Hi Nishant,
Yes, I did rebuild the package with
--with-openssl
--enable-ssl-crtd
but squid service failed to start with http_port configured with intercept
and ssl-bump modes at the same time. Any idea ?
On Tue, Jul 30, 2024, 21:12 Nishant Sharma wrote:
> Hi John,
>
> On 30/07/24 18
int to the right direction ?
Thanks a lot.
John MOK
Squid Cache: Version 5.7
Service Name: squid
Debian linux
This binary uses OpenSSL 3.0.13 30 Jan 2024. configure options:
'--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include'
'--ma
g.service_failure_limit >= 0 &&
failures > TheConfig.service_failure_limit)
suspend("too many failures");
// TODO: Should bypass setting affect how much Squid tries to talk to
// the ICAP service that
3210:FEDC:BA98:7654:3210 does not match ipv6
check.
Regards,
John
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
a problem in the near future, as we
have other Squid servers to upgrade and we don't want to face the same problem
as this one. Please forward to the right team, group, user(s) as needed. If you
have any questions, please let me know. Thanks for any help in advance.
John
--
On 2/17/21, 10:28 PM, "Alex Rousskov" wrote:
On 2/18/21 12:36 AM, John Zhu wrote:
> I have a wired issue. I setup the Squid and ICAP. When ICAP (in
> RespMod) sends response body (any file types, most of time are large
> size files) in a relative slow
ecache bypass=1 icap://icapserver:1344/req
icap_service service_resp respmod_precache bypass=1 icap://icapserver:1344/resp
adaptation_access service_req allow all
adaptation_access service_resp allow all
Thank you all,
John Zhu
___
squid-users mailing list
ank you all,
John Zhu
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
What is the best way to intercept marked packets with squid and squid to be
aware of mark and create an ACL on the mark?
I have tried setting the mark and then DNAT and redirect to the intercept port
and when printing the nmark I am getting 0
Is it required to use tproxy with tproxy-mark?
Tha
7;t
found anything about routing/ACLs based on the TLV field.
Thanks,
John Reed
Cloud Security Architect
AT&T
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Alex
Really looking forward to this patch being submitted and hopefully accepted.
Let me know if it would be helpful for me to do some independent testing of the
patch.
John
> On 6 Jan 2020, at 14:53, Alex Rousskov
> wrote:
>
> On 1/3/20 8:40 AM, Yaroslav Pushko wrote:
a TLS
1.3 server (www.google.com) when the site is in the whitelist and
terminating the connection when it is removed from the whitelist.
It is unclear to me if the "Error parsing SSL Server Hello Message"
are benign or not.
John
On Sat, 7 Dec 2019 at 13:54, Nikolaus wrote:
>
&g
Hi Nikolaus
This sounds exactly like the symptoms we have encountered. Will build from your
patch & test to see if it works in our situation.
John.
> On 7 Dec 2019, at 13:54, Nikolaus wrote:
>
> I was able to solve the issue, fixing both squid-side "
Hi Tanner
Unfortunately not. We have tried everything we can think of, plus suggested
items from this list, with no success. If you figure it out let me know.
Many thanks
John
Sent from my iPhone
> On 20 Nov 2019, at 21:34, tannmann wrote:
>
> Hey John,
>
> It looks like
Thanks to Alex Rousskov's excellent explanation in
http://squid-web-proxy-cache.1019090.n4.nabble.com/Cannot-configure-squid-4-6-to-splice-without-bumping-td4688482.html,
I have been able to set up Squid as a transparent proxy that splices
HTTPS connections.
I want to set up a whitelist. First, I
I've been banging my head on this one for a while. I am setting up parental
controls on my network using squidguard. I have a raspberry pi running
squid 4.6 and the router has a policy that sends all web traffic from my
children's computers to squid.
Everything works correctly for HTTP connections
>> On 22 Sep 2019, at 14:41, Alex Rousskov
>> wrote:
> On 9/22/19 9:18 AM, Nikolaus wrote:
>
>> The access.log contains error code / detail "ERR_SECURE_CONNECT_FAIL /
>> SQUID_ERR_SSL_HANDSHAKE" - which is not too helpful - but the cache.log
>> contains the more detailed "ERROR: negotiating T
Version: TLS 1.2 (0x0303)
Length: 4
Handshake Protocol: Server Hello Done
If you have any further suggestions as to how/where I should debug I
would be extremely grateful.
