On 16/01/2016 10:46 a.m., Hector Chan wrote:
> Hi,
>
> I am running the squid 3.4.x line. I am looking into hardening our squid
> server. One of the things I am looking at is the SSL cipher list. Does
> anyone know how do I find out what SSL cipher list squid support? I read
> from another post th
On 16/01/2016 3:52 p.m., xxiao8 wrote:
> Just found out ssl::server_name_regex that should cover url_regex,
> for urlpath_regex and referer_regex I think I can not get them for
> https/sslbump, to get them an icap/ecap has to be used to read the
> decrypted content at the moment, will squid plan to
Just found out ssl::server_name_regex that should cover url_regex, for
urlpath_regex and referer_regex I think I can not get them for https/sslbump,
to get them an icap/ecap has to be used to read the decrypted content at the
moment, will squid plan to provide directives similar to
urlpath_rege
On 15-01-2016 17:26, Yuri Voinov wrote:
>
> # -
> # Access Control Lists
> # -
> acl localnet src 192.168.0.0/16# RFC1918 possible internal network
>
> acl SSL_ports port 443
> acl SSL_ports port 8443# Telecom exc
for https/sslbump I can use sni::server_name to replace the "dstdomain"
directive, what about others URL-related directives, e.g., url_regex,
urlpath_regex, referer_regex,etc. Do they make sense at all when
https-url is concerned? or I have to ignore them when sslbump is activated?
Thanks for
On 01/15/2016 02:38 PM, xxiao8 wrote:
> I wonder if the decrypted https message after sslbump is used
> by icap/ecap client code in squid,
It is.
> or special handling is needed comparing to http-only proxying.
Normally, no special handling is required apart from bumping
transactions (which, o
On Friday 15 January 2016 at 17:04:37, Aismel wrote:
> Hi guys,
>
> I follow this steps and not work i dont know why
>
> https://linuxstep.wordpress.com/step-by-step-configuration-squid-to-block-s
> t reaming-media-online/
>
> I try using the Zentyal software disabling all video and flash opti
Hi guys,
I follow this steps and not work i dont know why
https://linuxstep.wordpress.com/step-by-step-configuration-squid-to-block-st
reaming-media-online/
I try using the Zentyal software disabling all video and flash options and
the same thing not block streaming pls help me !!
Hi,
I am running the squid 3.4.x line. I am looking into hardening our squid
server. One of the things I am looking at is the SSL cipher list. Does
anyone know how do I find out what SSL cipher list squid support? I read
from another post that squid doesn't support the ECDHE ciphers, but I am
inte
Keep reading icap... it can modify a HTTP request (encapsulated and send
to icap server by squid's icap client), does this mean after sslbump I
can send a just-decrypted-clear-text http request-line and the related
header/message-body to icap server, or not?
Basically I wonder if the decrypted
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
# -
# Access Control Lists
# -
acl localnet src 192.168.0.0/16# RFC1918 possible internal network
acl SSL_ports port 443
acl SSL_ports port 8443# Telecom exclusion
On 15-01-2016 16:18, Yuri Voinov wrote:
> _MISS/200 30415 GET
>
> https://www.google.com/search?q=Sun+2540-M2+Performance+enhancer&biw=1280&bih=699&noj=1&ei=oAmZVvnxCsW3afKevLAO&start=10&sa=N
> HIER_DIRECT/216.58.208.227 text/html
> 15/Jan/2016:21:03:23 +0600356 127.0.0.1 TAG_NON
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I see:
15/Jan/2016:21:03:22 +0600411 127.0.0.1 TAG_NONE/200 0 CONNECT
www.google.com:443 - HIER_DIRECT/216.58.208.227 -
15/Jan/2016:21:03:23 +0600663 127.0.0.1 TCP_MISS/200 30415 GET
https://www.google.com/search?q=Sun+2540-M2+Performance+
Yuri,
Now I can see, I'm really doing something wrong,
cause I can't see the FQDN at access.log
What can be the possible problem that I can get just IP:PORT?
On 15-01-2016 15:23, Yuri Voinov wrote:
>
>
>
> 15.01.16 23:55, lucas castro пишет:
> > Amos, Sorry for emailing right to you.
