>> aka the 'bump' action.
> This part is misleading: Modern Squids _automatically_ bump connections
> to report [access denied] errors -- no explicit bump action is required
> (or even desirable). I do not know whether> * that bumping does not happen
> for leo (e.g., due to Squid bugs), or
> * i
On 2/11/19 3:55 AM, Paul Doignon wrote:
>> The closest you are going to get to the above is with:
>> * bump everything[1], and
>> * use http_access to check the https:// URLs for your policy
>> * use "deny_info TCP_RESET" [2] on the blocked requests.
>>
>> [1] some things literally cannot be bumpe
I believe the option you are referring to is the 'forwarded_for' http header.
Reference this: http://www.squid-cache.org/Doc/config/forwarded_for/
Hope that helps you.
-Original Message-
From: squid-users On Behalf Of
erdosain9
Sent: Tuesday, February 12, 2019 9:15 AM
To: squid-users@l
Hi.
I want to know if is possible that, for some site (sales.mydomain.com) the
proxy server send the "real ip".
Because i want to see in the logs of sales.mydomain.com the real ip of the
machine that are going (and not the proxy ip).
I know that i can see this in the log of squid... but, i want t
On 2/12/19 7:21 AM, leomessi...@yahoo.com wrote:
> Do i have to use CA and Certificate configuration if i want to block
> only HTTPS requests with splice action?!
IIRC, you currently need a CA certificate if you want to use SslBump,
regardless of the SslBump actions in use. In some ways, this is
Hi againDo i have to use CA and Certificate configuration if i want to block
only HTTPS requests with splice action?!
https_port 3130 tproxy ssl-bump \
cert=/etc/squid/ssl_cert/myCA.pem \
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
sslcrtd_program /usr/lib64/squid/securi
