Re: [squid-users] anonymous squid setup on digital ocean centos 6 but my IP still detected

Eliezer Thanks for your good advice.. Regards Alex tech.jahtoe.com bafila.jahtoe.com On 6 Mar 2017 17:30, "Eliezer Croitoru" wrote: > Hey Alex, > > First goes first: If you spin any version of CentOS these days I recommend > to use CentOS 7 and not 6. > This is also based on many use cases whic

Re: [squid-users] anonymous squid setup on digital ocean centos 6 but my IP still detected

Hey Alex, First goes first: If you spin any version of CentOS these days I recommend to use CentOS 7 and not 6. This is also based on many use cases which proved(to me and many others) that the kernel and many other components improved performance. If you already spinoff a server to mask your IP

Re: [squid-users] Ssl bump tunneling connection by using Common Name

Hey, There was something about it but I believe it's only on squid version 4.0.X. The other options for such a thing is to use an external_acl helper that will try to initiate a connection to the destination host (like what is done in the happy eyeballs) to and to inspect the certificate to matc

Re: [squid-users] Ssl bump tunneling connection by using Common Name

On 03/06/2017 06:46 AM, Hanoch Hanoch K wrote: > However skype's client app uses client certificates that don't have SNI. SNI is not a property of a client certificate. It is a property of a client Hello message. I do not know whether some Skype clients do not send SNI with their Hellos, but I wa

Re: [squid-users] squid 3.5.2==> HTTPS FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

Hi, all, A couple of years ago, I wrote a perl script that ran a specified number of ssl_crtd processes with simultaneous requests to expose the problem and test the resolution. I’ve attached it below in case it would help test/diagnose the situation. It has hard-coded paths at the top of the s

[squid-users] Ssl bump tunneling connection by using Common Name

Greetings We're using Squid 3.5.19 with ssl bump, and we want to tunnel (not bump) applications such as skype, that use pinned ssl, so we defined an acl for splicing skype's ssl_server_name. However skype's client app uses client certificates that don't have SNI. The only way to identify skype is

[squid-users] squid 3.5.24 Host header forgery detected

Hello. I have the squid 3.5.24 from source: configure options:  '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/include' '--mandir=/share/man' '--infodir=/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=/lib/squid' '--srcdir=.' '--disable-maintainer-mode' '--disabl

[squid-users] anonymous squid setup on digital ocean centos 6 but my IP still detected

Greetings, I have implemented the following tutorial from digital ocean which sets up squid with settings to not have my IP address forwarded. I'm finding however that my local IP is still detected when I go

[squid-users] Fwd: reverse proxy HTTPS

Hi, I can give precise what I am doing on this part.See the previous mail below for my exact requirement. //create the keys. $openssl req -new -keyout key.pem -nodes -x509 -days 365 -out cert.pem Both keys(cert.pem and key.pem) are places in /etc/squid/. Then, I make following in squid. ++

[squid-users] reverse proxy HTTPS

Hello friends, I am using squid 4.0.18. It works for reverse proxy HTTP. Now I need to make HTTPS. I am not sure configure squid server and ssl keys. If you have any pointer or procedures in Ubuntu 16.04, please let me know. Thanks for your reponse. Best regards Sothy