On 06/01/16 19:29, Jason Haar wrote:
>> This just means that IPv6 was the *last* thing tried. It is entirely
>> > probable that IPv4 were tried first and also failed. Particularly if you
>> > have dns_v4_first turned on.
> No - I don't have dns_v4_first defined at all - so that should be trying
> b
Hi there
Doing "peek+splice - but no actual bump" in formal proxy mode works
well when you want to use squid to block https sites via acls: it can
return an error page to the client's CONNECT request and the browser can
show that error to the user. However, in "peek+splice" transparent mode,
squi
On 06/01/16 17:39, Amos Jeffries wrote:
> On 6/01/2016 5:04 p.m., Jason Haar wrote:
>> Hi there
>>
>> Weird - several times in the past couple of months I have found I cannot
>> get to http://wiki.squid-cache.org/ - I get the error below from my
>> squid-3.5.11 server which does not have a Global i
On 6/01/2016 5:04 p.m., Jason Haar wrote:
> Hi there
>
> Weird - several times in the past couple of months I have found I cannot
> get to http://wiki.squid-cache.org/ - I get the error below from my
> squid-3.5.11 server which does not have a Global ipv6 address (it has a
> Local ipv6/fe80: on th
Hi there
Weird - several times in the past couple of months I have found I cannot
get to http://wiki.squid-cache.org/ - I get the error below from my
squid-3.5.11 server which does not have a Global ipv6 address (it has a
Local ipv6/fe80: on the Ethernet card - but nothing else). Google.com
(which
All,
I would like to use Squid Proxy combined with C-ICAP or any other mechanism to
intercept and analyze files uploaded using BITS_POST in OneDrive for MSFT. Is
it possible?
Thanks,
Saravanan
___
squid-users mailing list
squid-users@lists.squid-ca
On 6/01/2016 8:30 a.m., Nir Krakowski wrote:
> how can you combine accel proxy with ssl-bump ?
>
To use accel mode the proxy needs to be an origin for the domain and
thus have access to the servers TLS private keys. If you have those keys
just use a normal https_port (note the 's') to receive the
On 6/01/2016 5:26 a.m., Job wrote:
> Hello,
>
> sinec i upgraded two Squid proxy servers to the Squid-3.4.4 versions, we have
> some huges bottleneck with ahtenticated ntlm (old style!) users.
> If i disable authentication and enable per-ip surf, it works fine.
From what earlier version?
>
> P
On 6/01/2016 5:16 a.m., Berkes, David wrote:
> Hello - My goal is to cache any user credentials from a browser once
> for a period of time without prompting the user browser to ask for
> them until a certain time period has passed (i.e., enter them once
> and again after 8 hours pass). Is there a
What you need is peek and splice setup.
http://wiki.squid-cache.org/Features/SslPeekAndSplice
Eliezer
On 05/01/2016 22:50, Nir Krakowski wrote:
I'm trying to monitor outgoing connections but would not like to monitor
youtube because of volume.
This is for an enterprise so its definitely legal.
I'm trying to monitor outgoing connections but would not like to monitor
youtube because of volume.
This is for an enterprise so its definitely legal.
Nir.
On Tue, Jan 5, 2016 at 10:08 PM, Antony Stone <
antony.st...@squid.open.source.it> wrote:
> On Tuesday 05 January 2016 at 21:03:09, Nir Kra
On Tuesday 05 January 2016 at 21:03:09, Nir Krakowski wrote:
> eg: /etc/hosts
> mail.google.com 10.0.0.250
> as for the ssl certificate, I hope to self sign with a made up root CA.
What are you trying to achieve with this setup,
and have you checked whether it is legal in your country / organisa
because the destination IP is the actual machine IP.
eg: /etc/hosts
mail.google.com 10.0.0.250
that at 10.0.0.250
as for the ssl certificate, I hope to self sign with a made up root CA.
Nir.
