Re: [squid-users] source spoofing without tproxy?

That's very helpful guidance, Alex. Thank you. It's probably not in scope currently for me to take on championing such an effort, but I'll keep it in mind as an option for the future. David On Tue, Jun 13, 2017 at 2:43 PM, Alex Rousskov < rouss...@measurement-factory.com> wrote: > On 06/13/2017

Re: [squid-users] source spoofing without tproxy?

On 06/13/2017 02:41 PM, David Kewley wrote: > I will proceed assuming that squid will never support the sort of > spoofing I was hoping for (since it would probably simplify things > greatly for us), even though I believe in our design that spoofing would > have been safe. If you have a legitimat

Re: [squid-users] source spoofing without tproxy?

On Tue, Jun 13, 2017 at 3:15 AM, Amos Jeffries wrote: > On 13/06/17 18:14, David Kewley wrote: > >> This might be of help if you are not already aware of the risks and >> issues involved with spoofing and handling of non-local IPs; < >> http://www.bcp38.info/> >> > I was aware of at least most of

Re: [squid-users] Error Compiling squid-3.5.26 with libecap-1.0.1 on CentOS Linux release 7.3.1611

On 06/13/2017 01:37 PM, Norbert Naveen wrote: > I guess I know the culprit Glad you found a solution! > In bashrc > The following 4 lines were present ,, I have commented it out now . Please try to post those four lines again, as plain text. Others may find those wrong lines useful, but t

Re: [squid-users] Error Compiling squid-3.5.26 with libecap-1.0.1 on CentOS Linux release 7.3.1611

Hello Alex and Squid Admins Managed to Compile with ecap successfully Looks like the Error was due to earlier added export in bashrc Have questions on the 4 patches of ecap .. but I shall open a different Thread Thanks & Rgds Naveen -Original Message- From: Norbert Naveen [mailto:nor

Re: [squid-users] Error Compiling squid-3.5.26 with libecap-1.0.1 on CentOS Linux release 7.3.1611

Hello Alex I guess I know the culprit In bashrc The following 4 lines were present ,, I have commented it out now . Shall try to make -k clean and then redo Thanks -Original Message- From: Norbert Naveen [mailto:norbert.nav...@tayana.in] Sent: Wednesday, June 14, 2017 12:37 AM T

Re: [squid-users] Error Compiling squid-3.5.26 with libecap-1.0.1 on CentOS Linux release 7.3.1611

Hello Alex Sorry for the mistake of missing the o/p of configure # PKG_CONFIG_PATH=/usr/local/lib/pkgconfig /usr/bin/pkg-config --print-errors --debug "libecap >= 1.0 libecap < 1.1" Error printing disabled by default, value of --print-errors: 1 Error printing enabled Adding virtual 'pkg-config'

Re: [squid-users] Error Compiling squid-3.5.26 with libecap-1.0.1 on CentOS Linux release 7.3.1611

>From this output: === configuring in libltdl (/root/install/squid-3.5.26/libltdl) configure: running /bin/sh ./configure --disable-option-checking '--prefix=/usr/local/squid' '--enable-ecap' 'PKG_CONFIG_PATH=/usr/local/lib/pkgconfig' 'EXT_LIBECAP_CFLAGS=/usr/local/lib' 'EXT_L

[squid-users] [squid-announce] Squid 3.5.26 is available

The Squid HTTP Proxy team is very pleased to announce the availability of the Squid-3.5.26 release! This release is a bug fix release resolving several issues found in the prior Squid releases. The major changes to be aware of: * Bug 4711: SubjectAlternativeNames is missing in some generated

[squid-users] [squid-announce] Squid 4.0.20 beta is available

The Squid HTTP Proxy team is very pleased to announce the availability of the Squid-4.0.20 release! This release is a bug fix release resolving several issues found in the prior Squid releases. The major changes to be aware of: * Regression Bug 4692: SSL-Bump breaks intercepted IPv6 connectio

Re: [squid-users] Error Compiling squid-3.5.26 with libecap-1.0.1 on CentOS Linux release 7.3.1611

On 06/13/2017 09:03 AM, L.P.H. van Belle wrote: > Looks the same like. > > http://squid-web-proxy-cache.1019090.n4.nabble.com/Compiling-squid-3-5-4-with-ecap-enabled-td4671325.html > The "undefined references" problem on that thread looks the same, but the "PKG_CONFIG_PATH is the path to the pk

Re: [squid-users] Error Compiling squid-3.5.26 with libecap-1.0.1 on CentOS Linux release 7.3.1611

On 06/13/2017 08:46 AM, Norbert Naveen wrote: > # grep 'EXT_LIBECAP_.*=' src/adaptation/ecap/Makefile > EXT_LIBECAP_CFLAGS = /usr/local/lib > EXT_LIBECAP_LIBS = /usr/local/lib Strange. These variables are malformed and do not match the contents of your /usr/local/lib/pkgconfig/libecap.pc file! W

