On 7/12/2016 4:05 a.m., cred...@eml.cc wrote:
>
> Quick follow up. When using debug 28,3 does this record
> cache_peer_access and deny_info acls in the cache log? Since I'm using
> the same ACL declaration for both the cache_peer_access and http_access
> statements, in a lot of cases, I just w
On 7/12/2016 11:35 a.m., Sameh Onaissi wrote:
>
> a new set showed up...
>
> what more can we do?
>
> keep adding ip ranges?
Yes, this choice of approach means constatly keeping an eye out for and
adding ranges as needed.
Amos
___
squid-users mailin
You should try to think about adding more ip addresses\cirds and domains
such as that are in the logs.
Eliezer
http://ngtech.co.il/lmgtfy/
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il
From: Sameh Onaissi [mailto:sameh.onai...@solcv.com]
Sent: Wednesday, D
Hello Eliezer and thanks again.
I ran the script with the tproxy argument.
Tried to reconnect skype for business...
After about a 3 min wait, a pop up saying "Skype for Business couldn’t find a
skype for business server" and access log shows:
1481061269.006400 10.0.0.38 TCP_MISS/200
On 12/06/2016 02:43 PM, --Ahmad-- wrote:
> i always see many people suffer from problems of https pump with some
> websites .
> and in the same time i see that they are not interested with caching of https
> .
> so all what they need is they just let HTTP & HTTPS as transparent .
>
> so i just
hey squid users .
i want just to share a small stuff .
i always see many people suffer from problems of https pump with some websites .
and in the same time i see that they are not interested with caching of https .
so all what they need is they just let HTTP & HTTPS as transparent .
so i ju
Try the next script:
https://gist.github.com/elico/a54c2c8f8e1a2407b42210896b960f4b
It has two modes: regular and tproxy.
In your case you should run the script with:
$ bypass-skype-cidr.sh tproxy
The tproxy flag should do the trick for you.
Let me know if it works for you.
Eliezer
http:/
Hey Peter,
Squid is using standard Libraries such as OpenSSL and GnuTLS.
These are the main tools that squid is using in order to handle SSL.
If these support AES or any other level of SSL offloading(in the session level)
then squid would by nature use it.
This is what I know but maybe Alex or ot
Hello,
I would like to kindly ask you for your help. I need to configure Squid
for *SSL **O**ffloading* and I am not able to find any comprehensive
explanation on the web.
Many thanks in advance.
Best regards,
Peter Goffa
___
squid-users mailing
On 06.12.2016 14:54, Amos Jeffries wrote:
>
> The exception was thrown from the HTTP request parser when handling the
> ICAP service response - which was delivering a new HTTP request message
> to use instead of the client-provided request message.
>
> Assuming your statement was correct about th
Yes please, I would appreciate help with that script.
As I aforementioned, totally new to all this
[cid:2FD1C3AB-E45C-49F0-84AB-0F8AC658BD11@routerb408e2.com]Piensa en el medio
ambiente antes de imprimir este email.
On Dec 6, 2016, at 1:27 PM, Eliezer Croitoru
mailto:elie...@ngtech.co.il>> w
Now you can enhance the script by adding manually the ntop skype related
networks based on:
https://github.com/ntop/nDPI/blob/d9a2d9a6bd4d476d666d26cb713952760a975d92/src/lib/ndpi_content_match.c.inc#L286
/*
Skype (Microsoft CDN)
157.56.135.64/26, 157.56.185.0/26, 157.56.52.0/26,
157.56.53.128/25
Hello,
OK, I added the ssl_bump slice on the skype domains text file
I installed ipset and ran the script.
Now access.log has much less skype related logs:
What is left is:
1481044996.398 3412 10.0.0.11 TAG_NONE/200 0 CONNECT 132.245.1.32:443 -
ORIGINAL_DST/132.245.1.32 -
1481044996.423
If that is the edge server then it will be the audio/video
Sent from my iPhone
> On 6/12/2016, at 12:35, Amos Jeffries wrote:
>
>> On 6/12/2016 11:46 a.m., Sameh Onaissi wrote:
>>
>> I have a Ubuntu 16.04 server with Squid 3.5.22 installed. It acts as a
>> gateway in a LAN.
