Re: [squid-users] Rewriting HTTP to HTTPS for generic package proxy

2024-07-10 Thread Fiehe, Christoph
The caching feature is implemented by Apt-Cacher-NG, but the proxy only works sporadically. Squid seems to be a better choice. The remapping feature, for what I try to find a solution in Squid, is e.g. described at https://blog.packagecloud.io/using-apt-cacher-ng-with-ssl-tls/ in section "Cachi

Re: [squid-users] Rewriting HTTP to HTTPS for generic package proxy

2024-07-10 Thread Fiehe, Christoph
No problem. I am just trying to find something that helps to narrow down the problem. What I want to achieve is, that a client can use HTTP in the LAN, so that Squid can cache distribution packages without making use of SSL intercepting when repos are only accessible via HTTPS. In that case the

Re: [squid-users] Rewriting HTTP to HTTPS for generic package proxy

2024-07-10 Thread Alex Rousskov
On 2024-07-10 15:31, Fiehe, Christoph wrote: The problem is that the proxy just forwards the client GET request to the upstream proxy Why does sending a GET request to the upstream proxy represent a problem in your use case? I cannot find anything in your prior messages on this thread that w

Re: [squid-users] Rewriting HTTP to HTTPS for generic package proxy

2024-07-10 Thread Fiehe, Christoph
No problem. Thank you very much for your help. I checked the difference between a working call when the URL is not being rewritten and the not working call with a schema rewrite. The problem is that the proxy just forwards the client GET request to the upstream proxy, but in that case a CONNECT

Re: [squid-users] squidclient -h 127.0.0.1 -p 3128 mgr:info shows access denined

2024-07-10 Thread Jonathan Lee
Thanks Sent from my iPhone > On Jul 10, 2024, at 11:08, Alex Rousskov > wrote: > > On 2024-07-10 12:55, Jonathan Lee wrote: > >>> Embedding a password in a cache manager command requires providing a >>> username with -U > >> squidclient -w /squid-internal-mgr/info -u admin >> squidclient -w

Re: [squid-users] squidclient -h 127.0.0.1 -p 3128 mgr:info shows access denined

2024-07-10 Thread Alex Rousskov
On 2024-07-10 12:55, Jonathan Lee wrote: Embedding a password in a cache manager command requires providing a username with -U squidclient -w /squid-internal-mgr/info -u admin squidclient -w /squid-internal-mgr/info@redacted -u admin squidclient -w http://192.168.1.1:3128/squid-internal-mgr/i

[squid-users] Squid 6.6 error clientProcessHit: Vary object loop!

2024-07-10 Thread Jonathan Lee
Has anyone seen this before? on hits? 10.07.2024 09:56:30 clientProcessHit: Vary object loop! 10.07.2024 09:56:30 varyEvaluateMatch: Oops. Not a Vary match on second attempt, 'https://zagent20.h-cdn.com/cmd/get_thumb_info?customer=foxnews&ver=1.165.67&url=https%3A%2F%2F247preview.foxnew

Re: [squid-users] squidclient -h 127.0.0.1 -p 3128 mgr:info shows access denined

2024-07-10 Thread Jonathan Lee
squidclient -w /squid-internal-mgr/info -u admin squidclient -w /squid-internal-mgr/info@redacted -u admin squidclient -w http://192.168.1.1:3128/squid-internal-mgr/info@redacted -u admin squidclient -w http://127.0.0.1:3128/squid-internal-mgr/info@redacted -u admin squidclient -w http://127.0.0.1:

Re: [squid-users] Rewriting HTTP to HTTPS for generic package proxy

2024-07-10 Thread Alex Rousskov
On 2024-07-10 12:42, Fiehe, Christoph wrote: In the next test case, I used a more modern upstream proxy server based von Squid 6.8 and enabled debugging. The log shows the error SQUID_TLS_ERR_CONNECT+GNUTLS_E_FATAL_ALERT_RECEIVED. I am not sure, what I can do to prevent it from occurring I

Re: [squid-users] Rewriting HTTP to HTTPS for generic package proxy

2024-07-10 Thread Fiehe, Christoph
Thanks a lot. That was a good advice. For test purposes, I have deconfigured the upstream proxy and used an internal server. I changed the scheme from HTTP to HTTPS via a Jesred rule. The translation is working as expected without any issues and the client receives the requested packages. In th

