Re: [squid-users] compile squid with tumbleweed

your intent... Squid is of moderate difficulty to build -- be sure you can do so from suse's source rpm's, as they'll work for your system, then change things starting from there... 4.04.21 23:36, L A Walsh пишет: On 2021/04/03 22:09, Majed Zouhairy wrote: the error is: Прокси-

Re: [squid-users] compile squid with tumbleweed

On 2021/04/03 22:09, Majed Zouhairy wrote: the error is: Прокси-сервер отказывается принимать соединения translation: the proxy-server is refusing to accept connections.. That most commonly is what I see when squid didn't start, (so it refuses to accept connections). Are you sure it starte

Re: [squid-users] replacement for obsoleted cache controls (ign-no-cache; ign-must-reval. + ign-auth)

On 2020/12/06 12:14, Alex Rousskov wrote: On 12/6/20 10:12 AM, L A Walsh wrote: Since the early 4.x series and now, the cache control headers: ignore-no-cache ignore-must-revalidate ignore-auth ... Thanks for the followup. One of the main things I try to use my proxy for is to

[squid-users] replacement for obsoleted cache controls (ign-no-cache; ign-must-reval. + ign-auth)

Since the early 4.x series and now, the cache control headers: ignore-no-cache ignore-must-revalidate ignore-auth have been "obsoleted". Indicating something has replaced them and there's a new & better way to ignore those headers for static files (most often web-fonts, though some javascript f

Re: [squid-users] TCP_MISS_ABORTED/503 - -Squid-Error: ERR_DNS_FAIL 0

On 2019/08/21 04:41, Amos Jeffries wrote: > On 21/08/19 3:51 pm, L A Walsh wrote: > >> Pulled this out of my log. Downloading lots of files through squid has >> the download aborting after about 3k files. This is the first I've seen >> that there's also an as

Re: [squid-users] TCP_MISS_ABORTED/503 - -Squid-Error: ERR_DNS_FAIL 0

On 2019/08/20 20:56, Eliza wrote: > Hi > > on 2019/8/21 11:51, L A Walsh wrote: > >> Pulled this out of my log. Downloading lots of files through squid has >> the download aborting after about 3k files. This is the first I've seen >> that there's also

[squid-users] TCP_MISS_ABORTED/503 - -Squid-Error: ERR_DNS_FAIL 0

Pulled this out of my log. Downloading lots of files through squid has the download aborting after about 3k files. This is the first I've seen that there's also an associated ERR_DNS_FAIL -- is that a message from squid's internal resolver? 1566304848.234 1 192.168.3.1 TCP_MISS_ABORTED/503

Re: [squid-users] Why Squid on CentOS is faster than Debian ?

On 4/1/2019 2:17 AM, David Touzeau wrote: > We have recompiled same squid version on 2 systems > https://github.com/dtouzeau/1.6.x/blob/Tempfiles/centos7-config.log?raw=true > > --- > Result was CentOS 44% faster on TCP_MEM_HITS >

Re: [squid-users] how to go from connect/tunnel in squid4 ->GET

On 11/29/2018 12:41 PM, Alex Rousskov wrote: You have not configured any ssl_bump rules. Thus, you are effectively not using any SslBump features. All HTTPS traffic is simply tunneled through without decryption/analysis. --- OkI didn't do any of that in squid 3.x when I had something

Re: [squid-users] how to go from connect/tunnel in squid4 ->GET

Linda On 11/29/2018 7:53 AM, Alex Rousskov wrote: On 11/29/18 5:33 AM, L A Walsh wrote: I bumped to squid4 a few months ago, but stil haven't gotten to the point where I can see and cache individual requests and following config examples @ https://wiki.squid-cache.org/ConfigExa

[squid-users] how to go from connect/tunnel in squid4 ->GET

I had a version of this working in squid3.x, but it didn't work for some sites and didn't work well with a newer Opera, but did ok with an older FF-clone. I bumped to squid4 a few months ago, but stil haven't gotten to the point where I can see and cache individual requests and following config e

[squid-users] how to go from connect/tunnel in squid4 ->GET

I had a version of this working in squid3.x, but it didn't work for some sites and didn't work well with a newer Opera, but did ok with an older FF-clone. I bumped to squid4 a few months ago, but stil haven't gotten to the point where I can see and cache individual requests and following config e

[squid-users] tls_outgoing_options, cipher list not parseable

I seem to have a problem specifying the cipher list in the tls_outgoing options. The line I have: tls_outgoing_options options=NOSSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE,cipher=EECDH+ECDSA+AESGCM:\ EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:\ EECDH+aRSA+SHA256:EECDH+aR

Re: [squid-users] squid as wpad server?

