Hi,
My project makes user-initiated requests to a selection of HTTPS API, I'm
using squid 5.7 as a forward proxy with SSL bumping to aggressively cache
results, and it's working great for that.
One of the API (let's call it 'foobar.org') has a strict 1 request per second
limit. I would like t
this
...
On Mon, Sep 27, 2021 at 9:23 AM Alex Rousskov <
rouss...@measurement-factory.com> wrote:
> On 9/27/21 8:44 AM, Mike Yates wrote:
>
> > Sorry Alex but if using postman I just post to the internal URL with no
> > certificates and everything works fine. All I'
, 2021 at 5:59 PM Grant Taylor
wrote:
> On 9/24/21 3:26 PM, Mike Yates wrote:
> > Ok so let's say the new server outside the dmz has a different name.
>
> Are you going to re-configure the clients to use the new / different
> name? Or do you need to re-configure either th
t;
rouss...@measurement-factory.com> wrote:
> On 9/25/21 5:23 AM, Mike Yates wrote:
> > There are no certificates to worry about, the api is expecting a token
> > to be included in the payload of the call. So all squid needs to do is
> > accept the post from the internal
, 18:01 Alex Rousskov
wrote:
> On 9/24/21 5:26 PM, Mike Yates wrote:
> > Ok so let's say the new server outside the dmz has a different name. I
> > need a squid server configuration that will just forward the api calls
> > to an external address. So my internal server
then
forward the requests to the new server I have in the cloud. Long story
short I just need a pass through squid server.
On Fri, Sep 24, 2021, 17:18 Alex Rousskov
wrote:
> On 9/24/21 5:09 PM, Mike Yates wrote:
> > I have a bunch of internal machines that do not have internet access and
various ways to configure this in squid and I’m afraid I’m a
little lost on how my conf file should look..
Any suggestions would be very very welcome ..
Thanks in advance ..
Mike
___
squid-users mailing list
squid-users@lists.squid-ca
.
Thanks,
Mike Rumph
On Thu, Oct 1, 2020 at 2:45 AM Rafał Stanilewicz wrote:
> Hi Gabriel,
>
> thank you very much, I confirm I downloaded successfully the document, and
> I'm going to read it carefully, although it will take me some time.
>
> Still, my second questio
--
>
> Message: 1
> Date: Sun, 30 Jun 2019 18:36:19 +1200
> From: Amos Jeffries
> To: squid-users@lists.squid-cache.org
> Subject: Re: [squid-users] Bypassing SSL Man In the Middle Filtering
> For Certain LAN IP's
>
Hi All,
I've setup a squid proxy server on my PFSense router, is there any way of
bypassing HTTPS/SSL filtering for certain LAN IP's. I have IP addresses
192.168.1.0-192.168.1.200 allocated through DHCP and I want these devices
to bypass SSL interception but not the standard HTTP proxy.
Since mos
peek step2 tls_servers
ssl_bump splice step3 tls_servers
ssl_bump stare step2
ssl_bump bump step3
ssl_bump terminate step2 all
# debug_options ALL,1 80,5
debug_options ALL,1 33,4
---
Thanks, Mike Quentel
On Tue, 11 Dec 2018 at 18:08, w=
rote:
>
> Send squid-users mailing list submissi
ssl_bump stare step2
ssl_bump bump step3
ssl_bump terminate step2 all
# debug_options ALL,1 80,5
debug_options ALL,1 33,4
---
Thanks, Mike Quentel
On Tue, 11 Dec 2018 at 18:08, wrote:
>
> Send squid-users mailing list submissions to
> squid-users@lists.squid-cache.org
>
>
Hi, I have been unsuccessfully trying to get Squid-4.1-5 in AWS
(Amazon 1 Linux) to allow transparent proxy of certain domains, as
well as IPs associated with those domains, whilst rejecting everything
else.
I have been referencing documentation at
https://wiki.squid-cache.org/Features/SslPeekAndS
I hung onto CentOS 6 for a while but it’s no longer secure enough. You really
ought to move versions.
I would prefer to see Eliezer efforts used to make 4.2 available in the stable
repo.
Thanks
Mike
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of Eliezer
I am sure Amos wont mind me saying but nginx is the right tool for that
scenario.
Squid is a great forward proxy and I use it for our network but form incoming
connections nginx is more flexible and designed for the job.
