auth_param negotiate program /usr/bin/ntlm_auth
--helper-protocol=gss-spnego --configfile /etc/samba/smb.conf-squid
auth_param negotiate children 20 startup=0 idle=3
auth_param negotiate keep_alive on
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp --configfile
/etc/s
On 02/09/2016 02:54 PM, Rafael Akchurin wrote:
> If you need to **only** filter by IP/ CONNECT domain name/SNI then you
> do not need to install Squid’s Root CA certificate onto your client
> machines.
This is correct.
> In this case indeed there is not much sense to use ICAP as for
> it to wo
[this should be on squid-dev instead]
On 02/09/2016 01:20 PM, Prashanth Prabhu wrote:
> Here's the behavior I have seen: When the connection is set up, the
> buffer gets a size of 16KB (default). Squid reads from the socket,
> parses the data, and then sends it towards c-icap as appropriate. Now,
Hello Panda Admin,
If you need to *only* filter by IP/ CONNECT domain name/SNI then you do not
need to install Squid’s Root CA certificate onto your client machines. In this
case indeed there is not much sense to use ICAP as for it to work you *must*
bump (otherwise you cannot “look into the SS
I would love to use another tool, however can your tools do ssl_bumping aka
filtering of HTTPS traffic WITHOUT putting a cert on the client side? This
is the only way I've been able to come up with to do both HTTPS and HTTP
Content Filtering using squid.
Thanks for all advice:)
On Tue, Feb 9, 201
Hello Panda Admin,
If you do not mind looking at ICAP filtering instead of only URL filtering
please take a look at our qlproxy (ICAP web filter for Squid).
The shalla list formatted folders with categories can be used as is as third
party blacklist provider and I presume takes less time to proc
Hey Admin,
I have been working on SquidBlocker for quite some time and have just
released (about two weeks ago) the latest 1.0.0 as an RPM at:
http://ngtech.co.il/repo/centos/7/x86_64/squidblocker-1.0.0-1.el7.centos.x86_64.rpm
I have not tried yet but using alien will result some kind of "OK"
Hi Amos,
I have had a chance to perform some further investigation into the
slow-upload issue. And, it appears to be due to how the buffer is used
when reading from the client-socket.
Here's the behavior I have seen: When the connection is set up, the
buffer gets a size of 16KB (default). Squid r
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
https://www.urlfilterdb.com/products/ufdbguard.html
10.02.16 1:00, Panda Admin пишет:
> The acl files are up to 16M in size. The RAM on the machine is 4G.
> Allocating swap space 8G for the
OS has fixed the crashing issue. The only issue now is
The acl files are up to 16M in size. The RAM on the machine is 4G.
Allocating swap space 8G for the OS has fixed the crashing issue. The only
issue now is startup time. Squid is taking several minutes to start up. Is
there a better solution that I'm missing?
Thanks!
On Tue, Feb 9, 2016 at 12:42
On 02/09/2016 08:21 AM, Eliezer Croitoru wrote:
> List of practical tests:
> - Forward proxy for HTTP(static objects with size + without size
> declaration, dynamic content from various normal use cases such as
> social networks, academic sources, search engines)
> - Forward proxy for "fake HTTP"
On 10/02/2016 6:48 a.m., Nick Walke wrote:
> We're running Squid 3.5. We noticed today that Squid "exited normally" at
> 11:10:55 our time. Here's a log sample:
>
> 2016/02/09 11:09:10 kid1| hold write on SSL connection on FD 13
> 2016/02/09 11:09:14 kid1| hold write on SSL connection on FD 16
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Oops..
09.02.16 23:46, sebastien.boulia...@cpu.ca пишет:
> Hi,
>
> Thanks you very much for your answer.
> It's very appreciated.
>
> Can you give me a hint how to generate a dhparam key please ?
>
> I saw this link.
> Should it works ?
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Just for example:
openssl dhparam -outform PEM -out dhparam.pem 2048
09.02.16 23:46, sebastien.boulia...@cpu.ca пишет:
> Hi,
>
> Thanks you very much for your answer.
> It's very appreciated.
>
> Can you give me a hint how to generate a dhparam k
On 10/02/2016 6:16 a.m., turgut kalfaoğlu wrote:
> Hi again.. I have a squid setup with two servers; one acting as "parent"
> and only getting requests from the child,
> and the other one actually serves people as a transparent accelerator
> for the slow internet.
What do you mean exactly? "transp
We're running Squid 3.5. We noticed today that Squid "exited normally" at
11:10:55 our time. Here's a log sample:
2016/02/09 11:09:10 kid1| hold write on SSL connection on FD 13
2016/02/09 11:09:14 kid1| hold write on SSL connection on FD 16
2016/02/09 11:09:23 kid1| hold write on SSL connection
Hi,
Thanks you very much for your answer.
It's very appreciated.
Can you give me a hint how to generate a dhparam key please ?
I saw this link.
Should it works ?
https://www.howtoforge.com/tutorial/how-to-protect-your-debian-and-ubuntu-server-against-the-logjam-attack/
or
## Create a DH paramet
On 10/02/2016 5:21 a.m., Kinkie wrote:
> If you are swapping performance will suffer terribly. How large are these
> files and how much ram do youbhave?
NP: fork() which is used by Squid can require virtual memory in large
amounts. Even though the processes do not actually use that much RAM.
In
On 9/02/2016 11:17 p.m., ksv rgh wrote:
> @Alex, could you please share the config options that you set while
> building squid for ssl-bumping.
