I am using squid 3.5.23 for no-caching reverse proxying http to
backend web servers.
I want to do the same with https.
If I try to make cache_peer, acl, http_access and cache_peer_access
for port 443 in addition to port 80, the connection attempt fails with
browser complaining about error code: SS
Hi,
Using Squid 3.5.23, After some time found squid dead with below errors. Even i
restart it doesn't start for some time (5-10 minutes).
Apr 28 16:16:18 mysystem (squid-1): Ipc::Mem::Segment::open failed to
shm_open(/squid-ssl_session_cache.shm): (2) No such file or directory
Apr 28 16:16:18
Hi,
Can we cleanup 'Cache' using -
SSL_flush_sessions(ctx, time(NULL)); or
SSL_flush_sessions(ctx,0);
Periodically or on reconfigure?
Nil
From: squid-users on behalf of Nil
Nik
Sent: Wednesday, May 3, 2017 11:54 AM
To: Alex Rousskov; squid-users@lists.squi
On 04/05/17 06:45, mbaltruschat wrote:
Hello Amos,
many thanks, i think i got it, it was a Problem with my "never_direct"
rules, i already got them in the conf, but the dont worked, so after your
tips, i wrote the conf from scratch in Notepad++ and now it works - i guess
it was a Problem with c
On 04/05/17 06:54, Skyvolt Zoltar wrote:
Hi, I am completely new to Squid.
I would like to know if it is possible to configure squid within my
network as a web filter only.
The scenario would be like this.
User's browser has proxy configuration > forwards all the browsers
request to Squid >
On 04/05/17 02:19, BurningSky wrote:
Hi Amos,
Thanks for the reply. Sorry, what I meant by that was that I was logged into
the Squid Windows server using remote desktop so that I could edit the
configuration so that is separate from the machine trying to use Squid a a
proxy.
So it would seem
I forgot: I know VPN doesn't work from there, but it's on the standard port, so
I could investigate that. However the issue is then everything else running
will want to run over the VPN, e.g. email, IM, various IT services I don't know
about.
From: Daniel Greenwald
To: "Craddock, Tommy
I don't believe blocked outbound ports is the problem. I can for example
connect to several ports in the 8090 - 8100 range using services other than
SSH. I've also tried moving the SSH server to 443 and one of these
aforementioned ports, but no go.
From: Daniel Greenwald
To: "Craddock
Seems to me you are overthinking this. What you're up against is blocked
outbound ports. Simply run openvpn at your home over one of the allowed
outbound ports eg 80 443 or possibly 3128/8080 according to your
environment and call it a day. You won't need proxy authentication or
haproxy etc..
On W
Hello,
Yeah, that guide is for PFsense in particular, but you could run HAProxy by
itself (say in a VM) and get the same result. Just fwd those ports from your
router to the HAProxy box.
Thanks!
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of j m
Sent: Wedn
Looks interesting, but it looks complex and sounds like I'd need more of a
router than I have to do it.
From: "Craddock, Tommy"
To: "squid-users@lists.squid-cache.org"
Sent: Wednesday, May 3, 2017 2:04 PM
Subject: Re: [squid-users] HTTPS support
#yiv0837668946 #yiv0837668946 -- _f
On 05/03/2017 12:45 PM, mbaltruschat wrote:
> can i donate something for squid development? Paypal?
If you would like to donate to the Squid Project, please see the URL
below but note that Amos, personally, will not receive your donation
because Squid Foundation directors are unpaid volunteers. I
Hello,
Is this more in line with what your trying to do:
http://loredo.me/post/116633549315/geeking-out-with-haproxy-on-pfsense-the-ultimate
Tommy
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of j m
Sent: Wednesday, May 03, 2017 2:44 PM
To: squid-users@lists.s
Hello Amos,
many thanks, i think i got it, it was a Problem with my "never_direct"
rules, i already got them in the conf, but the dont worked, so after your
tips, i wrote the conf from scratch in Notepad++ and now it works - i guess
it was a Problem with charset while saving.
again, many thanks,
Hi, I am completely new to Squid.
I would like to know if it is possible to configure squid within my network
as a web filter only.
The scenario would be like this.
User's browser has proxy configuration > forwards all the browsers request
to Squid > squid does an analysis > squid forward to the
In any case, I'm finding SSH through proxy is undesirable or not possible. I'm
thinking shellinabox, which is insecure but run over a secure proxy link, is my
best bet.
From: Alex Rousskov
To: j m ; "squid-users@lists.squid-cache.org"
Sent: Wednesday, May 3, 2017 1:19 PM
Subject: R
>So, redirect *external* connections to port 3128 to localhost 22, and then SSH
>to your home server on port 3128?
I think what you're saying is it's a port number issue, that certain ports are
problematic. But that doesn't seem to be the case. I already run SSH on a
non-standard port, and ha
On 05/03/2017 11:37 AM, j m wrote:
> the plan was to use SSH through the proxy.
If your SSH clients support SSH through an HTTP proxy, then do not
authenticate them in Squid. Just do not let them go anywhere but the SSH
server. It would be like running an exposed-to-the-world SSH server, no
worse.