John
On Tue, 17 Sep 2019 at 07:26, Amos Jeffries wrote:
>
>
> On 15/09/19 10:41 pm, John Sweet-Escott
error message might
indicate.
Any advice/guidance greatfully recieved.
John
[1] OpenSSL and Squid versions
openssl version
OpenSSL 1.1.1 11 Sep 2018
squid -v
Squid Cache: Version 4.8
Service Name: squid
Ubuntu linux
This binary uses OpenSSL 1.1.1 11 Sep 2018. For legal restrictions
Thanks a lot guys for providing clear explanation.
Much appreciated!
Cheers,
Chris
On Sat, Feb 2, 2019 at 3:29 PM Alex Rousskov <
rouss...@measurement-factory.com> wrote:
> On 2/1/19 4:04 PM, john doe wrote:
>
> > I'm using Squid 3.5 as a forward proxy and want t
Hi Squid-Community,
I've a question for which I haven't been able to find answer.
I'm using Squid 3.5 as a forward proxy and want to limit the SSL ciphers
allowed.
I see that "sslproxy_cipher" config property would allow me to do it.
But what is unclear to me is whether just setting that list is
server-first bumping? I have tried this on Squid 4.4 and Squid 4.3.
Thank you for any help, it is much appreciated.
All the best,
John
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
to have to look through all of them in case this was enough to figure out what might be going wrong in the ssl-bumped case.
Thank you very much for your help and time,
John
___
squid-users mailing list
squid-users@lists.squid-cache.org
htt
rk. So, it doesn't immediately seem to be an openssl issue?
Is anyone able to reproduce this / maybe provide a little bit of insight as to what might be happening?
Thank you very much,
John
___
squid-users mailing list
squid-users@lists.squid
I was wondering about bumping TLS 1.3 connections and if you think that will
ever be supported.
Thanks,
John Turnbull
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Hi (sorry resending this because the original sent as an html email),
I have a couple of questions about the squid https_port.
1) Does it only exist for transparent connections? I know if I want to have a
transparent proxy that can accept requests TLS requests, I need to have the
port be a ht
Hi,
I have a couple of questions about the squid https_port.
1) Does it only exist for transparent connections? I know if I want to have a transparent proxy that can accept requests TLS requests, I need to have the port be a https_port rather than a http_port, but is that what it was create
Good day team squid,
Please help me,
I am using squid 3.0 in our windows server 2012 r2, i
already configure it.
Ban sites and allow specific ip addresses to browse all
sites, but the problem is is i cannot open our website. Please see attached
fil
startup:
sample_time = 1517222408.387484 (Mon, 29 Jan 2018 10:40:08 GMT)
*client_http.requests* *= 25*
Thank you for your help.
Regards
John
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
On 1/3/2018 9:05 PM, Amos Jeffries wrote:
> On 04/01/18 14:09, John Ratliff wrote:
>> On 1/3/2018 3:26 PM, Antony Stone wrote:
>>> On Wednesday 03 January 2018 at 21:06:42, John Ratliff wrote:
>>>
>>>> When I try to setup squid as a transparent proxy, I
On 1/3/2018 3:26 PM, Antony Stone wrote:
On Wednesday 03 January 2018 at 21:06:42, John Ratliff wrote:
When I try to setup squid as a transparent proxy, I never get any
response from Squid.
When I try a wget request from a server that is being redirected
How (and more importantly, where
When I try to setup squid as a transparent proxy, I never get any
response from Squid.
I can make it work fine as a regular proxy using Firefox.
I've tried it on a Debian 9 server and a CentOS 7 server, and I get the
same result.
This is my configuration for the CentOS 7 server. I've put it
recommendations for how to parse the response?
2) Are there any off the shelf tools/libraries (like cURL or python requests library) that are able to use the squid_cache:// protocol?
Best,
John
___
squid-users mailing list
squid-users@lists.squid
s (if I change my configuration to have "%>a" I see the src IP) but it seems like I only get a "-" for what should be the destination IP.
I am using squid version 3.5.24
I was wondering if I was running into a known bug and if so if there was a patch I might apply t
>
> http://ngtech.co.il/lmgtfy/
> Linux System Administrator
> Mobile: +972-5-28704261
> Email: elie...@ngtech.co.il
>
>
> From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On
> Behalf Of John Pearson
> Sent: Tuesday, February 14, 2017 8:25 AM
>
Hi all,
I have squid on a separate box on my network with ip address 192.168.1.2
In squid.conf I have:
http_port 0.0.0.0:3128
http_port 0.0.0.0:3129 intercept
---
On squid box:
$ sudo netstat -lnp | grep squid
tcp0 0 0.0.0.0:31280.0.0.0:* LISTEN
hi all, my current setup: laptop(10.0.1.10) and squid-box(10.0.1.11) and
debian router(10.0.1.1).
