On 04/21/2016 03:26 PM, Odhiambo Washington wrote:
> On 21 April 2016 at 23:14, Alex Rousskov wrote:
> Logging aside, your latest random configuration is equivalent to
> [...] not intercepting SSL at all, which brings
> us back to the old question: What do you want Squid to do?
> If I
On 04/21/2016 03:53 PM, Antony Stone wrote:
> Any chance of getting it added to the Squid documentation for newbies, so
> they
> have a better concept of what these terms mean and where they apply?
Please do!
Alex.
___
squid-users mailing list
squid
On Thursday 21 April 2016 at 22:53:35, Alex Rousskov wrote a good explanation
of SSL bumping.
> On 04/21/2016 02:22 PM, Antony Stone wrote:
> > Forgive me if this is answered in the documentation somewhere (but please
> > point me at it if so, because I haven't been able to find it), but where
>
Yes! That SSL _Bump_ name!
Thanks for explaining the origins.
On 23:53, Thu, Apr 21, 2016 Alex Rousskov
wrote:
> On 04/21/2016 02:22 PM, Antony Stone wrote:
>
> > Forgive me if this is answered in the documentation somewhere (but please
> > point me at it if so, because I haven't been able to f
On 21 April 2016 at 23:14, Alex Rousskov
wrote:
> On 04/21/2016 01:59 PM, Odhiambo Washington wrote:
> > On 21 April 2016 at 22:04, Amos Jeffries wrote:
> >
> > On 22/04/2016 6:20 a.m., Odhiambo Washington wrote:
> > > I have now changed to *configurations suggested specifically for
> you
On 04/21/2016 02:22 PM, Antony Stone wrote:
> Forgive me if this is answered in the documentation somewhere (but please
> point me at it if so, because I haven't been able to find it), but where do
> the
> terms "bump", "peek", "splice" and "stare" come from?
"splice" comes from a standard net
Thank you for immediate answer, Antony.
Best Regards,
Sergey
2016-04-21 23:26 GMT+03:00 Antony Stone :
> On Thursday 21 April 2016 at 22:21:15, Ser de Bronce wrote:
>
> > I have a squid server that can be accessed from multiple subdomains.
> > For example, user A does a proxy request on "aaa.myp
On Thursday 21 April 2016 at 22:21:15, Ser de Bronce wrote:
> I have a squid server that can be accessed from multiple subdomains.
> For example, user A does a proxy request on "aaa.myproxy.com" and user B on
> "bbb.myproxy.com"
> Is it possible to log which subdomain was requested by the user?
N
Hi.
Forgive me if this is answered in the documentation somewhere (but please
point me at it if so, because I haven't been able to find it), but where do the
terms "bump", "peek", "splice" and "stare" come from?
Personally I don't find them particularly intuitive to comprehend, in terms of
wha
Hi there,
Maybe someone already knows any solution:
I have a squid server that can be accessed from multiple subdomains.
For example, user A does a proxy request on "aaa.myproxy.com" and user B on
"bbb.myproxy.com"
Is it possible to log which subdomain was requested by the user?
Best Regards,
Se
On 04/21/2016 01:59 PM, Odhiambo Washington wrote:
> On 21 April 2016 at 22:04, Amos Jeffries wrote:
>
> On 22/04/2016 6:20 a.m., Odhiambo Washington wrote:
> > I have now changed to *configurations suggested specifically for your
> use
> > case, on this email thread* :)
> > acl
On 21 April 2016 at 21:52, Amos Jeffries wrote:
> On 22/04/2016 6:12 a.m., Odhiambo Washington wrote:
> > Hi Amos,
> >
> > I have just now succeeded in compiling squid-4.0.9 on FreeBSD 10.3 and
> I'm
> > even able to run it.
> > The server I am testing on serves about 20 users. It's been successf
On 21 April 2016 at 22:04, Amos Jeffries wrote:
> On 22/04/2016 6:20 a.m., Odhiambo Washington wrote:
> > Hi Alex,
> >
> > I have now changed to *configurations suggested specifically for your use
> > case, on this email thread* :)
> >
> >
> >
> > acl no_ssl_interception ssl::server_name
> > "/us
On 22/04/2016 6:20 a.m., Odhiambo Washington wrote:
> Hi Alex,
>
> I have now changed to *configurations suggested specifically for your use
> case, on this email thread* :)
>
>
>
> acl no_ssl_interception ssl::server_name
> "/usr/local/etc/squid/ssl_bump_broken_sites.txt"
> ssl_bump splice no_
On 22/04/2016 6:12 a.m., Odhiambo Washington wrote:
> Hi Amos,
>
> I have just now succeeded in compiling squid-4.0.9 on FreeBSD 10.3 and I'm
> even able to run it.
> The server I am testing on serves about 20 users. It's been successfully
> running 3.5.x (upgraded to 3.5.17 today).
>
> On my oth
Hi Alex,
I have now changed to *configurations suggested specifically for your use
case, on this email thread* :)
acl no_ssl_interception ssl::server_name
"/usr/local/etc/squid/ssl_bump_broken_sites.txt"
ssl_bump splice no_ssl_interception
ssl_bump stare all
ssl_bump bump all
Now, suppose, as
Hi Amos,
I have just now succeeded in compiling squid-4.0.9 on FreeBSD 10.3 and I'm
even able to run it.
The server I am testing on serves about 20 users. It's been successfully
running 3.5.x (upgraded to 3.5.17 today).
