Re: [squid-users] Bad Connection & Round Robin DNS

On Tue, 2016-11-22 at 03:59 +, Jiann-Ming Su wrote: > If a website has two (or more) IP addresses, and the TCP connection > to one of them fails, can squid3 be configured to try the other IP > address(es)? Hi, The behavior you described is default for Squid. For example, you can set 'debug_op

Re: [squid-users] How to block www.infobae.com

Is this site being accessesed using http or https? And also is this an intercept proxy or forward proxy that is defined in the browser? Eliezer Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il -Original Message- From: squid-users [ma

[squid-users] Bad Connection & Round Robin DNS

If a website has two (or more) IP addresses, and the TCP connection to one of them fails, can squid3 be configured to try the other IP address(es)? ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid

Re: [squid-users] How to block www.infobae.com

I did it early, but doesnt works out. Please, can you test this domain for me? -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/How-to-block-www-infobae-com-tp4680601p4680604.html Sent from the Squid - Users mailing list archive at Nabble.com.

Re: [squid-users] How to block www.infobae.com

/add the domains you want to block to a file listofblockedwebsites.acl/ /prepend each domain with a dot so that all subdomains are also blocked./ /.infobae.com/ /add these two lines to your squid.conf // //acl infobae dstdomain -i "/etc/squid3/listofblockedwebsites.acl"/ /http_access deny inf

Re: [squid-users] Squid 3.5.21 "hangs" when trying to connect using unsupported cipher (complete DoS)

I have submitted a bug : http://bugs.squid-cache.org/show_bug.cgi?id=4639 On Mon, Nov 21, 2016 at 5:48 PM, Eliezer Croitoru wrote: > Can you file a bug at the Bugzilla please? > http://bugs.squid-cache.org/enter_bug.cgi > > This is a very important issue to handle for both 3.5 and 4.0. > > Eliez

[squid-users] How to block www.infobae.com

How to block www.infobae.com, this site is hosted in Amazon AWS. Can you tell me what's ACL directive?. Thanks. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/How-to-block-www-infobae-com-tp4680601.html Sent from the Squid - Users mailing list archive at Nab

Re: [squid-users] remove all squid pages & errors pages footprints

On 22/11/2016 7:21 a.m., --Ahmad-- wrote: > thanks for reply . > > i already have proxy with usr/pwd auth. > > but even it has usr/pwd auth … and some one did scan or nectat , he can know > my squid version and know it as proxy without knowing the usr/pwd of my proxy > . > > so again > > ima

Re: [squid-users] trying multiple squid instances on same machine

On 22/11/2016 6:12 a.m., Heiler Bemerguy wrote: > > Is there a way to run rockstore for small files and aufs for bigger ones > on the same machine? That is what the min-size and max-size parameters of cache_dir are for. > I think one squid inst

Re: [squid-users] remove all squid pages & errors pages footprints

thanks for reply . i already have proxy with usr/pwd auth. but even it has usr/pwd auth … and some one did scan or nectat , he can know my squid version and know it as proxy without knowing the usr/pwd of my proxy . so again imaging i have proxy with ip:port and usr/pwd x:y i want iptables d

Re: [squid-users] Authentication pass-through cache_peer

On 22/11/2016 4:17 a.m., Eduardo Carneiro wrote: > > So, Amos, if I to use Negotiate/Kerberos or any basic auth, the PASSTHRU > parameter will works for my purpose. That's right? > Yes, login=PASSTHRU should work for any auth scheme. Amos ___ squid-u

Re: [squid-users] remove all squid pages & errors pages footprints

The first step would be to firewall your proxy and allow\use it only for your real users. Other IP’s should not have access to telnet\netcat or contact your service port. Eliezer Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: elie...

Re: [squid-users] Squid 3.5.21 "hangs" when trying to connect using unsupported cipher (complete DoS)

Can you file a bug at the Bugzilla please? http://bugs.squid-cache.org/enter_bug.cgi This is a very important issue to handle for both 3.5 and 4.0. Eliezer * If you are having any trouble handling the Bugzilla let me know and I will try to help. Eliezer Croitoru

Re: [squid-users] Squid 3.5.21 "hangs" when trying to connect using unsupported cipher (complete DoS)

without restricting the ciphers seems to work fine, however some of the ciphers are vulnerable to attacks...Furthermore I think if I try some weird cipher which Squid is not supporting the same thing will happen... On Mon, Nov 21, 2016 at 5:12 PM, Eliezer Croitoru wrote: > But what happens when