Re: [squid-users] squidclient -h 127.0.0.1 -p 3128 mgr:info shows access denined

2024-07-10 Thread Matus UHLAR - fantomas
On 10.07.24 09:33, Jonathan Lee wrote: To: Matus UHLAR - fantomas please avoid personal copies. I have it says denied as if it requires an entry for one to use password, again if I remove the password the same thing happens. Weird right? Could WPAD cause this? what exactly did you run? s

Re: [squid-users] squidclient -h 127.0.0.1 -p 3128 mgr:info shows access denined

2024-07-10 Thread Jonathan Lee
I have it says denied as if it requires an entry for one to use password, again if I remove the password the same thing happens. Weird right? Could WPAD cause this? Sent from my iPhone > On Jul 10, 2024, at 09:21, Matus UHLAR - fantomas wrote: > > On 10.07.24 08:52, Jonathan Lee wrote: >> Th

Re: [squid-users] squidclient -h 127.0.0.1 -p 3128 mgr:info shows access denined

2024-07-10 Thread Matus UHLAR - fantomas
On 10.07.24 08:52, Jonathan Lee wrote: That makes sense, I only had a password in the previous version, how do I add username admin for cachemgr? you don't, that's why I said "username was not important" simply try random username On Jul 10, 2024, at 04:29, Matus UHLAR - fantomas wrote:

Re: [squid-users] squidclient -h 127.0.0.1 -p 3128 mgr:info shows access denined

2024-07-10 Thread Jonathan Lee
That makes sense, I only had a password in the previous version, how do I add username admin for cachemgr? I don’t have a username configured yet, I can’t find the directive for cachemgr username Sent from my iPhone > On Jul 10, 2024, at 04:29, Matus UHLAR - fantomas wrote: > >  >> >>> On 20

Re: [squid-users] Rewriting HTTP to HTTPS for generic package proxy

2024-07-10 Thread Alex Rousskov
On 2024-07-09 18:25, Fiehe, Christoph wrote: I hope that somebody has an idea, what I am doing wrong. AFAICT from the debugging log, it is your parent proxy that returns an ERR_SECURE_CONNECT_FAIL error page in response to a seemingly valid "HEAD https://..."; request. Can you ask their admi

Re: [squid-users] Rewriting HTTP to HTTPS for generic package proxy

2024-07-10 Thread Amos Jeffries
On 10/07/24 22:57, Fiehe, Christoph wrote: The idea behind was to find a way to cache packages from a repository that only provides HTTPS-based connections. It would work, when the HTTPS connection terminates at the Squid Proxy and not at the client, so that the proxy can forward the message p

Re: [squid-users] squidclient -h 127.0.0.1 -p 3128 mgr:info shows access denined

2024-07-10 Thread Matus UHLAR - fantomas
On 2024-07-08, Jonathan Lee wrote: squidclient -h 192.168.1.1:3128 mgr:info@PASSWORD squidclient -h 1287.0.0.1 mgr:info@PASSWORD Gives the following error Embedding a password in a cache manager command requires providing a = username with -U: mgr:info@PASSWORDHERE Try "/squid-internal-mgr/

Re: [squid-users] Rewriting HTTP to HTTPS for generic package proxy

2024-07-10 Thread Fiehe, Christoph
The idea behind was to find a way to cache packages from a repository that only provides HTTPS-based connections. It would work, when the HTTPS connection terminates at the Squid Proxy and not at the client, so that the proxy can forward the message payload to the client using normal HTTP. Apt-C

Re: [squid-users] Unable to explain 407 Proxy Authentication Required

2024-07-10 Thread Amos Jeffries
On 9/07/24 02:39, Random Dude wrote: Hey everyone. I'm trying to get a minimal forward proxy with authentication set up. I have the following config (purposely kept as minimal as possible) and have followed these steps - https://wiki.squid-cache.org/ConfigExamples/Authenticate/

Re: [squid-users] Rewriting HTTP to HTTPS for generic package proxy

2024-07-10 Thread Amos Jeffries
On 10/07/24 10:25, Fiehe, Christoph wrote: Hallo, I hope that somebody has an idea, what I am doing wrong. I try to build a generic package proxy with Squid and need the feature to rewrite (not redirect) a HTTP request to a package repository transparently to a HTTPS-based package source. T