The formatting was messed up in my last e-mail.
acl mmedia_users proxy_auth_regex -i "/etc/squid/mmedia_users"
acl mmedia_sites dstdomain "/etc/squid/mmedia_sites"
http_access allow mmedia_sites mmedia_users
-Original Message-----
From: Piana, Josh
Sent: Tuesday, Marc
alf Of Amos
Jeffries
Sent: Saturday, March 1, 2025 3:31 AM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] ACL block_user List
Caution: This email originated from outside of Hexcel. Do not click links or
open attachments unless you recognize the sender and know the content is safe.
On
Hello,
I am attempting to setup an ACL block list based on usernames from a windows AD
environment.
When I have this added to my squid.conf file, all outbound connections stop
working:
acl block_user proxy_auth_regex -i "/etc/squid/block_user"
http_access deny block_user
I have also tried "!b
time to respond, I'm working with RedHat support to
figure out the Kerberos issues now. PITA.
Thanks,
Josh
-Original Message-
From: Marko Cupać
Sent: Monday, November 25, 2024 11:36 AM
To: Piana, Josh
Cc: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] krb5.conf Exa
Hey Squid Users,
Wanted to reach out and see if there was an updated version of the
/etc/krb5.conf example file anywhere.
I've been using
"wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory" as a
reference point and I'm concerned that the Squid 3, Windows 2003/2008, and s
Amos,
OH.
Is this because I'm defining the localnet and then the response rule just
allows all traffic from this network?
My intention was to specify the localnet, then allow traffic from that network
as it filters through all the other ACL's. So should I remove the rule entirely
or change
Is there anyone who could help me with this?
-Original Message-
From: Piana, Josh
Sent: Tuesday, November 12, 2024 10:43 AM
To: squid-users@lists.squid-cache.org
Subject: RE: [squid-users] Access Log Question
Yeah, we have a few.
I'll try to detail them below, I apologi
not click links or
open attachments unless you recognize the sender and know the content is safe.
On 12.11.24 15:22, Piana, Josh wrote:
>I seem to be able to generate tickets by checking klist, and using kinit to
>authenticate my username with AD. But it looks like the proxy is
links or
open attachments unless you recognize the sender and know the content is safe.
On 12.11.24 15:16, Piana, Josh wrote:
>Seems like it.
>
>Example:
>
>12/Nov/2024:09:51:37 -0500.396 10.46.49.135 TCP_TUNNEL/200 23735
>CONNECT
>http://www.sa/
>fgard.com%3A443%2F
: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Access Log Question
Caution: This email originated from outside of Hexcel. Do not click links or
open attachments unless you recognize the sender and know the content is safe.
On 12.11.24 14:56, Piana, Josh wrote:
> At some point,
Hello Squid Users,
At some point, the access log has stopped recording which users are trying to
access which sites.
I'm currently thinking is could be an issue with log format, Squid not being
able to receive the header information, or authentication is being bypassed
completely due to our co
?
Thank you,
Josh
-Original Message-
From: Alex Rousskov
Sent: Thursday, October 24, 2024 4:46 PM
To: Piana, Josh ; squid-users@lists.squid-cache.org
Subject: Re: [squid-users] proxy_auth_regex
Caution: This email originated from outside of Hexcel. Do not click links or
open attachme
me; }}
current master transaction: master1082
-Original Message-
From: Alex Rousskov
Sent: Thursday, October 24, 2024 4:46 PM
To: Piana, Josh ; squid-users@lists.squid-cache.org
Subject: Re: [squid-users] proxy_auth_regex
Caution: This email originated from outside of Hexcel. Do not click l
me; }}
current master transaction: master1082
-Original Message-
From: Alex Rousskov
Sent: Thursday, October 24, 2024 4:46 PM
To: Piana, Josh ; squid-users@lists.squid-cache.org
Subject: Re: [squid-users] proxy_auth_regex
Caution: This email originated from outside of Hexcel. Do not click l
ted to my "CONNECT" parameters.
I'm using " acl CONNECT method CONNECT" but this might be too limiting?
I'll get back to you with cache.log things soon.
-Original Message-
From: Alex Rousskov
Sent: Thursday, October 24, 2024 4:46 PM
To: Piana, Josh ; squid
gt;a %Ss/%03>Hs %
Sent: Thursday, October 24, 2024 4:13 PM
To: Piana, Josh ; squid-users@lists.squid-cache.org
Subject: Re: [squid-users] proxy_auth_regex
Caution: This email originated from outside of Hexcel. Do not click links or
open attachments unless you recognize the sender and know the
Hey Squid users,
Running into an issue I'm trying to figure out.