[squid-users] trying multiple squid instances on same machine

Is there a way to run rockstore for small files and aufs for bigger ones on the same machine? I think one squid instance wouldn't be optimal even with "if process_number" tweaks or something.. Tried to run two squid instances, with cache_peers "linking" them.. but the second one can't resolv

Re: [squid-users] Squid 3.5.21 "hangs" when trying to connect using unsupported cipher (complete DoS)

But what happens when you are not restricting the cipher with all this mess in the options? Would then also the DOS from nmap result the same issue? Eliezer Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il From:

[squid-users] Squid 3.5.21 "hangs" when trying to connect using unsupported cipher (complete DoS)

Hello, I am having problems with squid & SSL. I have setup squid in reverse-proxy configuration and overall it works fine, however for security reasons I had to disable some of the ciphers. I have taken an example configuration from http://www.rawiriblundell.com/?p=1442 and my https_port line look

Re: [squid-users] Authentication pass-through cache_peer

Amos Jeffries wrote > On 22/11/2016 1:33 a.m., Eduardo Carneiro wrote: >> Hi all. >> >> Sorry if this is already answered here. But I couldn't find any clear >> tips >> about this topic. >> >> I'm using Squid 3.5.19 with dynamic content caching in a huge user base >> (almost 10.000). Due to the l

Re: [squid-users] Authentication pass-through cache_peer

On 22/11/2016 1:33 a.m., Eduardo Carneiro wrote: > Hi all. > > Sorry if this is already answered here. But I couldn't find any clear tips > about this topic. > > I'm using Squid 3.5.19 with dynamic content caching in a huge user base > (almost 10.000). Due to the large number of requisitions, int

Re: [squid-users] Authentication pass-through cache_peer

Hello Eduardo, Not exactly squid peering and passing authentication there and back but the approach works for us. May be you will find it interesting. See https://docs.diladele.com/administrator_guide_4_8/active_directory/redundancy/index.html (haproxy using TCP round robin + farm of Kerberos

[squid-users] Authentication pass-through cache_peer

Hi all. Sorry if this is already answered here. But I couldn't find any clear tips about this topic. I'm using Squid 3.5.19 with dynamic content caching in a huge user base (almost 10.000). Due to the large number of requisitions, internet access is getting very slow. So I decided to use cache_p

Re: [squid-users] caching videos over https?

21.11.2016 14:08, Bakhtiyor Homidov пишет: https://sourceforge.net/projects/squidvideosbooster/ This is serious solution which is works. If you have enough money. what do you guys think about this? is it the same with https://cachevideos.com/? thanks On Sun, Nov 20, 2016 at 5:14 PM, --A

Re: [squid-users] Trusted CA Certificate with ssl_bump

On 21/11/2016 11:44 p.m., Patrick Chemla wrote: > Hi Alex, and all others > > No I have set it for multiple domains, and it works really fine. Again > many thanks. > > But I have a new demand: > > Within one of the sites, where squid handles the https connexion then > communicate with internal V

Re: [squid-users] Trusted CA Certificate with ssl_bump

Hi Alex, and all others No I have set it for multiple domains, and it works really fine. Again many thanks. But I have a new demand: Within one of the sites, where squid handles the https connexion then communicate with internal VM through http, there is one (at least, maybe we will find ot

Re: [squid-users] caching videos over https?

They have 30 days of trial…. Try and see how it works for you. I believe that it might work for many of the listed sites. If it is being maintained weekly then it would work for other sites also. Eliezer Eliezer Croitoru Linux System Administrator Mob

Re: [squid-users] Ubiquiti: Anyone interested in instructions how to route traffic to a squid box?

I have the main idea on to implement it but just need my testing lab up and running. The first place to start would be: https://help.ubnt.com/hc/en-us/articles/204952274-EdgeMAX-Policy-based-routing-source-address-based- Which for me that have some experience with vyatta and vyos makes sense. We

Re: [squid-users] caching videos over https?

https://sourceforge.net/projects/squidvideosbooster/ what do you guys think about this? is it the same with https://cachevideos.com/? thanks On Sun, Nov 20, 2016 at 5:14 PM, --Ahmad-- wrote: > thanks yuri you have been great guy and still . > > kind regards > > > On Nov 20, 2016, at 2:11 PM,