Re: [squid-users] Squid with NTLM auth behind netscaler

On 2015-12-31 03:42, Fabio Bucci wrote: Could you help me in kerberos configuration only? I don't want a fallback That should be blindingly obvious ... just use the Kerberos helper directly as the auth_param helper. Omit the negotiate_wrapper helper and ntlm_auth helper parts. Amos ___

Re: [squid-users] ip-based ACL under transparent mode

On 2015-12-31 18:02, xxiao8 wrote: Under transparent mode, is it possible to get client's IP and assign a specific ACL rule to it? The "src" ACL matches client IP. Always. is it possible to use the

Re: [squid-users] Host header forgery affects pure splice environment too?

On 2015-12-29 03:29, Yuri Voinov wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Heh. It seems bogus by our opinion. Tor certainly thinks otherwise. Anything under the .net TLD is under resolving control of the global DNS lookup system. Those FQDN are invalid / NXDOMAIN. Which is the

[squid-users] ip-based ACL under transparent mode

Under transparent mode, is it possible to get client's IP and assign a specific ACL rule to it? is it possible to use the client-IP-address as a variable in redirector scripts? Basically when transparent mode is used we don't have the "user" for each requests and I'm thinking if I can extract t

Re: [squid-users] Specifiying openssl location with ./configure?

On 2015-12-29 09:12, George Hollingshead wrote: I have a localy compilied the latest openssl to default location /usr/local directory. If you really have done that then any Squid built after will auto-detect it there and link to that new OpenSSL version using only the "--with-openssl" build o

Re: [squid-users] Refresh pattern issue in squid 3.1.20

Hi, All, I tired suggested refresh pattern, still i was getting TCP_HIT/MEM_HIT. It's not getting refreshed after 10 minutes. *Conf* refresh_pattern -i ^http://[a-z\-\_\.A-Z0-9]+\.wsj\.(net|net|com|edu)/ 10 200% 10 override-expire override-lastmod reload-into-ims ignore-reload *Logs* Wed Dec 3

Re: [squid-users] squid reverse proxy and client certs

Hi Thanks I thought that might be the issue. could you point me to an example for requesting client certs for a directory Thanks Alex On 30 December 2015 at 21:56, Matus UHLAR - fantomas wrote: > On 30.12.15 15:11, Alex Samad wrote: >> >> I have squid 3.5.12 working as a reverse proxy >> >> ca

Re: [squid-users] Squid proxy removing Transfer-Encoding header

On 12/30/2015 02:24 PM, Aashima wrote: > So it is like client -> Squid -> APP and return > If App return Transfer-Encoding header to Squid, Squid removes that response > header and forwards rest to Client. > > Am not getting why it is removing that header ? Couldnt find any posts > also on an

[squid-users] Squid proxy removing Transfer-Encoding header

Hey all, I have an application in front of which I am using Squid proxy. Suppose application name is APP So it is like client -> Squid -> APP and return If App return Transfer-Encoding header to Squid, Squid removes that response header and forwards rest to Client. Am not getting why it is re

Re: [squid-users] Squid is not worked in OpenVZ VPS.

On 30/12/2015 19:29, Billy.Zheng (zw963) wrote: I can acess `www.google.com' in side my VPS with W3M. But, can not accesswww.google.com across my Squid server. I don't what happen here, those VPS provider guys work on this two days, not resolved. Hey Billy, From the information page it is c

Re: [squid-users] Squid is not worked in OpenVZ VPS.

I can acess `www.google.com' in side my VPS with W3M. But, can not access www.google.com across my Squid server. I don't what happen here, those VPS provider guys work on this two days, not resolved. Kinkie writes: > Well, the IPv6 address could be telling. Maybe OpenVZ is setting up a > V6 ne

Re: [squid-users] squid3 / debian stable / please update to 3.4.14

Hai, You can very easy upgrade to 3.5.12 on Jessie. Add sid to your sources.list, or better in : /etc/apt/sources.list.d/debian-sid.list Only the deb-src line is needed. Now apt-get update # install dependecies. apt-get build-dep squid # get and build source. apt-get source squid -b if y

Re: [squid-users] Squid with NTLM auth behind netscaler

Could you help me in kerberos configuration only? I don't want a fallback 2015-12-29 16:34 GMT+01:00 L.P.H. van Belle : > Hai, > >> ok thanks. I think the system guys use samba and winbind to join linux >> machines to domain independetly services installed > > Thats good, but if you want fallback

Re: [squid-users] Squid is not worked in OpenVZ VPS.

Well, the IPv6 address could be telling. Maybe OpenVZ is setting up a V6 network but has no route out of it. Can you try accessing a known V4 and a known V6 address? It could help you understand if the issue is there. In that case, you need to fix the issue at the OpenVZ level. On Wed, Dec 30, 20

Re: [squid-users] Squid is not worked in OpenVZ VPS.

Thanks for you reply. The failed message is: `Connection to failed', is a IPV6 address somehow. I found i just could't access part of website, not all. so, I thought this is not Squid problem, maybe china GFW prevent this, I doubt OpenVZ provider's machine room exist some problem. Th

Re: [squid-users] Squid is not worked in OpenVZ VPS.

> On 30 Dec 2015, at 11:39, Billy.Zheng(zw963) wrote: > > Hi, I have two VPS in same location(HONG KONG) > > the two VPS is blongs to two service provider, one OpenVZ, one XEN. > > I choice with same version CentOS(6.7), and with same config script for > a FORWARD proxy to access free world. >

[squid-users] Host header forgery policy in service provider environment

Hello Squid members and developers! First of all, I wish you a Happy New Year 2016! The current Host header forgery policy effectively prevents a cache poisoning. But also, I noticed, it deletes verified earlier cached object. Is it possible to implement more careful algorithm as an option? For e

Re: [squid-users] squid reverse proxy and client certs

On 30.12.15 15:11, Alex Samad wrote: I have squid 3.5.12 working as a reverse proxy cache_peer 127.0.0.1 \ parent 443 0 proxy-only no-query no-digest originserver \ login=PASS \ ssl \ sslcafile=/etc/pki/tls/certs/ca-bundle.crt \ sslflags=DONT_VERIFY_PEER \ name=webServer This points to httpd wh

[squid-users] Squid is not worked in OpenVZ VPS.

Hi, I have two VPS in same location(HONG KONG) the two VPS is blongs to two service provider, one OpenVZ, one XEN. I choice with same version CentOS(6.7), and with same config script for a FORWARD proxy to access free world. XEN always worked for me, but OpenVZ is not. following is some simple