Re: [squid-users] problem authentication ntlm with squid 3.5.21

On 2017-01-04 03:14, ama...@tin.it wrote: Hello I upgrade squid from 3.4.9-20141203-r13193 to 3.5.21-20160908- r14081 and I have a problem with authentication to ntlm in a transparent configuration: the squid doesn't switch to https and so it doesn't authentication This doesn't compute. Your co

Re: [squid-users] ssl_bump - peek & splice logging IP rather than server name

On 01/03/2017 04:11 PM, Mark Hoare wrote: > I think these are hangovers from earlier syntax (ssl_bump > server-first all) which shouldn't be required under 3.5. Please note that the depricated server-first is a "bumping" (not splicing!) action, and you may see a lot more information in the bumpin

Re: [squid-users] ssl_bump - peek & splice logging IP rather than server name

Thanks Eliezer, I'm aiming for a configuration which logs all HTTP and HTTPS connections without performing any full ssl_bumping, which would need me to get devices to trust my CA cert. I have something similar with pfsense (which does log SNI/server name rather than IP & port) but I'm gettin

Re: [squid-users] ssl_bump - peek & splice logging IP rather than server name

On 01/03/2017 03:41 PM, Eliezer Croitoru wrote: > Squid in intercept or tproxy mode will know one thing about the > tunnel\connection: IP+port. ... and SSL handshake information when peeking or staring at client/server. > Since you are using: >> ssl_bump peek all >> ssl_bump splice all > The

Re: [squid-users] ssl_bump - peek & splice logging IP rather than server name

Hey Mark, Squid in intercept or tproxy mode will know one thing about the tunnel\connection: IP+port. Since you are using: > ssl_bump peek all > ssl_bump splice all The connections will always be spliced and you will never see any url.(are you expecting only the SNI or also the url?) I do not k

Re: [squid-users] Intercept mode failing

If you get stuck with things contact me and I will see if I can sort things out so you would be able to grasp couple basics. Eliezer Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il -Original Message- From: squid-users [mailto:squid-u

Re: [squid-users] ssl_bump - peek & splice logging IP rather than server name

Sorry, should have included squid version details in original post: Squid Cache: Version 3.5.20 Service Name: squid configure options: '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/

[squid-users] problem authentication ntlm with squid 3.5.21

Hello I upgrade squid from 3.4.9-20141203-r13193 to 3.5.21-20160908- r14081 and I have a problem with authentication to ntlm in a transparent configuration: the squid doesn't switch to https and so it doesn't authentication In my older version the configuration it so: auth_param basic children

Re: [squid-users] Intercept mode failing

Hello Amos, I believe my main problem is that I'm trying to apply recipes without understanding some of the internals, so it seems difficult to adapt. I'll keep searching. Thanks anyway ! Hoggins! Le 03/01/2017 à 12:39, Amos Jeffries a écrit : > On 2017-01-03 23:53, Hoggins! wrote: >> Hello

Re: [squid-users] Intercept mode failing

Ah ! Le 03/01/2017 à 13:53, Eliezer Croitoru a écrit : > Hey, > > There is also another option. > You can open a tunnel (IPIP, GRE, OTHER) between the proxy and the router to > make it possible to directly route traffic to the proxy. That would actually solve a lot of my problems. > > If you ne

Re: [squid-users] Intercept mode failing

Hey, There is also another option. You can open a tunnel (IPIP, GRE, OTHER) between the proxy and the router to make it possible to directly route traffic to the proxy. If you need some help with it let me know. Eliezer Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261

Re: [squid-users] squid tproxy connection time out

In terms of Mikrotik this can help you: http://wiki.bluecrow.net/index.php/Mikrotik_Connection_Tracking http://wiki.mikrotik.com/wiki/PBR_PTP_IPIP (needs a bit tweak to work as you expect). Eliezer Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co

Re: [squid-users] Intercept mode failing

On 2017-01-03 23:53, Hoggins! wrote: Hello, (answering to both Amos and Antony here, you got the same questioning ;) ) Le 03/01/2017 à 11:45, Amos Jeffries a écrit : On 2017-01-03 23:13, Hoggins! wrote: Okay, I get that. Le 03/01/2017 à 10:33, Antony Stone a écrit : No - you must do the N

Re: [squid-users] squid tproxy connection time out

No it is not what i mentioned. Your mikrotik router should be for example ether1 -> Internet ether2 -> Clients ether3 -> Squid So the mikrotik is between clients and squid . -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-tproxy-connection-time-out-tp