On Tue, Jan 5, 2016 at 9:44 PM, Antony Stone <
antony.st...@squid.open.source.it> wrote:
> On Tuesday
On Tuesday 05 January 2016 at 20:30:06, Nir Krakowski wrote:
> how can you combine accel proxy with ssl-bump ?
Have you looked at http://www.squid-cache.org/Doc/config/http_port/ ?
You put the certificate (which would normally be on the web server) on the
Squid server (because that's the machin
how can you combine accel proxy with ssl-bump ?
the problem: intercept mode looks at IP addresses
requested solution: we need to look at the SNI info..
Anybody ever done this ?
Thanks,
Nir.
___
squid-users mailing list
squid-users@lists.squid-cache.or
Hello,
sinec i upgraded two Squid proxy servers to the Squid-3.4.4 versions, we have
some huges bottleneck with ahtenticated ntlm (old style!) users.
If i disable authentication and enable per-ip surf, it works fine.
Plesae note that squid process raise up to 100%.
Here is my auth ntlm configur
Hello - My goal is to cache any user credentials from a browser once for a
period of time without prompting the user browser to ask for them until a
certain time period has passed (i.e., enter them once and again after 8 hours
pass). Is there a method to do this? I have read about (credentials
Yuri thanks again.
I'm going to give it a try and post my results.
Alejandro
2016-01-05 11:57 GMT-03:00 Yuri Voinov :
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> You can write it easy ;)
>
> Please note:
>
> 1. AFAIK, splice rule must be preceded by bump rule in your config.
> 2.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
You can write it easy ;)
Please note:
1. AFAIK, splice rule must be preceded by bump rule in your config.
2. You can use ssl::server_name_regex or ssl::server_name for a decision
3. In most cases your users must have your cache CA's when cache ca
I all
I'm still lost, can I ask for a minimal working config splicing google.com
sites ?
I have made some additional checks (blocking QUIC), but with no lunk.
I'm thinking creating an external helper that receives via ssl::server_name
and make a decision there, but if there is a chance with a sim
On 5/01/2016 11:15 p.m., Nir Krakowski wrote:
> I meant to hack rewrite to supply more header information at rewrite
> instead of just URL and method.
>
> for squid3-3.3.8 it would look like
> sz = snprintf(buf, MAX_REDIRECTOR_REQUEST_STRLEN*2, "%s %s/%s %s %s
> myip=%s myport=%d ua=%s cookie=
On 5/01/2016 10:39 p.m., Jason Haar wrote:
> On 31/12/15 23:43, Amos Jeffries wrote:
>> But that said; everything SG provides a current Squid can also do
>> (maybe better) by itself.
> Hi Amos
>
> Are you saying the squid acl model can support (say) 100M acl lists? The
> main feature of the squi
>> Am 05.01.2016 um 02:16 schrieb Amos Jeffries :
>>
>>> On 5/01/2016 8:31 a.m., Matus UHLAR - fantomas wrote:
>>> On 04.01.16 14:43, Christian Kunkel wrote:
>>> is there any way to use different access control lists per listening
>>> port?
>>>
>>> http_port 1337
>>> acl 1337
>>> http_port 1338
I meant to hack rewrite to supply more header information at rewrite
instead of just URL and method.
for squid3-3.3.8 it would look like
sz = snprintf(buf, MAX_REDIRECTOR_REQUEST_STRLEN*2, "%s %s/%s %s %s
myip=%s myport=%d ua=%s cookie=%s\n",
r->orig_url,
r-
On 31/12/15 23:43, Amos Jeffries wrote:
> But that said; everything SG provides a current Squid can also do
> (maybe better) by itself.
Hi Amos
Are you saying the squid acl model can support (say) 100M acl lists? The
main feature of the squidguard redirector was that it had indexed files
that al
On 5/01/2016 5:46 p.m., Nir Krakowski wrote:
> Hi Alex, I meant that the filter is of the HTTP of the client-request and
> not the client-response or server-response.
> From what I've seen there is no example that monitors headers if at all
> possible.
>
> what I'm looking for is something like ur
26 matches
Mail list logo
