sting one can simply get rid of the acls and set "allow
all", it wouldn't matter - this line "ssl_bump splice all" is the answer
most people were looking for I supposed.
Best regards.
On Sun, Aug 20, 2017 at 10:31 AM, Amos Jeffries
wrote:
> On 20/08/17 14
For those looking into this topic, I was able to make it work on 3.5.
The trick is to have "ssl_bump splice all".
My upstream proxy is 10.1.7.7:3128.
This is all in Ubuntu 16.04 - however the squid package was rebuilt due to
lack of --with-openssl and --enable-ssl (there are several guides on the
i
The answer why you only see it on Chrome is because since Chrome >= 41:
"Sites with end-entity certificates that expire on or after 1 January 2017,
and which include a SHA-1-based signature as part of the certificate chain,
will be treated as “affirmatively insecure”. Subresources from such domain
id' '--with-default-user=proxy'
'--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid'
On Wed, Aug 24, 2016 at 4:37 PM, Diogenes S. Jesus wrote:
> This configuration here covers the use case described by the OP:
> https://gist.githubusercont
This configuration here covers the use case described by the OP:
https://gist.githubusercontent.com/splashx/758ff0c59ea291f32edafc516fdaad73/raw/8050fa054821657812961050332b38a56e7e3e68/
If everything works well, you'll notice you won't support HTTP proxy at
all, but users can reach both HTTP and
Just one thing I noticed:
"clientca" is not the CA which issued your "cert" (sklad.duckdns.org) -
it's the CA to be used when doing client-side authentication, which I'm not
sure if you're doing.
Dio
On Wed, Aug 24, 2016 at 2:02 PM, Samuraiii
wrote:
>
> > Please give more details for "fails".
Hi there.
Well, the log says "Client 'HTTP/hostname.internet.domain@your.realm.tld'
not found in Kerberos database".
Check your krb5.conf on the squid host if you're pointing to the right KDC
and make sure the principal exists in the Kerberos database.
kadmin.local and "getprinc HTTP/hostname
> >> If you want to do things like this safely please upgrade to Squid-4
> >> where the logformat codes are available. Those codes provide
> >> customizable escaping and quoting styles so you can set one that
> >> protects LDAP against these attacks to be ued on the URI field value
> >> sent by Squ
Hi there. First thanks for taking the time to thoroughly reply to it.
>> external_acl_type ldap_HTTP %LOGIN %URI
>> /usr/lib/squid/ext_ldap_group_acl -D "cn=admin,dc=example,dc=com" -w
>> test -R -b "ou=authorization,dc=example,dc=com" -B
>> "ou=people,dc=example,dc=com" -f
>> '(&(objectclass=grou
Hi everyone.
I've the following use case to be accomplished using ACL:
- Allow any authenticated user who is member of a group named after the URI
To construct this I've built the following squid.conf (snippet):
-
auth_param negotiate program /usr/lib/squid3/negotiate_kerberos_auth -d -
10 matches
Mail list logo