-Original Message-
From: squid-users [mailto:squid-users-boun...@l
Hi Eliezer
I have been using your repos on CentOS for many years thank you for your hard
work.
Are you planning a stable repo for v4 now it's out.
Many Thanks
Mike
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.
Fixed in Squid 3.5.20. The current stable release is Squid 3.5.27.
See http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14061.patch
for details.
Mike Mitchell
___
squid-users mailing list
squid-users@lists.squid-cache.org
http
Just to say I have been using Eliezers centos repo for a few years as the
centos/rhel repos are always slow to react to new versions.
I think Eliezers repos are well respected out there.
Regards
Mike
-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org
dling HTTP and
HTTPS traffic, not FTP. trying to use it as a FTP proxy will need a
different configuration than the standard HTTP/Secure proxy.
Mike
On 5/25/2017 14:07 PM, Walter H. wrote:
On 25.05.2017 12:50, Amos Jeffries wrote:
On 25/05/17 20:19, Walter H. wrote:
Hello
what is the esse
ginal Message-
From: Amos Jeffries [mailto:squ...@treenet.co.nz]
Sent: 16 March 2017 10:54
To: Mike Surcouf; squid-users@lists.squid-cache.org
Subject: Re: [squid-users] kerb auth groups KV note acl config
On 16/03/2017 11:12 p.m., Mike Surcouf wrote:
> @Amos
>
> Thanks for this
>
-users@lists.squid-cache.org
Subject: Re: [squid-users] kerb auth groups KV note acl config
On 15/03/2017 10:18 p.m., Mike Surcouf wrote:
> This is bulleted as a new feature for v4.
> Yet there is no way to test this without a quick reply letting me know the
> basic usage.
> Anyone got
This is bulleted as a new feature for v4.
Yet there is no way to test this without a quick reply letting me know the
basic usage.
Anyone got a snippet on how this is setup
-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of Mike Surcouf
s-boun...@lists.squid-cache.org] Im
> Auftrag von Mike Surcouf
> Gesendet: Donnerstag, 9. März 2017 18:58
> An: 'Rafael Akchurin'; Amos Jeffries;
> squid-users@lists.squid-cache.org
> Betreff: Re: [squid-users] microsoft edge and proxy auth not working
>
> Hi Rafael
>
>
Ah OK sorry
I am curious why you have a reason to use NTLM over Kerberos? :-)
-Original Message-
From: Rafael Akchurin [mailto:rafael.akchu...@diladele.com]
Sent: 09 March 2017 18:01
To: Mike Surcouf
Cc: Amos Jeffries; squid-users@lists.squid-cache.org
Subject: Re: [squid-users
en 20
auth_param negotiate keep_alive on
Thanks
Mike
-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of Rafael Akchurin
Sent: 09 March 2017 17:01
To: Amos Jeffries; squid-users@lists.squid-cache.org
Subject: Re: [squid-users] microsoft edg
@Markus
I would really like to give this a go.
Good to get some people using this stuff
-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of Mike Surcouf
Sent: 07 March 2017 15:21
To: 'squid-users@lists.squid-cache.org'
Subje
te to the DOCS although I am only
a git user and bazaar would be new to me so I may just post my experience in
this thread.
From what I can see I need to setup a note acl but I am unsure of the key names
etc.
A short example would be great.
Thanks
These are code words, they're looking to setup proxies to bypass
filters, corporate networks, school blocks, and other setups designed to
restrict their use (which they agreed to by using these limited
networks). Another possibility is scammer/spammer using a virus with a
proxy to reroute all s
appreciated.
Mike
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
We have a situation where we need to filter compressed HTTP traffic through
an ICAP service, logging failures (4xx) or passing the original compressed
payload to it's target destination on 2xx.
Something like this:
- Incoming compressed HTTP
- Decompress and forward to ICAP service
- Log
Thanks Alex.
You are correct, the message bodies are compressed (gzip). For reasons
unknown the ICAP service can't or won't deal with compressed data. Also
correct, the ICAP service is a black box for us.
Much thanks for the response, it gives us a place to start.
--Mike
On Thu, Ma
than "it won't accepted
compressed data".
I suspect once we overcome all of the 'objections' the real issue will
surface.
