[squid-users] Problems with Squid Authentication

My Kerberos Authentication doesn't work. This is very hard! My Squid3 is join in the Domain kinit and klist are ok wbinfo -g and wbinfo -u are ok too. I have created the squid3 file in /etc/default with the following content: KRB5_KTNAME=/etc/squid3/HTTP.keytab export KRB5_KTNAME I have two keyt

Re: [squid-users] Yet another store_id question HIT MISS

On 19/08/2016 2:15 a.m., Omid Kosari wrote: > I was correct . > > If one of following conditions happens then the mentioned urls will not > cache . > > 1-in squid.conf have this line > acl storeiddomainregex dstdom_regex > ^igcdn(\-photos|\-videos)[a-z0-9\-]{0,9}\.akamaihd\.net$ > How you use

Re: [squid-users] HTTPS - THE PROXY SERVER IS REFUSING CONNECTIONS

On 19/08/2016 2:52 a.m., L.P.H. van Belle wrote: > That you proxy refused you connections is correct. > > You forgot to define an acl and allow it. > Aye. Compare the default config file with yours: (the 3.5 one still applies to 3.4) Amos

Re: [squid-users] Malformed HTTP on tproxy squid

On 08/17/2016 10:47 AM, Alex Rousskov wrote: > On 08/17/2016 10:25 AM, Amos Jeffries wrote: > >> I don't think the delayer approach will work because these are parse >> error/abort responses that don't go near any ACL system. > > If an error response does not go through http_reply_access, then th

Re: [squid-users] Kerberos Autenthication doesn't work

Ok, samba isnt yet in jessie backports.. so you now use the 4.2.10 version.   Look here, these work good. I build them and i use them in my office for some time now.   I?ll try the next version samba ( 4.4.5-3 ) in debian stretch to get in BPO. That one has the file overwrite fixed. (just r

Re: [squid-users] Yet another store_id question HIT MISS

Well it works for me locally: 1471532262.544 3 192.168.10.131 TCP_MEM_HIT/200 72214 GET http://igcdn-photos-a-a.akamaihd.net/hphotos-ak-xap1/t51.2885-15/s640x640/sh0.08/e35/13702999_1008425479275495_76276919_n.jpg - HIER_NONE/- image/jpeg 1471532274.903 9 192.168.10.131 TCP_MEM_HIT/200

Re: [squid-users] Checking SSL bump status in http_access

On 08/18/2016 08:54 AM, Alex Rousskov wrote: > 1. Supported: HTTP request (including fake CONNECTs); To clarify, s/fake CONNECTs/a single fake CONNECT/ > 2. Supported: Client connection; > 3. Proposed: Compound transaction (e.g., all authenticatING requests > plus the first authenticatED reques

Re: [squid-users] Checking SSL bump status in http_access

On 08/18/2016 03:18 AM, Steve Hill wrote: > On 17/08/16 17:18, Alex Rousskov wrote: >> This configuration problem should be at least partially addressed by the >> upcoming annotate_transaction ACLs inserted into ssl_bump rules: >> http://lists.squid-cache.org/pipermail/squid-dev/2016-July/006146.ht

Re: [squid-users] HTTPS - THE PROXY SERVER IS REFUSING CONNECTIONS

That you proxy refused you connections is correct. You forgot to define an acl and allow it. Something like : acl internal-net 192.168.x.0/.24 and > http_access allow localhost http_access allow internal-net > http_access deny all Greetz, Louis > -Oorspronkelijk bericht- > Van

Re: [squid-users] Rock store status

On 17/08/16 11:50, FredB wrote: I tried rock store and smp long time ago (squid 3.2 I guess), Unfortunately I definitely drop smp because there are some limitations (In my case), and I fall-back to diskd because there were many bugs with rock store. FI I also switched to aufs without big diff

Re: [squid-users] Checking SSL bump status in http_access

On 17/08/16 00:12, Amos Jeffries wrote: Is there a way of figuring out if the current request is a bumped request when the http_access ACL is being checked? i.e. can we tell the difference between a GET request that is inside a bumped tunnel, and an unencrypted GET request? In Squid-3 a combo

Re: [squid-users] Yet another store_id question HIT MISS

I was correct . If one of following conditions happens then the mentioned urls will not cache . 1-in squid.conf have this line acl storeiddomainregex dstdom_regex ^igcdn(\-photos|\-videos)[a-z0-9\-]{0,9}\.akamaihd\.net$ 2-in storeid_db have this line ^http:\/\/igcdn-.*\.akamaihd\.net/hphotos-ak

[squid-users] Kerberos Autenthication doesn't work

I have problems with Kerberos Autenthication in Squid3 on Debian 8 and Samba4 DC My Squid version is: 3.4.8 My Kerberos Autenthication doesn't work. PROCEDURES PERFORMED INSTALL OF SAMBA4 AND WINBIND OF DEBIAN BACKPORTS apt-get -t jessie-backports install samba samba-doc winbind KERBEROS TEST:

[squid-users] HTTPS - THE PROXY SERVER IS REFUSING CONNECTIONS

Hello, My request concerns SQUID v.3.4.8 I'm using : - DEBIAN Jessie - Firefox 48.0 - simple home network Actually, I whitelist some http(s) domains with SQUID. My problem is : when I want to go with firefox to any httpS domain which is not whitelisted, I obtain this error message : "THE PROX

[squid-users] FTP access with proxy_auth

Hi, I need a help. I'm trying configure to allow ftp acces across squid with the proxy_auth, but when try access some ftp the squid doesn't get authentication. This is my ACL: # ### ACLs de liberacao do ftp #--

Re: [squid-users] Yet another store_id question HIT MISS

Simply open following url in firefox http://igcdn-photos-h-a.akamaihd.net/hphotos-ak-xap1/t51.2885-15/s640x640/sh0.08/e35/13702999_1008425479275495_76276919_n.jpg then rename h to a,b,c,d,e,f for example http://igcdn-photos-a-a.akamaihd.net/hphotos-ak-xap1/t51.2885-15/s640x640/sh0.08/e35/13702999

Re: [squid-users] Malformed HTTP on tproxy squid

Amos Jeffries wrote > About the only thing you could do to speed it up is locate the error > page templates (file paths: en/ERR_INVALID_REQ and > templates/ERR_INVALID_REQ) and remove their contents. Then restart Squid. > That should remove at least a few of the vprintf() syscalls that your > earli

Re: [squid-users] Checking SSL bump status in http_access

On 17/08/16 17:18, Alex Rousskov wrote: This configuration problem should be at least partially addressed by the upcoming annotate_transaction ACLs inserted into ssl_bump rules: http://lists.squid-cache.org/pipermail/squid-dev/2016-July/006146.html That looks good. When implementing this, bew