On Wednesday 03 May 2017 at 18:37:36, j m wrote:
> I cannot SSH into my home server from an organization that is apparently
> blocking SSH connections, for whatever reason, intentional or not. I am,
> however, able to use a squid proxy that I run from my home server.
So, redirect *external* conn
I should clarify things a bit. I do realize SSH and squid are separate, but
the problem I'm having is I cannot SSH into my home server from an organization
that is apparently blocking SSH connections, for whatever reason, intentional
or not. I am, however, able to use a squid proxy that I run
On 05/03/2017 10:57 AM, j m wrote:
> I wanted to set up a proxy on my home server for use from remote
> locations to use as a web proxy (of course) and also to run SSH over.
The "ssh" part is unrelated to Squid. Secure ssh separately from Squid.
> This means that basic auth is undesirable due to
I wanted to set up a proxy on my home server for use from remote locations to
use as a web proxy (of course) and also to run SSH over. This means that basic
auth is undesirable due to the login being sent in clear text. So, someone
suggested digest auth, and I was happy. But, now I'm finding
You sure?
http://wiki.squid-cache.org/SquidFaq/SquidMemory
03.05.2017 21:44, Nil Nik пишет:
>
> Hi,
>
>
> Its not disk cache, its due to in memory SSL context.
>
>
> Nil
>
>
> *From:* squid-users on
> behalf of Yuri
> *Sent:* Wednesday, May 3, 2017 11:55 AM
> *To:* squid-users@lists.squid-cac
Hi,
Its not disk cache, its due to in memory SSL context.
Nil
From: squid-users on behalf of Yuri
Sent: Wednesday, May 3, 2017 11:55 AM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Huge memory required for squid 3.5
How big disk cache(s) and how it full?
03.05.2017 17
Hi Amos,
Thanks for the reply. Sorry, what I meant by that was that I was logged into
the Squid Windows server using remote desktop so that I could edit the
configuration so that is separate from the machine trying to use Squid a a
proxy.
So it would seem like the issue is with the firewall fr
On 03/05/17 22:47, BurningSky wrote:
Hi,
I have been searching around the web for a while now to try and find a
solution but having not had much luck I was wondering if someone on here
could help.
I have set up a Windows 2008 R2 server running the Diladele pre-complied
Squid 3.5 proxy and am lo
On 03/05/17 00:40, j m wrote:
Here's a question: if I use SSL or TLS encryption between squid and
browser, would even the basic auth login be encrypted?
All of the HTTP going to the proxy would be encrypted.
I'm thinking that instead of trying to use the proxy to SSH through, I
could use
On 03/05/17 12:40, Blaxton wrote:
Hi
I am trying to limit the out bound connection based on list of domain
names defined
in srcdomain and dstdomain.
Here is acl :
acl From_Source_Domains srcdomain domain1 domain2 domain3
acl To_Destination_Domains dstdomain domain4 domain5 domain6
Now some
How big disk cache(s) and how it full?
03.05.2017 17:54, Nil Nik пишет:
Hi,
NO_DEFAULT_CA doesn't help. Still goes in GB. Can anyone tell me area
so that i can work on?
Regards,
Nil
*From:* squid-users on
behalf
Hi,
NO_DEFAULT_CA doesn't help. Still goes in GB. Can anyone tell me area so that i
can work on?
Regards,
Nil
From: squid-users on behalf of Alex
Rousskov
Sent: Wednesday, April 26, 2017 7:37 PM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-us
Hi,
I have been searching around the web for a while now to try and find a
solution but having not had much luck I was wondering if someone on here
could help.
I have set up a Windows 2008 R2 server running the Diladele pre-complied
Squid 3.5 proxy and am looking to make use of our firewall for U
Exactly.
03.05.2017 16:32, Rafael Akchurin пишет:
And on 3.5 too?
-Original Message-
From: Yuri [mailto:yvoi...@gmail.com]
Sent: Wednesday, May 3, 2017 12:30 PM
To: Rafael Akchurin ; Flashdown
Cc: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] ssl bump and chrome 58
Mo
And on 3.5 too?
-Original Message-
From: Yuri [mailto:yvoi...@gmail.com]
Sent: Wednesday, May 3, 2017 12:30 PM
To: Rafael Akchurin ; Flashdown
Cc: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] ssl bump and chrome 58
Mountain brake, Raf :-)
Fixed yesterday, already runni
Mountain brake, Raf :-)
Fixed yesterday, already running on productions (on my side) ;-)
03.05.2017 15:05, Rafael Akchurin пишет:
Sorry disregard - should practice my google fu better - see
http://bugs.squid-cache.org/show_bug.cgi?id=4711
-Original Message-
From: squid-users [mailto
Sorry disregard - should practice my google fu better - see
http://bugs.squid-cache.org/show_bug.cgi?id=4711
-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of Rafael Akchurin
Sent: Wednesday, May 3, 2017 10:48 AM
To: Flashdown ; Yuri Vo
Hello all,
The following steps give in Chrome 58 the "Your connection is not private"
error with "NET::ERR_CERT_COMMON_NAME_INVALID" and "missing_subjectAltName"
error:
(peek-an-splice bumping squid 3.5.23_1 as in
https://docs.diladele.com/howtos/build_squid_ubuntu16/index.html)
1. Open Chrom
36 matches
Mail list logo
