Hi there
I am finding squid-3.5.13 is false positive-ing on ssl-bump way too
often. I'm just using "peek-and-splice" on intercepted port 443 to
create better squid logfiles (ie I'm not actually bump-ing) but that
enables enough of the code to cause the Host forgery code to kick in -
but it doesn't
My squid's cache_mem in squid.conf differs from output in mgr:config.
[root@squid-cache ~]# /usr/local/squid/bin/squidclient -h 127.0.0.1 -p 80 -w
aa mgr:config |grep cache_mem
Sending HTTP request ... done.
cache_mem 0 bytes
[root@squid-cache ~]# /usr/local/squid/sbin/squid -v
Squid Cache
On 12/01/2016 7:54 a.m., 3 wrote:
>
> The version on Debian is 3.5.12 and but still max_user_ip does not work at
> all and squid in verbose mode does not reject it but go through it
> correctly, so I m bit confused. The authentication is against AD win 2008.
>
> I will send the more details later
On Mon, Jan 11, 2016 at 09:06:27PM +1300, Amos Jeffries wrote:
> On 11/01/2016 2:48 p.m., LYMN wrote:
> >
> > I did manage to get this working, you did mention the correct solution
> > right down the end of your message.
> >
>
> Correct for you yes. That can happen when making half-blind guesses
Dear all,
I hope you all doing fine ! I know that this question has already been
asked multiple times, and I already checked the logs (old mailing list) but
I didn't find there my answers ... By the way, I am suspecting that this
might have something to do with the squid version itself.
In fact,
On 11/01/2016 11:18 p.m., Alex Samad wrote:
> Hi
>
> On 11 January 2016 at 18:54, Amos Jeffries wrote:
>>> guessing I have to bump up the 200M max to 800mb.
>>
>> Maybe. But IMHO use the ACLs tat range_offset_limit can take.
>
> your suggesting to limit the offset limit to just the windows updat
On 11/01/2016 11:51 p.m., Walter H. wrote:
>
> Ok, because the strange in connection with this:
>
> I had
>
> http_port 3128 ... dhparam=./dhparam.pem
>
> and before installing Kaspersky Anti-Virus there was not any error; but in
> connection with the SSL-Interception of Kaspersky Anti-Virus, I
On 12/01/2016 4:12 a.m., William Lima wrote:
> Hi all,
>
> I have identified those memory leaks in the latest version of Squid 3.5:
>
...
>
> Does anyone have a clue about the NotePairs leaks?
This is a users list. squid-dev is where the developers hangs out.
Amos
I have tested couple times with couple sites and it seems that they
don't like the "Surrogate-Capability" headers and specially in SSL, they
return a 500 internal error.
One url that I have tried to access is:
https://www.brighttalk.com/webcast/10903/183623?utm_campaign=webcasts-search-results-f
Hi all,
I have identified those memory leaks in the latest version of Squid 3.5:
128 (48 direct, 80 indirect) bytes in 1 blocks are definitely lost in loss
record 1,875 of 3,225
at 0x4C267BB: calloc (vg_replace_malloc.c:593)
by 0x642906: xcalloc (xalloc.cc:83)
by 0x63CEB2: MemPoolMa
On 10/01/2016 2:29 p.m., Roman Gelfand wrote:
I accidentally deleted the squid.conf while squid has been running. The
squid is still running. Is there a way to retrieve a running configuration?
If you can remember the cachemgr passwrd:
squidclient mgr:config
On 10.01.16 18:10, Amos Jeffr
Could you kindly write me what i need to post in order to review?
2016-01-11 11:53 GMT+01:00 Amos Jeffries :
> On 11/01/2016 11:26 p.m., Fabio Bucci wrote:
>> Yes of course. But i'm wondering if all the configuration are right.
>>
>
> The Squid part of it looks okay to me. The issue is somewhere i
On 11/01/2016 11:26 p.m., Fabio Bucci wrote:
> Yes of course. But i'm wondering if all the configuration are right.
