nd an authentication challenge that the
browser will send the active AD user? And if the machine doesn't
connected to the domain it won't popup the login box?
Do I also need to configure the squid server as a trusted server in the
domain?
Thanks,
Ben
.fqdn/path/to/file
As we’re sadly not progressing.. I think we’ll pivot to building our own thing
to more closely match our requirements.
Thanks to yourself and Amos for responding.
Regards,
Ben.
From: squid-users on behalf of Alex
Rousskov
Date: Monday, 15 July 2024 at 19:38
To: s
er [call252] because comm_remove_close_handler
Still need to dig in more.. but the true error seems to be: ERR_READ_ERROR "Bad
Gateway"
Regards,
Ben.
From: Ben Toms
Date: Saturday, 13 July 2024 at 13:04
To: Alex Rousskov
Subject: Re: [squid-users] TCP_MISS_ABORTED/502
Well.. tried with
Thanks, Alex.
Where would I find those headers?
Looking at the origin servers apache logs.. it’s sending a 200 response.
Regards,
Ben
On Fri, 12 Jul 2024 at 18:26, Alex Rousskov <
rouss...@measurement-factory.com> wrote:
> On 2024-07-12 13:03, Ben Toms wrote:
>
> > So the
?
Regards,
Ben.
From: Ben Toms
Date: Friday, 12 July 2024 at 17:56
To: Alex Rousskov ,
squid-users@lists.squid-cache.org
Subject: Re: [squid-users] TCP_MISS_ABORTED/502
So, with the below config:
https_port 443 accel protocol=HTTPS tls-cert=/usr/local/squid/client.pem
tls-key=/usr/local/squid/
shows a 200 for the request:
[12/Jul/2024:17:49:57 +0100] "GET /path/to/file HTTP/1.1" 200 10465 "-"
"curl/8.7.1"
And this is when testing via:
curl -D - https://local.server.fqdn/path/to/file -H "Authorization: Basic
base64auth" -o /dev/null
Regards,
Ben
Hi Alex,
Which log should those be found?
Can’t see “HTTP Server RESPONSE” in the access.log or cache.log.
Regards,
Ben.
From: squid-users on behalf of Alex
Rousskov
Date: Friday, 12 July 2024 at 17:11
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] TCP_MISS_ABORTED/502
On
Think I made the changes Alex requested:
12/Jul/2024:15:36:31 +.640 local.server.ip TCP_MISS_ABORTED/502 3974 GET
https://local.server.fqdn/path/to/file -
FIRSTUP_PARENT/public.ip.of.public.server text/html ERR_READ_ERROR/WITH_SERVER
Regards,
Ben.
From: Ben Toms
Date: Friday, 12 July
;charset=utf-8
Content-Length: 3629
X-Squid-Error: ERR_READ_ERROR 0
Vary: Accept-Language
Content-Language: en
Cache-Status: squid.host;detail=mismatch
Via: 1.1 squid.host (squid/6.6)
Connection: keep-alive
--
Regards,
Ben.
From: squid-users on behalf of Amos
Jeffries
Date: Friday, 12 July
Seems that my issue is similar to -
https://serverfault.com/questions/1104330/squid-cache-items-behind-basic-authentication
Regards,
Ben.
From: Ben Toms
Date: Friday, 12 July 2024 at 12:07
To: squid-users@lists.squid-cache.org
Subject: Re: TCP_MISS_ABORTED/502
To test, I changed the parent
To test, I changed the parent url to my blog.. and was able to download an item
there via squid-cache.. so the issue seems to be when downloading from a parent
which requires authentication.
Regards,
Ben.
From: Ben Toms
Date: Friday, 12 July 2024 at 10:29
To: squid-users@lists.squid
Hi Amos,
I made the changes suggested, biut still getting TCP_MISS_ABORTED/502.
The test I’m performing is via a simple curl:
curl https://local.server.fqdn/some/file/path -H "Authorization: Basic
base64_auth" -o ~/Downloads/test
The Apache logs for the parent (public.server.fqdn), show:
[12/
.
Regards,
Ben.
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
ere a more gentle way of doing it?
Thanks,
Ben
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
Ratio in squid mgr:info report lines up with the
> increased efficiency.
>
> Cheers,
> Amos
>
>
> Original message
> From: Ben Goz
> Date: Mon, 25 Dec 2023, 04:11
>
> Hi,
> This is basically the network topology that I'm using:
> adsl &l
es' '--with-openssl' '--enable-ssl' '--enable-ssl-crtd'
'--enable-icap-client' '--enable-linux-netfilter' '--disable-ident-lookups'
And I turned off persistence from client, icap and server sessions.