On my other server that is FreeBSD-9.3 (the one I upgraded recently from
8.4)
On 04/21/2016 08:12 AM, Odhiambo Washington wrote:
> acl no_ssl_interception ssl::server_name ...
> ssl_bump splice no_ssl_interception
> ssl_bump stare step2
> ssl_bump splice all
You are mixing splice and stare now. There are two groups of actions:
* peek and then splice
* stare and then bump
On 22/04/2016 2:36 a.m., Markey, Bruce wrote:
> acl internal src 192.168.200.0/21
> acl wireless src 192.168.100.0/23
>
> acl Safe_ports port 80
> acl Safe_ports port 443
> acl SSL_ports port 443
> acl CONNECT method CONNECT
>
> acl allowed dstdomain -i "/etc/squid3/acls/http_allowed.acl"
> acl p
Hey Amons,
thanks for your replay.
The line /usr/lib/squid3/negotiate_kerberos_auth -r -s GSS_C_NO_NA$
there only missing the 2 letters ME sorry for that.
I will build a test server with the newest squid version and config changes.
>I log squid in database and every connect i see is not block
acl internal src 192.168.200.0/21
acl wireless src 192.168.100.0/23
acl Safe_ports port 80
acl Safe_ports port 443
acl SSL_ports port 443
acl CONNECT method CONNECT
acl allowed dstdomain -i "/etc/squid3/acls/http_allowed.acl"
acl prime dstdomain -i "/etc/squid3/acls/squid-prime.acl"
acl ips dst -
On 21 April 2016 at 16:48, Alex Rousskov
wrote:
> On 04/21/2016 07:18 AM, Odhiambo Washington wrote:
> > Is is expected that using ssl_bump results into high CPU usage all the
> > time?
>
> Your question is impossible to answer in general: The CPU usage levels
> depend on the amount of Squid tra
On 04/21/2016 07:18 AM, Odhiambo Washington wrote:
> Is is expected that using ssl_bump results into high CPU usage all the
> time?
Your question is impossible to answer in general: The CPU usage levels
depend on the amount of Squid traffic, the portion of SSL traffic in the
overall traffic mix,
I will put the splice explicitly and observe.
Without ssl_bump I never saw such cpu usage with squid.
However, lemme watch and also listen to feedback..
On 21 April 2016 at 16:34, Amos Jeffries wrote:
> On 22/04/2016 1:18 a.m., Odhiambo Washington wrote:
> > Is is expected that using ssl_bum
On 22/04/2016 1:18 a.m., Odhiambo Washington wrote:
> Is is expected that using ssl_bump results into high CPU usage all the
> time?
>
Encryption adds CPU overhead, but how much depends on what your normal
use was. I dont think any of us have a good rule-of-thumb or educated
guess yet because Sq
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Not necessary. May be bottleneck in OS.
21.04.16 19:25, Odhiambo Washington пишет:
> So, what could possibly be wrong with my setup, that squid consumes so much
> CPU?
>
> On 21 April 2016 at 16:22, Yuri Voinov mailto:yvoi...@gmail.com>> wrote:
>
So, what could possibly be wrong with my setup, that squid consumes so much
CPU?
On 21 April 2016 at 16:22, Yuri Voinov wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> It must not be. My most active setup has 3% CPU all time dirung peak hours.
>
> Typical view:
>
> https://i1.so
On 21/04/2016 3:39 a.m., epytir wrote:
> Hey Squid Users,
>
> Sorry for my bad english im learning it currently.
>
> I got a little problem with my squid proxy.
> I installed it with ufdbguard and squidclamav and everything works fine.
>
> The users login with kerberos ntlm or normal username pa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
It must not be. My most active setup has 3% CPU all time dirung peak hours.
Typical view:
https://i1.someimage.com/NzM1erI.png
21.04.16 19:18, Odhiambo Washington пишет:
> Is is expected that using ssl_bump results into high CPU usage all the
Is is expected that using ssl_bump results into high CPU usage all the
time?
This is squid-3.5.17
That is what I am seeing:
last pid: 26673; load averages: 2.24, 2.00, 2.10
up 0+03:47:56 16:08:30
160 processes: 2 running, 157 sleeping, 1 zombie
CPU: 86.1% user, 0.0% nice,
On 21/04/2016 8:18 a.m., Markey, Bruce wrote:
> I'm curious as to why this is happening.
>
> Proxy was implemented last week and since then I've been dealing with all the
> sites that don't work. Not a problem, knew it was going to happen. I'd like
> to understand why the following is happening.
__
Squid Proxy Cache Security Update Advisory SQUID-2016:6
__
Advisory ID:SQUID-2016:6
Date: April 20, 2016
Summary:Multiple issues in
__
Squid Proxy Cache Security Update Advisory SQUID-2016:5
__
Advisory ID:SQUID-2016:5
Date: April 20, 2016
Summary:Buf
The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-4.0.9 release!
This release is a security and bug fix release resolving several
vulnerabilities and issues found in the prior Squid releases.
The major changes to be aware of:
* SQUID-2016:5 - Buffer overflow
The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-3.5.17 release!
This release is a security and bug fix release resolving several
vulnerabilities and issues found in the prior Squid releases.
The major changes to be aware of:
* SQUID-2016:5 - Buffer overflow
On 21/04/2016 1:51 p.m., zodyo wrote:
> anybody here? im newbie and need some advice here, or how to bypass some
> sites with auth
>
Lusca is not Squid. It is a fork by Xenion with quite a few changes. You
will need to contact there about support.
... or upgrade to a Squid-3 version we provide su
36 matches
Mail list logo
