On 28/12/2015 5:30 p.m., SaRaVanAn wrote:
> Thanks for prompt response.
>
> I want to match all the URL's which has a pattern of "wsj" (example: *.
> wsj.com, *.wsj.net, *.wsj.edu ) . Does wildcard makes sense in squid
> refresh pattern? Can we have something like this?
>
> refresh_pattern -i ^h
Hey,
The pattern you wrote is wrong and also doesn't describe your need\desire.
A domain name can contain only certain characters so using a "." is wrong.
Also url and domain regular expressions should be as strict as possible
so you would not have false positive matches.
Amos suggested to use
Thanks for prompt response.
I want to match all the URL's which has a pattern of "wsj" (example: *.
wsj.com, *.wsj.net, *.wsj.edu ) . Does wildcard makes sense in squid
refresh pattern? Can we have something like this?
refresh_pattern -i ^http://*\.wsj\.*/ 10 200% 10 \
override-expire reload
On 28/12/15 14:34, Amos Jeffries wrote:
> Removing the redirect of tcp/443 totally fixes the problem.
>
> What redirect ?
tcp/443 redirect - sorry bad choice of words (really iptables REDIRECT).
ie TOR starts working if it isn't going through squid (which I
appreciate doesn't add much to this conv
On 28/12/2015 11:13 a.m., Jason Haar wrote:
> Hi there
>
> I use TOR a bit for testing our WAFs and found that it no longer worked
> on my test network that has squid configured in TLS intercept mode. I
> currently have squid configured to "splice only" (with peek to get the
> SNI name) - ie no bu
On 28/12/2015 1:30 p.m., SaRaVanAn wrote:
> Hi,
> We are using squid 3.1.20 in our box. We are facing issues on configuring
> and validating the refresh patterns. It looks like squid is not honoring
> the refresh patterns properly.
>
>
> *configuration*
> *refresh_pattern -i ^http://.wsj./.* 10 2
.js - NONE/-
application/javascript
1451261742.341 51 172.19.131.180 TCP_HIT/200 65486 GET
http://m.wsj.net/video/20151227/122715storms/122715storms_960x540.jpg -
NONE/- image/jpeg
1451261742.428132 172.19.131.180 TCP_HIT/200 53668 GET
http://m.wsj.net/video/20151223/121415barpilots/121415barpilots_9
On 12/27/2015 03:13 PM, Jason Haar wrote:
> Surely if all you are doing is
> splice-only, it shouldn't be doing that check at all?
The situation is not that black-and-white, unfortunately. This general
problem can be viewed under several different angles:
A. You are not using a splice-only confi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
wpad.dat&proxy.pac?
28.12.15 4:57, Jason Haar пишет:
> On 28/12/15 11:50, Yuri Voinov wrote:
>> I think, to eliminate this error you need to splice all torify
connections.
> As I said - squid is configured to *only* splice - there is no bump-ing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
So, you can't get this error.
Ergo, it may be client configuration problem.
Is there is transparent proxy?
28.12.15 4:57, Jason Haar пишет:
> On 28/12/15 11:50, Yuri Voinov wrote:
>> I think, to eliminate this error you need to splice all torify
On 28/12/15 11:50, Yuri Voinov wrote:
> I think, to eliminate this error you need to splice all torify connections.
As I said - squid is configured to *only* splice - there is no bump-ing
going on. So this is already the case
acl DiscoverSNIHost at_step SslBump1
ssl_bump peek DiscoverSNIHost
acl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I think, to eliminate this error you need to splice all torify connections.
I.e., you need to configure your squid something like this:
# SSL bump rules
acl step1 at_step SslBump1
ssl_bump peek step1
acl Splice ssl::server_name_regex -i "/usr/loc
Hi there
I use TOR a bit for testing our WAFs and found that it no longer worked
on my test network that has squid configured in TLS intercept mode. I
currently have squid configured to "splice only" (with peek to get the
SNI name) - ie no bumping - purely so that the squid access_log file
contain
13 matches
Mail list logo
