Re: [squid-users] logformat for requests using PROXY protocol

2019-11-21 Thread Chammi Kumarapathirage
I have my logformat as follows. logformat jsonformat {"Client Hostname":"%>A","Source IP":"%>a","HTTP Method ":"%rm","HTTP Protocol version":"%rv","Request Domain":"%>rd","Port":"%>rP", "User Agent":"%{User-Agent}>h","Request Size":"%>st","Reply Size":"%Hs","Request Status":"%Ss","Server FQDN":" %

Re: [squid-users] Squid and SSLBump

2019-11-21 Thread Alex Rousskov
On 11/21/19 9:25 AM, Monah Baki wrote: > The certs/keys are legit from my company. Is your signing certificate (i.e. wildcardcert.pem) a CA certificate? If not, then you cannot use it to sign other certificates. SslBump with dynamic certificate generation requires a CA certificate to sign the gen

Re: [squid-users] yum update fails when using squid even though .redhat.com is whitelisted

2019-11-21 Thread Alex Rousskov
On 11/21/19 11:29 AM, Giles Coochey wrote: > I believe Palo Alto and Bluecoats have a feature mechanism to provide > the client with an appropriately broken cert , e.g. if the cert is > expired, but has a trusted chain then it uses an expired cert with a > trusted chain to the client, and if a cer

Re: [squid-users] yum update fails when using squid even though .redhat.com is whitelisted

2019-11-21 Thread Giles Coochey
On 21/11/2019 12:51, Kassir Bariq wrote: Hi, You can add this line in your squid.conf sslproxy_cert_error allow allowed_https_sites this should fix your issue to bypass sites without a valid certificate. I probably wouldn't do this blindly, either use a different acl such as known_broken_

Re: [squid-users] yum update fails when using squid even though .redhat.com is whitelisted

2019-11-21 Thread Kassir Bariq
Hi, You can add this line in your squid.conf sslproxy_cert_error allow allowed_https_sites this should fix your issue to bypass sites without a valid certificate. Regards Bariq From: squid-users On Behalf Of Berger J Nicklas Sent: den 21 november 2019 10:16 To: squid-users

Re: [squid-users] yum update fails when using squid even though .redhat.com is whitelisted

2019-11-21 Thread Giles Coochey
On 21/11/2019 09:16, Berger J Nicklas wrote: We are using squid for both http and https whitelisting for egress. Most of the whitelisting works fine but some specific once do not work. We have tried this on this versions of squid 3.5(amazon linux 2), 4.1(centos7) and 4.4(centos8). For instance

[squid-users] yum update fails when using squid even though .redhat.com is whitelisted

2019-11-21 Thread Berger J Nicklas
We are using squid for both http and https whitelisting for egress. Most of the whitelisting works fine but some specific once do not work. We have tried this on this versions of squid 3.5(amazon linux 2), 4.1(centos7) and 4.4(centos8). For instance when running yum update for redhat linux in aws

Re: [squid-users] squid 4.1 transparent https issue "curl: (60) SSL certificate problem: self signed certificate in certificate chain"

2019-11-21 Thread Berger J Nicklas
A colleague provided this squid.conf and now https working fine with curl as well! visible_hostname localhost # Handling HTTP requests http_port 3128 http_port 3129 intercept acl allowed_http_sites dstdomain .microsoft.com acl allowed_http_sites dstdomain .google.com acl allowed_http_sites dstd