I will try fresh installation of FreeBSD 11.2-RELEASE
And see how it works.
Maybe something was corrupted during upgrade.
Just FYI please look on my pf.conf and squid.conf:
*# cat /etc/pf.conf*
outif=re0 #outer interface
inif=re1#iner interface
outip
On 17/10/18 3:15 PM, Amish wrote:
>
> My proposal for would be to add "-n" (nobump) option to deny_info.
>
> If -n is specified then squid will send 307 directly instead of 200.
>
> Case 1)
> deny_info http://192.168.1.1/blocked.html denyit
>
> Return with 200 and bump it (existing behaviour)
>
On 17/10/18 5:17 PM, Timur Lagutenko wrote:
> i'm sure that the issue is not related to firewall rules.
> because if I pass traffic from client IP (using NAT, browser is not
> configured to use proxy) it works.
Ah, you said earlier that you did not have SSL-Bump features enabled.
How are you inte
i'm sure that the issue is not related to firewall rules.
because if I pass traffic from client IP (using NAT, browser is not
configured to use proxy) it works.
I think it is related to some SSL/TLS lib in the system.
Because today i've tried CLI browser - links.
Launching it directly from gateway
On 17/10/18 6:22 AM, Bruno de Paula Larini wrote:
>
> Em 16/10/2018 02:46, Timur Lagutenko escreveu:
>> Hello friends,
>>
>> recently I've updated my freebsd gateway.
>> from 11.1 to 11.2.
>> also I've updated squid form 3.5 to 4.1
>> i have no transparency, no ssl-bump/splice etc..
>> simple inst
On 16/10/18 11:09 AM, Danilo V wrote:
> Hi all,
>
> Has anyone succeeded applying delay pools on groups from AD?
>
> I'm using squid 3.5.23 with basic_ldap_auth.
> I initially tried to combine mapping groups with external acl type
> (ext_ldap_group_acl) to delay pools. It's a trap :-(
>
A trap?
On 16/10/18 11:13 PM, Antony Stone wrote:
> On Tuesday 16 October 2018 at 11:38:53, morteza omidian wrote:
>
>> Hi
>> why anybody don't answer me?
>
> Maybe we don't have experience with precisely what you're trying to do.
>
> Maybe we're busy with our day jobs.
>
> Maybe we're confused by the
On 16/10/18 8:06 PM, morteza omidian wrote:
> Hi
> Witch options do i have to compile with to enable "clientside_mark"??
>
Let me copy and paste the text from the ACL documentation page I
referenced you to read right at the beginning of these many splintered
discussion multi-thread(s).
Note the
In addition to what Matus and Alex have already said about your problem,
you do not appear to understand regex patterns properly.
On 16/10/18 4:11 AM, RB wrote:
> Hi Matus,
>
> Thanks for responding so quickly. I uploaded my configurations here if
> that is more helpful: https://bit.ly/2NF4zNb
>
On 16/10/18 10:07 PM, Alex Rousskov wrote:
On 10/16/2018 10:01 AM, Amish wrote:
Thing is that squid behaves differently for 2 exactly same CONNECT
request with only difference being ssl-bump
Yes, Squid behaves differently when configured differently.
* My original response was specific to Ssl
Em 16/10/2018 02:46, Timur Lagutenko escreveu:
Hello friends,
recently I've updated my freebsd gateway.
from 11.1 to 11.2.
also I've updated squid form 3.5 to 4.1
i have no transparency, no ssl-bump/splice etc..
simple installation.
browser is configured to use proxy.
squid configuration is def
On 10/16/2018 10:01 AM, Amish wrote:
> On 16/10/18 9:05 PM, Alex Rousskov wrote:
>> On 10/16/2018 06:29 AM, Amish wrote:
>>> In my opinion correct flow should be like this:
>>>
>>> 1) Browser sends CONNECT request
>>> 2) Check ACL
>>> 3) If denied, return with 307 (or 302)
>>> 4) If allowed, go ahe
On 16/10/18 9:05 PM, Alex Rousskov wrote:
On 10/16/2018 06:29 AM, Amish wrote:
In my opinion correct flow should be like this:
1) Browser sends CONNECT request
2) Check ACL
3) If denied, return with 307 (or 302)
4) If allowed, go ahead with tunneling / bumping as applicable
Unfortunately, t
On 10/16/2018 06:29 AM, Amish wrote:
> It seems that current algorithm for ssl-bump is:
>
> 1) Browser sends CONNECT request
> 2) Squid sends status 200 Connection Established
> 3) Check ACL
> 4) If denied, bump the connection with squid certificate
> 5) If allowed, go ahead with tunneling / bump
Further to this:
I have ssl-bump setup on port 8080.
If I remove ssl-bump squid works just like I mentioned in my earlier e-mail.
> curl -ix 192.168.1.1:8080 https://google.com
HTTP/1.1 307 Temporary Redirect
Server: squid/4.3
Mime-Version: 1.0
Date: Tue, 16 Oct 2018 12:01:41 GMT
Content-Type:
Hello
I have this simplified ACL in squid.conf
acl denyit src all
deny_info http://192.168.1.1/blocked.html denyit
http_access deny denyit
The purpose is to block everything and redirect to
http://192.168.1.1/blocked.html
It works fine with http (non-secure) CONNECT request ...
> curl -ix 1
On Tuesday 16 October 2018 at 11:38:53, morteza omidian wrote:
> Hi
> why anybody don't answer me?
Maybe we don't have experience with precisely what you're trying to do.
Maybe we're busy with our day jobs.
Maybe we're confused by the multiple messages you send about approximately the
same top
Hi
why anybody don't answer me? Please help!
I compiled Squid 4.3 with this options in linux server:
./configure --enable-linux-netfilter --enable-zph-qos
when i change my squid configuration file and add this line "acl MY_CLIENTs
clientside_mark 0x1" I got error messages
Hi
Witch options do i have to compile with to enable "clientside_mark"??
tank
On Sunday, October 14, 2018, 6:48:00 PM GMT+3:30, morteza omidian
wrote:
Hi
I installed squid4.3 in my linux OS,
when I configure squid with clientside_mark i get an error tells me this is not
possible!!
I
19 matches
Mail list logo