Re: [squid-users] squid stops working

On 22/07/2016 2:54 p.m., Michel Peterson wrote: > Hi friends, > > The squid (4.0.12) proxy that I have running on debian jessie stops > accepting new requests after being online for a while. Before it stops > record this message in cache.log: > > 2016/07/19 09:45:20 kid1| assertion failed: client

Re: [squid-users] protect squid.conf file

On 22/07/2016 3:02 a.m., --Ahmad-- wrote: > h > > what about if i insert a directive inside squid and this directive not being > shown in squid.conf ?? > > > say i want to add line to the current squid.conf but i don’t want to add that > line in squid.conf > > also i don’t want to includ

Re: [squid-users] Squid - AD integration Issue

On 22/07/2016 2:09 a.m., Nilesh Gavali wrote: > HI All; > > Squid integration with AD kerberos auth was working properly for me. Today > faced issue, as users are getting login prompt while accessing Proxy. > Not sure what went wrong. here is my configuration and also cache.log o/p. > Need urge

[squid-users] squid stops working

Hi friends, The squid (4.0.12) proxy that I have running on debian jessie stops accepting new requests after being online for a while. Before it stops record this message in cache.log: 2016/07/19 09:45:20 kid1| assertion failed: client_side_reply.cc:2163: "reqofs <= HTTP_REQBUF_SZ || flags.heade

Re: [squid-users] protect squid.conf file

On Thursday 21 July 2016 at 16:59:29, Ahmed Alzaeem wrote: > h > > what about if i insert a directive inside squid and this directive not > being shown in squid.conf ?? > > say i want to add line to the current squid.conf but i don’t want to add > that line in squid.conf An interesting sent

Re: [squid-users] HTTPS and Headers

On 07/21/2016 10:33 AM, Alex Rousskov wrote: > On 07/21/2016 12:41 AM, FredB wrote: >> when I try to put some new headers it works only with an HTTP website >> >> I can't do that ? What are the limitations ? > If you are intercepting SSL traffic, then you can do nothing today and > will be able t

Re: [squid-users] HTTPS and Headers

On 07/21/2016 12:41 AM, FredB wrote: > I wonder what headers can be see by squid with a SSL website ? Without > SSLBump of course You are asking the wrong question if your goal is to "mark in logs a specific information from a user for all proxies (proxy chaining)". > when I try to put some ne

Re: [squid-users] protect squid.conf file

h what about if i insert a directive inside squid and this directive not being shown in squid.conf ?? say i want to add line to the current squid.conf but i don’t want to add that line in squid.conf also i don’t want to include other external file is there a method to add directive in

Re: [squid-users] protect squid.conf file

On Thursday 21 July 2016 at 16:06:29, --Ahmad-- wrote: > say that i worked on squid with very private work and i want to protect my > squid.conf to be read from others who login ssh . > > is it possible to encrypt squid.conf file ? No, but you can make it readable to the squid user only (and t

Re: [squid-users] protect squid.conf file

On 07/21/2016 10:06, --Ahmad-- wrote: > hi Guys > > > say that i worked on squid with very private work and i want to protect my > squid.conf to be read from others who login ssh . > > is it possible to encrypt squid.conf file ? Encrypt, not as far as I know. Change the permissions so onl

[squid-users] Squid - AD integration Issue

HI All; Squid integration with AD kerberos auth was working properly for me. Today faced issue, as users are getting login prompt while accessing Proxy. Not sure what went wrong. here is my configuration and also cache.log o/p. Need urgent help.