I am doing wget on laptop
wget squid-cache.org
I am redirecting packets on the router to squid-box by changing the
destination MAC address and destination IP and port address. I am able to
see the p
ctive "spoofed ip"
*im trying to use the correct terminology to the best of my ability, in
order to explain. So if I use the wrong wording I apologize, since using
proxy servers are new to me.
On Wednesday, October 26, 2016, Amos Jeffries wrote:
> On 27/10/2016 3:18 p.m., john huggi
I've looked up and down everywhere but I can't seem how to use squid to
mass create multiple proxy IP's. Any help would be appreciated it.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
o i keep using squid?
On Tue, Oct 18, 2016 at 2:10 PM, John Wright wrote:
> In response to it not being a false positive , maybe its not specifically
> the TTL but in this other article on the mailing lists someone else had the
> same issue
>
>
> Here is the response Amos gave,
een an
*>>* attack and normal DNS behaviour the only code change possible is to
*>>* disable the check (see above about the risk level).
*>>
On Tue, Oct 18, 2016 at 2:01 PM, wrote:
> On 2016-10-18 22:42, John Wright wrote:
>
>> Hi
>>
>> Replying to the lis
low as 5 seconds.
That being said , when it is changing every 3-5 seconds which comes and
goes , squid gives the header forgery errors as shown before.
On Tue, Oct 18, 2016 at 12:30 PM, wrote:
> On 2016-10-18 18:32, John Wright wrote:
>
>> Hi,
>>
>> I have a constant
Hi,
I have a constant problem with Host header forgery detection on squid doing
peek and splice.
I see this most commonly with CDN, Amazon and microsoft due to the fact
there TTL is only 5 seconds on certain dns entries im connecting to. So
when my client connects through my squid i get host hea
are any obvious problems with
this?. If you find this useful, I am happy to contribute back when I finish
implementing this module (I haven't yet started developing).
Please let me know your thoughts.
Regards,
John
___
squid-users mailing lis
are any obvious problems with
this?. If you find this useful, I am happy to contribute back when I finish
implementing this module (I haven't yet started developing).
Please let me know your thoughts.
Regards,
John
___
squid-users mailing lis
g] On Behalf
Of Antony Stone
Sent: 08 September 2016 10:00
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Transparent Proxy
On Thursday 08 September 2016 at 10:44:12, John Sayce wrote:
> After I wrote this I realised it should be changing the mac not the
> ip, which is
Stone
Sent: 08 September 2016 09:36
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Transparent Proxy
On Thursday 08 September 2016 at 10:12:48, John Sayce wrote:
> For testing purposes I've reduced it to the following:
>
> http_port 3128 intercept
> #dns_v4
header?
Thanks
-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of Antony Stone
Sent: 07 September 2016 10:27
To: 'squid-users@lists.squid-cache.org'
Subject: Re: [squid-users] Transparent Proxy
On Wednesday 07 September 2016 at 10:51:4
rent Proxy
On Wednesday 07 September 2016 at 10:23:02, John Sayce wrote:
> I'm trying to set up a transparent proxy but I'm fairly sure I'm
> missing something.
>
> I've followed the instructions on the juniper website along with a
> couple of other blogs
I'm trying to set up a transparent proxy but I'm fairly sure I'm missing
something.
I've followed the instructions on the juniper website along with a couple of
other blogs as per:
https://damn.technology/using-squid-juniper-pbr-transparent-proxy
http://davehope.co.uk/Blog/implementing-pbr-and-s
Thank you for appling the patch to squid-4.
I look forward to new version of the squid-3.5.
And thank you very much for your prompt response.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
reat.
Thank you.
John
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
from proxyserver.local
Connection: keep-alive
==
I found that Squid-3.5 automatically deleted the Proxy-Authenticate header.
Is it the correct behavior on squid-3.5 ?
How can I make client browser get Proxy-Authenticate header?
Thank you.
John Akhaice
Thanks Amos! Learned a lot. I changed .conf file and it works as expected.
