[squid-users] Problem with SSL client setting in case of erverse proxy

Hello, I hope I am right here. I use Squid Version 3.5.20 as reverse Proxy for Outlook (2010) Anywhere and OWA. The problem is that I cannot transfer Files bigger than 2MB since the Microsoft Update https://technet.microsoft.com/de-de/library/security/3042058. This Update brings new Cipher Vers

[squid-users] how can I coplete this squid tutorial?

I find a tutorial on this website: http://www.deckle.co.uk/squid-users-guide/squid-configuration-basics.html . I want to complete it. I don't know where is those line: acl localnet src 192.168.1.0/255.255.255.0 .. http_access allow localnet icp_access allow localnet Can somebody help me?

Re: [squid-users] squid refresh_pattern / cache question

On 10/08/2016 10:43 a.m., Berkes, David wrote: > > I have a question about the caching mechanism and "refresh_pattern" > specifically. I had the following configured for my company. Lateley there > have been complaints that people are seeing old pages and not the recent > content...specifical

Re: [squid-users] HSTS and MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA

On 10/08/2016 9:07 a.m., Erdosain9 wrote: > > *MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA* > > When i create self-signed certificate, i do like this: > >- > >openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes *-x509 > *-keyout myCA.pem -out myCA.pem > > > so what can i change to a

[squid-users] squid refresh_pattern / cache question

I have a question about the caching mechanism and "refresh_pattern" specifically. I had the following configured for my company. Lateley there have been complaints that people are seeing old pages and not the recent content...specifically when going to www.bbc.com. Im not

[squid-users] HSTS and MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA

Hi to all. I keep trying to achieve inspect https. I think I'm close to doing. This is my current configuration relative to ssl-bump. - # Squid listen Port http_port 192.168.1.215:3128 https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cer

Re: [squid-users] Rate limiting bad clients?

On 9/08/2016 5:39 p.m., Dan Charlesworth wrote: > Hi all, > > This is more of a squid-adjacent query. Hopefully relevant enough for someone > here to help… > > I’m sick of all these web apps that take it upon themselves to hammer proxies > when they don’t get the response they want, like if the

Re: [squid-users] how to install squid proxy with source package downloaded, not use apt?

On 10/08/2016 2:51 a.m., james82 wrote: > I use kali linux. I want to install squid proxy in my kali "cute"linux, not > by use apt-get install, because i'm not sure they have lastest version. I > want to install with source file download from official squid website. > Please tell me how to do this?

Re: [squid-users] I redirect some http traffic to squid ( 90Mbps) and i found TIME_WAIT is 20840 and one of squid process is 57% , whether it will be fine ?

On 9/08/2016 7:31 p.m., johnzeng wrote: > > > Hello Dear Sir > > I redirect some http traffic to squid ( 90Mbps) and i found TIME_WAIT is > 20840 and one of squid process is 57% > > whether it will be normal condition ?? > For 3.5.2 it can be 'normal'. But normal is not necessarily good. Seve

[squid-users] how to install squid proxy with source package downloaded, not use apt?

I use kali linux. I want to install squid proxy in my kali "cute"linux, not by use apt-get install, because i'm not sure they have lastest version. I want to install with source file download from official squid website. Please tell me how to do this? Is it work perfect with this method. -- View

Re: [squid-users] Forum

On 9/08/2016 3:54 p.m., Andrey Ivnitsky wrote: > Hi guys! I do not want to offend anyone, but the email lists was not > terribly comfortable. Probably, this issue has been debated, but it can > be to have a Forum? > Please note that your Nabb

Re: [squid-users] [Feature request] possibility to mark some keys(in kv-pairs) as singular

On 9/08/2016 8:12 p.m., Zidane Sama wrote: > In my situation external auth script returns "access_level" as kv_pair. > If this value was changed then two values appeared at once in > annotation and acl for high access level will be matched. > It's possible to add functionality for marking keys as s

Re: [squid-users] Squid distribution keyring

On 9/08/2016 8:54 p.m., Adam Majer wrote: > Hello, > > Squid-cache.org download page has all the tarballs and detached > signatures. Thank you! > > But is there an official keyring for validating these signatures? The .asc files containing detatched signature should also be referencing several w

[squid-users] [squid-announce] Squid 4.0.13 beta is available

The Squid HTTP Proxy team is very pleased to announce the availability of the Squid-4.0.13 release! This release is a bug fix release resolving several issues found in the prior Squid releases. The major changes to be aware of: * HTTP/1.1: Update all stored headers on 304 revalidation. Previ

[squid-users] Squid distribution keyring

Hello, Squid-cache.org download page has all the tarballs and detached signatures. Thank you! But is there an official keyring for validating these signatures? Is it only Amos Jeffries (Primary key fingerprint: EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463) that is doing releases? Than

[squid-users] [Feature request] possibility to mark some keys(in kv-pairs) as singular

In my situation external auth script returns "access_level" as kv_pair. If this value was changed then two values appeared at once in annotation and acl for high access level will be matched. It's possible to add functionality for marking keys as singular? __

[squid-users] I redirect some http traffic to squid ( 90Mbps) and i found TIME_WAIT is 20840 and one of squid process is 57% , whether it will be fine ?

Hello Dear Sir I redirect some http traffic to squid ( 90Mbps) and i found TIME_WAIT is 20840 and one of squid process is 57% whether it will be normal condition ?? Whether we can balance cpu processing capacity