I got two questions actualy. I want to re-direct all traffic certain users
(parental control...) through squid.
(1) What i the best possibility to do so independently of whether they are
on the LAN or are outside home?
(2) If I only want to re-direct when they are on the LAN; can I do this by
cap
te
and NTLM, my clients respond with a Negotiate.
regards,
Paul
On 7 Jan 2021 at 15:18, Alex Rousskov wrote:
> On 1/7/21 2:43 PM, p...@pjb.org.uk wrote:
>
> > I am currently using Squid 5.0.3 but have an issue when using a cache_peer
> > (non-squid &
> > outside
17 job22]
--
Is this a mis-configuration? or have I mis-understood how cache_peer works?
regards,
Paul
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
I run a home server under Centos 7 and squid 3.5.20. The config is still
work in progress as I started only today. Any tipps&tricks are welcomed
The function is as expected when working from my LAN. But when I tested
today from my cell phone from outside I received a few TCP_DENIED for web
pages th
allow LAN TO_SSL whitelist-regex
http_access deny all
# SSL bump
ssl_bump bump all
ssl_bump terminate all
# --
On Thu, 07 Feb 2019 01:46:23 +0100 Amos Jeffries
wrote
> On 7/02/19 3:52 am, Paul Doignon wrote:
> > Thanks, I appreciate your detailed answer.
> >
>
that, thanks !
Easy to install and migrate on arch but I think I will need to compile it for
Amazon Linux.
On Tue, 05 Feb 2019 16:35:52 +0100 Amos Jeffries
wrote
> On 6/02/19 3:33 am, Paul Doignon wrote:
> > Hi,
> >
> > I'm struggling a lot to configure
Hi,
I'm struggling a lot to configure Squid. To improve the security of my app in
my AWS private subnet, I would like to build a HTTPS proxy to whitelist *only*
some URLs.
My wish is to *not* rely on SNI filtering but bump HTTPS traffic in order to
filter the URLs (path) of HTTPS requests. I kn
Problem staqtement: can't whitelist youtube.com
I run squid 3.5 and squiguard on a CENTOS 7 home linux server.
The blacklist database is created by a publicly available script called
getlists.sh. This script downloads and compiles blacklists from several
sites (e.g. squidguard website)
To whiteli
y portX
# otherwise; for port 3120 traffic ...
# only specific clients with whitelisted IPs can use the proxy ...
http_access deny !allowed_clients
# ... and must also login
http_access deny !ncsa_users
http_access allow localnet
http_access deny all
Thanks.
Paul
_
nally realized there appeared to be something wrong with the
"parameters" handling of the external file, and turned it into:
acl WHITELIST dstdomain "/etc/squid/whitelist.txt"
With that one change it worked properly.
Is this a known bug?
Thanks,
Paul
On Thu, 4 Jan 2018 01:24:57 +1300
Amos Jeffries wrote:
> On 03/01/18 20:34, Paul Neuwirth wrote:
> > On Wed, 3 Jan 2018 08:30:36 +0100
> > Paul Neuwirth wrote:
> >
> >> Hello list,
> >>
> >> named is configured to block (resulting in NXDOMAIN)
On Wed, 3 Jan 2018 08:30:36 +0100
Paul Neuwirth wrote:
> Hello list,
>
> named is configured to block (resulting in NXDOMAIN) some domains.
> Using squid I have following problem:
> Browser requests such a blocked URL and named is not delivering an
> error, request never t
0 GET
http://www.googletagmanager.com/ - HIER_NONE/- -
Thank you for help. If you need any further information, i may deliver.
Thank you
Paul
OS: OpenSUSE Leap 42.2
# zypper if squid
Information for package squid:
--
Repository : opensuse_updates
Name
Amos,
Understood. I think it is all working correctly now. Thank you!
PH
On Wed, Dec 13, 2017 at 7:35 PM, Amos Jeffries wrote:
> On 14/12/17 11:32, Paul Hackmann wrote:
>
>> Amos,
>>
>> I will do an update to the most recent version and see if that helps. It
>&g
, 2017 at 10:30 AM, Amos Jeffries
wrote:
> On 13/12/17 04:10, Paul Hackmann wrote:
>
>> Amos,
>>
>> The squid version is 3.1.19.
>>
>
> Please upgrade. There have been a *lot* of authentication related issues
> that got solved in the years since that version wa
o, as I
don't know what all of the directives in it are for. I marked a couple of
lines I don't understand. I would be happy for it to be optimized more if
anyone has ideas.
Thanks,
PH
On Mon, Dec 11, 2017 at 7:16 PM, Amos Jeffries wrote:
> On 12/12/17 11:04, Paul Hackmann wrote:
mho. FF seems ok with
> digest, ie AD.
>
> Sent from TypeApp <http://www.typeapp.com/r?b=11347>
> On 11 Dec 2017, at 22:05, Paul Hackmann wrote:
>>
>> Has anyone had the instance where the proxy will ask the user to
>> authenticate several times as they are browsi
Has anyone had the instance where the proxy will ask the user to
authenticate several times as they are browsing the web? I have been
seeing this as a random occurrence for some of the users on the server. It
will pop up a login prompt in the browser repeatedly for a minute or two.