L.P.H. van Belle wrote: Read : https://findproxyforurl.com/official-toolset/ That one helped me a lot, all you want to know is there imo. Seems like that is mostly about setting one up. I already have a working one, but in reading docs on the squid wiki it was suggested t

Re: [squid-users] Wpad problem (DNS)

erdosain9 wrote: tail -f /var/log/squid/access.log | grep 192.168.6.22 1532616150.629 77 192.168.6.22 TCP_REFRESH_UNMODIFIED/200 316 GET http://www.msftncsi.com/ncsi.txt - HIER_DIRECT/200.81.17.41 text/plain --- You may have some different setup, but this is what works for me and seem

[squid-users] squid as wpad server?

I seem to remember reading that one way to improve reliability is to have your proxy software be able to double as a web-server for WPAD.dat. Is there a published means for doing this w/squid or would something need to be cobbled together? I'm currently running a small internal-only webs-server

[squid-users] 4.0.25 -- build, ok... probs on 3.x still there, but may not be so important?

..not sure what else would be causing weird issues... one of them was deprecation warnings and that could easily be the new compiler... Anyway...gonna go try to get 4.0.25 running... sorry for bother. L A Walsh wrote: Also, tried recompiling 3.5.21+22 and ran into some issues (which don't

[squid-users] building 4.0.25

I unpacked the tar and ran configure via a script. Ran make, but am running into this: CCLD libmiscencoding.la ../libtool: line 7979: func_quote_for_eval: command not found ... ../libtool: line 7979: func_quote_for_eval: command not found CXXLDlibmisccontainers.la ../libtool: line 7979

Re: [squid-users] help with the error TCP_MISS_ABORTED/000

Juan Manuel P wrote: I am using Squid Cache: Version 3.5.12, but some pages give me the next error: 1/Feb/2018:18:14:40 -0300 || - || 10.12.43.20 || TCP_MISS_ABORTED/000|| GET || http://www.rionegro.gov.ar/download/images/00033494.jpg

Re: [squid-users] Opera (Win7SP1-x64) not connecting to google.com because of "HSTS"?

Yuri wrote: I see absolutely no problem with Opera and HSTS via my proxy, as by as Chrome/Firefox. As shown on screenshoots. Well poo!... I see your access... but still have probs on my end. I don't have it on IE or Pale moon. I tried private mode on google -- same problem. I also am tryi

Re: [squid-users] Opera (Win7SP1-x64) not connecting to google.com because of "HSTS"?

Yuri wrote: Sadly, I have no Opera to test. This works perfectly with Chrome/Firefox. Of course, it is require to reconfigure squid ;) Well rats! um, it is a free download for Win/Mac & Linux @ http://www.opera.com/computer. :~) Not sure about mobile versions... I don't use

Re: [squid-users] Opera (Win7SP1-x64) not connecting to google.com because of "HSTS"?

Yuri wrote: Try to add this: # Disable HSTS reply_header_access Strict-Transport-Security deny all reply_header_replace Strict-Transport-Security max-age=0; includeSubDomains Sorry, but no difference. I placed them between these keywords -- just above the request_header_add comment (if th

Re: [squid-users] Squid Proxy 3.5.12 - Certain Website not loading

jloldham wrote: Hi, We have a website that we cannot access through squid, tracking the logs we cannot see anything getting blocked. Can anyone else get to this website via squid https://crm.zoho.com/. Or does anyone have any advice on what we can do so that the we can get the website to work.

[squid-users] Opera (Win7SP1-x64) not connecting to google.com because of "HSTS"?

I've seen this before w/google in Opera -- but it doesn't seem to happen with IE or Palemoon (both going through my SSL-bumping proxy). Even my housemate, going through the proxy using Chrome doesn't get this error (it also uses the system cert location). When I bring up the security dialog in

Re: [squid-users] SSL Bump Failures with Google and Wikipedia [SOLVED]

Jeffrey Merkey wrote: One caveat about this I discovered that there are quite a few websites which completely ignore the Accept-Encoding request header and just go ahead and send gzip html data even when you tell it not to. Oh well, back to the drawing board. --- But didn't your bump pro

Re: [squid-users] TLS: 1st time w/intermediate cert: not working; ideas on what I'm doing wrong?

