On Wed, Oct 26, 2016 at 11:45 AM, Yuri Voinov wrote:
>
>
> Jok,
>
> it can be DNS leak. Does you tested it? 8.8.8.8 can be poisoned (probably)
> or intercepted by ISP.
>
>
DNS is working fine and is not being poisoned/intercepted/messed with. The
records that come back from the google servers app
After being side-tracked with a few different project, I ended up with the
config below. It appears to do the right things, though the ACL
organization could use some cleanup...
(Browsing to authorized sites works, browsing to something else, i get a
denied page from squid)
However, even though ms
This is sort of off-topic, but have you considered using a deb repo
mirroring software?
(it would mean that you need to update your clients to point to that rather
than google, but that's not really difficult).
software like aptly (aptly.info) are really good about this (though a
little hard to get
On Tue, Oct 4, 2016 at 1:41 PM, Jose Torres-Berrocal <
jetsystemservi...@gmail.com> wrote:
> I do not know the correct terms to the problem I have.
>
> I have some clients that use a program that tries to connect to:
> https://neodecksoftware.com/NeoMedOnline/NeoMedOnlineService.svc
>
>
note that
On Mon, Sep 19, 2016 at 10:39 AM, erdosain9 wrote:
> mm
> so...
> i think this is working for non take the certificate
>
> acl step1 at_step SslBump1
> acl excludeSSL ssl::server_name_regex web/.whatsapp/.com
>
wrong slashes... you want "\"
>
> ssl_bump peek step1
> ssl_bump splice
On Wed, Sep 7, 2016 at 3:05 PM, Marcus Kool
wrote:
>
> slightly off topic: what is the easiest way to install a cert on a
> smartphone?
> I looked for an app but did not find one.
>
>
Look for some MDM solutions. That's not really an option for one (personal)
phone, but for a company, that allows
On Tue, Aug 30, 2016 at 4:05 AM, alberto wrote:
> Hi all,
> I have a squid3 installation with kerberos ldap groups authentication.
> Everything works like a charm except for one of my user that belongs to
> too many groups (more than 50): this user can not browse any site because
> of authenticat
Be aware that youtube uses the QUIC protocol (
https://en.wikipedia.org/wiki/QUIC) with browsers that support it.
Unless you block and/or manage that specific condition with your firewall,
the actual downloading of the videos will not go through Squid...
Thanks,
Jok
On Thu, Aug 25, 2016 at 1:35 P
On Fri, Aug 19, 2016 at 9:33 AM, Sergio Belkin wrote:
> /var/log/squid/access.log
> 192.168.50.41 - - [19/Aug/2016:12:19:45 -0300] "CONNECT
> beap-bc.yahoo.com:443 HTTP/1.1" 407 4634 "-" "Mozilla/5.0 (Windows NT
> 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0" TCP_DENIED:HIER_NONE
>
This is "
> On Jul 3, 2016, at 6:47 AM, james82 wrote:
>
> what do you mean? don't you see i use ubuntu 16.04 desktop? i installed
> webmin and virtualmin for easy control to use. i use OS on virtualbox. then
> I install by "sudo apt-get install squid". that it. Now what??
>
Now you need to configure s
On Mon, Apr 25, 2016 at 7:33 AM, Hack Ensolo wrote:
> ### http_access rules
> http_access allow manager localhost
> http_access allow auth
> http_access deny !auth
> http_access allow kerbusers
> http_access allow localnet
> http_access deny manager
> http_access deny all
>
>
Since the rules are
Blocking YouTube (appear to be on your list) is tricky, if the browser is
chrome:
https://en.m.wikipedia.org/wiki/QUIC
If you click on the 'green lock' and look at the connection you will see it's
not using https (funnily enough, the ads there do!).
Look at the wiki for more info on how to blo
with 3.5.15, I have this config:
---8<---
https_port 8443 intercept ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=64MB \
cert=/etc/squid/ssl/proxy.pem \
key=/etc/squid/ssl/proxy.key \
cafile=/etc/squid/ssl/proxy.pem
--->8---
proxy.pem is the concatenation of both
On Mon, Apr 4, 2016 at 6:23 PM, Amos Jeffries wrote:
> >>>
> >>> If i remove *all* the http_access lines, then the behavior appears
> >> correct
> >>> (from a "splicing/bumping" standpoint).
> >>>
> >>
> >> Strange. Squid without any http_access lines should be denying traffic
> >> 100%.
> >>
> >
Thanks James! This is really close to what I need. Comparing this to my
existing config, it looks like i'm pretty close, except that i don't want
to "terminate" the sslbump, i need to send an error notification to the
end-user.
___
squid-users mailing
On Sun, Apr 3, 2016 at 9:59 PM, Amos Jeffries wrote:
> On 4/04/2016 4:18 p.m., Jok Thuau wrote:
> > I'm attempting to build a transparent proxy (policy based routing on
> > firewall to squid proxy) with the following behavior:
> >
> > 1) proxies http traffic for
I'm attempting to build a transparent proxy (policy based routing on
firewall to squid proxy) with the following behavior:
1) proxies http traffic for a given set of domains, provide an message
otherwise such "domain not allowed" or similar
2) proxies https traffic for a given set of domains (idea
17 matches
Mail list logo
