L.P.H. van Belle wrote
> Try this format :
>
>
>
>
>
> external_acl_type ldap_search ttl=3600 negative_ttl=3600 %LOGIN
> /usr/lib/squid/ext_kerberos_ldap_group_acl \
>
> -R -b "ou=User,dc=YOUR,dc=DNSDOM,dc=TLD" \
>
> -f
> "(&(samaccountname=%v)(memberof=cn=%a,ou=Groups,ou=Users,dc
Amos Jeffries wrote
> On 2/02/2016 3:22 a.m., alesironi wrote:
>> L.P.H. van Belle wrote
>>> Just a question..
>>>
>>> You are using debian, i did say..
>>>
>>> chmod root:proxy ( proxy is the default squid user in debian )
>>>
>>> i see..
>>> chown root:squid /etc/squid3/ldappass.txt
>>>
>>> t
On 2/02/2016 3:22 a.m., alesironi wrote:
> L.P.H. van Belle wrote
>> Just a question..
>>
>> You are using debian, i did say..
>>
>> chmod root:proxy ( proxy is the default squid user in debian )
>>
>> i see..
>> chown root:squid /etc/squid3/ldappass.txt
>>
>> try again with
>> chown root:prox
After getting the xbox 360's to grab downloads from squid cache I then
tried to get the xbox one to do the same thing. problem is xbox one is
going through squid but squid isn't caching files. The xbox one uses http
and downloads from 2 addresses that are identical.
I was reasearching steam game d
An old thread but Thanks!
On 10/03/2014 18:11, Pavel Kazlenka wrote:
Hi Elizer,
I'm pretty far from selinux understanding, but I have two suggestions
for you:
1) sealert tool can be used for getting human-readable output. E.g.
sealert -a /var/log/audit/audit.log > /path/to/mylogfile.txt
2) If
On 02/01/2016 09:55 AM, Tom Tom wrote:
> I'm still confused about the correct apply of the "at_step"-rules.
> Does an action (ex. bump, peek, stare...) without providing a
> step-argument implicit means step1, step2 AND step3?
There is no "step argument".
The following may help you understand wha
Why another web-server? You mean that it's similar to a web-server or an
actual web-server?
In any case you are running a process on the squid machine, you can run
an ICAP service that will push the page as a template into the client
response.
I can understand if you are invested in the extern
I believe ICAP or eCAP would be better suited for our needs. But
having invested into the external_acl_type helper way of working, I am
exploring what best can be done.
I hope there is a simple way to do this.
Also, ICAP is essentialy another web-server (unless I use eCAP) that I
would like to av
Hey,
I do not have an answer to your question but I wanted to ask a question.
If you would be able to send the whole page with the data directly to
the client would it be OK for your use case?
It's just that based on your external helper logic it might be possible
to use ICAP or eCAP instead of
On 31/01/2016 20:48, Yuri Voinov wrote:
Confirmed.
It's non-functional for a very long time and will probably stay there
for more.
You can use google and other search engine per "site" search function
for now.
Eliezer
* I know that these search engines are not always objective but this
wh
Try this format :
external_acl_type ldap_search ttl=3600 negative_ttl=3600 %LOGIN
/usr/lib/squid/ext_kerberos_ldap_group_acl \
-R -b "ou=User,dc=YOUR,dc=DNSDOM,dc=TLD" \
-f
"(&(samaccountname=%v)(memberof=cn=%a,ou=Groups,ou=Users,dc=YOUR,dc=DNSDOM,dc=TLD))"
\
-D AD-bind-us
Hi All,
We want to send error message in json format when external acl deny's a request.
Even if we send a json formatted message (using message= key value
pair) in external helper, the final output is still html.
We have a custom error file in share/error/templates directory, and we
use %o to pi
Em 01/02/16 14:46, Yuri Voinov escreveu:
You can't do it without bump.
Longer answer: transparent proxy for HTTPS (tcp/443) do not work
the same way it does for HTTP (tcp/80). It can be done, but some other
configurations are needed. The name for SSL transparent proxy support in
squid
L.P.H. van Belle wrote
> Just a question..
>
> You are using debian, i did say..
>
> chmod root:proxy ( proxy is the default squid user in debian )
>
> i see..
> chown root:squid /etc/squid3/ldappass.txt
>
> try again with
> chown root:proxy /etc/squid3/ldappass.txt
>
> Greetz,
>
> Loui
I'm still confused about the correct apply of the "at_step"-rules.
Does an action (ex. bump, peek, stare...) without providing a
step-argument implicit means step1, step2 AND step3?
Why does in my example the terminate-action triggers, although I
didn't defined a step?
On Mon, Feb 1, 2016 at 1:44
Hello there,
I'm trying to set up proxy, so it logs CONNECT to 443 sitest. All I want to
know is the visited domain. But if I do not redirect 443 to proxy port, I
don't see those requests and if I do, I'm getting SSL connection errors,
which is pointless. Is there some special setting I can use wi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
You can't do it without bump.
01.02.16 22:41, Jan Kotrlík пишет:
> Hello there,
>
> I'm trying to set up proxy, so it logs CONNECT to 443 sitest. All I
want to
> know is the visited domain. But if I do not redirect 443 to proxy port, I
> don't see
Just a question..