> > -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
15.01.16 23:55, lucas castro пишет:
> Amos, Sorry for emailing right to you.
> -- Forwarded message --
> From: lucas castro
> Date: Fri, Jan 15, 2016 at 2:54 PM
> Subject: Re: [squid-users] Squid https bump and google apps
> To:
Amos, Sorry for emailing right to you.
-- Forwarded message --
From: lucas castro
Date: Fri, Jan 15, 2016 at 2:54 PM
Subject: Re: [squid-users] Squid https bump and google apps
To: Amos Jeffries
Amos, I'm already using squid-3.5.13 with sni,
the problem is, google use the same c
On 16/01/2016 3:35 a.m., Lucas Castro wrote:
> I've hard worked against google applications,
> The points is, google use the same certificate for a bunch of different
> apps,
> like google.com, youtube.com, drive.google.com.
> I'd like to know if someone already got terminated youtube.com and
> kee
On 15/01/2016 11:13 p.m., startrekfan wrote:
> Hello
>
> I`m sorry. I'm not a native speaker so I maybe don't find the right words.
>
> I'd like to setup a proxy that can scan the incoming traffic for virus
> (squidclamav). To do that for a https/ssl connection I need the squid
> ssl-bump feature
Hi,
Thanks for the response.
What I want to achieve is to prevent 2 users enter with the same username
simultaneously.
<--> User 1 enters the proxy, browses some pages.
<--> User 2 tries to enter, and he receives a reject.
<--> User1 stops browsing pages.
<--> User2 tries to enter, but because
I've hard worked against google applications,
The points is, google use the same certificate for a bunch of different
apps,
like google.com, youtube.com, drive.google.com.
I'd like to know if someone already got terminated youtube.com and
keep working google.com and others services.
__
On 31-12-2015 15:06, Lucas Castro wrote:
>
> On 31-12-2015 15:00, Alex Rousskov wrote:
>> On 12/31/2015 10:58 AM, lucas castro wrote:
>>> I have squid
>>> Squid Cache: Version 3.5.7
>>>
>>> I don't know how to ask about this,
>>> But I'm getting 100% load and squid don't accept connection anymor
icap/ecap are both for content-adaptation instead of being a redirector,
which implies they can work on decrypted https content(after "bump")
that includes the "effective URL", i.e. the full request URL.
what's the right approach to do content analysis when https/MITM is
turned on in squid, it
Hi!
This is my first post to this list so I apologise in advance if I have
inadvertently left out something :)
squid-3.5.12-20151128-r13959 running on OpenSuse 13.2 and SuSE 12
What we are trying to do is to implement squid in a school district so that
they can get reasonable statistics of web
15.01.16 16:13, startrekfan пишет:
Hello
I`m sorry. I'm not a native speaker so I maybe don't find the right words.
I'd like to setup a proxy that can scan the incoming traffic for virus
(squidclamav). To do that for a https/ssl connection I need the squid
ssl-bump feature or is there an ot
Hello
I`m sorry. I'm not a native speaker so I maybe don't find the right words.
I'd like to setup a proxy that can scan the incoming traffic for virus
(squidclamav). To do that for a https/ssl connection I need the squid
ssl-bump feature or is there an other solution?
Now I want to setup the ss
On 15.01.16 02:46, startrekfan wrote:
I'd like to suggest that the pre compiled squid packages (e.g *.deb) should
be build with the flags
--enable-ssl \
--with-openssl \
--enable-ssl-crtd"
by default
you should suggest this to the precompiled package maintainers, squid users
list has nothing to
On 15/01/2016 3:46 p.m., startrekfan wrote:
> Hello
>
> I'd like to suggest that the pre compiled squid packages (e.g *.deb) should
> be build with the flags
> --enable-ssl \
> --with-openssl \
> --enable-ssl-crtd"
> by default
>
> It would make things much easier for me then I can install a htt
On 14.01.16 16:58, Murat Balkan wrote:
I want to limit the users with the Maxconn parameters. But the users are
NATed behind a public IP address. Is squid just looking at the IP address
or can it also use the username to figure out if it should apply the
maxconn?
maxconn uses clients' addresse
28 matches
Mail list logo
