Hi How are you
I don`t know squid use smp , multi cpu process purge cache, each
process define cache_dir ,when purge cache Choose a different worker,Lead to
clear the cache fails
___
squid-users mailing list
squid-users@lists.squid-cache.o
Hi.
I have thought to have several delay pools but I doubt whether this is the
right way.
Eg.
I want to give to the "administration" 512kb in total, to be distributed
among 8 users.
Give the "video editing area" a total of 1000KB to divide among 8 users.
I want to limit the bandwidth dedicated to y
On 08/24/2016 12:24 PM, Omid Kosari wrote:
> Alex Rousskov wrote
>> Thus, the existing implementation should cover non-HTTP
>> requests on port 80 (or 3128). If it does not, it is a bug. We should
>> polish the documentation to make this clear.
> The problem is not squid itself . The problem is i
Alex Rousskov wrote
> Thus, the existing implementation should cover non-HTTP
> requests on port 80 (or 3128). If it does not, it is a bug. We should
> polish the documentation to make this clear.
The problem is not squid itself . The problem is in some situations for
example DOS(with malformed re
I just read through the wiki being discussed. For the first time, I think I
finally understand, for the most part, what peek, splice and stare do. The
last time I read the wiki a few months ago, I gave up understanding those
because it was too confusing to me.
Thanks!
On Wed, Aug 24, 2016 at 9:28
On 08/24/2016 06:36 AM, Yuri Voinov wrote:
> 24.08.2016 18:32, Antony Stone пишет:
>> He wants to configure his browser to connect to the proxy over an SSL
>> connection, and then inside this secure connection send standard HTTP and
>> HTTPS requests
> Yeah, I get it. It seems to me, is absolutely
Ok reply to myself so other users know this also.
if you create a user for the HTTP services and you dont use msktutil but like
me samba-tool or something else.
Read :
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos carefully.
and the clue was this line for me.
On 08/24/2016 07:54 AM, Amos Jeffries wrote:
> on_unsupported_protocol will need patching to be applied when HTTP
> parser detects unsupported protocol on port 80 (or 3128).
on_unsupported_protocol determines (among other things) Squid behavior
when encountering a strange (i.e., probably non-HTTP)
Oh, an a tiny little detail :)
# squid -v
Squid Cache: Version 4.0.13
Service Name: squid
configure options: '--with-openssl' '--prefix=/usr' '--localstatedir=/var'
'--libexecdir=/lib/squid' '--datadir=/share/squid'
'--sysconfdir=/etc/squid' '--with-default-user=proxy'
'--with-logdir=/var/log/
This configuration here covers the use case described by the OP:
https://gist.githubusercontent.com/splashx/758ff0c59ea291f32edafc516fdaad73/raw/8050fa054821657812961050332b38a56e7e3e68/
If everything works well, you'll notice you won't support HTTP proxy at
all, but users can reach both HTTP and
On 08/24/2016 07:23 AM, Marcus Kool wrote:
> I added an image in PNG format with data flow and events.
And I added an XXX why that image might do more harm than good.
> If you are interested I can send you the ODG file that was
> used to generate the image.
Please attach those image sources to
acl status_400 http_status 400
deny_info TCP_RESET status_400
http_reply_access deny status_400
still send headers . just the 400 changed to 403
HTTP/1.1 403 Forbidden
Server: squid
Mime-Version: 1.0
Date: Wed, 24 Aug 2016 14:11:35 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 5
X-C
On Mon, 2016-08-22 at 16:46 +0500, Garri Djavadyan wrote:
> Hello Squid users,
>
> Can anyone explain, why Squid doesn't cache the objects with max-age
> values below 60 seconds? For example:
>
> $ http_proxy="127.0.0.1:3128" curl --head "http://sandbox.comnet.loca
> l/
> cgi-bin/hello.cgi" && da
On 25/08/2016 12:39 a.m., Omid Kosari wrote:
> This config works for dstdomain acl type
>
> acl test dstdomain 123.com
> deny_info TCP_RESET test
> adapted_http_access deny test
>
>
> but it is not what i want . I want
>
> acl status_400 http_status 400
> deny_info TCP_RESET status_400
> adapt
Just to rewind this conversation to the actual problem ...
On 24/08/2016 11:42 p.m., Samuraiii wrote:
> On 24.8.2016 13:18, Antony Stone wrote:
>> Unfortunately it's not Squid that's the challenge - it's the browser.
>>
>> If you're using Firefox and/or Chrome, you should be okay.
>>
>> See "Encry
On 24/08/2016 4:24 a.m., Diogenes S. Jesus wrote:
If you want to do things like this safely please upgrade to Squid-4
where the logformat codes are available. Those codes provide
customizable escaping and quoting styles so you can set one that
protects LDAP against these attacks
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
24.08.2016 19:24, Antony Stone пишет:
> On Wednesday 24 August 2016 at 14:35:03, Yuri Voinov wrote:
>
Then I do not understand what he wants op.
