Hi.
On 29.09.2016 23:17, Alex Rousskov wrote:
> On 09/29/2016 02:58 AM, Eugene M. Zheganin wrote:
>> This time turbodom.ru entries are present in the debug log
> Yes, there are two complete HTTP transactions with that domain. One is a
> 407 Authentication Required and one is a 301 redirect:
>
>> H
After enabling IPv6 in the kernel, building squid with IPv6 and firewalling
IPv6 no crash was observed any more.
Thanks for the tip Amos.
On Sat, Jun 11, 2016 at 7:14 AM, Amos Jeffries wrote:
> On 3/06/2016 3:47 a.m., Tomas Mozes wrote:
> > On Wed, Jun 1, 2016 at 1:53 PM, Amos Jeffries
> wrote
Thank you Amos
The resources I save not running multiple Squidguards will make more ram
available as you say and having a simpler setup is never a bad thing either.
Just to clarify, so when squid fires up, it caches the ACL file into ram in
it's entirety and then does some optimizations? If t
On 30/09/2016 12:55 p.m., Alex Rousskov wrote:
> On 09/29/2016 05:44 PM, Michael Pelletier wrote:
>> In the squid.conf.documented, it looks like I can log the server
>> certificate as well as the client certificate
>>
>> # %ssl::> # %ssl::>
That is more than enough please.
Some people on this list are competitors. There will necessarily be
private issues between people and/or organisations.
And that is exactly where those issues should stay. Private. It benefits
us all to interact politely on the list(s) no matter what is going on
On 29/09/2016 10:44 p.m., Darren wrote:
> Hi All
>
> I have been tinkering with Squidguard for a while, using it to manage
> ACL lists and time limits etc.
>
> While it works OK, it's not in active development and has it's
> issues.
>
> What are the limitations with just pumping ACL lists direct
On 30/09/2016 11:35 a.m., Eliezer Croitoru wrote:
> Hey Henry,
>
> I want to emulate the setup to understand the complication with a FULL linux
> based setup here on my local testing grounds.
No need Eliezer. This is the basic NAT re-writing problem.
> Can you give more details on the networks
On 30/09/2016 11:23 a.m., Eliezer Croitoru wrote:
> Hey Vieri,
>
> Just as a tiny reply I must admit that it's expected.
> What you see is the result of squid and it's ssl stack support the goal of a
> minimum specific version of ssl encrypted connections.
> I am not sure but there might be a wa
On 09/29/2016 05:44 PM, Michael Pelletier wrote:
> In the squid.conf.documented, it looks like I can log the server
> certificate as well as the client certificate
>
> # %ssl:: # %ssl::
Wrong directive? The above %c
On 09/29/2016 05:09 PM, Michael Pelletier wrote:
> The doc says is supports server certs
Which doc? I am reading squid.conf.documented in trunk/v4:
> ssl::>cert_subject
> The Subject field of the received client
> SSL certificate or a dash ('-')...
>
> ssl::>cert
In the squid.conf.documented, it looks like I can log the server
certificate as well as the client certificate
# %ssl::>sniSSL client SNI sent to
Squid
# %ssl::{Header}HTTP request header "Header"
On Thu, Sep 29, 2016 at 7:09 PM, Michael Pelletier <
michael.pellet...@
I misspoke. I am getting %ssl::>sni but not %ssl::cert_subject and
%ssl::>cert_issuer. gives me a parse error
Note the "<" instead of the ">"
On Thu, Sep 29, 2016 at 7:01 PM, Alex Rousskov <
rouss...@measurement-factory.com> wrote:
> On 09/29/2016 04:50 PM, Michael Pelletier wrote:
>
> > I a
Dear Mr Alex Rousskov.
Please kindly take your opinions, take them and shove them directly
up your bloated arrogant ass. I have little need to cater to you, or to
dignify your mindless criticism of my opinions, which only serve to
demonstrate that your ego is larger than you are sir.
Sign
On 09/29/2016 04:50 PM, Michael Pelletier wrote:
> I am trying to log some data during the ssl flow.
> logformat custom ... %ssl::>sni %ssl::>cert_subject %ssl::>cert_issuer
>
> Yet I get nothing from any of the %ssl:: entries
Do your users send certificates to Squid? If not, %ssl::>cert_su
Hello,
I am trying to log some data during the ssl flow. I have this for my
logformat
logformat custom %>a %>p %>lp %la %st %rd %>ru %>Hs %{Referer}>h [%{User-Agent}>h] [%{Host}>h]
%ssl::>sni %ssl::>cert_subject %ssl::>cert_issuer
sq_err:[%{X-Squid-Error}h] s_hdr:[%
On 09/29/2016 03:42 PM, Benjamin E. Nichols wrote:
> Well, forgive me for bad mouthing the developers here, but I think this
> is a good reason.