Re: [squid-users] squid tproxy connection time out

also what about this topology? -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-tproxy-connection-time-out-tp4681027p4681044.html Sent from the Squid - Users mailing list ar

Re: [squid-users] Squid3 configure to force access to the facebook by the proxy

I am not sure why you would need that many ports. if you think each port is for each user or some other misconcept then let me tell you, you can route all your hosts and traffic from single port only. On Tue, Jan 3, 2017 at 4:06 PM, hitman13 wrote: > Hi guys, I'm new to linux > And I need to con

Re: [squid-users] Intercept mode failing

Hello, (answering to both Amos and Antony here, you got the same questioning ;) ) Le 03/01/2017 à 11:45, Amos Jeffries a écrit : > On 2017-01-03 23:13, Hoggins! wrote: >> Okay, I get that. >> >> Le 03/01/2017 à 10:33, Antony Stone a écrit : >>> No - you must do the NAT (or REDIRECT) rule *on the

[squid-users] Squid3 configure to force access to the facebook by the proxy

Hi guys, I'm new to linux And I need to configure squid3 on UBUNTU SERVER 16.04 But I need to force facebook access through the proxy And it has multi-ports, I actually need many EX: 52.xx.6.214: 3128 52.xx.6.214: 3129 52.xx.6.214: 3130 52.xx.6.214: as much as possible So that when you need

Re: [squid-users] squid tproxy connection time out

hello, i had created the topology diagram as i get from your idea, does it that you mentioned? but, according to that my bgp and wireless points are connected to mikrotik router, i can not move squid to the end point...in this network, now and in exists network, i routed the client to the mikrotik

Re: [squid-users] Intercept mode failing

On 2017-01-03 23:13, Hoggins! wrote: Okay, I get that. Le 03/01/2017 à 10:33, Antony Stone a écrit : No - you must do the NAT (or REDIRECT) rule *on the Squid server*. Well, my Squid server is not on the same network as my clients, so I need something else than just a REDIRECT on the Squid it

Re: [squid-users] Intercept mode failing

On Tuesday 03 January 2017 at 11:13:33, Hoggins! wrote: > Okay, I get that. > > Le 03/01/2017 à 10:33, Antony Stone a écrit : > > No - you must do the NAT (or REDIRECT) rule *on the Squid server*. > > Well, my Squid server is not on the same network as my clients, so I > need something else than

Re: [squid-users] squid tproxy connection time out

Hello, I think your problem is topology . I suggest change the position of squid so the mikrotik router stands between clients and squid box . Also assign a private ip address to your squid and also one ip from same range to your mikrotik router . Then try to mangle and route to that private ip .

Re: [squid-users] Intercept mode failing

Okay, I get that. Le 03/01/2017 à 10:33, Antony Stone a écrit : > No - you must do the NAT (or REDIRECT) rule *on the Squid server*. Well, my Squid server is not on the same network as my clients, so I need something else than just a REDIRECT on the Squid itself. > > If you need to use policy ro

Re: [squid-users] Intercept mode failing

On Tuesday 03 January 2017 at 10:17:54, Hoggins! wrote: > Hello list, > > I'm trying to do a simple intercept with Squid. Here is my setup : > > I have a LAN with machines on 192.168.22.0/24. Their gateway is > 192.168.22.10. On this machine, I have set the following iptables rule : > > ipt

[squid-users] Intercept mode failing

Hello list, I'm trying to do a simple intercept with Squid. Here is my setup : I have a LAN with machines on 192.168.22.0/24. Their gateway is 192.168.22.10. On this machine, I have set the following iptables rule : iptables -t nat -A PREROUTING -i eth0.100 ! -d 192.168.0.0/16 -p tcp --dport

Re: [squid-users] Squid Websocket Issue

On 2017-01-03 05:49, Hardik Dangar wrote: Hey Eliezer, The issue was with whatsapp web socket was not working, here is detailed information about issue Here is some information about my squid version, Squid Cache: Version 3.5.22-20161115-r14113 Service Name: squid configure option

Re: [squid-users] Squid 3.5.22 Bug when using Mimetype Detection? rep_mime_type

On 2017-01-03 07:33, Flashdown wrote: Hello together, with Squid 3.5.22 I have switched from using a url-regex to Mime Type Detection, which seemed to work nicely until now... :/ The thing to be very wary of with this change is that when reply blocking the request does still make it through