Sorry but, I'm loosing something...
Also if client will use ESNI, the server should response with a certificate
that will be in clear and has all server information, like alias... So is it
possible to know what is the resource the client is looking for. Only with
wildcard certificate you can't.
On 20/10/18 12:26 AM, Jonh Smith wrote:
> ey Folks,
>
>
> Sorry for bad sentence, my English isn't good when i expected.
>
> I have a litle problem with two user with Outlook (using MAC).
> Precisly, they using the latest version of Outlook, latest iOS and surfing
> in the internet with squid p
On 20/10/18 6:04 AM, Alex Rousskov wrote:
> On 10/19/2018 01:10 AM, houheming wrote:
>> https_port 443 ...
>> https_port 180.97.33.107:443 ...
>> https_port 180.97.33.108:443 ...
>
> I am not sure, but perhaps the first https_port line (the one without an
> explicit IP address) should come _last_
... until the browser starts using DNS over HTTPS (with a pinned
certificate of the "resolving" HTTPS server)?
Alex.
It is relatively easy to block DNS over HTTPS and I think there will
be demand for that.
And I predict that Squid will have a feature to selectively block
connections with E
Yes you can use any ICAP/eCAP server you like, just adjust the docs as required
and that is it.
From: Uchenna Nebedum
Sent: Friday, 19 October 2018 20:17
To: Rafael Akchurin
Cc: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] ERROR: NAT/TPROXY lookup failed to locate original
IPs
Thanks a lot Rafael, I've gone through the documentation it looks to be
very promising, one reservation i have is I want to use greasyspoon for
icap and i see ecap is implemented already. I intend to install everything
as suggested on the link, then after this change squid.conf to remove ecap
conne
Hello Uchenna,
May be this policy based routing with Mikrotik tutorial will be of any use
See https://docs.diladele.com/tutorials/mikrotik_transparent_squid/index.html
Best regards,
Rafael Akchurin
Diladele B.V.
From: squid-users On Behalf Of
Uchenna Nebedum
Sent: Friday, 19 October 2018 18:4
On 19/10/18 14:09, Alex Rousskov wrote:
On 10/19/2018 10:47 AM, Matus UHLAR - fantomas wrote:
On 10/19/2018 02:01 AM, Amish wrote:
Looks like ssl_bump is going to break once ESNI and Encrypted DNS are
universal. (Ofcourse it may be few years away)
Probably only way out to detect the domain n
On 10/19/2018 10:47 AM, Matus UHLAR - fantomas wrote:
>> On 10/19/2018 02:01 AM, Amish wrote:
>>> Looks like ssl_bump is going to break once ESNI and Encrypted DNS are
>>> universal. (Ofcourse it may be few years away)
>>>
>>> Probably only way out to detect the domain name would be by implementing
On 10/19/2018 01:10 AM, houheming wrote:
> Configure squid to be a https tproxy proxy
Terminology clarification: You are configuring an transparent proxy for
intercepting TLS/HTTPS traffic, not an (explicit) HTTPS proxy.
> configure squid to send the client browser certificates which signed by
On Friday 19 October 2018 at 18:42:00, Uchenna Nebedum wrote:
> Good Day All,
> i'm new to squid and i have configured squid as an http transparent proxy
> with a mikrotik.
> the squid server has only a single NIC, so i followed a tutorial and set up
> a dst-nat to squid proxy for traffic on port
On 10/19/2018 02:01 AM, Amish wrote:
Looks like ssl_bump is going to break once ESNI and Encrypted DNS are
universal. (Ofcourse it may be few years away)
Probably only way out to detect the domain name would be by implementing
CONNECT proxy instead of transparent one.
On 19.10.18 09:51, Alex R
Good Day All,
i'm new to squid and i have configured squid as an http transparent proxy
with a mikrotik.
the squid server has only a single NIC, so i followed a tutorial and set up
a dst-nat to squid proxy for traffic on port 80,
Chain:dstnat.
Protocol:tcp
Dst-port:80
Action:dst-nat
To Addresses:19
On 10/19/2018 02:01 AM, Amish wrote:
> Looks like ssl_bump is going to break once ESNI and Encrypted DNS are
> universal. (Ofcourse it may be few years away)
>
> Probably only way out to detect the domain name would be by implementing
> CONNECT proxy instead of transparent one.
Using forward pro
ey Folks,
Sorry for bad sentence, my English isn't good when i expected.
I have a litle problem with two user with Outlook (using MAC).
Precisly, they using the latest version of Outlook, latest iOS and surfing
in the internet with squid proxy it's not a problem, everything works fine
exepct de
Today Cloudflare added more information that Firefox has already added
the support for ESNI in Nightly.
https://blog.cloudflare.com/encrypt-that-sni-firefox-edition/
Looks like ssl_bump is going to break once ESNI and Encrypted DNS are
universal. (Ofcourse it may be few years away)
Probably
Hi squid-users,
I have to use squid in a very uncommon way, here it is:
1. Configure squid to be a https tproxy proxy;
2. For some https server IPs , configure squid to send the client
browser certificates which signed by some specific root CAs;
3. For other https ser
17 matches
Mail list logo
