On 15/11/19 2:56 pm, chammidhan wrote:
> I have configured a Squid ECS cluster behind a network load balancer in AWS.
> To reflect the original client IP, I needed to enable PROXY Protocol V2 on
> the load balancer. The service itself is working fine and I can create rules
> based on the original c
Hi Alex,
> So where does this misalignment originate from? Properly addressing this
bug probably requires answering this question.
Let's discuss it on Squid Bugzilla, I have already mentioned the bug above,
the bug number is 5008
> Please note that there are GCC v4 bugs that might be relevant h
I have configured a Squid ECS cluster behind a network load balancer in AWS.
To reflect the original client IP, I needed to enable PROXY Protocol V2 on
the load balancer. The service itself is working fine and I can create rules
based on the original client IP and these are applied as expected. How
On 11/14/19 12:29 PM, John Lowry wrote:
> I have been able to set up Squid as a transparent proxy that splices
> HTTPS connections.
> now I'm trying to use ACLs to whitelist by hostname.
>
> acl whitelist ssl::server_name "/etc/squid/whitelist.txt" --client-requested
FWIW, I do not know whether
On 11/14/19 2:06 PM, Walter H. wrote:
> #ssl_bump stare step1 all
> #ssl_bump splice nobumpsites
> #ssl_bump bump all
> ssl_bump peek step1
> ssl_bump splice nobumpsites
> ssl_bump stare all
Both configurations peek at the TLS client Hello. Both configurations
splice nobumpsites during step2 whe
On 11/14/19 1:50 PM, James Moe wrote:
> On 13/11/2019 12.36 pm, James Moe wrote:
>
>> After adding v6 addresses to the server and hosts, and enabling an RA,
>> squid
>> no longer delivers anything from its cache, or is exceedingly slow about it.
> Here is a typical error message from squid:
Hello,
I found out something strange
acl step1 at_step SslBump1
acl step2 at_step SslBump2
acl step3 at_step SslBump3
acl nobumpsites ssl::server_name "/etc/squid/sslnobumpsites-acl.squid"
# I had these 3 settings - most worked, but only a few hosted at
cloudflare worked: problems with SNI the
On Thursday 14 November 2019 at 19:50:00, James Moe wrote:
> On 13/11/2019 12.36 pm, James Moe wrote:
> > After adding v6 addresses to the server and hosts, and enabling an RA,
> > squid no longer delivers anything from its cache, or is exceedingly slow
> > about it.
>
> Here is a typical
On 13/11/2019 12.36 pm, James Moe wrote:
> After adding v6 addresses to the server and hosts, and enabling an RA, squid
> no longer delivers anything from its cache, or is exceedingly slow about it.
>
Here is a typical error message from squid:
The following error was encountered while trying
On 13/11/2019 12.36 pm, James Moe wrote:
> After adding v6 addresses to the server and hosts, and enabling an RA, squid
> no longer delivers anything from its cache, or is exceedingly slow about it.
>
Any one?
--
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
Think.
signature.a
Thanks to Alex Rousskov's excellent explanation in
http://squid-web-proxy-cache.1019090.n4.nabble.com/Cannot-configure-squid-4-6-to-splice-without-bumping-td4688482.html,
I have been able to set up Squid as a transparent proxy that splices
HTTPS connections.
I want to set up a whitelist. First, I
On 14.11.19 05:33, Vayalpadu, Vedavyas wrote:
I have a reverse proxy squid server, where we are maintaining SSL certificates
for the webshop applications, I wanted to know if there is any mechanism to,
1. Alert our UNIX team with a mail before 30 days of expiry.
certificate providers use t
12 matches
Mail list logo