On Thu, Jul 28, 2016 at 3:30 AM, Amos Jeffries wrote:
> On 28/07/2016 1:33 p.m., John Pearson wrote:
> > Hi,
> >
> > main problem: different squid configurations are not caching certain
> fil
Hi,
main problem: different squid configurations are not caching certain files.
These are my conf files `1_squid.conf` and `2_squid.conf` both can be found
here:
https://gist.github.com/ironpillow/e6b86354f4ac3941f74db86d893008f1
I am using http://www.thinkbroadband.com/download/ to download th
result of fgrep.
Thanks
On Wed, Mar 2, 2016 at 1:22 AM, Amos Jeffries wrote:
> On 2/03/2016 6:05 p.m., John Pearson wrote:
> > Hi,
> >
> > I have squid installed on a machine with two NICs.
> > eth0 - wan
> > eth1 - lan - 10.0.1.1
> >
> > Squid server i
Hi,
I have squid installed on a machine with two NICs.
eth0 - wan
eth1 - lan - 10.0.1.1
Squid server is running on eth1.
I am trying to use the squidclient to fetch a url so that squid will cache
it. Like prefetching.
Example:
squidclient -v -h 10.0.1.1 -p 3128 -m GET http://www.apple.com
Resu
Thanks! I meant if Squid can cache Android installs? I am deploying 10+ new
Android devices and wanted to cache the OS
On Tue, Feb 23, 2016 at 9:54 PM, Amos Jeffries wrote:
> On 24/02/2016 5:52 p.m., John Pearson wrote:
> > Is it possible to cache Android OS files and Android OS upd
Is it possible to cache Android OS files and Android OS update files ?
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
ither caching problem at that point? Would that
solve problem #1 without taking any further action? At that point, how
hard would it be to implement ssl-bump?
Thanks,
John
On Thu, Nov 5, 2015 at 7:31 AM, Amos Jeffries wrote:
> On 5/11/2015 7:16 a.m., John Smith wrote:
> > Hi,
> &g
to help.
Problem 2. We are not caching any https traffic. Is it possible to cache
https traffic, and if so how would one do it? As many websites are moving
towards https for all traffic this lowers the effectiveness of cache...
squid.conf below
Thanks,
John
# Recommended minimum configurati
ogged as 'noise'. Still quite an
improvement.
Thanks Amos and Eliezer for reaching out!
John
On Thu, Oct 29, 2015 at 2:31 PM, Amos Jeffries wrote:
> On 30/10/2015 9:51 a.m., John Smith wrote:
> > The outbound traffic from the L1proxy instance in question connects to a
>
ng DNS to connect to them.
I'm not exactly certain how the ELB functions, at least I don't know enough
to answer your question.
The healthcheck and listeners are are TCP, not HTTP.
On Thu, Oct 29, 2015 at 1:19 PM, Amos Jeffries wrote:
> On 30/10/2015 8:39 a.m., John Smith wrote:
>
rcept' several times and the
requests to secondary proxies no longer work.
I just confirmed this behaviour again.
If this is as 'quiet' as I can make the logs then it is what it is.
Thanks!
On Thu, Oct 29, 2015 at 8:35 AM, Eliezer Croitoru
wrote:
> Hey John,
>
> You are 100% doi
led as
we need them to be.
We don't need squid to do NAT, but we do need it to forward to the second
layer of proxies.
Things are now working as expected, I'm just trying to reduce the noise in
the logs and would clearly welcome any suggestions for improvements.
Thanks again,
John
Hi Eliezer,
I've added a single line to my squid.conf:
http_port 3130
And I've modified my AWS ELB healthcheck to monitor port 3130 instead of
3128.
Now my instances are still in the ELB, and the proxy still works as
expected, AND the amount of garbage errors in the cache.log has been
significant
orms tcp health checks without filling the logs?"
Thanks,
John
On Wed, Oct 28, 2015 at 4:06 PM, Eliezer Croitoru
wrote:
> Hey John,
>
> I am pretty sure it is something in the AWS Linux kernel.
>
> In any case you should have some http_port without intercept in the config.
>
hi,
I have a working(?) squid 3.10 proxy configuration.
squid-3.1.10-29.18.amzn1.x86_64 on AWS Linux behind an AWS elastic load
balancer.
