[squid-users] googles data compression proxy

Any real experience, how to block this feature ? Actually, it allows to tunnel thru squid, because of special protocol. In my logs, I see TCP_DENIED for http://check.googlezip.net/connect, because of my ACL in squid. However, traffic is still tunneled thru squid to goohles proxy. -- View this

[squid-users] Squid Peek/Splice some issues

Hi , i have squid that is working on 3.5 . traffic of t 80 and 443 traffic to Squid via IPTables. Squid then passes traffic to ClamAV via C-ICAP. Squid is configured to intercept all SSL traffic and PKI has been setup and distributed to all clients. we have a problem in Skype of Business (Offic

Re: [squid-users] dead gateway, not dead peer..

On Mon, Jun 20, 2016 at 4:04 PM, Antony Stone < antony.st...@squid.open.source.it> wrote: > > > Please answer the following questions: > > 1. How many squid servers do you have (in this setup)? > ​ I have three squid servers ​ > > 2. What are their IP addresses? > ​172.16.0.30/20 - Oasis, 172.16

Re: [squid-users] dead gateway, not dead peer..

On Monday 20 June 2016 at 21:53:04, B. Cook wrote: > Looking for a second opinion.. > > I think this is beyond the scope of squid, but I figured I would ask > anyway.. Maybe it is, maybe it isn't - I don't think you've given anything like enough information for us to know. > VZW FiOS link in o

[squid-users] dead gateway, not dead peer..

Looking for a second opinion.. I think this is beyond the scope of squid, but I figured I would ask anyway.. VZW FiOS link in one building (primary) and VZW FIOS link in a second building (secondary). the gateway for the primary link is sometimes unavailable.. squid is fine on both ends.. 0.30

[squid-users] SECURITY ALARM, once more

I see quite a few messages like this one in my logs: squid[1327]: SECURITY ALERT: on URL: sa.scorecardresearch.com:443 Running squid 3.5.19-20160524-r14057, https-intercept just for logging, so no bump. It is understood, that most likely this is because of squids DNS and browsers DNS not to be in

[squid-users] URL access based on AD group membership

Hello Amos; is there a simpler way to tackle this as I am not linux guy and not sure howto write any helper program which need to call. Regards; Nilesh Gavali > Thanks Eliezer for reply. > Its is working now for be perfectly with below command with -d option > gives helpful debug info to tro

Re: [squid-users] Configuring squid to work as an HTTPS proxy

On 21/06/2016 2:02 a.m., Jobin George wrote: > Hi, > > I am trying to setup squid3 as an HTTPS proxy using the tutorial given > [here][1]. I have properly setup the proxy settings in my browser and when I > try to hit **HTTP** web sites, I am able to connect successfully. However, I > keep gett

Re: [squid-users] Configuring squid to work as an HTTPS proxy

Em 20/06/2016 11:02, Jobin George escreveu: Hi, I am trying to setup squid3 as an HTTPS proxy using the tutorial given [here][1]. I have properly setup the proxy settings in my browser and when I try to hit **HTTP** web sites, I am able to connect successfully. However, I keep getting a "Con

Re: [squid-users] Configuring squid to work as an HTTPS proxy

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 You using wrong and extremal unspecific manual. Feel free to use our good manuals: http://wiki.squid-cache.org/ConfigExamples 20.06.2016 20:02, Jobin George пишет: > > Hi, > > > > I am trying to setup squid3 as an HTTPS proxy using the tutoria

[squid-users] Configuring squid to work as an HTTPS proxy

Hi, I am trying to setup squid3 as an HTTPS proxy using the tutorial given [here][1]. I have properly setup the proxy settings in my browser and when I try to hit **HTTP** web sites, I am able to connect successfully. However, I keep getting a "Connection timed out error" whenever I hit an **HT

Re: [squid-users] URL access based on AD group membership

On 20/06/2016 9:21 p.m., Nilesh Gavali wrote: > Thanks Eliezer for reply. > Its is working now for be perfectly with below command with -d option > gives helpful debug info to troubleshoot. > > external_acl_type AD_Group %LOGIN /usr/lib64/squid/squid_ldap_group -P -R > -b "DC=ABCD,DC=GOV,DC=IN"

Re: [squid-users] ECDSA and SSL bump

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Windows Updates is also incompatible with ECDSA due to akamai behind. :) 20.06.2016 17:19, Yuri Voinov пишет: > > akamaihd.net has compatibility issues with ECDSA squid's certs. fb.com behind it, etc. > > 20.06.2016 0:10, Yuri Voinov пишет: > > >

Re: [squid-users] ECDSA and SSL bump

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 akamaihd.net has compatibility issues with ECDSA squid's certs. fb.com behind it, etc. 20.06.2016 0:10, Yuri Voinov пишет: > > ECDSA works with any combination with RSA in CA-subordinate CA's. > > Will check compatibility issues, if any. > > 19.06

Re: [squid-users] Queue incoming requests when fetching from origin

Hi Eliezer, Yes, Jaap is my first name :) I might have not mentioned this before, but I'm using Squid as a reverse proxy / in acceleration mode. So as far as I know your comments are not applicable. Thanks for your thoughts though! Jaap 2016-06-19 7:16 GMT+02:00 Eliezer Croitoru : > Hey Jaap, (

[squid-users] URL access based on AD group membership

Thanks Eliezer for reply. Its is working now for be perfectly with below command with -d option gives helpful debug info to troubleshoot. external_acl_type AD_Group %LOGIN /usr/lib64/squid/squid_ldap_group -P -R -b "DC=ABCD,DC=GOV,DC=IN" -D svcproxy -w 123456789 -f "(&(objectclass=person)(userP

Re: [squid-users] URL access based on AD group membership

Hey Nilesh, Did you tried to test it in any way outside of squid? Like in a command line as a self running program? Eliezer Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il From: squid-users [mail