you are
in this list allow if not deny. No need for any ssl v
On 10/21/2015 02:49 PM, Yuri Voinov wrote:
> Working config snippet for 3.5.x looks like this:
>
> ssl_bump peek get_sni_at_step1
> ssl_bump splice spliced_hosts
> ssl_bump bump net_bump
The above config leaves the following question unanswered:
Q: What happens if neither spliced_hosts nor net
Would it be fair to say best practice is to get kerbose working in favour
of ntlm ?
On 21/10/2015 3:18 PM, "Amos Jeffries" wrote:
> On 2015-10-21 15:38, Ilias Clifton wrote:
>
>>
>>> On 20/10/2015 4:04 p.m., Ilias Clifton wrote:
>>> > Hi All,
>>> > I've been following the guide at this location
thank you amos was helpful
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/auto-get-latest-release-tp4673780p4673830.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
sorry not deny but make it miss and not hit
with
store_miss
send_hit
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/deny-rep-mime-type-tp4673816p4673829.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Hi,
I suspect (unverified) that
acl dom dstdomain .example.com
acl type rep_mime_type base/type
http_reply_access deny dom type
http_reply_access allow all
will do what you need
On Wed, Oct 21, 2015 at 9:36 PM, HackXBack wrote:
> hello ,
> can we deny rep_mime_type for specific domain ?
> if
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Working config snippet for 3.5.x looks like this:
acl get_sni_at_step1 at_step SslBump1
ssl_bump peek get_sni_at_step1
acl spliced_hosts ssl::server_name_regex -i
"/usr/local/squid/etc/url.nobump"
ssl_bump splice spliced_hosts
ssl_bump bump net_bu
There really isn’t anything in there right now since I am testing.
/etc/squid/git_allowed_domains/allowed_domains"
.facebook.com
.cnn.com
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-user
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Show piece of
allowed_domains
file.
22.10.15 2:29, luizca...@gmail.com пишет:
> Could you suggest a configuration that you think should be working ? I would
> like both
HTTP/HTTPS domains whitelisted via file all other domains blocked. What
am
Could you suggest a configuration that you think should be working ? I would
like both HTTP/HTTPS domains whitelisted via file all other domains blocked.
What am I missing ? My assumption here is the acl nobumpSites ssl::server_name
"/etc/squid/git_allowed_domains/allowed_domains” part is not wo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
You are talking about logo, which is hosted on external web-site.
You can:
1. Use your own local web-server with another picture and point ERR_PAGE
to this location.
2. Use Rafael's method as descrubed.
3. As Amos to get administrative rights on
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Look more:
http://www.experts-exchange.com/Software/Anti-Virus/Q_24387982.html
and more.
More closed:
In transparent proxy setups RDP is not a problem everywhere, because of
transparent proxy utilizes only HTTP and/or HTTPS ports.
RDP is not u
My question wasnt that.
I want to change the Squid’s logo…
Nothing else…
Im sure I need to change something else if I want the Squid’s logo replaced…
Did you ever replace the Squid logo ?
Thanks.
Sebastien.
De : squid-users [mailto:squid-users-boun...@lists.squid-cache.org] De la part
de Yuri
Hi Yuri,
Thanks you very much for your answer.
My question was Remote Desktop Gateway with my Squid.
A Remote Desktop Gateway and RDP is not the same.
http://windows.microsoft.com/en-ph/windows7/what-is-a-remote-desktop-gateway-server
Thanks.
Sébastien.
De : squid-users [mailto:squid-users-bou
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Usually Squid uses in conjunction with
redirector+Apache/other_web_server, so in these setups the shortest (and
weak) way is using it...
But Rafael is right.
22.10.15 1:46, Rafael Akchurin пишет:
> It is also possible to use the in place image li
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Show as access.log/cache.log for denied HTTPS sites.
All others confir quirks will remain onto your responsibility - Amos
come and explain when I/you wrong. ;)
22.10.15 1:52, luizca...@gmail.com пишет:
> I answered your questions below. However h
I answered your questions below. However https traffic is still always being
denied even though the site is on the allowed_list via nobumpSites.
I want to control http/https traffic using the “allowed_domains” list. This
current configuration works for HTTP but not HTTPS traffic.