My problem is that it appears every single AWS elastic load balancer
healthcheck triggers a line like this in cache.log:
2015/10/28 22:35:10| IpIntercept.cc(13
es in the access log file (ie 2
CONNECT log messages for each https CONNECT) for intercepted mode https
connections.The same goes for other ACL combinations like the below
resulting in duplicated log messages
ssl_bump server-first
ssl_bump splice
ssl_bump peek all
ssl
Thanks! That's what I figured. I wanted to see if anyone in the community
had better ideas or another way.
On Mon, Aug 24, 2015 at 4:52 AM, Kinkie wrote:
> Hi John,
> according to the article you link to, it's not possible to cache these
> updates: Apple puts some effort as
Anyone have Mac OS X update caching working ? Without doing a SSL bump. I
think they are hosted through https (
https://support.apple.com/en-us/HT202943 )
Thanks!
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org
ns on getting
Internet <---> Squid <---> Router (NAT) working ?
Thanks!
On Mon, Jul 13, 2015 at 1:33 PM, John Pearson
wrote:
> Thanks Yuri for the response, I understand. I do have Shorewall configured
> and I understand the security implications. My Router is also the Wireless
>
Hi Everyone,
My setup is: Internet <--> Squid-eth0 <--> Squid-eth1 <--> Router <-->
Devices
Currently the Router is doing NAT and DHCP for the devices connected to it.
Squid is in transparent mode. I set up a bridge ( br0). I set up the
ebtables and iptables. It works but I want to figure out a w
, e.g. 2.6 or 3.1, that supports
connection pinning :-
http://wiki.squid-cache.org/Features/ConnPin
Regards, John Mok
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
method is being used to connect and parse the server
certificate.
I had added this as a bug as well.
http://bugs.squid-cache.org/show_bug.cgi?id=4202
Regards,
John
*From:* John Killimangalam Jacob
*Sent:* Monday, February 16, 2015 11:25 AM
*To:* 'squid-users@lists.squid-cache.org'
_port :3130 intercept ssl-bump
cert=/tmp/sslcertificates/server.cert.pem
key=/tmp/sslcertificates/server.key.pem
Does this has to do anything specific to my environment or the config
options? Any help on this is highly appreciated.
Thanks in advance,
John
On Tue, Mar 10, 2015 at 10:42 PM, Roe
128
http_port 3128
http_port 3129 intercept
https_port 3130 intercept ssl-bump cert=/tmp/sslcertificates/server.cert.pem
key=/tmp/sslcertificates/server.key.pem
Thanks in Advance,
John
Visit our Website at www.rmesi.co.in<http://www.rmesi.co.in>
This message is confidential and shou
4cf5bc1b
I'd greatly appreciated it if someone could cast their eyes over the
logs and see if anything pops out as to why this infinite loop is
displayed by Squid.
Thanks very much in advance.
John
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
560
TCP_MISS:FIRSTUP_PARENT
81.XX.XX.XX - - [05/Dec/2014:12:51:19 +] "CCM_POST
https://ibcm.ourdomain.com/ccm_system/request HTTP/1.1" 403 1560
TCP_MISS:FIRSTUP_PARENT
So obviously, we are connecting, but getting a 403 error back. The
configurati
ementation on the maximum number of
sslcrtd children?
Please find below the configuration line.
sslcrtd_children 50 startup=5 idle=1
Thanks in Advance,
John
Visit our Website at www.rmesi.co.in<http://www.rmesi.co.in>
This message is confidential. You should not copy it or disclose its con
/library/dd560670%28v=ws.10%29.aspx
Regards, John Mok
On Tue, Oct 28, 2014 at 6:22 AM, Pedro Lobo wrote:
> Thanks Paul,
>
> I'll surely look into that too, but given that authentication seems o work
> for a day or so and then stop (was working Saturday, no longer today) I
> highl
RPM before, so
wish me luck!
Also, I've just contributed to the fund to help you all get back up and
running from the server issues you guys have been having.
Thanks again!
John
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey John,
OEL 6 and CentOS 6 are different enough to not be 100
all
of the testing is complete, I'd like to update to the latest RPM which
is only for CentOS 6. Eliezer, can you tell me how much different is
the CentOS 6 build from the OEL 6 please?
Thanks and Regards
John
___
squid-users mailing list
squid-
all
of the testing is complete, I'd like to update to the latest RPM which
is only for CentOS 6. Eliezer, can you tell me how much different is
the CentOS 6 build from the OEL 6 please?
Thanks and Regards
John
___
squid-users mailing list
squid-
84 matches
Mail list logo
