Still not working.
> -Original Message-
> From: squid-users On Behalf
> Of Amos Jeffries
> Sent: Wednesday, June 27, 2018 4:59 PM
> To: squid-users@lists.squid-cache.org
> Subject: Re: [squid-users] Setting up a Whitelist
>
> On 28/06/18 08:21, Donald Muller wrote:
> > Hi,
> >
> >
> >
>
On 28/06/18 11:04, Gordon Hsiao wrote:
>
> Keep reading http_port vs https_port here...
>
> 1. http_port does not require openssl, https_port does, however
> http_port can do ssl-bump so I would think http_port is conditionally
> depending on openssl
Yes.
> 2. reading cfgman v3.5 page I could
HTML attachment was scrubbed...
> URL: <
> http://lists.squid-cache.org/pipermail/squid-users/attachments/20180627/53c8530f/attachment-0001.html
> >
>
> --
>
> Message: 4
> Date: Wed, 27 Jun 2018 11:23:22 -0600
> From: Alex Rousskov
&g
On 28/06/18 10:00, Gordon Hsiao wrote:
> Still reading all the options, noticed dns_packet_max is off by default.
> My squid uses dnsmasq, that has EDNS on by default and it "defaults to
> 4096, which is the RFC5625-recommended size"
>
> In this case what will happen then? dnsmasq may receive EDNS
Hey Amos,
Today in many environments there is a very wide usage of ON-LINE
"libraries" since...
the server or a cache node is just "2 meters" from the developer.
(Picture the nearby Internet BOX being pointed as "This is the
Internet")
For me a 1MB file is still seems like too much for an Andr
On 06/27/2018 03:16 PM, Gordon Hsiao wrote:
> adding a nameserver port option will be nice if the changes are not intrusive.
Agreed. There are legitimate use cases for custom DNS ports. Just
because somebody might misuse a custom DNS port does not mean it should
not be supported (port 53 itself h
Still reading all the options, noticed dns_packet_max is off by default. My
squid uses dnsmasq, that has EDNS on by default and it "defaults to 4096,
which is the RFC5625-recommended size"
In this case what will happen then? dnsmasq may receive EDNS up to 4K,
which squid by default only takes 512B
On 28/06/18 09:16, Gordon Hsiao wrote:>
> I agree it's a bit unusual, but adding a nameserver port option will be
> nice if the changes are not intrusive.
So what protocol is used on this non-53 port?
How does "HTTP" sound? yes DNS-over-X is a thing these days and only
port 53 has the assurance t
This is actually standard practice, it is very easy and common for
administrators to configure their firewalls to redirect all 53 tcp/udp
requests to a specific host to prevent those people and/or malicious
applications which may be smart enough to change their dns server
settings in an attempt
Date: Thu, 28 Jun 2018 07:06:14 +1200
> From: Amos Jeffries
> To: squid-users@lists.squid-cache.org
> Subject: Re: [squid-users] can squid use dns server on random
> port(non-53)?
> Message-ID: <4563f027-a210-deeb-df82-f5a238887...@treenet.co.nz>
> Content-Type: text/plain; charset=utf-8
>
On 28/06/18 08:21, Donald Muller wrote:
> Hi,
>
>
>
> Don’t know if what I want to do is even possible but here is the
> situation. I have Squid set up on my QNAP NAS. It is running fine. I am
> using it with the blacklist and sites get blocked as they should.
> However there a number of sites
Hi,
Don't know if what I want to do is even possible but here is the situation. I
have Squid set up on my QNAP NAS. It is running fine. I am using it with the
blacklist and sites get blocked as they should. However there a number of sites
that I do not want blacklisted so I thought I'd set up a
On 28/06/18 07:06, Verwaiser wrote:
> Hello,
> what would be the right way to implement the authentification bypass list
> linked from adobe:
> https://helpx.adobe.com/content/dam/help/attachments/Creative_Cloud_for_enterprise_Service_Endpoints.pdf
>
Ouch. Rather a lot of domain names and explici
On 28/06/18 02:57, Paul Hackmann wrote:
> Hello. I can't figure out why, but I can get regular windows 10 updates
> through the proxy without problem, but the larger feature updates (1803)
> always fail to download.
Have you refreshed your knowledge of what the relevant config settings
are and wh
Hello,
what would be the right way to implement the authentification bypass list
linked from adobe:
https://helpx.adobe.com/content/dam/help/attachments/Creative_Cloud_for_enterprise_Service_Endpoints.pdf
I can write the list into a file, ok, but how can I setup the acl for
correct bypassig all th
On 27/06/18 16:29, Dieter Bloms wrote:
> Hello,
>
> On Tue, Jun 26, Gordon Hsiao wrote:
>
>> checked the manual it seems I can only set dnsserver with a new IP, is it
>> possible to make squid support non-standard DNS port, e.g. 5353?
Squid only contains a minimal stub resolver. It requires a re
On 28/06/18 03:49, Gordon Hsiao wrote:
> does it exist somewhere? Just notice this option in 3.5 but google does
> not say any location I can fetch like the way a typical ca-bundle is.
>
IIRC, Yuri published the bundle they had accumulated a while back. The
link seems not to be working now though
On 28/06/18 05:55, Amit Pasari - XS INFOSOL Inc. USA wrote:
> On 6/27/18 11:20 PM, Amit Pasari - XS INFOSOL Inc. USA wrote:
>> Dear Walter ,
>>
>> I use
>>
>> sslproxy_cert_sign_hash sha256
>>
>> and use a SHA-256 certificate
>>
>> The result is still the same .
>>
>> "NET::ERR_CERT_WEAK_SIGNATU
On 6/27/18 11:20 PM, Amit Pasari - XS INFOSOL Inc. USA wrote:
Dear Walter ,
I use
sslproxy_cert_sign_hash sha256
and use a SHA-256 certificate
The result is still the same .
"NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM"
Also one more thing , when i open yahoo.com with any of those
certificates
On 06/27/2018 10:55 AM, Gordon Hsiao wrote:
> Reading all the cfg options in Squid 3.5 I noticed http_port has lots of
> SSL related options(which it should not), plus https_port is referring
> to http_port for those options, should http_port have nothing to do with
> ssl-specific options and those
Reading all the cfg options in Squid 3.5 I noticed http_port has lots of
SSL related options(which it should not), plus https_port is referring to
http_port for those options, should http_port have nothing to do with
ssl-specific options and those ssl-options could be better moved to
https_port sec
does it exist somewhere? Just notice this option in 3.5 but google does not
say any location I can fetch like the way a typical ca-bundle is.
Gordon
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squi
Hello. I can't figure out why, but I can get regular windows 10 updates
through the proxy without problem, but the larger feature updates (1803)
always fail to download. I can do the windows 10 update assistant
manually, and that seems to work ok. I'm not sure what I am missing. Do I
have a pro
23 matches
Mail list logo