>>
>>
http://wiki.squid-cache.org/Features/HTTPS#Encrypted_browser-Squid_connecti
>> on
>>
>>> S
On Wednesday 24 August 2016 at 14:35:03, Yuri Voinov wrote:
> >> Then I do not understand what he wants op.
>
> http://wiki.squid-cache.org/Features/HTTPS#Encrypted_browser-Squid_connecti
> on
>
> > Secure connection to squid proxy without need for anything else (on
> > client side) than configu
On 24/08/2016 3:55 a.m., Sergio Belkin wrote:
> 2016-08-19 17:22 GMT-03:00 Antony Stone :
>
>> On Friday 19 August 2016 at 20:41:11, Jok Thuau wrote:
>>
>>> On Fri, Aug 19, 2016 at 9:33 AM, Sergio Belkin wrote:
/var/log/squid/access.log
192.168.50.41 - - [19/Aug/2016:12:19:45 -0300] "CO
On 08/24/2016 02:43 AM, Alex Rousskov wrote:
On 08/23/2016 08:34 AM, Marcus Kool wrote:
ok, I suggest that you review what is done already.
I have made a few corrections and improvements, trying to document every
change (and some suggestions for future work) in the commit messages.
The pag
Hello Dia,
Thank you for the reply,
So, can this be a “MIT” kerberos of HEIMDAL thing.
Im use Samba4 for ADDC and that uses heimdal.
Even that the logs says :
"Client 'HTTP/hostname.internet.domain@your.realm.tld' not found in
Kerberos database".
Im using NFSv4 over ke
Ok
This is answer (not) I was looking for.
Thank you
S
On 24 August 2016 14:48:40 CEST, Yuri Voinov wrote:
>
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA256
>
>
>
>24.08.2016 18:44, Samuraiii пишет:
>>
>>>
>>> > No SSL-bumping or whatever just forwarding.
>>> Firstly, the concept is no
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
24.08.2016 18:44, Samuraiii пишет:
>
>>
>> > No SSL-bumping or whatever just forwarding.
>> Firstly, the concept is not safe. Users will have a secure connection
to the proxy - as well as the next? HTTP? User misled green padlock,
believes
>
> > No SSL-bumping or whatever just forwarding.
> Firstly, the concept is not safe. Users will have a secure connection
> to the proxy - as well as the next? HTTP? User misled green padlock,
> believes all secure connection - as external traffic is not encrypted
> after the fact. Second. Y
This config works for dstdomain acl type
acl test dstdomain 123.com
deny_info TCP_RESET test
adapted_http_access deny test
but it is not what i want . I want
acl status_400 http_status 400
deny_info TCP_RESET status_400
adapted_http_access deny status_400
OR
acl HTTP proto HTTP
acl PORT_80
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Against this backdrop, even a bump SSL security seems a masterpiece.
24.08.2016 18:32, Antony Stone пишет:
> On Wednesday 24 August 2016 at 14:26:48, Yuri Voinov wrote:
>
>> 24.08.2016 18:23, Antony Stone пишет:
>>> On Wednesday 24 August 2016 at
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
24.08.2016 18:32, Antony Stone пишет:
> On Wednesday 24 August 2016 at 14:26:48, Yuri Voinov wrote:
>
>> 24.08.2016 18:23, Antony Stone пишет:
>>> On Wednesday 24 August 2016 at 14:18:46, Yuri Voinov wrote:
No one CA do not issue signing CA
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
24.08.2016 18:31, Samuraiii пишет:
>
>> look to the browser
>>
>> > like HTTPS ones.
>> Then I do not understand what he wants op.
>>
>>
>>
>
>
http://wiki.squid-cache.org/Features/HTTPS#Encrypted_browser-Squid_connection
>
> Secure c
On Wednesday 24 August 2016 at 14:26:48, Yuri Voinov wrote:
> 24.08.2016 18:23, Antony Stone пишет:
> > On Wednesday 24 August 2016 at 14:18:46, Yuri Voinov wrote:
> >> No one CA do not issue signing CA for subject, which is not CA itself.
> >>
> >> So, op wants impossible thing.
> >
> > Why wou
> look to the browser
>
> > like HTTPS ones.
> Then I do not understand what he wants op.
>
>
>
http://wiki.squid-cache.org/Features/HTTPS#Encrypted_browser-Squid_connection
Secure connection to squid proxy without need for anything else (on
client side) than configuring proxy in bro
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
24.08.2016 18:23, Antony Stone пишет:
> On Wednesday 24 August 2016 at 14:18:46, Yuri Voinov wrote:
>
>> No one CA do not issue signing CA for subject, which is not CA itself.
>>
>> So, op wants impossible thing.
>
> Why would one need a signING
On 24.8.2016 14:24, Antony Stone wrote:
> On Wednesday 24 August 2016 at 14:22:18, Samuraiii wrote:
>
>> On 24.8.2016 14:18, Yuri Voinov wrote:
>>> No one CA do not issue signing CA for subject, which is not CA itself.