Re: [squid-users] Error Compiling squid-3.5.26 with libecap-1.0.1 on CentOS Linux release 7.3.1611

Looks the same like. http://squid-web-proxy-cache.1019090.n4.nabble.com/Compiling-squid-3-5-4-with-ecap-enabled-td4671325.html Greetz, Louis > -Oorspronkelijk bericht- > Van: squid-users > [mailto:squid-users-boun...@lists.squid-cache.org] Namens > Norbert Naveen > Verzonden: din

Re: [squid-users] Error Compiling squid-3.5.26 with libecap-1.0.1 on CentOS Linux release 7.3.1611

Hello The Make output can be found at https://drive.google.com/open?id=0B_dDVNpzSGEKcFlMSlBVZWs5c2c And the output of # grep 'EXT_LIBECAP_.*=' src/adaptation/ecap/Makefile EXT_LIBECAP_CFLAGS = /usr/local/lib EXT_LIBECAP_LIBS = /usr/local/lib I did the below to no effect make -k clean; .

Re: [squid-users] cacheable object dose not match

>>No. The cache file contains a TLV structure of metadata followed by the right but so it should be a TLV bindery and after that ?? HTTP/1.1 200 OK wish is text clear or anything betwean thim as this -->> accept-encodingHTTP/1.1 200 OK accept-encoding and status line on one line also 1 ac

Re: [squid-users] cacheable object dose not match

On 14/06/17 01:35, joseph wrote: if you open the hex cached file first header or so should be HTTP/1.1 200 OK right ??? No. The cache file contains a TLV structure of metadata followed by the response 'on-wire' syntax. You appear not to be able to see (or cut-n-paste) the binary TLV prefixes,

[squid-users] cacheable object dose not match

if you open the hex cached file first header or so should be HTTP/1.1 200 OK right ??? is this correct in one line will be cacheable hit or corrupted accept-encodingHTTP/1.1 200 OK ??? good cache header file example HTTP/1.1 200 OK Via: cache-yes Content-Type: image/x-icon Last-Modified

Re: [squid-users] Negotiate Kerberos Auth - BH Invalid request

First, it very handy to know your os and samba and squid versions used. ? Second, Squid/radius etc anything that uses NTLMv1 with samba stopped working after 4.5.0 I think your main problem can be explained by this extract from the release notes for 4.5.0: ? NTLMv1 authentication disabled by

[squid-users] Negotiate Kerberos Auth - BH Invalid request

Hello list, I asked about a problem with NTLM-Authentication before. (BH SPNEGO request invalid prefix; thats the error of the helper protocol "helper-protocol=squid-2.5-ntlmssp" I used with NTLM, while basic works fine) A user told me I should use negotiate_kerberos_auth instead of ntlm_auth.

Re: [squid-users] Cache peer help

On 13/06/17 23:30, Alejandro Delgado Moreno wrote: Hi Amos, I've applied your suggestions, but still every request is sent directly, bypassing the peer proxy for sites specified on file UPF_List.txt: [Tue Jun 13 13:25:58 2017].905111 172.18.2.45 TCP_MISS/200 968 POST http://ocsp.usertrust

Re: [squid-users] Cache peer help

Hi Amos, I've applied your suggestions, but still every request is sent directly, bypassing the peer proxy for sites specified on file UPF_List.txt: [Tue Jun 13 13:25:58 2017].905111 172.18.2.45 TCP_MISS/200 968 POST http://ocsp.usertrust.com/ - HIER_DIRECT/178.255.83.1 application/ocsp-re

Re: [squid-users] source spoofing without tproxy?

On 13/06/17 18:14, David Kewley wrote: Thanks for your reply, Amos. On Mon, Jun 12, 2017 at 9:50 PM, Amos Jeffries > wrote: On 13/06/17 13:48, David Kewley wrote: I want my clients to explicitly address squid as a proxy (not use tproxy), but ha

Re: [squid-users] source spoofing without tproxy?

On 13/06/17 19:34, Matus UHLAR - fantomas wrote: On 13/06/17 13:48, David Kewley wrote: I want my clients to explicitly address squid as a proxy (not use tproxy), but have squid spoof the source addresses in the forwarded connection, so that further hops know the original source address from t

Re: [squid-users] client-->iptables-->squid-proxy->another-proxy

Hello Jeryl, If you look on the mailing list we and many before us have this problem. Client > Squid proxy > Parent proxy > Internets (http / HTTPS) As already stated by 1 of the developers before, the code simply does not exist to handle this. cache_peer can't do a "HTTP CONNECT",

Re: [squid-users] source spoofing without tproxy?

On 13/06/17 13:48, David Kewley wrote: I want my clients to explicitly address squid as a proxy (not use tproxy), but have squid spoof the source addresses in the forwarded connection, so that further hops know the original source address from the IPv4 headers. I could find no indication that