What could be the problem?
Thank
icap needs to send back data to squid and
while it's sending the session is closed.
What do you think?
בתאריך שבת, 21 באוק׳ 2023 ב-22:35 מאת Ben Goz <ben.go...@gmail.com>:
> By the help of God.
>
> I'll clarify more when I'm looking at chrome's Internet Too
ing here is that for many other
URLs this setup works fine.
So currently I don't have any idea how to work it out.
If more information about my setup is needed please let me know.
Thanks,
Ben
בתאריך יום ו׳, 20 באוק׳ 2023 ב-6:27 מאת Amos Jeffries <
squ...@treenet.co.nz>:
>
ed to bumd certain subdomains before the
whole domain is bumped.
ssl_bump splice NoSSLInterceptRegexp_always
ssl_bump stare all
Other CONNECT requests are served noramly.
Is this issue could be a root cause for the generally slow internet?
Thanks,
Ben
___
message?
How can I find out what is the root cause of this message?
Can I increase the ICAP reply pipe in Squid's configuration?
Thanks,
Ben
--- End Message ---
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
Why is splicing making this error?
בתאריך יום ב׳, 28 באוג׳ 2023 ב-13:54 מאת Ben Goz <ben.go...@gmail.com
>:
> ב"ה
>
> I'm using squid version:
> nativ@arachimprodsrv3:/usr/local/squid/etc$ /usr/local/squid/sbin/squid -v
> Squid Cache: Version 6.1-VCS
>
y the
urls in splice.list bumped although they should be spliced as seen in the
access log:
1693219853.255626 192.168.28.254 TCP_MISS/200 64439 GET
https://www.prog.co.il/ - HIER_DIRECT/172.67.196.36 text/html
And I see in the browser's certificate viewer my squid self signed
certificate.
W
By the help of God.
Amos,
This is how I'm splicing the ACL from above.
ssl_bump splice bypass
acl DiscoverSNIHost at_step SslBump1
ssl_bump peek DiscoverSNIHost
בתאריך יום ה׳, 13 ביולי 2023 ב-12:44 מאת Amos Jeffries <
squ...@treenet.co.nz>:
> On 13/07/23 20:29, Ben Goz
e.com is bumped.
What am I doing wrong?
Regards,
Ben
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
web content received to
c-icap server?
Thanks,
Ben
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
uss...@measurement-factory.com>:
> On 6/15/23 07:31, Ben Goz wrote:
>
> > the tproxy configuration works perfectly using http without ssl,
> > But using ssl I'm getting in browser ssl error "ERR_SSL_PROTOCOL_ERROR"
>
>
> > http_port 0.0.0.0:3130 t
/libexec/security_file_certgen -s
/var/lib/ssl_db -M 4MB
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump bump all
Still the same issue.
בתאריך יום ה׳, 15 ביוני 2023 ב-14:31 מאת Ben Goz <ben.go...@gmail.com
>:
> By the help of God.
>
> Hi,
> I'm using squi
(policy ACCEPT)
target prot opt source destination
Chain DIVERT (1 references)
target prot opt source destination
MARK all -- anywhere anywhere MARK set 0x1
ACCEPT all -- anywhere anywhere
Did I miss something?
Than
On 11/05/2023 15:58, Alex Rousskov wrote:
On 5/11/23 06:26, Ben Goz wrote:
I have a machine with N (while N is always bigger than 1) different
ip addresses and for each ip address I have a different squid
instance. And I also have N icap servers. What is the best
configuration that each
By the help of God.
I have a machine with N (while N is always bigger than 1) different ip
addresses and for each ip address I have a different squid instance. And I
also have N icap servers. What is the best configuration that each squid
will be attached to a different icap service?
Thanks,
Ben
On 21/01/2023 14:59, Amos Jeffries wrote:
On 20/01/2023 9:16 am, Marcus Kool wrote:
The squid log file contains the IP address of clients and could be a
good field to use for counting users. But a NAT shows 1 IP for all
users behind the NAT...
Marcus
On 19/01/2023 15:48, Ben Goz wrote
By the help of God.
Hello,
I have a certain task to count the number of unique devices connected
(Could be also transparently) to squid proxy server. While the users can be
on different networks and behind NAT.
Is it possible?
What is the best approach of implement it?
Thanks.
Ben
By the help of God.
Hi Eliezer,
Can you please elaborate more?