>
The Squid part of it looks okay to me. The issue is somewhere in the AD,
keytab or client setup I think.
Amos
___
squid-users mailing
Hello Amos,
On Mon, January 11, 2016 11:13, Amos Jeffries wrote:
> On 11/01/2016 10:50 p.m., Walter H. wrote:
>> Hello,
>>
>> I'd restrict the client by using a less resource consuming TLS
>> encryption;
>>
>> I though doing just this
>>
>> e.g.
>> http_port 3128 ... cipher=3DES ...
>> (for restri
Yes of course. But i'm wondering if all the configuration are right.
2016-01-11 9:43 GMT+01:00 Amos Jeffries :
> On 11/01/2016 9:34 p.m., Fabio Bucci wrote:
>> Hi,
>> could you help me in looking for what it's wrong?
>>
>
> The client / browser thinks the credentials are wrong for some reason.
>
Yes of course. But i'm wondering if all the configuration are right.
Thanks,
Fabio
2016-01-11 9:43 GMT+01:00 Amos Jeffries :
> On 11/01/2016 9:34 p.m., Fabio Bucci wrote:
>> Hi,
>> could you help me in looking for what it's wrong?
>>
>
> The client / browser thinks the credentials are wrong for s
Hi
On 11 January 2016 at 18:54, Amos Jeffries wrote:
>> guessing I have to bump up the 200M max to 800mb.
>
> Maybe. But IMHO use the ACLs tat range_offset_limit can take.
your suggesting to limit the offset limit to just the windows update sites
>
>> are the other values still okay ?
>
> Yes.
On 11/01/2016 10:50 p.m., Walter H. wrote:
> Hello,
>
> I'd restrict the client by using a less resource consuming TLS encryption;
>
> I though doing just this
>
> e.g.
> http_port 3128 ... cipher=3DES ...
> (for restricting clients connecting to 3DES)
>
> or what would be less resource consumi
Hello,
I'd restrict the client by using a less resource consuming TLS encryption;
I though doing just this
e.g.
http_port 3128 ... cipher=3DES ...
(for restricting clients connecting to 3DES)
or what would be less resource consuming?
AES128?
but where can I see, which ciphersuite is really use
I've deleted the quotes in the realm declaration but I still have to use
quotes with the command line :
echo ':' | /usr/lib/squid3/digest_ldap_auth -b ou= -u uid -A l
-W /etc/digestreader_cred -e -v 3
BH message="Invalid line received"
echo '"":""' | /usr/lib/squid3/digest_ldap_auth -b
ou=
On 11/01/2016 9:34 p.m., Fabio Bucci wrote:
> Hi,
> could you help me in looking for what it's wrong?
>
The client / browser thinks the credentials are wrong for some reason.
You need to run through all the troubleshooting checks to see if any
reason shows up. The recent posts "kerberos authenti
Hi,
could you help me in looking for what it's wrong?
Regar,ds
Fabio
2016-01-07 14:26 GMT+01:00 Fabio Bucci :
> Hi Amos,
> just configured squid.conf as:
>
> auth_param negotiate program /usr/lib64/squid/negotiate_kerberos_auth
> -d -s HTTP/myproxy.domain
> auth_param negotiate children 100
> aut
On 11/01/2016 10:54 a.m., Roman Gelfand wrote:
> I am getting the following error. Would anyone know the reason?
>
> Error negotiating SSL connection on FD 37: error:1408F10B:SSL
> routines:SSL3_GET_RECORD:wrong version number
>
Please supply the rquired details:
* Squid version (squid -v out
On 11/01/2016 2:48 p.m., LYMN wrote:
>
> I did manage to get this working, you did mention the correct solution
> right down the end of your message.
>
Correct for you yes. That can happen when making half-blind guesses at
what the problem actually is based on partial information. It might have
b
24 matches
Mail list logo
