On 5/12/2015 5:39 a.m., Fabio Bucci wrote:
> Thanks Amos.
> Actually my load balancing is configured to perform round robin balancing
> between the two nodes. I added a session persistance by source ip in order
> to avoid to login again with some sites.
>
> my squid.conf is very simple:
> auth_par
On 5/12/2015 11:20 a.m., Marcio Demetrio Bacci wrote:
> Hi Amos,
>
> Thanks for help me.
>
> Follow my whole squid.conf
> acl manager proto cache_object
I see you still have the old Squid-2 definition for "manager" ACL. If
your Squid is not complaining about that, it means you are using a ver
Hi Amos and Dima,
I'm having the exact same problem. After updating Chrome to version
(47.0.2526.73
m) I'm no longer able to authenticate. IE and Firefox still seem to work
fine. I haven't changed anything in my config file for months.
On Fri, Dec 4, 2015 at 5:22 AM, Dima Ermakov wrote:
> Thank
Thanks a lot
1. These logs are of the moment when when an gmail attachment was
initiated on the user machine.
2. Logs have been filtered for that particular user, and hence have
not been shown in the previous post.
3. I am worried that, while initiating the mail attachment in the user
machine, no o
On 5/12/2015 5:53 a.m., Patrick Flaherty wrote:
> Hi,
>
> I have debug level set to 2 (ALL,2) and was wondering if ANY of the
> following messages in the logs below were of concern.
level "ALL,0" displays only critical issues.
level ALL,1 displays the above plus other important issues that shoul
On 12/04/2015 08:37 AM, Hussam Al-Tayeb wrote:
> Since this is a database, it is possible for part of the database to
> get corrupted through a crash or incorrect poweroff?
It depends on your definition of "corruption". Yes, it is possible that
some database updates will be incomplete because of a
Hi,
I have debug level set to 2 (ALL,2) and was wondering if ANY of the
following messages in the logs below were of concern. I'm new to Squid and
loving it. Particularly where it says always_direct = DENIED & never_direct
= DENIED.
Thanks
Patrick
CONNECT mydomain.com:443 HTTP/1.1
Hos
On 12/04/2015 05:40 AM, Amos Jeffries wrote:
> On 4/12/2015 9:34 p.m., Tom Tom wrote:
>> Why do I need a "full" ssl_bump-configuration to prevent access based
>> on fingerprints?
> Because "deny" in the form you are trying to do it is an HTTP message.
> In order to perform HTTP over a TLS connect
On 5/12/2015 4:57 a.m., GoGo net wrote:
> Limit rate is another direction to limit traffic, I will think about
> it.
>
> Currently, I prefer to use the script to monitor access.log, and I
> find a problem today:
>
> From [squid wiki](http://wiki.squid-cache.org/Features/LogFormat):
>
>> bytes Th
On 5/12/2015 4:37 a.m., Hussam Al-Tayeb wrote:
> Hi. I am using squid with rock storage right now to cache computer
> updates for my Linux computers. It works well.
> Since this is a database, it is possible for part of the database to
> get corrupted through a crash or incorrect poweroff?
> I know
Limit rate is another direction to limit traffic, I will think about it.
Currently, I prefer to use the script to monitor access.log, and I find a
problem today:
From [squid wiki](http://wiki.squid-cache.org/Features/LogFormat):
> bytes The size is the amount of data delivered to the client. Mi
Hi. I am using squid with rock storage right now to cache computer
updates for my Linux computers. It works well.
Since this is a database, it is possible for part of the database to
get corrupted through a crash or incorrect poweroff?
I know from sql database that incorrect shutdowns can cause bin
On 12/03/2015 08:35 PM, Jason Haar wrote:
> Does going "splice" mode avoid all the potential SSL/TLS issues
> surrounding bump? ie it won't care about client certs, weird TLS
> extensions, etc? (ie other than availability, it shouldn't introduce a
> new way of failing?)
Obtaining SNI information
On 4/12/2015 11:14 p.m., Fabio Bucci wrote:
> Hi All,
> my task is implementing a squid proxy that allow all my authenticated
> (windows AD) internal users to surf internet without any credential request
> (pop-up).
>
> Plus, i created two squid nodes and put them behind a citrix netscaler in
> or
On 5/12/2015 3:32 a.m., Tom Tom wrote:
> Hi Amos
>
> The configuration you provided above works also fine. Thank you. Which
> configuration is generally proposed or "the way to go"?: The one,
> which terminates SSL-Blacklists with "ssl_bump terminate" or the other
> which denies https-Blacklist wi
Hi Amos
The configuration you provided above works also fine. Thank you. Which
configuration is generally proposed or "the way to go"?: The one,
which terminates SSL-Blacklists with "ssl_bump terminate" or the other
which denies https-Blacklist with "http_access deny"? Are there some
speed-/securi
On 5/12/2015 3:07 a.m., vivek singh wrote:
> I accept http://download.newnext.me/spark.bin to be a virus redirection,
> but not sure, and dint understand how it is so, i have checked the computer
> for any unwanted third party and were not found.
>
Well, it is not an upload, and does not visibly
I accept http://download.newnext.me/spark.bin to be a virus redirection,
but not sure, and dint understand how it is so, i have checked the computer
for any unwanted third party and were not found.
*Thanks and RegardsVivek Kumar SinghMobile +918902000538*
On Fri, Dec 4, 2015 at 7:11 PM, vi
please find below the access log while problem occur
1449226819.307: 0: TCP_DENIED/403: 4089: GET:
http://download.newnext.me/spark.bin?: -: HIER_NONE/-
1449226828.671: 249222: TCP_TUNNEL/200: 6610: CONNECT:
clients2.google.com:443: -: HIER_DIRECT/216.58.196.110
1449226829.308: 0: TCP_DENIED/403: 4
On 4/12/2015 9:34 p.m., Tom Tom wrote:
> Hi list,
>
> I'm trying to implement SSL-Blacklists based on SHA1-Fingerprints
> (squid 3.5.11). As I know, certificate-fingerprints are one of the
> parts of a certificate, which are visible in a uncrypted traffic.
>
> It seems, that blocking https-sites
Thank you, Amos.
I checked all, that you wrote.
It didn't help me.
I have this problem only on google chrome browser.
Before 2015-12-03 all was good.
I didn't change my configuration more than one month.
Ten minutes ago "Noel Kelly nke...@citrusnetworks.net" wrote in this list,
that google chrom
Hi All,
my task is implementing a squid proxy that allow all my authenticated
(windows AD) internal users to surf internet without any credential request
(pop-up).
Plus, i created two squid nodes and put them behind a citrix netscaler in
order to perform a load balance service.
I configured squid
Hi
For information, the latest version of Google Chrome (v47.0.2526.73M)
has broken NTLM authentication:
https://code.google.com/p/chromium/issues/detail?id=544255
https://productforums.google.com/forum/#!topic/chrome/G_9eXH9c_ns;context-place=forum/chrome
Cheers
_
Hi list,
I'm trying to implement SSL-Blacklists based on SHA1-Fingerprints
(squid 3.5.11). As I know, certificate-fingerprints are one of the
parts of a certificate, which are visible in a uncrypted traffic.
It seems, that blocking https-sites based on fingerprints is only
working with a ssl_bump
24 matches
Mail list logo
