Re: [squid-users] Splice certain SNIs which served by the same IP

2022-02-22 Thread Christos Tsantilas
On 22/2/22 9:45 μ.μ., Eliezer Croitoru wrote: Just To mention that once Squid is not splicing the connection it would have full control in the URL level. Exactly. For many HTTP2 sites the SNI does not provide enough info for splicing/bumping decision. The google sites is one of them. You can

Re: [squid-users] Splice certain SNIs which served by the same IP

2022-02-21 Thread Christos Tsantilas
Hi Ben, When HTTP/2 is used, requests for two different domains may served using the same TLS connection if both domains are served from the same remote server and use the same TLS certificate. There is a description here: https://daniel.haxx.se/blog/2016/08/18/http2-connection-coalescing/

Re: [squid-users] websockets through Squid

2020-10-21 Thread Christos Tsantilas
Hi Vieri, I attached a patch to bug5084 which may help us to debug the issue: https://bugs.squid-cache.org/attachment.cgi?id=3772 The patch is for squid-v5 and produces debug messages at debug level 1. Regards, Christos On 17/10/20 11:36 μ.μ., Alex Rousskov wrote: On 10/16/20 11:58 A

Re: [squid-users] sslBump adventures in enterprise production environment

2015-11-17 Thread Christos Tsantilas
On 11/16/2015 08:00 AM, Eugene M. Zheganin wrote: Hi. On 16.11.2015 00:14, Yuri Voinov wrote: It's common knowledge. Squid is unable to pass an unknown protocol on the standard port. Consequently, the ability to proxy this protocol does not exist. If it was simply a tunneling ... It is not ht

Re: [squid-users] how to get c-icap url category from squid access lo

2015-11-04 Thread Christos Tsantilas
On 11/04/2015 08:34 AM, Murat K wrote: Hi guys, please can someone tell me if it is possible to send url category info from c-icap to squid access log? The ICAP response headers can be logged using the "adapt::formating code in squid. If you are using the url_check c-icap service then you ca

Re: [squid-users] Assert(call->dialer.handler == callback)

2015-05-05 Thread Christos Tsantilas
Hi Steve, We have similar crashes. I created a new bug report in squid bugzilla (I did not found any other similar report), using your stack trace: http://bugs.squid-cache.org/show_bug.cgi?id=4238 Also I attached a patch here, which probably fixes this problem. Can you please test it? Re

Re: [squid-users] light weight ICAP server that isn't dead :o)

2015-02-10 Thread Christos Tsantilas
On 02/10/2015 01:00 AM, Luis Miguel Silva wrote: The most interesting one seems to be C-ICAP but I don't like that it hasn't even reached a 1.0 version... If you believe that it is interesting then at least test it to see if it matches your needs. The version number has to do with its goals

Re: [squid-users] Correctly implementing peak-splice

2014-11-05 Thread Christos Tsantilas
On 11/04/2014 02:26 PM, James Lay wrote: Thanks a bunch Christos, That list of IP's is things like apple.com, textnow.me, and windows updates...IP's that simply don't bump well. My setup is a linux box that's a router...one NIC internal IP, the other external IP. Via iptables redirect, I'm tr

Re: [squid-users] Correctly implementing peak-splice

2014-11-04 Thread Christos Tsantilas
On 11/03/2014 03:00 PM, James Lay wrote: Thanks Christos, So here's where I'm at...my full test config below: .. .. logformat common %>a %[ui %[un [%tl] "%rm %ru HTTP/%rv" %>Hs %cert_subject The %ssl::>cert_subject will print the subject of the client certificate, if there is any. I

Re: [squid-users] Correctly implementing peak-splice

2014-11-03 Thread Christos Tsantilas
On 10/30/2014 02:06 PM, James Lay wrote: Hello all, Here is my complete config for trying out peek/splice. This currently does not work..is there something obvious that I'm mission? Current error is: Oct 30 06:03:14 gateway squid: 192.168.1.110 - - [30/Oct/2014:06:03:14 -0600] "GET https://ww

Re: [squid-users] squid-3.4.8 sslbump breaks facebook

2014-10-16 Thread Christos Tsantilas
A patch for this bug attached to 4102 bug report. Please test it and report any problem. Regards, Christos On 10/16/2014 12:14 PM, Amm wrote: On 10/16/2014 02:35 PM, Jason Haar wrote: On 16/10/14 20:54, Jason Haar wrote: I also checked the ssl_db/certs dir and removed the facebook certs