We have a few acl directives using "proxy_auth_regex -i" and when I have these
active, it blocks any proxy connection with an HTTP 407 error, according to the
logs.
Here's an example:
# block certain user IDs from using proxy ser
evice over port 4434
Caution: This email originated from outside of Hexcel. Do not click links or
open attachments unless you recognize the sender and know the content is safe.
On 19/10/24 08:52, Piana, Josh wrote:
>
> On a separate note, what would cause me to need to authenticate everytime
Hexcel. Do not click links or
open attachments unless you recognize the sender and know the content is safe.
On 17.10.24 20:40, Piana, Josh wrote:
> To clarify on the test, port 4434 is the port that was assigned to get
> access to that device, one of our firewalls.
>
> I looked at t
: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Unable to access a device over port 4434
Caution: This email originated from outside of Hexcel. Do not click links or
open attachments unless you recognize the sender and know the content is safe.
On 16/10/24 09:39, Piana, Josh wrote:
>
Subject: Re: [squid-users] Unable to access a device over port 4434
Caution: This email originated from outside of Hexcel. Do not click links or
open attachments unless you recognize the sender and know the content is safe.
On 16.10.24 16:10, Piana, Josh wrote:
>After running the below
, 2024 10:22 AM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Unable to access a device over port 4434
Caution: This email originated from outside of Hexcel. Do not click links or
open attachments unless you recognize the sender and know the content is safe.
On 16.10.24 13:43, P
achments unless you recognize the sender and know the content is safe.
On 15.10.24 20:39, Piana, Josh wrote:
>Thank you for getting back to me and clarifying.
>
>I ran this command:
>#wget -Y off 172.27.46.253
>
>Response:
>--2024-10-15 16:36:15--
>http://172.0.0.27
o not click links or
open attachments unless you recognize the sender and know the content is safe.
On 11/10/24 07:21, Piana, Josh wrote:
> Hello Matus,
>
> I apologize, I was unable to read any of the links that were responded with
> because our environment appended the "
&
know the content is safe.
On 09.10.24 19:59, Piana, Josh wrote:
>I'm running into an issue wherein, when using Squid proxy, I'm unable to get
>to one of our management devices from port 4434.
>
>I've already verified that this device is not blocking access from the proxy
&
Hello Squid users,
I'm running into an issue wherein, when using Squid proxy, I'm unable to get to
one of our management devices from port 4434.
I've already verified that this device is not blocking access from the proxy
directly, and should be allowed to get to the access page.
- Wh
2024 10:51 AM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Unable to access internal resources via hostname
Caution: This email originated from outside of Hexcel. Do not click links or
open attachments unless you recognize the sender and know the content is safe.
On 6/09/24 03
ments unless you recognize the sender and know the content is safe.
On 2024-09-16 14:06, Piana, Josh wrote:
>> http_access deny !localnet
> This denies HTTP traffic to what I defined as "localnet". ... Because
> this argument is near the bottom of my config, won't all othe
"why can't I get this to work?"
Thank you,
Josh
-Original Message-
From: ngtech1...@gmail.com
Sent: Tuesday, September 17, 2024 4:17 AM
To: squid-users@lists.squid-cache.org
Cc: Piana, Josh
Subject: RE: [squid-users] Unable to access internal resources via hostname
this port
http_port 8080
##
# END OF FILE
##
-Original Message-
From: Alex Rousskov
Sent: Monday, September 16, 2024 1:35 PM
To: Piana, Josh
Subject: Re: [squid-users]
is safe.
On Monday 16 September 2024 at 20:06:41, Piana, Josh wrote:
> How I understand the rules are as follows:
> > http_access deny !localnet
>
> This denies HTTP traffic to what I defined as "localnet".
No; firstly the "localnet" ACL is defined by *sourc
Sent: Monday, September 16, 2024 10:42 AM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Unable to access internal resources via hostname
Caution: This email originated from outside of Hexcel. Do not click links or
open attachments unless you recognize the sender and know the
open attachments unless you recognize the sender and know the content is safe.
On 6/09/24 03:56, Piana, Josh wrote:
> Hello Amos,
>
> While the comments did say that it was just the 10.46.11.0 range, I don't
> think there's any other ACL forcing that. I tried adding the
0:51 AM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Unable to access internal resources via hostname
Caution: This email originated from outside of Hexcel. Do not click links or
open attachments unless you recognize the sender and know the content is safe.
