Hi
I am trying to limit the out bound connection based on list of domain names
definedin srcdomain and dstdomain.
Here is acl :
acl From_Source_Domains srcdomain domain1 domain2 domain3acl
To_Destination_Domains dstdomain domain4 domain5 domain6
Now some web site says below considered OR and it
This is in response to:
"There is another option if you don't have any issue to allow a certain public
IP address access to your network you can use some kind of portal which will
allow based on a SSL(even with self signed certificate) the "session" access to
the service."
I didn't receive the e
* Yuri Voinov :
> Hm. See no issue from my side:
"Content-Length: 0", happens when Age ist either 0 or 1
$ wget -S http://www.msftconnecttest.com/ncsi.txt
--2017-05-02 15:27:28-- http://www.msftconnecttest.com/ncsi.txt
Auflösen des Hostnamens »proxy.charite.de (proxy.charite.de)« …
141.42.1.
Hm. See no issue from my side:
root @ khorne /patch # wget -S http://www.msftconnecttest.com/ncsi.txt
--2017-05-02 19:16:11-- http://www.msftconnecttest.com/ncsi.txt
Connecting to 127.0.0.1:3128... connected.
Proxy request sent, awaiting response...
HTTP/1.1 200 OK
Cache-Control: max-age=
* Ralf Hildebrandt :
> It seems that squid is returning an incorrect Content-Lenght: header
> while the revalidation is still fresh/ongoing.
>
> I haven't yet tried tcpdumping the response to check if the 14 bytes
> do indeed contain the correct string.
And voila - here we go (Content-Length: 0
* Marcus Kool :
> Looks like MS uses multiple servers for msftconnecttest.com and that they
> send different content.
Nope. I verified the server's responses on the proxy machines itself
using direct connections. It's always correct.
Note this:
> > * Excess found in a non pipelined read: exces
Looks like MS uses multiple servers for msftconnecttest.com and that they send
different content.
On 02/05/17 08:59, Ralf Hildebrandt wrote:
In some cases, our proxies (got 4 of them) return a empty result when
querying "http://www.msftconnecttest.com/ncsi.txt"; (whcih is used by
Microsoft Brwo
* Yuri Voinov :
> If you add this URL to cache deny rule - problem still exists?
Using this:
# START
acl nocaching url_regex "^http://www\.(msftconnecttest|msftncsi)\.com"
cache deny nocaching
# ENDE
And yes, problem still exists...
--
Ralf Hildebrandt Charite Universitätsme
Here's a question: if I use SSL or TLS encryption between squid and browser,
would even the basic auth login be encrypted?
I'm thinking that instead of trying to use the proxy to SSH through, I could
use something like shellinabox over the proxy if the link is encrypted. This
would be much e
If you add this URL to cache deny rule - problem still exists?
02.05.2017 17:59, Ralf Hildebrandt пишет:
> In some cases, our proxies (got 4 of them) return a empty result when
> querying "http://www.msftconnecttest.com/ncsi.txt"; (whcih is used by
> Microsoft Brwosers to check if they're online)
In some cases, our proxies (got 4 of them) return a empty result when
querying "http://www.msftconnecttest.com/ncsi.txt"; (whcih is used by
Microsoft Brwosers to check if they're online).
I'm using this incantation to check the URL:
watch -d curl --silent -v -x "http://proxy-cvk-1.charite.de:8080
Also good information to know. I'll check into this.
I'm still finding my way through this and the next step is getting SSH to work
over itno luck with that yet.
From: Amos Jeffries
To: squid-users@lists.squid-cache.org
Sent: Monday, May 1, 2017 7:06 PM
Subject: Re: [squid-users
There is another option if you don't have any issue to allow a certain public
IP address access to your network you can use some kind of portal which will
allow based on a SSL(even with self signed certificate) the "session" access to
the service.
If it sounds fine let me know and I will prepar
13 matches
Mail list logo