בתאריך יום ב׳, 16 בינו׳ 2023 ב-23:51 מאת <ngtech1...@gmail.com>:
> Hey Ben,
>
> Depends on the size and the load of your setup there are other solutions
> out there you can try and make sure if they meet your
e, Is it possible to
configure squid that it'll bypass ssl-bump only when the URL is used for
unsupported protocols (like web sockets)?
Thanks,
Ben
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
By the help of God.
On 14/07/2022 12:10, Amos Jeffries wrote:
On 5/07/22 02:12, Ben Goz wrote:
By the help of God.
Hi,
I want to use squid access list to implement white list of group of
urls.
If I want to while list domain example.com <http://example.com> and
this website invoke
page from example.com.
What is the recommended way to solve this problem without manually
including all domains to white list?
Regards,
Ben
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Hi Eliezer,
It worked! Now I can set my IPV6 input policy back to DROP.Anyway, this
is my only ipv6-related firewall rules and anything else are defaults.
Thank you!
I have verified that the Pinger process is at fault.
I don't know if it's a bug or not.
You can disable pinger and it will wor
uld be the culprit.
Again, many thanks for your help
Hey Ben,
The next step in this situation is to try and connect with netcat from a
remote host and also locally.
From what I understood the issue was a firewall issue so Squid was
listening.
I can also assume that squid was listening.
Just
Hello,
I've finally pinpointed the cause. It is my IPV6 iptables rules at
fault. Once I changed the INPUT policy from DROP to Accept, everything
works as expected! what a waste of so many hours! Thank you all
Hello,
It could be that squid doesn't like some of my packages(I'm not sure
which o
Hello,
It could be that squid doesn't like some of my packages(I'm not sure
which one). I installed the following packages:
strongswan,nrpe, nagios-plugins
I also tweaked some kernel settings
net.ipv4.ip_forward = 1
net.ipv4.ip_local_port_range = 1 61000
net.ipv4.tcp_max_syn_backlog = 81
Hello,
It looks like that if I start installing it right after OS installation,
it works. But not if I install any packages, for example, make,
gcc,strongswan and so on. once it stop working, it will not work anymore
even if I remove all aforementioned packages. reboot also doesn't help.
I
,
but most of times it didn't. I also tried to install from a PPA repos
and it is the same story. Any suggestion?
Hey Ben,
I cannot tell you if there is something wrong with what you are doing or the
OS.
What I did was to install a basic squid on ubuntu 20.4 which comes with
version 4.10.
I shut
Hey Ben,
If it doesn't work for you then you are clearly doing something wrong
I can try to give you instructions on how to make it work 100% unless your
setup is messed up or is not a plain ubuntu 20.04.
Is it a simple VM?
Eliezer
___
s
@gmail.com
-Original Message-
From: squid-users On Behalf Of ben
Sent: Friday, March 4, 2022 16:45
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] SQUID refuses to listen on any TCP Port
Hi,
Does it have ssl enabled? I use squid mainly as a https proxy server and
the default
Hi,
Does it have ssl enabled? I use squid mainly as a https proxy server and
the default version on ubuntu 20.04 doesn't have it. Thank you for being
so kind
在 2022/3/4 22:41, Eliezer Croitoru
Do you want to try another version of squid that was compiled by me?
All The Bests,
Eliezer
_
Hi,
But the sad fact is that there is an empty result when running netstat
-tunpal | grep 3128. Nor can I telnet localhost 3128 successfully.Any
idea what it is going on? Thank you!
在 2022/3/4 21:18, Amos Jeffries :
This log shows port 3128 being opened, right at the end.
2022/03/04 18:12:
Hi,
I've done this and uploaded the log. Please take a look at it. Thank you
https://www.dropbox.com/s/k8nwdjs7bly4exw/squid.log.gz
On 3/3/22 11:12, ben wrote:
I tried your suggestions and it is the same result
first I deliberately put some erroreous config in squid.conff and it
fail
Hi,
I tried your suggestions and it is the same result
first I deliberately put some erroreous config in squid.conff and it
failed to start as a result.
When I ran it again by specifying the default config manually, it make
no difference from before.
Many thinks for your help
root@vps:/etc/s
Hi,Alex,
Thanks for your help. I run squid with the option d1 and its output is
as followings
2022/03/03 09:17:39 kid1| Current Directory is /root
2022/03/03 09:17:39 kid1| Starting Squid Cache version 4.17 for
x86_64-pc-linux-gnu...
2022/03/03 09:17:39 kid1| Service Name: squid
2022/03/03 0
-5-28704261
> Email: ngtech1...@gmail.com
>
> -Original Message-
> From: squid-users On Behalf
> Of Christos Tsantilas
> Sent: Monday, February 21, 2022 11:41
> To: squid-users@lists.squid-cache.org
> Subject: Re: [squid-users] Splice certain SNIs which served by the same
By the help of God.