It is not. Badmouthing, for any reason, has no positive side effects and
may have many negative ones.
> it would be better
> to actually have something
Hey Linda,
If you need some help later we are here for any advice.
Can you say on what OS are you compiling the software?
Eliezer
Eliezer Croitoru
Linux System Administrator
Mobile+WhatsApp: +972-5-28704261
Email: elie...@ngtech.co.il
-Original Message-
From: squid-users [mailto:s
Hey Henry,
I want to emulate the setup to understand the complication with a FULL linux
based setup here on my local testing grounds.
Can you give more details on the networks in the form of subnets and VLAN
numbers?
What is not clear to me is: Who is doing the DNAT?
Also, if you have not used t
Hey Vieri,
Just as a tiny reply I must admit that it's expected.
What you see is the result of squid and it's ssl stack support the goal of a
minimum specific version of ssl encrypted connections.
I am not sure but there might be a way to make it all work for these clients.
Have you tried search
Well, forgive me for bad mouthing the developers here, but I think this
is a good reason.
You see, you are going to have to eliminate all the redundant subdomains
in your blacklists, because they are going to crash modern versions of
squid. And to do this I would recommend using an older versi
Hi
What I am trying to do is to simplify everything and remove the external
re-writers from the workflow due to the fact that they are either old with
sporadic development or wrap their own lists into the solution.
I am also producing my own ACL lists for this project so third party blacklists
Hi.
yes, i see this now.
it's strange... authentication is working fine... i can surf the web... but
im having some error in cache.log...
tail -f /var/log/squid/cache.log
2016/09/29 15:43:37 kid1| Adding nameserver 192.168.1.10 from squid.conf
2016/09/29 15:43:37 kid1| Adding nameserver 192.168.1
As a partial solution until I will be able to sit on the dumps and get the
required data I wrote this script:
https://gist.github.com/elico/e0faadf0cc63942c5aaade808a87deef
Which bypasses squid for specific domains.
It is a very simple script and it works OK for whatsapp and it's on the
iptables
On 09/29/2016 02:58 AM, Eugene M. Zheganin wrote:
> This time turbodom.ru entries are present in the debug log
Yes, there are two complete HTTP transactions with that domain. One is a
407 Authentication Required and one is a 301 redirect:
> HTTP/1.1 301 Moved Permanently
...
> Location: http://tu
The other issue is that shalla and urlblacklist produce garbage
blacklists, and neither of them are actively developing or improving the
backend technology required to product high quality blacklists.
We are the leading publisher of blacklists tailored for Web Filtering
Purposes.
We are also
Hi all,
In the company I work for we are currently using squid v2 proxies in
transparent mode to intercept traffic from servers to the outside
(access control).
The technical solution for this is roughly as follows:
[server] -> [gateway] -> [firewall]
|
-
> On 29/09/2016 7:38 a.m., Daniel Sutcliffe wrote:
>> In the 3.1 logformat docs -
>> http://www.squid-cache.org/Versions/v3/3.1/cfgman/logformat.html
>> we have a default of:
>> logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %> Whereas in the 3.5 we have:
>> logformat squid %ts.%03tu %6tr %>a %S
Hi,
I'm running a Squid proxy like so:
http_port 3129 tproxy
https_port 3130 tproxy ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=16MB cert=/etc/ssl/squid/proxyserver.pem
The squid server certificate was self-generated:
openssl req -new -newkey rsa:2048 -sha256 -days 7300 -
On Thursday 29 September 2016 at 11:44:28, Darren wrote:
> Hi All
>
> I have been tinkering with Squidguard for a while, using it to manage ACL
> lists and time limits etc.
>
> While it works OK, it's not in active development and has its issues.
Have you considered https://www.urlfilterdb.com/
Hi All
I have been tinkering with Squidguard for a while, using it to manage ACL lists
and time limits etc.
While it works OK, it's not in active development and has it's issues.
What are the limitations with just pumping ACL lists directly into Squid and
letting it do all the work internally
Hi.
On 29.09.2016 08:38, Eugene M. Zheganin wrote:
> Hi.
>
> On 28.09.2016 21:21, Alex Rousskov wrote:
>>
>> Indeed! Fixing that exposes one HTTP request in the capture file.
>> Unfortunately,
>>
>> 1. Squid responded to that request (with a 407 message).
>> Follow (tcp.stream eq 32) in Wiresh
31 matches
Mail list logo
