Dear Squid Users list,
I have a Squid 4 configured as explicit proxy with ssl-bump interception.
I am working on making it as secure as possible, given the vulnerability
risks with doing ssl inspection (
https://insights.sei.cmu.edu/cert/2015/03/the-risks-of-ssl-inspection.html).
I am implementin
W dniu 12.05.2017 o 17:30, erdosain9 pisze:
Hi.
Thanks!
We have 100 users... What would you think is a good "auth_param
negotiate children"??
The one that does not gives you a warning. One of my squids has 12 users
who can kill 18 helpers and generate 1.2GB log within one day; it all
On 05/12/2017 01:58 PM, yanier wrote:
> I have the following internet connection scheme
> Proxy (administrator by me) - Proxy Parent - Internet
> I would like to know if I could filter https without having to make
> changes in the parent proxy
A general-purpose parent proxy has no affect on bump
On 05/12/2017 01:17 PM, Juan Ramírez wrote:
> I still don't understand whether it is possible to reuse ICAP
> connections for cases other than retries.
You are implying that idle persistent connections are used for retries.
They are not (or, at least, should not be). Idle persistent connections
a
Hi,
Thank you all for such detailed responses.
I still don't understand whether it is possible to reuse ICAP connections
for cases other than retries.
As far as I know, Squid is able to save connections in a pool called
`theIdleConns`.
Can these connection be reused for other transactions in the
Hi all:
I have a question and I would like to clarify this.
I have the following internet connection scheme
Proxy (administrator by me) - Router / FW - Proxy Parent - -Router -
Internet
I would like to know if I could implement sslbump or similar to be able to
filter traffic https (I think sq
Hi.
Thanks!
We have 100 users... What would you think is a good "auth_param
negotiate children"??
I cant run squidclient
[root@squid ~]# squidclient mgr:negotiate_authenticator
ERROR: Cannot connect to [::1]:3128
[root@squid ~]# squidclient -vv mgr:negotiate_authenticator
verbosity lev
On 05/12/2017 08:50 AM, chiasa.men wrote:
> Am Freitag, 12. Mai 2017, 14:16:45 CEST schrieb Amos Jeffries:
>> The efficient solution is to have long persistence on the connections
>> between your CDN frontend (Squid) and the backend origins (Apache). You
>> can make the timeout much shorter on the
Am Freitag, 12. Mai 2017, 14:16:45 CEST schrieb Amos Jeffries:
> On 12/05/17 22:31, chiasa.men wrote:
> > Am Sonntag, 23. April 2017, 17:57:52 CEST schrieb Amos Jeffries:
> >> On 23/04/17 23:25, chiasa@web.de wrote:
> >>> Hello
> >>>
> >>> my squid.conf looks like that:
> >>>
> >>> https_port
On 05/11/2017 07:30 PM, Amos Jeffries wrote:
> Requests which are not retriable are not able to be re-sent [...]
> As such those requests need a new TCP connection to be opened to
> guarantee the absence of immediate closure. When they complete with
> their transaction it gets added to the pool f
On 05/12/2017 02:51 AM, Anton Kornexl wrote:
> i am using the cachemgr.cgi (cachemgr.cgi/3.3.14 from openSUSE Leap 42.1
> The cache Manager menu shows many entries multiple times
Could be bug 3188 fixed four years ago:
http://bugs.squid-cache.org/show_bug.cgi?id=3188
Alex.
On 12/05/17 15:45, L A Walsh wrote:
Alex Rousskov wrote:
Yes, there is a way. Your options include:
1. Tell Squid to ignore expired certificates errors. Squid will then
mimic the expired certificate while allowing the client traffic. The
client should then detect the expired (fake) certificat
On 12/05/17 22:31, chiasa.men wrote:
Am Sonntag, 23. April 2017, 17:57:52 CEST schrieb Amos Jeffries:
On 23/04/17 23:25, chiasa@web.de wrote:
Hello
my squid.conf looks like that:
https_port 3128 accel cert=/cert.pem key=/cert.key
defaultsite=ww1.example.com vhost
acl server20_domains ds
Am Sonntag, 23. April 2017, 17:57:52 CEST schrieb Amos Jeffries:
> On 23/04/17 23:25, chiasa@web.de wrote:
> > Hello
> >
> > my squid.conf looks like that:
> >
> > https_port 3128 accel cert=/cert.pem key=/cert.key
> >
> > defaultsite=ww1.example.com vhost
> >
> > acl server20_domains dstdo
Hello,
i am using the cachemgr.cgi (cachemgr.cgi/3.3.14 from openSUSE Leap 42.1
(x86_64))
The cache Manager menu shows many entries multiple times:
See following list
Cache Manager menu for localhost:
Cache Manager Interface
Cache Manager Menu
Toggle offlin
15 matches
Mail list logo