>>
>> It is confi
On 12/05/2016 11:34 PM, Blaxton wrote:
> most of our applications are written in Java and I have to test it with
> this small java application to understand our users.
That is step #4. You are missing steps #1-3.
Imagine you are a semi-unconscious emergency room patient complaining of
severe hea
Squid Cache: Version 3.5.22-20161115-r14113
it seems removing "ignore-reload" fixed that loop.. but anyway something
seems to be broken +_+
Em 06/12/2016 12:30, Amos Jeffries escreveu:
On 7/12/2016 4:08 a.m., Heiler Bemerguy wrote:
Hi folks, what do you think about it?
refresh_pattern -i
On 7/12/2016 4:08 a.m., Heiler Bemerguy wrote:
>
> Hi folks, what do you think about it?
>
> refresh_pattern -i
> (microsoft|windowsupdate)\.com.*\.(cab|exe|ms[iup]|dat|zip|[ap]sf|appx(bundle)?|esd|crl)$
> 483840 100% 483840 override-expire ignore-reload ignore-no-store
> store-stale
>
>
> A re
Hi folks, what do you think about it?
refresh_pattern -i
(microsoft|windowsupdate)\.com.*\.(cab|exe|ms[iup]|dat|zip|[ap]sf|appx(bundle)?|esd|crl)$
483840 100% 483840 override-expire ignore-reload ignore-no-store store-stale
A request sent to squid:
GET
http://download.windowsupdate.com/d/
On Sun, Dec 4, 2016, at 08:19 PM, Amos Jeffries wrote:
> On 5/12/2016 1:44 p.m., cred...@eml.cc wrote:
> > For a 3.1 accelerator we have put the followinconfig together. This
> > accelerator will not be doing any caching since we use an external
> > service. Initially both http and https will be
On 7/12/2016 12:01 a.m., Ricardo Pardim Claus wrote:
> Dear Amos,
> Thanks for the initial contact.
>
> Now I'm getting an error message.
> I placed the domain in the allowed domain list. I still get the access denied
> message.
> Can you tell me why I'm getting this status code "TCP_MISS / 4
On 6/12/2016 7:30 p.m., Blaxton wrote:
> Thank you Amos,
> version of squid is : squid-3.3.8-26.el7_2.4.x86_64
> Is this statement true:squid is not aware or traffic that is made with
> connect command ?
"aware of the traffic" is too vague to answer yes or no. Squid is
"aware" that there are byte
On 6/12/2016 9:03 p.m., Silamael wrote:
> On 05.12.2016 13:58, Amos Jeffries wrote:
>> On 5/12/2016 11:17 p.m., Silamael wrote:
>>> This sounds somehow wrong to me, the ICAP service doesn't have a
>>> problem, just the HTTP request being forwarded is borken. Therefor is no
>>
>> The ICAP service ap
Dear Amos,
Thanks for the initial contact.
Now I'm getting an error message.
I placed the domain in the allowed domain list. I still get the access denied
message.
Can you tell me why I'm getting this status code "TCP_MISS / 403", which
actually refers to "Forbidden"?
In "Squid Version 3.5.
On 05.12.2016 17:28, Eliezer Croitoru wrote:
> Sorry a typo.. the dot needs to be escaped..
> acl buggyroot dstdom_regex ^\.$
> http_access deny buggyroot
>
> Eliezer
Hi Eliezer,
Thanks for the hint. We will block these URLs now before the reach Squid
at all.
-- Matthias
___
On 05.12.2016 13:58, Amos Jeffries wrote:
> On 5/12/2016 11:17 p.m., Silamael wrote:
>> This sounds somehow wrong to me, the ICAP service doesn't have a
>> problem, just the HTTP request being forwarded is borken. Therefor is no
>
> The ICAP service appears to be producing URLs without any host se
25 matches
Mail list logo
