On 04/12/2017 12:16 PM, Amos Jeffries wrote:
> Changes to http_access defaults
Clearly stating what you are trying to accomplish with these changes may
help others evaluate your proposal. Your initial email focuses on _how_
you are going to accomplish some implied/vague goal. What is the goal her
On 13/04/2017 7:13 a.m., Maik Linnemann wrote:
> I figured out that nginx is able to do what i want, at least SNI and
> multiple certs. I am forced to try that in the meantime. Also i will
> check varnish. Is there any realistic date when SNI is available in
> reverse proxy with squid? Is there any
I figured out that nginx is able to do what i want, at least SNI and multiple
certs. I am forced to try that in the meantime. Also i will check varnish. Is
there any realistic date when SNI is available in reverse proxy with squid? Is
there anyone coding at all for that feature?
-Ursprüngli
When I implemented the major changes to squid.conf in 3.1/3.2 there
were a lot of installations placing custom config rules above the lines
I describe now as "default security checks". The !Safe_ports and
!SSL_ports deny lines.
At the time I also believed reverse-proxy config had to go above that
You can try to use haproxy, nginx, varnish or any other proxy.
Eliezer
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il
-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of Amos Jeffries
SSL-Bump featres in Squid are still very volatile. What appear to be
minor change can have big behaviour differences and security fixes
between any two releases. It is not worth anyones time (including yours)
re-debugging and re-fixing an older release for things that have already
been fixed.
So,
On 12/04/2017 7:58 p.m., Maik Linnemann wrote:
> Thanks Amos. Unfortunately i only have one public IP to use for the reverse
> squid. I thought there might be an equivalent to apaches name based hosts or
> similar.
TLS protocol does contain SNI feature, but support for that in
reverse-proxy is
Hello everyone.
I am successfully filtering HTTPS traffic with intercept/PBR setup and
users get my custom ERR_ACCESS_DENIED page from Squid. Permitted pages
(both HTTP/HTTPS) also work absolutely fine.
The problem is, when users try to access filtered page with HTTP request,
then they get ERR_CO
Thanks Amos. Unfortunately i only have one public IP to use for the reverse
squid. I thought there might be an equivalent to apaches name based hosts or
similar.
Von: squid-users [squid-users-boun...@lists.squid-cache.org]" im Auftrag
von "Amos Jeffries
