Re: [squid-users] logging to syslog

Also its a bit Off-Topic, I think it's a good idea that another user grep the information out of the access.log instead of let the access.log direct "write" in the syslog. In my eyes its more secure. Best Regards Sebastian ___ squid-users mailing li

Re: [squid-users] logging to syslog

oc/config/access_log/). You could try ( I didn’t do it before) to use syslog as module and insert it in your squid.conf Best Regards Sebastian Von: Avraham Serour [mailto:tovm...@gmail.com] Gesendet: Mittwoch, 11. November 2015 11:48 An: Sebastian Kirschner Betreff: Re: [squid-users] logging

Re: [squid-users] logging to syslog

Hi Avraham, I think it wouldnt be a good idea to just create a symlink because squid (or the user under which squid runs) then must have access to the syslog, and if your squid instance get compromised the the syslog is open to read for these one. Best Regards Sebastian

Re: [squid-users] SSL bumping without faked server certificates

Hi Stefan, I think it would be better to peek at step1 (Then you have the Client SNI) and at step2 you could bump or splice. Your config > My assumption is that I have to use in Squid's config: >https_port :3443 intercept ssl-bump cert= >key= >acl MYSITE ssl:server_name .mydomain.com >ssl_bump

Re: [squid-users] Ssl-Bump and revoked server certificates

Hi, regarding my missing programming skills it is hard for me to understand the code. Regardless of that I have a suggestion that could be added to the code, hope it would work. These should add a "variable" SNI , these should be "called" from cert_validate_message.h/.cc and appended as new lin

Re: [squid-users] squid: ERROR: Could not send signal 1 to process 4711: (1) Operation not permitted

16:01 An: Sebastian Kirschner Betreff: Re: [squid-users] squid: ERROR: Could not send signal 1 to process 4711: (1) Operation not permitted the file is /var/run/squid.pid i change the owner from root to squid user but i still have the error On 29.10.2015 14:23, Sebastian Kirschner wrote: >

Re: [squid-users] squid: ERROR: Could not send signal 1 to process 4711: (1) Operation not permitted

Hi Cheikhou, sounds like wrong access right for the .pid file, the default is /usr/local/squid/var/run/${service_name}.pid , if you can't find it there have a look in your squid.conf maybe you set it to another location. Maybe I´m wrong but your PID file should be accessible from user squid be

Re: [squid-users] Ssl-Bump and revoked server certificates

Hi Amos, > You may need to use key_extras feature for now to send the SNI logformat > value explicitly in a new key=value field. Could you give me a hint where I find informations about that ? I searched in Wiki and google but only find a possibility to sending key_extras for auth_param, also i

Re: [squid-users] Ssl-Bump and revoked server

Hi Amos, > You may need to use key_extras feature for now to send the SNI logformat > value explicitly in a new key=value field. Could you give me a hint where I find informations about that ? I searched in Wiki and google but only find a possibility to sending key_extras for auth_param, also i

Re: [squid-users] Ssl-Bump and revoked server certificates

2 acl step3 at_step SslBump3 ssl_bump peek step1 ssl_bump bump all sslcrtvalidator_program cache=8192 ttl=240 /tmpfs/main.sh #sslcrtvalidator_children 12 startup=5 idle=1 concurrency=1 # Setup allowed acls # Allow local network(s) on interface(s) http_access allow allowed_subnets http_access allow localnet # Default block all to be sure http_access deny allsrc icap_enable on icap_send_client_ip on icap_send_client_username on icap_client_username_encode off icap_client_username_header X-Authenticated-User icap_preview_enable on icap_preview_size 1024 icap_service service_avi_req reqmod_precache icap://[::1]:1344/squid_clamav bypass=off adaptation_access service_avi_req allow all icap_service service_avi_resp respmod_precache icap://[::1]:1344/squid_clamav bypass=on adaptation_access service_avi_resp allow all Mit freundlichen Grüßen / Best Regards Sebastian Kirschner ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Ssl-Bump and revoked server certificates

-cache.org Subject: Re: [squid-users] Ssl-Bump and revoked server certificates Message-ID: <5628af57.6060...@treenet.co.nz> Content-Type: text/plain; charset=utf-8 On 22/10/2015 7:22 p.m., Sebastian Kirschner wrote: > Hi, > > I have a question regarding the SSL Server Certificate Va

[squid-users] Rückruf: squid-users Digest, Vol 14, Issue 73

Sebastian Kirschner möchte die Nachricht "squid-users Digest, Vol 14, Issue 73" zurückrufen. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid-users Digest, Vol 14, Issue 73

-cache.org Subject: Re: [squid-users] Ssl-Bump and revoked server certificates Message-ID: <5628af57.6060...@treenet.co.nz> Content-Type: text/plain; charset=utf-8 On 22/10/2015 7:22 p.m., Sebastian Kirschner wrote: > Hi, > > I have a question regarding the SSL Server Certificate Va

Re: [squid-users] Ssl-Bump and revoked server certificates

#x27;t find any information's about that. Best Regards Sebastian Kirschner ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Ssl-Bump and revoked server certificates

Hi Walter, do you have an update regarding your correct certificate validator ? Mit freundlichen Grüßen / Best Regards Sebastian Kirschner ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid ignores crlfile options

Message-ID: <560d3a7c.2020...@treenet.co.nz> Content-Type: text/plain; charset=utf-8 On 1/10/2015 11:54 p.m., Sebastian Kirschner wrote: > Hi > > I´m using squid (3.5.9) as transparent https proxy with build options (see > below) and config (see below , I removed some uninteres

[squid-users] Squid ignores crlfile options

Hi I´m using squid (3.5.9) as transparent https proxy with build options (see below) and config (see below , I removed some uninteresting things from the config like caching). To get the system more secure I would like to add crl checking (at the moment static , later maybe dynamic if it's po

Re: [squid-users] after changed from 3.4.13 to 3.5.8 sslbump doesn't work for the site https://banking.postbank.de/

flags=1, data=0x804bc2718, size=1540, buf=0x804bfbfff) Mit freundlichen Grüßen / Best Regards Sebastian Kirschner  ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] RE Peek and Splice error SSL_accept failed

>Is that all sites or just a few special sites? >James I tested a few sites like google , youtube , sparkasse, sparklabs, all with the same issue. Mit freundlichen Grüßen / Best Regards Sebastian ___ squid-users mailing list squid-users@lists.squid

[squid-users] RE Peek and Splice error SSL_accept failed

Hi , I minimized the configuration a little bit(you could see it at the bottom of these message). Also I still try to understand why these error happen , I increased the Debug level and saw that squid tried 48 times to peek but failed. At the end It says that it got an "Hello", does it mean tha

[squid-users] Peek and Splice error SSL_accept failed

Hi I´m using squid with version 3.5.6 in an debian test system. I try to bypass some sites using the "ssl::server_name" acl , to do that I need to peek the connection first to decide if should be spliced or bumped. But if I use peek at Step 1 , errors "client_side.cc(4245) clientPeekAndSpliceSS