--Mike
On Thu, Mar 17, 2016 at 3:09 PM, Eliezer Croitoru
wrote:
> Hey Mike,
>
> What do you mean by black box to us? who is us?
>
&
then mean I suffer the security problems associated with old
versions !, so wondered if this one rule could be modelled. So far I've
worked out how to totally block PATCH requests, but that's not really good
enough.
Any help welcome !
Mike
___
s
re of it.
Mike
On 2/16/2016 13:32 PM, sebastien.boulia...@cpu.ca wrote:
Hi all,
http://imgur.com/PI1PRlB
Can it be fixed with Squid ? If yes, how ?
Thanks you very much for your answer.
*Sébastien Boulianne*
Administrateur réseau & système / Network & System Administrator
(Wi
27; 'PKG_CONFIG_PATH=/usr/lib64/pkgconfig:/usr/share/pkgconfig'
There are small variations in CentOS that make it different from other
linux operating systems, so when I've had issues with missing configure
options, I installed the available version from yum, then went th
.
I've found that entry does not work well in Windows, but it should in
linux. Also with my company we moved away from Win Server because of
similar and other unrelated issues, so now are linux only (except for
one out of hundreds of servers).
Mike
On 12/10/2015 19:16 PM, Patrick Fla
s
various errors, permission problems, and/or doesn't have all the compile
options CentOS and Scientific Linux wants.
Mike
On 11/26/2015 17:00 PM, Alex Samad wrote:
Hi
I am trying to upgrade from the centos squid to the squid one
rpm -qa | grep squid
squid-3.1.23-9.el6.x86_64
rpm -Uvh squ
ing at the powerdns groups and mailing list
for more details on this.
Mike
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Also noticed the typo in my backend config
http_port 127.0.01:400${process_number}
should have been
http_port 127.0.0.1:400${process_number}
However this change did not help with getting cached results, still goes
direct.
Mike Hodgkinson
Internal Support Engineer
Mobile +64 21 754 339
Phone
mp;t=8a3b73eff46a9cf1a91829c0b9d0016a
Cheers
Mike Hodgkinson
Internal Support Engineer
Mobile +64 21 754 339
Phone +64 4 462 5064
Email mike.hodgkin...@solnet.co.nz
Solnet Solutions Limited
Level 12, Solnet House
70 The Terrace, Wellington 6011
PO Box 397, Wellington 6140
www.solnet.c
g - HIER_DIRECT/69.73.181.160
image/jpeg
1446163681.498 3059 10.1.209.33 TCP_MISS/200 756224 GET
http://asylum-inc.net/WoT/2013-03-03_6.jpg - HIER_DIRECT/69.73.181.160
image/jpeg
Any assistance is appreciated.
Cheers
Mike Hodgkinson
Internal Support Engineer
Mobile +64 21 754 339
Phone +64 4
Hey!
New message, please read <http://www.autler-kfz.at/thinking.php?hs8c>
Mike Marchywka
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Hey!
New message, please read <http://kitchendesignvirginia.com/meaning.php?5wcs>
Mike Marchywka
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
On 7/30/2015 16:30 PM, Amos Jeffries wrote:
On 31/07/2015 3:48 a.m., Mike wrote:
On 7/27/2015 17:25 PM, Amos Jeffries wrote:
On 28/07/2015 8:38 a.m., Mike wrote:
Running into an issue, using the squid.conf entry
dns_nameservers 72.x.x.x 72.x.y.y
These are different servers (under our control
On 7/27/2015 17:25 PM, Amos Jeffries wrote:
On 28/07/2015 8:38 a.m., Mike wrote:
Running into an issue, using the squid.conf entry
dns_nameservers 72.x.x.x 72.x.y.y
These are different servers (under our control) for the purpose of
filtering than listed in resolv.conf (which are out of our
in advance
Mike
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
squid server.
4. The bypass local network means any IP connection attempt to a local
network IP will not use the proxy. This goes back to the 2 different IP
subsets. One option is to enter a proxy exception as 10.*.*.* (if the
websense server is using 10.x.x.x IP address).
Mike
On 7/24/2015
We have a DNS guru on staff and editing the resolv.conf in this manner
does not work (we tested it to make sure). Looks like we are using an
older desktop to setup a basic DNS server and then point squid to redirect.
