Re: [squid-users] Help troubleshooting proxy<-->client https

Thank you, very helpful. Some more clarifying questions for you. Sorry for the imprecise language, I mean not interception but rather accepting connections to that port. Our browsers will be explicitly configured to connect our proxy, so I believe that is not interception? If we want to only al

Re: [squid-users] Help troubleshooting proxy<-->client https

On 05/31/2017 02:42 PM, Masha Lifshin wrote: > What I am trying to achieve is > 1. an https connection between the client and squid proxy, as well as > 2. listen on port 80 for http traffic, > 3. on port 443 for ssl traffic, and > 4. apply ssl-bump to the ssl traffic. If I parsed your quer

Re: [squid-users] squid sslbump and certificates

What OS? Eliezer Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il -Original Message- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of Vieri Sent: Thursday, June 1, 2017 12:24 AM To: squid-users@lists.

[squid-users] failed to bump Twitter

Hi, I can't seem to be able to bump Twitter. Whenever a client tries to browse https://twitter.com there's a connection refusal error page (111). Any clue as to what I could try? # grep -v ^# squid.test.conf | grep -v ^$ http_access allow localhost manager http_access deny manager http_port 32

Re: [squid-users] squid sslbump and certificates

From: Amos Jeffries > > Which version of Squid are you using now? I still haven't found the time to update my systems but the squid version I was running this on was/is 3.5.14. I probably need to catch up for this feature to work correctly. Vieri _

Re: [squid-users] Squid TPROXY issues with Google sites

From: Alex Rousskov > > You need to figure out why. Two common reasons are SSL-level errors and > http_access denials. Both should be reflected in access.log and > debugging cache.log. I finally found out it was an http_access deny on an ACL match with url_regex

Re: [squid-users] Help troubleshooting proxy<-->client https

Dear Alex, Thank you very much for your helpful reply. I have a follow up question. What I am trying to achieve is an https connection between the client and squid proxy, as well as listen on port 80 for http traffic, on port 443 for ssl traffic, and apply ssl-bump to the ssl traffic. I am havi

Re: [squid-users] this config is ok? is ok the order?

The answer to your question really depends on what your policies are for who and what the proxy can be used by. The config tells one set of policies. But if those are not the one(s) you actually want to happen, then the config is incorrect even if it "looks okay". If I assume that its doing

Re: [squid-users] How to intercept ssl_bump transparent NAT https websites

Great Mister ! Its working now by adding: url_rewrite_access deny CONNECT Your "url_redirect_access deny CONNECT" gave me error /etc/squid/squid.conf:102 unrecognized: 'url_redirect_access' Thank you very very much. My problem solved now and everything's running fine. 05/31/17 16:14:59,

Re: [squid-users] How to intercept ssl_bump transparent NAT https websites

On 31/05/17 20:15, Andi wrote: Squid 3.5.25 + Squidclamav(c-icap) + SquidGuard Here are the logs with SSL_ERROR_RX_RECORD_TOO_LONG in Firefox by debug_options ALL,1 11,2 and 61,5 https://mega.nz/#!dIdAkYra!aVEg07Sc9OxRwYiRAPk49dwegr2r-sdX2u73btEdDVk

Re: [squid-users] How to intercept ssl_bump transparent NAT https websites

Squid 3.5.25 + Squidclamav(c-icap) + SquidGuard Here are the logs with SSL_ERROR_RX_RECORD_TOO_LONG in Firefox by debug_options ALL,1 11,2 and 61,5 https://mega.nz/#!dIdAkYra!aVEg07Sc9OxRwYiRAPk49dwegr2r-sdX2u73btEdDVk Here the squid.conf & squidguard.conf https://pastebin.com/v

Re: [squid-users] How to intercept ssl_bump transparent NAThttpswebsites

Thank you again, It was all working together with "ssl_bump server-first all" optin for squidclamav(c-icap) and squidGuard 1.5 for Squid v 3.48 packages at debian jessie Now after installing new Squid 3.5.25 with splice/peek support, its all working except of ssl websites. I 'll reproduce th