You are using debian, i did say..
chmod root:proxy ( proxy is the default squid user in debian )
i see..
chown root:squid /etc/squid3/ldappass.txt
try again with
chown root:proxy /etc/squid3/ldappass.txt
Greetz,
Louis
> -Oorspronkelijk bericht-
> Van: squid-u
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
We know :)
But own search is better :) If it works, of course.
01.02.16 21:40, Eliezer Croitoru пишет:
> On 31/01/2016 20:48, Yuri Voinov wrote:
>> Confirmed.
>
> It's non-functional for a very long time and will probably stay there
for more.
> Y
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
This is non-existant directive.
Right way is this:
tls_outgoing_options
cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256etc.etc.
(add you own options/ciphers, this is an example and I have no
responsibility i
Hi,
i'm using 4.0.4 and when i add the ssl directive CIPHER_SERVER_PREFERENCE i get
the following error:
Unknown TLS Option "IPHER_SERVER_PREFERENCE".
Squid Cache Terminated abnormally
Anny hints?
Mit freundlichen Grüßen
Florian Stamer
Geprüfter IT-Projektleiter
Technischer Leiter
Tel. +49 4
> -Oorspronkelijk bericht-
> Van: squid-users [mailto:squid-users-bounces@.squid-cache] Namens
> alesironi
> Verzonden: maandag 1 februari 2016 13:28
> Aan: squid-users@.squid-cache
> Onderwerp: Re: [squid-users] ext_ldap_group_acl not working
>
> Amos Jeffries wrote
> > On 1/02/2016 11:40
Same as on the squid keytab file :
chown root:squid /etc/squid3/ldappass.txt
chmod 440 /etc/squid3/ldappass.txt
Greetz,
> -Oorspronkelijk bericht-
> Van: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] Namens
> alesironi
> Verzonden: maandag 1 februari 2016 13:28
> Aan:
Amos Jeffries wrote
> On 1/02/2016 11:40 p.m., Alessandro Sironi wrote:
>>
>> Hello everyone
>>
>> I'm a newbie regarding SQUID and in general on Linux.
>> I have an Active Directory environment (Windows Server 2012 R2) and a
>> Linux Debian 8 Jessie configured in the same network.
>> My goal
On 2/02/2016 12:55 a.m., Tom Tom wrote:
> Hi list
> Using Squid 3.5.11 and playing with Peek-and-splice and
> SSL-Fingerprinting. I've configured the following settings:
>
> acl SSL_BLACKLIST server_cert_fingerprint "/etc/squid/SSL_BLACKLIST"
> acl DENY_SSL_BUMP ssl::server_name_regex -i "/etc/squ
Hello everyone
I'm a newbie regarding SQUID and in general on Linux.
I have an Active Directory environment (Windows Server 2012 R2) and a Linux
Debian 8 Jessie configured in the same network.
My goal is to install SQUID on Debian, integrate with Active Directory using
Kerberos and autohise
On 1/02/2016 11:35 a.m., Luis Daniel Lucio Quiroz wrote:
> Hello
>
> Can anyone give some clue, link something to read on how to do the HTTPs
> work with SNI, i just want to forward to the correct server based on the
> SNI. I want to get rid of SNIproxy in favor of squid.
That should be possible
Hi list
Using Squid 3.5.11 and playing with Peek-and-splice and
SSL-Fingerprinting. I've configured the following settings:
acl SSL_BLACKLIST server_cert_fingerprint "/etc/squid/SSL_BLACKLIST"
acl DENY_SSL_BUMP ssl::server_name_regex -i "/etc/squid/DENY_SSL_BUMP"
acl step1 at_step SslBump1
acl ste
What Amos is saying and :
Try.
Remove this line from krb5.conf
default_keytab_name = /etc/squid3/PROXY.keytab
and add/create:
/etc/default/squid
KRB5_KTNAME=/etc/squid3/PROXY.keytab
export KRB5_KTNAME
chown root:proxy /etc/squid3/PROXY.keytab
chmod 440 /etc
On 1/02/2016 9:56 p.m., Markus wrote:
> I've got a Squid server (v. 3.5.x) configured that way, that only some
> "banking sites" are allowed to be tunneled (spliced) - the rest of SSL
> sites are bumped.
> That works OK. I thought that it prevents me from illegal
> tunneling-out by users. However r
On 1/02/2016 11:40 p.m., Alessandro Sironi wrote:
>
> Hello everyone
>
> I'm a newbie regarding SQUID and in general on Linux.
> I have an Active Directory environment (Windows Server 2012 R2) and a Linux
> Debian 8 Jessie configured in the same network.
> My goal is to install SQUID on Debia
On 1/02/2016 5:42 a.m., ql li wrote:
> Hello:
> PS4 game the squid transparent proxy cache files cannot be successful,
> have 0006 0004complete data in the cache directory, use the PC
> to access http://..ZP2PS401.pkg? Successfulhits. PS4 game
> console download hits fail! Causing t
I've got a Squid server (v. 3.5.x) configured that way, that only some
"banking sites" are allowed to be tunneled (spliced) - the rest of SSL
sites are bumped.
That works OK. I thought that it prevents me from illegal
tunneling-out by users. However recently I've realized that TeamViewer
is still a
33 matches
Mail list logo