>>>
>>> So, op wants impossible thing.
>> I have tried to drop clientca option,
On Wednesday 24 August 2016 at 14:22:18, Samuraiii wrote:
> On 24.8.2016 14:18, Yuri Voinov wrote:
> > No one CA do not issue signing CA for subject, which is not CA itself.
> >
> > So, op wants impossible thing.
>
> I have tried to drop clientca option, to add generate-host-certificates=off
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Predictable.
24.08.2016 18:22, Samuraiii пишет:
> On 24.8.2016 14:18, Yuri Voinov wrote:
> >
>> No one CA do not issue signing CA for subject, which is not CA itself.
>>
>> So, op wants impossible thing.
>>
> I have tried to drop clientca option,
On Wednesday 24 August 2016 at 14:18:46, Yuri Voinov wrote:
> No one CA do not issue signing CA for subject, which is not CA itself.
>
> So, op wants impossible thing.
Why would one need a signING certificate just to create an SSL connection
between the browser and Squid?
Surely one merely nee
On 24.8.2016 14:18, Yuri Voinov wrote:
>
> No one CA do not issue signing CA for subject, which is not CA itself.
>
> So, op wants impossible thing.
>
I have tried to drop clientca option, to add generate-host-certificates=off
but outcome is still same error...
even with just this as config:
http
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
No one CA do not issue signing CA for subject, which is not CA itself.
So, op wants impossible thing.
24.08.2016 18:15, Antony Stone пишет:
> On Wednesday 24 August 2016 at 14:02:43, Samuraiii wrote:
>
>> Squid fails to start for me with:
>> FAT
Just one thing I noticed:
"clientca" is not the CA which issued your "cert" (sklad.duckdns.org) -
it's the CA to be used when doing client-side authentication, which I'm not
sure if you're doing.
Dio
On Wed, Aug 24, 2016 at 2:02 PM, Samuraiii
wrote:
>
> > Please give more details for "fails".
On Wednesday 24 August 2016 at 14:02:43, Samuraiii wrote:
> Squid fails to start for me with:
> FATAL: No valid signing SSL certificate configured for HTTPS_port [::]:8443
>
> I have found that this is related to missing self signed certificate,
> and since I do not want to use self signed certifi
Hello,
I want to squid send tcp_reset as reply to non http requests on port 80 .
I want that squid DONT reply these headers
HTTP/1.1 400 Bad Request
Server: squid
Mime-Version: 1.0
Date: Wed, 24 Aug 2016 12:08:02 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 0
X-Cache: MISS from cac
> Please give more details for "fails".
>
> Is the following your entire squid.conf (except for comments)?
>
> Have you tried getting SSL access to Squid working before introducing
> authentication?
>
> What are you trying, to test this, and what are the results?
>
>
> Regards,
>
>
> Antony.
Firs
On Wednesday 24 August 2016 at 13:42:16, Samuraiii wrote:
> On 24.8.2016 13:18, Antony Stone wrote:
> >
> > See "Encrypted browser-Squid connection" at the bottom of
> > http://wiki.squid-cache.org/Features/HTTPS
>
> I have seen that, it is the cause of my subscription to this list.
> I haven't
On 24.8.2016 13:18, Antony Stone wrote:
> Unfortunately it's not Squid that's the challenge - it's the browser.
>
> If you're using Firefox and/or Chrome, you should be okay.
>
> See "Encrypted browser-Squid connection" at the bottom of
> http://wiki.squid-cache.org/Features/HTTPS
>
>
> Antony.
>
I
Hi there.
Well, the log says "Client 'HTTP/hostname.internet.domain@your.realm.tld'
not found in Kerberos database".
Check your krb5.conf on the squid host if you're pointing to the right KDC
and make sure the principal exists in the Kerberos database.
kadmin.local and "getprinc HTTP/hostname
On Wednesday 24 August 2016 at 13:09:52, Samuraiii wrote:
> Hello,
> I am trying to setup squid as SSL protected proxy for few users without
> any intention to use ssl-bumping or any other MITM technique.
> I just want to have SSL secured connection between browser and proxy.
> Proxy will not be "
Hello,
I am trying to setup squid as SSL protected proxy for few users without
any intention to use ssl-bumping or any other MITM technique.
I just want to have SSL secured connection between browser and proxy.
Proxy will not be "transparent" and will be using PAC file for
configuration and PAM for
Hai,
Im having trouble to get the ext_kerberos_ldap_group_acl working.
I’ve read :
http://www.squid-cache.org/Versions/v3/3.5/manuals/ext_kerberos_ldap_group_acl.html
Here is what i have checked / done already.
My keytab file :
klist -ekt /etc/squid/keytab.PROXYSERVER-HTTP
K
47 matches
Mail list logo