Yuri wrote: Check all CA's chain. It is possible your root CA's bundle not complete. --- Likely problem... Fixed as per URL: I use this URL: https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt and working now... Thanks! Linda __

Re: [squid-users] TLS: 1st time w/intermediate cert: not working; ideas on what I'm doing wrong?

Yuri wrote: Ops, miss end of message :) --- I did search first! ;^) Check all CA's chain. It is possible your root CA's bundle not complete. --- Likely problem... I usually use root CA's from Mozilla (added to squid.conf as one file) and own self-supported intermediate C

[squid-users] TLS: 1st time w/intermediate cert: not working; ideas on what I'm doing wrong?

Got an error message from squid where I'm doing https-bumping: -- The following error was encountered while trying to retrieve the URL: https://help.ea.com/ *Failed to establish a secure connection to 52.0.220.87* The system returned: (71) Protocol error (TLS co

Re: [squid-users] How to make sslbump'ing more robust? (option to continue?)

Alex Rousskov wrote: Yes, there is a way. Your options include: 1. Tell Squid to ignore expired certificates errors. Squid will then mimic the expired certificate while allowing the client traffic. The client should then detect the expired (fake) certificate and may offer the user to bypass the

[squid-users] How to make sslbump'ing more robust? (option to continue?)

I tried accessing a site that had an expired certificate today (https://www.tcl.tk/doc/scripting.html). In going through squid, I got: - The following error was encountered while trying to retrieve the URL: https://www.tcl.tk/doc/scripting.html *Failed to establish a secure connection

Re: [squid-users] What squid should do with RFC non-compliant response header?

Eliezer Croitoru wrote: Hi List, I noticed that there are broken services out-there which uses non RFC compliance response header such as the case of space, for example: "Content Type: hola amigos" HmmmApril 1?... Seriously -- what would a user's browser do? Probably depends on brows

Re: [squid-users] hsc-dynamic-cache: relied on storeID rules? Removed in 3.5.20?

Eliezer Croitoru wrote: Hey Linda, As the pathcer\author of StoreID I will try to clarify what might seems odd. StoreID is a "static" rule which is one of the squid cache fundamentals. The feature is the option to tweak this internal cache object ID. This is a very static feature and will not be

[squid-users] hsc-dynamic-cache: relied on storeID rules? Removed in 3.5.20?

This caught my attention as my housemate tends to watch alot of youtube videos, and caching some of them might speed up their access, so was trying to understand what was meant in your post: Yuri Voinov wrote: Things are changed in the web on regular basis. Nothing permanent in the world. So, s

[squid-users] squid & handling/propagating certificat revocations...?

How does squid 'normally' handle security revocations, like from this test page?: https://revoked.grc.com/ Or how 'should' it be handling it (i.e. is my setup more broken than most? ;^) ) Or, when squid fetches the page, does it do any checking before sending it to the user? Or, does it pass

Re: [squid-users] SSL bump not working w/some sites.

Alex Rousskov wrote: On 11/07/2016 11:59 AM, L. A. Walsh wrote: I have the SSL bump feature setup and so far have been happy with it, but today, I got an error from a website, You got an error from Squid, not a website. saying they detect my ability to monitor my webtraffic and refuse to

[squid-users] SSL bump not working w/some sites.

I have the SSL bump feature setup and so far have been happy with it, but today, I got an error from a website, saying they detect my ability to monitor my webtraffic and refuse to allow it: The following error was encountered while trying to retrieve the URL: https://consumercomplaints.fcc.gov/

[squid-users] Certificate transparency: problem for ssl-bumping, no effect, or?

Google is pushing this for all websites by October 2017 One issue to be "caught" are subordinated CA certs that can allow one vector for generating certs accepted by browsers w/o importing any new certs. Some of the info on the cert page: https://www.certificate-transparency.org/what-is-ct

[squid-users] FYI - primitive hit-rate results w/sslbump vs. not

Just as an FYI, I did a test today of squid's efficacy with the ssl-bumping feature. This is a preliminary result with little or no review of the logs -- just going by access log entries. I was interested because I've been running squid @ home for over 10 years to try to squeeze speed out of