If there is an
It is also possible to use the in place image like we do for our “403 blocked
page” – see http://docs.diladele.com/faq/filtering/logo.html
Best regards,
Rafael Akchurin
Diladele B.V.
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of Yuri Voinov
Sent: Wednesday,
hello ,
can we deny rep_mime_type for specific domain ?
if yes then how
if no then why
thank you ..
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/deny-rep-mime-type-tp4673816.html
Sent from the Squid - Users mailing list archive at Nabble.com.
I have squid running on Centos 7 and am trying to setup AD authentication. I
have samba/winbindd installed and the system was added to the domain with
authconfig. I have tested authentication with auth_ntlm and that works. I have
also tested group membership with auth_ntlm and that works as we
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
https://www.google.com/search?q=RDP+via+Squid
Some results:
http://superuser.com/questions/713359/i-want-to-rdp-to-my-server-that-is-behind-a-squid3-proxy
http://sengstar2005.hubpages.com/hub/How-to-Remote-Desktop-to-a-Terminal-Server-via-a-Web-P
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
You miss local web-server, which must serve this picture.
22.10.15 0:52, sebastien.boulia...@cpu.ca пишет:
> Hi again,
>
> I would like to change the Squid'slogo that appear on an ccess denied
page...
> I replace the picture /usr/share/squid/icons
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
First, you should put in order configurations.
22.10.15 0:31, luizca...@gmail.com пишет:
> Hello,
> So what I am trying to accomplish here is to basically have a
whitelist of domains that is allowed via http/https. If the UID is
squid,apache, or
Hi again,
I would like to change the Squid'slogo that appear on an ccess denied page...
I replace the picture /usr/share/squid/icons/SN.png but it didnt work.
What did I miss ?
Thanks you very much.
Sébastien.
___
squid-users mailing list
squid-users
Hi all,
Im looking to use my Remote Desktop Gateway with my Squid.
I tried this config but it didnt work.
### SITE
cache_peer site.domain.qc.ca parent 443 0 no-query originserver ssl
sslflags=DONT_VERIFY_PEER name=site
acl sitehttps url_regex ^https://site\.domain\.qc\.ca
http_access allow www44
Hello,
So what I am trying to accomplish here is to basically have a whitelist of
domains that is allowed via http/https. If the UID is squid,apache, or root
then basically you will bypass squid and anything is allowed. This was working
well on 3.4.2 however once I moved to 3.5.10 it no longer
Hi,
I have a running setup for proxying only 'big' files, like Windows
Update, Apple Updates and some other very specific URLs. That's working
just fine, no problem on that.
For avoiding caching small things on the URLs i want to have big
files proxied, i setup the 'minimum_obje
On 10/21/2015 04:14 AM, Squid admin wrote:
> using squid 3.5.10 with patch the upload speed problem seems to be fixed.
> Now I get 112Mbit upload speed from a possible maximum of 115Mbit.
> Squid 4.0.1 still has a performance problem on unencrypted POST upload ...
I recommend monitoring and upda
Em 20/10/15 16:26, sebastien.boulia...@cpu.ca escreveu:
When I try to do a snmpwalk, I got a timeout.
[root@bak ~]# snmpwalk xx:3401 -c cpuread -v 1
[root@bak ~]#
Anyone monitor Squid using SNMP ? Do you experiment some issues ?
You're not getting timeout, you're getting no da
On 2015-10-20, Brendan Kearney wrote:
> this did not work - snmpwalk -v2c -c SecretHandShake proxy1:3401
> this did work - snmpwalk -v2c -c SecretHandShake proxy1:3401 .1.3
From snmpwalk's manual:
"If no OID argument is present, snmpwalk will search the subtree rooted
at SNMPv2-SMI
Dear Alex,
using squid 3.5.10 with patch the upload speed problem seems to be fixed.
Now I get 112Mbit upload speed from a possible maximum of 115Mbit.
Squid 4.0.1 still has a performance problem on unencrypted POST upload ...
BR, Toni
(TSO off)
12:10:16.343559 IP 10.1.1.210.49388 > 10.1.1.19.
Dear Alex,
unfortunately not really fixed.
The upload speed using squid 4.0.1 with this patch has bettered significant
but is far away from squid 3.4.x performance.
The used test client can reach a maximum upload speed of 115 MBIT if the
apache server is directly reachable.
If a SQUID 3.4.X PR
33 matches
Mail list logo
