On 15/01/2016 3:38 p.m., startrekfan wrote:
> Hello,
>
> thank you for your answer. I'm using the debian stable version(3.4.8) at
> the moment. The squid server is working very well.
>
> But I have a different question: How to secure/hardening my squid _https_
> proxy?
>
I'm a lot confused why
On 15/01/2016 2:08 p.m., xxiao8 wrote:
> In Squid http-redirector can get access to the full url, for https
> sslbump only gives us the host(https://host), to get a full
> url(https://host/path), are the only choices icap/ecap for content
> filtering? in this case I really don't care about the http
Hello
I'd like to suggest that the pre compiled squid packages (e.g *.deb) should
be build with the flags
--enable-ssl \
--with-openssl \
--enable-ssl-crtd"
by default
It would make things much easier for me then I can install a https ready
squid directly from the repository(apt-get)
___
Hello,
thank you for your answer. I'm using the debian stable version(3.4.8) at
the moment. The squid server is working very well.
But I have a different question: How to secure/hardening my squid _https_
proxy?
I used the following page to configure my https proxy:
http://wiki.squid-cache.org/C
In Squid http-redirector can get access to the full url, for https
sslbump only gives us the host(https://host), to get a full
url(https://host/path), are the only choices icap/ecap for content
filtering? in this case I really don't care about the https content
payload, just its http header tha
On Thursday 14 January 2016 at 18:25:16, Robert Plamondon wrote:
> > You *must* perform the NAT on the machine Squid is running on for
> > intercept mode to work.
> >
> > Doing it on any other router along the way will not work.
>
> Unless I'm missing something, I'd phrase this differently: the
On 15/01/2016 6:25 a.m., Robert Plamondon wrote:
>>
>>
>> You *must* perform the NAT on the machine Squid is running on for intercept
>> mode to work.
>>
>> Doing it on any other router along the way will not work.
>>
>
> Unless I'm missing something, I'd phrase this differently: the NAT must not
>
>
> You *must* perform the NAT on the machine Squid is running on for intercept
> mode to work.
>
> Doing it on any other router along the way will not work.
>
Unless I'm missing something, I'd phrase this differently: the NAT must not
be performed between the client and Squid. Squid is indiffer
Hi,
I want to limit the users with the Maxconn parameters. But the users are NATed
behind a public IP address. Is squid just looking at the IP address or can it
also use the username to figure out if it should apply the maxconn?
Thanks
Murat
___
squid-
On 15/01/2016 3:47 a.m., David Marcos wrote:
> Eliezer, Amos,
>
> I wanted to follow-up on the below thread since I encountered an
> additional, interesting issue.
>
> Per my issue with shutterfly.com below, if I *do not* set an ECDH cipher in
> the tls-dh parameter, then I have to remove NO_SSLv
Eliezer, Amos,
I wanted to follow-up on the below thread since I encountered an
additional, interesting issue.
Per my issue with shutterfly.com below, if I *do not* set an ECDH cipher in
the tls-dh parameter, then I have to remove NO_SSLv2 from sslproxy_options.
However, if I set an ECDH cipher
On 12/01/2016 2:40 p.m., Jason Haar wrote:
> Hi there
>
> I am finding squid-3.5.13 is false positive-ing on ssl-bump way too
> often. I'm just using "peek-and-splice" on intercepted port 443 to
> create better squid logfiles (ie I'm not actually bump-ing) but that
> enables enough of the code to
On 15/01/2016 1:27 a.m., Antony Stone wrote:
> On Thursday 14 January 2016 at 13:21:57, jean-yves boisiaud wrote:
>
>> My squid box is not on a firewall, but on a dedicated server in the DMZ,
>> between the internal and the external firewall.
>
>> On the internal firewall, port 80 is redirected t
On Thursday 14 January 2016 at 13:21:57, jean-yves boisiaud wrote:
> My squid box is not on a firewall, but on a dedicated server in the DMZ,
> between the internal and the external firewall.
> On the internal firewall, port 80 is redirected to the squid box port 3128,
> for transparent proxying.
hello,
I am migrating a squid box from squid 2.7 to squid 3.4.8 (debian jessie).
I use squid for forwarding only.
My squid box is not on a firewall, but on a dedicated server in the DMZ,
between the internal and the external firewall.
So, I have two http_port directives :
http_port 8080
http_p
I am happy to release the new RPMs of Squid 3.5.13 for:
- CentOS 6 32bit [http://ngtech.co.il/repo/centos/6/i686/]
- CentOS 6 64bit [http://ngtech.co.il/repo/centos/6/x86_64/]
- CentOS 7 64bit [http://ngtech.co.il/repo/centos/7/x86_64/]
- OpenSUSE leap(42.1) 64bit [http://ngtech.co.il/repo/opensus
16 matches
Mail list logo