[squid-users] protect squid.conf file

hi Guys say that i worked on squid with very private work and i want to protect my squid.conf to be read from others who login ssh . is it possible to encrypt squid.conf file ? cheers ___ squid-users mailing list squid-users@lists.squid-cache.org

Re: [squid-users] Squid Intercept - From inside LAN with DNAT on router and docker on host

On 22/07/2016 12:00 a.m., Guilherme Scaglia wrote: > Amos, > >> There is a different config example for REDIRECT < > http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect> > > Ty, I'm going to try it using REDIRECT. I was unwilling to follow the DNAT > guide because of having to enab

Re: [squid-users] Squid Intercept - From inside LAN with DNAT on router and docker on host

Bruno, > No, no, Amos was just explaining the use of DNAT in this case; REDIRECT won't work either. > You should do as intructed by Antony and try policy routing. That's what I'm planing; Policy routing at Mikrotik, so the packets arrive at the squid machine. At squid machine, redirect from port

Re: [squid-users] Squid Intercept - From inside LAN with DNAT on router and docker on host

Em 21/07/2016 08:55, Guilherme Scaglia escreveu: Amos, > There is a different config example for REDIRECT Ty, I'm going to try it using REDIRECT. I was unwilling to follow the DNAT guide because of having to enable ip-forwa

Re: [squid-users] Squid Intercept - From inside LAN with DNAT on router and docker on host

Amos, > There is a different config example for REDIRECT < http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect> Ty, I'm going to try it using REDIRECT. I was unwilling to follow the DNAT guide because of having to enable ip-forwarding in a non-router machine. The REDIRECT version s

Re: [squid-users] Squid Intercept - From inside LAN with DNAT on router and docker on host

Amos, > There is a different config example for REDIRECT < http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect> Ty, I'm going to try it using REDIRECT. I was unwilling to follow the DNAT guide because of having to enable ip-forwarding in a non-router machine. The REDIRECT version s

Re: [squid-users] Wrong req_header result in cache_peer_access when using ssl_bump

On 21/07/2016 9:31 p.m., Mihai Ene wrote: > Please excuse my persistence, but when that condition was introduced, in > [2011]( > https://github.com/squid-cache/squid/commit/9d7a49fb719dcd9ec22a8d3116e888c6e93c5dbb), > it was meant to prevent forwarding unencrypted requests. You can see that > there

Re: [squid-users] Wrong req_header result in cache_peer_access when using ssl_bump

Please excuse my persistence, but when that condition was introduced, in [2011]( https://github.com/squid-cache/squid/commit/9d7a49fb719dcd9ec22a8d3116e888c6e93c5dbb), it was meant to prevent forwarding unencrypted requests. You can see that there is no check whether `cache_peer` is using ssl, in w

Re: [squid-users] HTTPS and Headers

Thanks Amos for your answer Do you think I can use an alternate method to tag my users requests ? Modifiy/add Header seems a bad idea Regards Fred ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squ

Re: [squid-users] cache peer communication about HIT/MISS between squid and and non-squid peer

Amos Jeffries wrote > Note that it is the connection CONNMARK value not the packet MARK value > that is copied. Can you confirm my iptables rules ? iptables -t mangle -A OUTPUT -j CONNMARK --restore-mark iptables -t mangle -A OUTPUT -p tcp -d 127.0.0.1,1.1.1.12 --sport 8080 -j MARK --set-mark 0x3

Re: [squid-users] cache peer communication about HIT/MISS between squid and and non-squid peer

On 21/07/2016 6:21 p.m., Omid Kosari wrote: > Amos Jeffries wrote >> 2) Squid can do pass-thru using Netfilter MARK flags. Each squid.conf >> directive that deals with TOS has both a 'tos' and a 'mark' variant. The >> 'mark' ones are able to pass-thru these netfilter markings the way you >> want. >

Re: [squid-users] HTTPS and Headers

On 21/07/2016 6:41 p.m., FredB wrote: > Hello, > > I wonder what headers can be see by squid with a SSL website ? Without > SSLBump of course > In my logs I'm seeing User-Agent, Proxy-Authorization and some others but > when I try to put some new headers it works only with an HTTP website > > I

Re: [squid-users] cache peer communication about HIT/MISS between squid and and non-squid peer

Amos Jeffries wrote > 2) Squid can do pass-thru using Netfilter MARK flags. Each squid.conf > directive that deals with TOS has both a 'tos' and a 'mark' variant. The > 'mark' ones are able to pass-thru these netfilter markings the way you > want. > > However, since netfilter marks are local to th