On 6/09/24 03:56, Pian
Unable to access internal resources via hostname
Caution: This email originated from outside of Hexcel. Do not click links or
open attachments unless you recognize the sender and know the content is safe.
On 2024-09-04 12:25, Piana, Josh wrote:
> That's REALLY strange that its getting blo
Hello Amos,
While the comments did say that it was just the 10.46.11.0 range, I don't think
there's any other ACL forcing that. I tried adding the the two internal sites
that are being blocked by their IP, restarted Squid, and tested. Still being
blocked. You are right though, both of those we
Alex,
Double disregard.
I was connected to our old proxy still when I tested that. Still not working
local to local.
-Original Message-
From: squid-users On Behalf Of
Piana, Josh
Sent: Wednesday, September 4, 2024 12:40 PM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid
13:14:11.467 kid1| 85,2| client_side_request.cc(758)
clientAccessCheckDone: The request CONNECT hexcelssp:443 is AUTH_REQUIRED; last
ACL checked: block_user
On 2024-08-29 10:34, Piana, Josh wrote:
> Good morning Alex,
>
> I've added the following to my squid.conf file # logformat cu
lute path and double check that the file contains "hexcelssp" name.
HTH,
Alex.
2024/09/03 13:14:11.467 kid1| 85,2| client_side_request.cc(758)
clientAccessCheckDone: The request CONNECT hexcelssp:443 is AUTH_REQUIRED; last
ACL checked: block_user
On 2024-08-29 10:34, Piana, Josh
-users@lists.squid-cache.org
Subject: Re: [squid-users] Unable to access internal resources via hostname
Caution: This email originated from outside of Hexcel. Do not click links or
open attachments unless you recognize the sender and know the content is safe.
On 2024-08-29 13:08, Piana, Josh wrote:
M
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Unable to access internal resources via hostname
Caution: This email originated from outside of Hexcel. Do not click links or
open attachments unless you recognize the sender and know the content is safe.
On 2024-08-29 10:34, Pia
-Original Message-
From: squid-users On Behalf Of Alex
Rousskov
Sent: Wednesday, August 28, 2024 4:01 PM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Unable to access internal resources via hostname
Caution: This email originated from outside of Hexcel. Do not click links or
ution: This email originated from outside of Hexcel. Do not click links or
open attachments unless you recognize the sender and know the content is safe.
On 2024-08-28 14:18, Alex Rousskov wrote:
> On 2024-08-28 11:24, Piana, Josh wrote:
>
>> Here's the log and (I think) relevant AC
outside of Hexcel. Do not click links or
open attachments unless you recognize the sender and know the content is safe.
On 28.08.24 14:20, Piana, Josh wrote:
>Hello Squid Support,
This squid user forum FYI
> We are unable to get to internal resources via hostname but using the
> IP a
Hello Squid Support,
We have a newly configured Squid Web Proxy that is allowing connections to
external addresses as expected, seemingly following the written ACL's we have
in place.
We are unable to get to internal resources via hostname but using the IP
address works fine. Immediately, I th
Hello Squid Support,
We upgraded our Squid Web Proxy from 2.5 to 5.5 recently. After working out a
few issues with backend services and authentication, our client can finally
browse the web and adhere to all of the ACL rules and lists as expected.
The problem we're having now is that we're unab
ousskov
Sent: Monday, August 19, 2024 4:15 PM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid.conf Issues
Caution: This email originated from outside of Hexcel. Do not click links or
open attachments unless you recognize the sender and know the content is safe.
On 2024-08-1
Caution: This email originated from outside of Hexcel. Do not click links or
open attachments unless you recognize the sender and know the content is safe.
On 2024-08-19 11:16, Piana, Josh wrote:
> After setting up the backend using realmD, sssd, with Kerberos
> authentication, I tested w
Good morning Squid Support,
I've been setting up a replacement Squid proxy server.
After setting up the backend using realmD, sssd, with Kerberos authentication,
I tested with a Windows "squidaduser" account. I can verify the user accounts
connection to the proxy, and it is passing traffic. The
Hey Everyone.
I apologize in advance for any lack of formality normally shared on mailing
lists such as these, it's my first time seeking product support in this manner.
I want to start by saying that I'm new to Linux, been using Windows
environments my entire life. Such is the reason for me re
50 matches
Mail list logo