Then it will s
On 21/11/17 06:56, Paul Hackmann wrote:
>
>> Amos,
>>
>> If the website that is being asked for is not in the whitelist, won't it
>> fall through and ask for authentication? That is how it seems to work to
>> me. That's why I am thinking I need 2 dif
s Jeffries
wrote:
> On 21/11/17 05:02, Paul Hackmann wrote:
>
>> Hi all. I've got a fairly basic squid config set up on linux. I have
>> basic authentication set up on it to the default 3128 port, and it works
>> just fine. I would like to keep this configuration. How
Hi all. I've got a fairly basic squid config set up on linux. I have
basic authentication set up on it to the default 3128 port, and it works
just fine. I would like to keep this configuration. However, I would like
to set up another port that only allows a certain whitelist of websites
that do
It is supposed to be some headers in the http protocol; a description from the vendor:"Ensure that any proxy, firewall or content filtering applications or devices are not stripping header information from FTP or HTTP traffic, especially file size header information." In the SEPM error log, it is s
This fixed the WSUS server, it wasn't the cache_peer parameter after all.acl inside dstdomain .mydomain.comalways_direct allow inside never_direct allow all The SEPM might have an additional known issue (known by Symantec that is)If a proxy or a firewall is stripping, compressing, or encrypting con
I've inherited a squid proxy at work; I'm new to squid, so this is still on the learning curve. Unfortunately no one else in the office is very good with squid either, so I'm attempting to be the resident guru.Our network is all in private IP address space. A MS WSUS server and a Symantec Endpoin
Thank you
Paul.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
bump
Am 22.06.2016 um 16:58 schrieb Paul Buechler:
the documentation says:
[http::]>stTotal size of request received from client. Excluding
chunked encoding bytes.
so is it possible to have the chunked encoding bytes included?
___
sq
the documentation says:
[http::]>st Total size of request received from client. Excluding chunked
encoding bytes.
so is it possible to have the chunked encoding bytes included?
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://li
ze of an upload?
Paul
Am 03.06.2016 um 07:53 schrieb Amos Jeffries:
On 2/06/2016 9:01 p.m., Paul Buechler wrote:
Hi,
@Yuri Voinov:
I've only tested it with the webclient.
@Amos Jeffries:
I've tested it with %st and the downloadsize is fine for me now, thanks.
Are there any plans to
Hi,
@Yuri Voinov:
I've only tested it with the webclient.
@Amos Jeffries:
I've tested it with %st and the downloadsize is fine for me now, thanks.
Are there any plans to implement a format code to see the uploadsize?
It would be nice to have this feature.
best regards,
Paul
Am
Hello there,
i've got the problem that i can't see the size of uploades to google
drive in the access.log. Also the downloads aren't visible to me.
Is this a problem caused by HTTPS? I tried changing the logformat but
this didn't helped.
best regards,
Paul
system
Hello,
3.5.15 is it really stable ?
http://www.spinics.net/lists/squid/msg79997.html
says 3.5.15 crash ...
Paul
2016-02-24 19:21 GMT+01:00 Yuri Voinov :
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Squid's upgrade is the best solution.
>
> 24.02.1
best solution for parent squid ? for child squid ?
Where should i put these lines in squid.conf ?
Thank you
Paul
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
.cc:174: "len_ + len < 65536"*
Can you explain me how to fix the problem ?
Regards,
Paul
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
on_access service_req deny CONNECT
adaptation_access service_req allow all
Although I haven't tested this thoroughly yet, it appears to allow the
initial tunnel creation but allow filtering of subsequent requests
within those tunnels. Although I guess this will only work for bumped
connections.
FAILED error. I could be wrong
but I would imagine this error is by design, as Chrome will only
respond to a proxy authentication request or SSL handshake in response
to a HTTP CONNECT?
If that's correct, I was wondering if there is a way to get this to
work, with peek and splice possibly or
the instructions for setting up Kerberos authentication are for Linux,
I am unsure which parts are applicable to Windows.
Can anyone help with the requirements for both of these new helpers in 3.5.7
under Windows?
Can I just use the helper from 2.7 in 3.5
Hello,
I have this error on squid 3.5.5:
(squid-1): tcp logger buffer overflowed then the process exit with status 1
and (squid -1) restart.
and some minutes after (squid -1) crashes again.
What can I do to solve problem?
Thanks,
Paul
___
squid-users
receive a
redirection page to let him know he should not surf on this site. How to
enable a redirection for a https forbidden site ?
Thank you
Paul
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo
Hello,
I'm working with SQUID 3.5.6 win64 version et i'm very happy with.
I'm looking for a loganalysis software running under Windows... Does
anybody know one ? I'm running Windows 8.1 64 bits.
Thanks in advance... Regards,
Paul
___
3.3.8 ?
Because if I upgrade squid to version 3.5.5, I should also need to upgrade
my network capacity, what do you think ?
Thank you
Paul
2015-07-01 14:15 GMT+02:00 Amos Jeffries :
> On 1/07/2015 11:49 p.m., Paul Martin wrote:
> > Hello,
> >
> > I am using 2 machines w
compare with 3.3.8 ?
Thanks.
Paul
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Thank you Amos,
but I got the same problem with squid 3.5.3-20150456-r13812
Any other suggestions ?
Paul
2015-04-28 16:01 GMT+02:00 Amos Jeffries :
> On 29/04/2015 1:25 a.m., Paul Martin wrote:
> > Hi Dan,
> >
> > problem is the same following Michael' idea.
> &
ution ?
Thank you
Paul
2015-04-28 13:11 GMT+02:00 :
> Hi Paul
>
> See Michael’s reply to my thread about the same problem, not long ago:
>
> http://squid-web-proxy-cache.1019090.n4.nabble.com/Re-assertion-failed-src-ipc-AtomicWord-h-88-Enabled-tp4670597p4670793.html
>
>
>
ory_cache_shared on") ?
(many versions (squid 3.5.3r13abc) tested and same problems)
Why problem 2 ?
Thank you,
Paul
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
with the MIT Kerberos packages
included with Ubuntu 12.04 and 14.04 to know whether the patch is included in
the later versions.
Regards
Paul
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of Pedro Lobo
Sent: Tuesday, 28 October 2014 7:26 AM
To: Markus
45 matches
Mail list logo