The build options for ssl-bump features are these:
./configure --with-openssl --enable-ssl-crtd
If (and only if) you have OpenSSL installed at a non-d
Hi again.. I have a squid setup with two servers; one acting as "parent"
and only getting requests from the child,
and the other one actually serves people as a transparent accelerator
for the slow internet.
It works well normally, two things I could not get to work well:
1) SSL. I had many proble
If you are swapping performance will suffer terribly. How large are these
files and how much ram do youbhave?
On Feb 9, 2016 5:17 PM, "Panda Admin" wrote:
> Adding a swap directory fixed it for now. I think it's because my ACL
> files are so large.
>
> On Tue, Feb 9, 2016 at 11:00 AM, Panda Admi
Thank you for the quick reply. I have tried it with quotes the results are the
same. It's not working.
> On 9 Feb 2016, at 3:37 pm, Amos Jeffries wrote:
>
>> On 10/02/2016 3:24 a.m., mathew abraham wrote:
>> Could some point me to the right direction?
>> I want to use ext_ldap_group_acl to a
Adding a swap directory fixed it for now. I think it's because my ACL
files are so large.
On Tue, Feb 9, 2016 at 11:00 AM, Panda Admin
wrote:
> I see that, but that's not possible. I still have system memory available.
> I just did a top while running squid, never went over 30% memory usage.
>
I see that, but that's not possible. I still have system memory available.
I just did a top while running squid, never went over 30% memory usage. It
maxed out the CPU but not the memory. So, yeah...still confused.
On Tue, Feb 9, 2016 at 10:55 AM, Kinkie wrote:
> Hi,
> it's all in the logs yo
Hi,
it's all in the logs you posted:
ipcCreate: fork: (12) Cannot allocate memory
WARNING: Cannot run '/lib/squid3/ssl_crtd' process.
...
FATAL: Failed to create unlinkd subprocess
You've run of system memory during startup.
On Tue, Feb 9, 2016 at 4:47 PM, Panda Admin wrote:
> Hello,
>
> I a
Hello,
I am running squid 3.5.13 and it crashes with these errors:
2016/02/09 15:43:24 kid1| Set Current Directory to /var/spool/squid3
2016/02/09 15:43:24 kid1| Starting Squid Cache version 3.5.13 for
x86_64-pc-linux-gnu...
2016/02/09 15:43:24 kid1| Service Name: squid
2016/02/09 15:43:24 kid1|
On 10/02/2016 3:24 a.m., mathew abraham wrote:
> Could some point me to the right direction?
> I want to use ext_ldap_group_acl to allow certain users who are members of
> the ad group for example
> YouTube - Allowed, Twitter - Allowed
> Yes with the blank space and dash in the group name. For tha
In relation to the quoted emails (down) about 4.1 Stability.
I was asked more then once the next question:
"What if the proxy goes down???"
Once it was from an IT manager and couple other times in private emails
and country\work local discussions.
The issues of concern was touched at the artic
Could some point me to the right direction?
I want to use ext_ldap_group_acl to allow certain users who are members of the
ad group for example
YouTube - Allowed, Twitter - Allowed
Yes with the blank space and dash in the group name. For that reason I have
create files /adgroups/youtube.txt and /
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
No. This is configuration only solution.
09.02.16 20:03, sebastien.boulia...@cpu.ca пишет:
> Hi,
>
> Thanks you very much for your complete answer.
> Do I need to recompile my Squid to disable those ciphers and protocols ?
>
> Thanks.
>
> -Mes
Hi,
Thanks you very much for your complete answer.
Do I need to recompile my Squid to disable those ciphers and protocols ?
Thanks.
-Message d'origine-
De : dweimer [mailto:dwei...@dweimer.net]
Envoyé : 9 février 2016 08:53
À : Sebastien Boulianne
Cc : squid-users@lists.squid-cache.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Also:
http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit?#Hardening
09.02.16 19:52, dweimer пишет:
> On 2016-02-09 7:38 am, sebastien.boulia...@cpu.ca wrote:
>
>> Hi,
>>
>> I did a SSL test and I have some questions.
>>
>> The S
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Whhich test you performed?
09.02.16 19:38, sebastien.boulia...@cpu.ca пишет:
>
> Hi,
>
>
>
> I did a SSL test and I have some questions.
>
> The SSL test notified me that POODLE (SSLv3), RC4 are enable or/and
vulnerable.
>
>
>
> Is it a way to b
On 2016-02-09 7:38 am, sebastien.boulia...@cpu.ca wrote:
Hi,
I did a SSL test and I have some questions.
The SSL test notified me that POODLE (SSLv3), RC4 are enable or/and
vulnerable.
Is it a way to block that with Squid ?
How can I disable thosed protocols ? Server side or Squid side ?
Hi,
I did a SSL test and I have some questions.
The SSL test notified me that POODLE (SSLv3), RC4 are enable or/and vulnerable.
Is it a way to block that with Squid ?
How can I disable thosed protocols ? Server side or Squid side ?
Thanks for your answer guys.
Sébastien
Hi
I want to modify the /usr/lib/squid3/log_db_daemon script, but I'm not know
very knowledge about PERL, so if i want to modify to get on the mysql
table, not epoch_time, and date_time in human readable i guess first change
the scheme...
line 157:" time_since_epoch DECIMAL(15,3),"
to :
@Alex, could you please share the config options that you set while
building squid for ssl-bumping. I have been having real tough times in
getting it right. Also, which OS are you running it on?
My use case is to enable ssl-bump and cache https content.
(documents/videos etc, that are downloaded f
37 matches
Mail list logo
