[squid-users] FTP inspection configuration

Hello, I'm trying to configure squid 3.5.6 as an FTP proxy for native FTP uploads to be inspected by an ICAP service. Currently FileZilla fails to connect via proxy and also telnet on port 21 fails.. What is missing in the config and how to configure FileZilla connection? acl localnet src 10.0.0

Re: [squid-users] Squid 4.5 and intermediate CA

On 1/15/19 8:59 AM, FredB wrote: > I'm testing squid 4.5 and facing two issues with intermediate CA download > > At first there is no source IP and I don't know how to allow this kind > of requests with an identification acl How about using transaction_initiator ACL to identify requests generate

Re: [squid-users] ssl bump, CA certificate renewal, how to?

Em 15/01/2019 15:01, Dmitry Melekhov escreveu: 5 years, really, not very long period of time, if I'll be sure to not work here in 5 years then I'll use this ;-) , unfortunately I'm not :-( I don't need to replace certificate every year or so, but I need to have minimal service interruption f

Re: [squid-users] Squid 4.5 and intermediate CA

Now squid can get directly the intermediate CA as a browser does, it's a very interesting feature to me Maybe I'm missing something, but I can see the request from squid now (with squid 4) it's a good point, my sslbump config is very basic, perhaps to basic cl step at_step SslBump1 ssl_bump

Re: [squid-users] ssl bump, CA certificate renewal, how to?

Sorry wrong topic Le 15/01/2019 à 18:08, FredB a écrit : Now squid can get directly the intermediate CA as a browser does, it's a very interesting feature to me Maybe I'm missing something, but I can see the request from squid now (with squid 4) it's a good point, my sslbump config is very ba

Re: [squid-users] ssl bump, CA certificate renewal, how to?

Now squid can get directly the intermediate CA as a browser does, it's a very interesting feature to me Maybe I'm missing something, but I can see the request from squid now (with squid 4) it's a good point, my sslbump config is very basic, perhaps to basic cl step at_step SslBump1 ssl_bump

Re: [squid-users] ssl bump, CA certificate renewal, how to?

15.01.2019 20:52, elie...@ngtech.co.il пишет: With squid 4.x or even 3.5 you can use an intermediate CA. So you will have the root key and certificate somewhere safe and renew the intermediate root CA every year or two. The main root CA should be created at-least for a period of 5 years to

Re: [squid-users] Caching mirrored origin server

The DB of distro mirrors on the wiki is not up-to-date but it's a nice example. Eliezer Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il -Original Message- From: squid-users On Behalf Of jimc Sent: Thursday, January 3, 2019 21:40 To:

Re: [squid-users] Squid 4.5 and intermediate CA

Hi Eliezer It's just what I'm seeing and it works well, so with fetched_certificate rule the first point is now fixed ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] ssl bump, CA certificate renewal, how to?

With squid 4.x or even 3.5 you can use an intermediate CA. So you will have the root key and certificate somewhere safe and renew the intermediate root CA every year or two. The main root CA should be created at-least for a period of 5 years to allow this dynamicity you probably need. Eliezer

Re: [squid-users] Squid 4.5 and intermediate CA

There should be a new acl names “certificate-fetching” So I assume you can use something like: acl certfetch transaction_initiator certificate-fetching http_access allow certfetch Eliezer Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261

[squid-users] Squid 4.5 and intermediate CA

Hi all, I'm testing squid 4.5 and facing two issues with intermediate CA download At first there is no source IP and I don't know how to allow this kind of requests with an identification acl 172.23.0.9 - user2 [15/Jan/2019:16:34:51 +0100] "CONNECT bugs.squid-cache.org:443 HTTP/1.1" 407 4442