Mike
On 7/2/2015 2:06 AM, Stuart Henderson wrote:
On 2015-07-01, Mike
g a way to redirect in squid should be the better route for us
since DNS is not an option
Essentially www.google.com --> forcesafesearch.google.com
Mike
On 7/1/2015 11:11 AM, Marcus Kool wrote:
The article does not say to change from a proxy to a DNS server.
Instead, it says to add an ent
Rafael, We're trying to keep the setups lean, and primarily just deal
with google and youtube, not all websites. ICAP processes deal with a
whole new layer of complexity and usually cover all websites, no just
the few.
On 6/30/2015 16:17 PM, Rafael Akchurin wrote:
Hello Mike,
May be
ound (like a black list)?
Another option I thought of is since the meta content in the code
including title is passed along, so is there a way to have it can the
header or title content as part of the acl "content scan" process?
Thanks
Mike
On 6/26/2015 13:29 PM, Mike wrote:
earch engine, and other ways, but that is an
issue we can live with.
On 6/26/2015 5:12 AM, Amos Jeffries wrote:
On 26/06/2015 8:40 p.m., FredB wrote:
Mike, you can also to try the dev branch
https://github.com/e2guardian/e2guardian/tree/develop
SSLMITM works now. The request from the client is
acl setup before, but before now
never needed to.
Thank you so much for the help!
Mike
On 6/26/2015 0:29 AM, Amos Jeffries wrote:
On 26/06/2015 2:36 a.m., Mike wrote:
Amos, thanks for info.
The primary settings being used in squid.conf:
http_port 8080
# this port is what will be used for SS
Yes we already have that version installed, that is the version having
these issues.
[root@Server1 ~]# e2guardian -v
e2guardian 3.0.4
On 6/26/2015 3:40 AM, FredB wrote:
Mike, you can also to try the dev branch
https://github.com/e2guardian/e2guardian/tree/develop
SSLMITM works now. The
wordpress, yahoo, and others are caught and blocked, so it is just
google owned sites that are not.
More below...
On 6/24/2015 6:36 AM, Amos Jeffries wrote:
On 24/06/2015 11:03 a.m., Mike wrote:
We have a server setup using squid 3.5 and e2guardian (newer branch of
dansguardian), the issue is now
the current settings though, it goes to the squid access
denied page.
Mike
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
directory.
cache_dir aufs /var/cache/squid 1 32 512
-
Let me know anything else you may need or suggestions.
Mike
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Stanford Prescott gmail.com> writes:
>
>
> Never mind. I figured the acl out. I was using someone else's
instructions who accidentally left out the double :: ssl::server_name
using just a single :.
I am getting the same thing as you except I don't have the mistake you
did. I literally copi
?
Mike
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
uest_body_max_size does not function on a port marked 'transparent'.
Has anyone else seen this problem?
I've found one reference to it in my searches,
http://nerdanswer.com/answer.php?q=336233
Mike Mitchell
___
squid-users mailing list
squid-use
emove "-lcom_err",
the build succeeds and the executables run properly.
I run configure with --with-krb5-config="no" --without-mit-krb5
--without-heimdal-krb5 --without-gnutls
But it still tries linking in the krb libraries and the
lanations, but this at least covers RedHat based OS's with
selinux. I documented all of this since our servers ran into the same
issue due to selinux, and this was how we resolved it.
Mike
On 1/22/2015 6:17 AM, HackXBack wrote:
hello,
every day i found this error and my cache sto
to put the prerotate entry above "daily" so it runs
each line in proper order, sometimes the prerotate further down on
certain systems works more like a "delay rotate".
Mike
On 11/13/2014 12:39 PM, santosh wrote:
Hello Team ,
I have a doubt with squid log file rotation
e bugs and vulnerabilities compared to
openssl)?
and my last question, regarding squid usage by people on HTTPS websites,
what are some primary differences of using gnutls versus openssl?
Thanks!
Mike
___
squid-users mailing list
squid-users@lists.squid
, even spanning across the entire US.
Mike
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
l crew called "e2guardian" that can also handle some
SSL urls via blacklisting (as long as squid is also setup with ssl-bump
in 3.4.x).
Otherwise within squid itself, the dstdomain and regex_dstdomain acls
are an option, but that does not provide much for filtering content o
66 matches
Mail list logo
