Hi!
I'm having trouble with SSL Peek & Splice in Squid 3.5.16 using
intercept mode. I'm trying to configure a transparent proxy (no CA
installed on clients) which denies access to specific sites. I
understand that if I can't Bump (my case), then I can only use SNI
information from TLS "Client Hell
Also here is an example showing the issues when pushing to S3 as well as
the same error with some google url's.
2016/10/17 18:33:32 kid1| SECURITY ALERT: Host header forgery detected on
local=209.85.144.113:443 remote=x.x.x.x:62402 FD 49 flags=33 (local IP does
not match any domain IP)
2016/10/17
In response to it not being a false positive , maybe its not specifically
the TTL but in this other article on the mailing lists someone else had the
same issue
Here is the response Amos gave, this is a known issue and apparently there
is no way to "ignore host header forgery issues" or bypass th
Yes.
cache_dir aufs /var/spool/squid 10 16 256
cache_mem 256 MB
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Error-DiskThreadsDiskFile-openDone-2-No-such-file-or-directory-tp4680142p4680149.html
Sent from the Squid - Users mailing list archive at Nab
On 2016-10-18 22:42, John Wright wrote:
Hi
Replying to the list
Yes i get that error on many different sites same exact error about
host headers.
Also if you watch the TTL on the amazonaws url i provided it changes
from 3 to 5 to 10 seconds to 60 to 10 back and forth.
If you go online to an dns
Hi
Replying to the list
Yes i get that error on many different sites same exact error about host
headers.
Also if you watch the TTL on the amazonaws url i provided it changes from 3
to 5 to 10 seconds to 60 to 10 back and forth.
If you go online to an dns lookup site like kloth i see via kloth 5
On 10/18/2016 09:42 AM, magali isnard wrote:
> I have a squid running under 3.4.12 version. we have a software that
> tries to send a "method patch" to the ocs, but when squid intercepts the
> packet it changes it into a "method other". So I have an error message :
> {"status":405,"type":"about:bl
On 2016-10-18 18:32, John Wright wrote:
Hi,
I have a constant problem with Host header forgery detection on squid
doing peek and splice.
I see this most commonly with CDN, Amazon and microsoft due to the
fact there TTL is only 5 seconds on certain dns entries im connecting
to. So when my clien
Hello,
I have a squid running under 3.4.12 version. we have a software that tries to
send a "method patch" to the ocs, but when squid intercepts the packet it
changes it into a "method other". So I have an error message
:{"status":405,"type":"about:blank","title":"Method Not Allowed","detail":"N
Aufs ?
Fred
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Hi.
squid 3.5.20
Im having a lot of these in cache.log
2016/10/18 10:36:11 kid1| DiskThreadsDiskFile::openDone: (2) No such file or
directory
2016/10/18 10:36:11 kid1| /var/spool/squid/00/92/92E9
2016/10/18 10:36:14 kid1| DiskThreadsDiskFile::openDone: (2) No such file or
directory
2016
On Tue, 2016-10-18 at 14:56 +0200, Walter H. wrote:
> with the 3.1.x there is no problem with
>
> url_rewrite_program /etc/squid/url-rewrite-program.pl
> url_rewrite_children 8
> url_rewrite_host_header on
> url_rewrite_access allow all
>
> but with the 3.5.x there is access denied (shown in
> /v
Hi,
I have a constant problem with Host header forgery detection on squid doing
peek and splice.
I see this most commonly with CDN, Amazon and microsoft due to the fact
there TTL is only 5 seconds on certain dns entries im connecting to. So
when my client connects through my squid i get host hea
Hi Eliezer,
Thanks for your reply.
I made the changes as per your suggestion. But again i faced the same issue.
Then i used another ISP link to test the load. Now its seems to be working
fine. I will put it on live later and let you know the status.
ulimit -a
core file size (blocks, -c)
On Tue, October 18, 2016 13:31, Garri Djavadyan wrote:
> On Tue, 2016-10-18 at 13:02 +0200, Walter H. wrote:
>> Hello,
>>
>> just in case anybody wants to run Squid 3.5.x on CentOS
>> with SELinux enforcing,
>>
>> here is the semodule
>>
>>
>> module squid_update 1.0;
>>
>> require {
>> ty
On Tue, 2016-10-18 at 13:02 +0200, Walter H. wrote:
> Hello,
>
> just in case anybody wants to run Squid 3.5.x on CentOS
> with SELinux enforcing,
>
> here is the semodule
>
>
> module squid_update 1.0;
>
> require {
> type squid_conf_t;
> type squid_t;
> type var_t;
>
Hello,
just in case anybody wants to run Squid 3.5.x on CentOS
with SELinux enforcing,
here is the semodule
module squid_update 1.0;
require {
type squid_conf_t;
type squid_t;
type var_t;
class file { append open read write getattr lock execute_no_trans };
}
#=
17 matches
Mail list logo
