On Thu, 2016-05-19 at 05:27 +1200, Amos Jeffries wrote:
> On 19/05/2016 2:21 a.m., Garri Djavadyan wrote:
> >
> > On Thu, 2016-05-19 at 00:39 +1200, Amos Jeffries wrote:
> > >
> > > Using ignore-private and ignore-must-revalidate on the same
> > > refresh_pattern is *extremely* dangerous. Just as
On 05/18/2016 03:56 PM, Rob Worsnop wrote:
> In certain circumstances, MWG will start streaming the RESPMOD response
> before Squid has finished sending all the chunks in the RESPMOD request.
>
> Squid does not like this.
If Squid does not like this, it is a Squid bug IMO.
> As far as I can te
I'm having a problem talking ICAP with McAfee Web Gateway (MWG).
In certain circumstances, MWG will start streaming the RESPMOD response
before Squid has finished sending all the chunks in the RESPMOD request.
Squid does not like this. It seems to interpret the arrival of response
traffic as a s
Hi.
On 18.05.2016 16:29, Amos Jeffries wrote:
I don't know what you mean by "the main tree". But The feature you
describe does not qualify for adding to the 3.5 production release
series. The only features added to a series after is goes to "stable"
production releases are ones which resolve no
On 19/05/2016 2:21 a.m., Garri Djavadyan wrote:
> On Thu, 2016-05-19 at 00:39 +1200, Amos Jeffries wrote:
>> Using ignore-private and ignore-must-revalidate on the same
>> refresh_pattern is *extremely* dangerous. Just asking to get your
>> cache pwned.
>
> I'm also using the both options on the s
On 19/05/2016 2:14 a.m., s...@kpa.gr wrote:
> Hello!
>
> I am currently setting up a squid server, which should serve as a
> transparent proxy in our network.
>
> We mainly need it to do the following:
> Allow and Block Domains on HTTP and HTTPS protocol (withOUT bumping the
> traffic). We only w
On 2016-05-18 08:14, s...@kpa.gr wrote:
Hello!
I am currently setting up a squid server, which should serve as a
transparent proxy in our network.
We mainly need it to do the following:
Allow and Block Domains on HTTP and HTTPS protocol (withOUT bumping
the traffic). We only want to allow domai
On 05/18/2016 05:05 AM, Sagar Malve wrote:
> when we pass the Network through Squid the
> Internet work very slow
In addition to other comments on this thread, please note that,
according to my _ballpark_ estimates, Squid "ssl_bump bump" performance
is about 10% of regular plain traffic forward
On Thu, 2016-05-19 at 00:39 +1200, Amos Jeffries wrote:
> Using ignore-private and ignore-must-revalidate on the same
> refresh_pattern is *extremely* dangerous. Just asking to get your
> cache pwned.
I'm also using the both options on the same refresh_pattern for several
years. Can you explain th
Hello!
I am currently setting up a squid server, which should serve as a
transparent proxy in our network.
We mainly need it to do the following:
Allow and Block Domains on HTTP and HTTPS protocol (withOUT bumping the
traffic). We only want to allow domain names on the SSL port, no URLs.
It
This has probely todo with the latest samba/windows updates.
But your giving so little info.
You can confirm it by testing the ldap. Connect to ldaps (port 636).
Does that work? No, try adding in /etc/ldap/ldap.conf
TLS_REQCERT allow
And make sure your AD Root CA cert is know in :
TLS_CACERT
On 19/05/2016 12:25 a.m., Manduva, Ranga Sai wrote:
> Hi,
>
> Does anyone had similar issue ?? Is there any workaround for it ? Something
> like configure squid to follow referral etc..
>
Squid has nothing to do with those layers of operations. The closest it
gets is to pass the helper command
On 18/05/2016 11:05 p.m., Sagar Malve wrote:
> Scenario : I want to block certain HTTPS website using SSL Bump and
> without installing any SSL Certificate on Clients End as I will be
> distributing this Same Network for Mobile Devices so I don't want to keep
> installing certificate in each Mobil
>> 18.05.16 3:11, Robert W Weaver пишет:
>>> The issue is I need to connect to a site that requires client
>>> authentication. Don't want to put the key and cert on each individual
>>> user, so instead want the key and cert on the proxy.
>>> Diagram:
>>> User A ---> Squid S ---> Server B
>>>
Hi,
Does anyone had similar issue ?? Is there any workaround for it ? Something
like configure squid to follow referral etc..
Thanks.
Regards,
Ranga
-Original Message-
From: Manduva, Ranga Sai
Sent: Monday, May 16, 2016 6:32 PM
To: 'squid-users@lists.squid-cache.org'
Subject: squid_
On 18/05/2016 5:57 p.m., Eugene M. Zheganin wrote:
> Hi.
>
> I've just checked that squid 3.5.19 sources, and discovered the
> following fact that is really disturbing:
> (first some explanation)
> Markus Moeller, the author of the external kerberos group helper, has
> implemented the Kerberos cre
Scenario : I want to block certain HTTPS website using SSL Bump and
without installing any SSL Certificate on Clients End as I will be
distributing this Same Network for Mobile Devices so I don't want to keep
installing certificate in each Mobile Device like Android / IOS / Windows
etc phones
On 17.05.16 17:11, Robert W Weaver wrote:
The issue is I need to connect to a site that requires client
authentication. Don't want to put the key and cert on each individual
user, so instead want the key and cert on the proxy.
Diagram:
User A ---> Squid S ---> Server B
^^
18 matches
Mail list logo