Any insights?
Thanks,
Ben
בתאריך יום ב׳, 14 בפבר׳ 2022 ב-15:49 מאת Ben Goz <ben.go...@gmail.com
>:
> By the help of God.
>
> Hi,
> Ny squid version is 4.15, using it on tproxy configuration.
>
> I'm using ssl bump to intercept https con
By the help of God.
Hi,
Ny squid version is 4.15, using it on tproxy configuration.
I'm using ssl bump to intercept https connection, but I want to splice
several domains.
I have a problem that when I'm splicing some google domains eg. youtube.com
then
gmail.com domain also spliced.
I know that
By the help of God.
I'm using squid 4.15
When I said transparent proxy I meant to say that I'm using tproxy
configuration with iptables redirection.
Squid returns http 503 and when bypassing squid I see http 302.
What do you think is the best way to overcome this problem?
Thanks,
Be
ne.
I saw that next.co.il sends http 302 redirect messages
Maybe I'm missing some configuration that doesn't send back those
packets to the users?
Thanks,
Ben
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cach
:45:37 kid1| Error negotiating SSL connection on FD 375:
error:0001:lib(0):func(0):reason(1) (1/-1)
And the users don't have a connection at all.
How can I resolve this issue?
Thanks,
Ben
___
squid-users mailing list
squid-users@lists.squid-cac
By the help of God.
It looks like the point of failure (?)
BTW, My kernel already contains the required tproxy drivers by default
correct?
Regards,
Ben
On 08/07/2021 0:03, Eliezer Croitoru wrote:
Hey Ben,
You are missing the critical output of the full command:
Ip route show table 100
By the help of God.
Hi Eliezer,
Thanks for your help.
Please let me know if you need more information.
Regards,
Ben
On 07/07/2021 14:01, Eliezer Croitoru wrote:
Hey Ben,
I want to try and reset this issue because I am missing some technical
details.
1. What Linux Distro and what
By the help of God.
Someone have an idea what's wrong with my configuration?
On 30/06/2021 15:55, Ben Goz wrote:
On 30/06/2021 15:25, Antony Stone wrote:
On Wednesday 30 June 2021 at 14:16:09, Ben Goz wrote:
I'm trying to configure squid as a transparent proxy using TPROXY.
The m
On 30/06/2021 15:25, Antony Stone wrote:
On Wednesday 30 June 2021 at 14:16:09, Ben Goz wrote:
I'm trying to configure squid as a transparent proxy using TPROXY.
The machine I'm using has 2 NICs, one for input and the other one for
output traffic.
The TPROXY iptables rules are con
R on getsockopt
Please let me know what I'm missing?
Thanks,
Ben
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
By the help of God.
I have an eCap module code that should block traffic on certain cases
and passthru traffic on other cases.
What is the most easy and efficient way to test that module's code is
working as expected?
Thanks,
Ben
___
squid-users ma
Dear All,
I have the below working perfectly
Centos 8 X64squid-4.11-3
I need to forward the squid access.log to a remote Log ServerAppreciate if some
can help and advise.
Thanks and regards
simon
___
squid-users mailing list
squid-users@lists.squid
Dear All,
I have the below setup running perfectly for a couple of years
Centos 8 X64squid-4.11-3
configured in explicit mode so all client machines have the proxy IP configured
in their browser
Recently we have got a security cloud solution which requires the source IP of
the client machine
S
?
Thanks,
Ben
On 15/03/2021 15:27, Amos Jeffries wrote:
On 15/03/21 2:26 am, Ben Goz wrote:
Can I configure squid authentication TTL per only source IP and
ignores other parameters so authentication will be requested only
once in TTL for all the sessions?
Not with just authentication. You
On 12/03/2021 7:13, Amos Jeffries wrote:
On 12/03/21 3:56 am, Ben Goz wrote:
On 11/03/2021 16:44, Amos Jeffries wrote:
On 12/03/21 3:37 am, Ben Goz wrote:
On 11/03/2021 15:50, Antony Stone wrote:
On Thursday 11 March 2021 at 14:41:11, Ben Goz wrote:
Tell about your network setup and what
On 11/03/2021 16:44, Amos Jeffries wrote:
On 12/03/21 3:37 am, Ben Goz wrote:
On 11/03/2021 15:50, Antony Stone wrote:
On Thursday 11 March 2021 at 14:41:11, Ben Goz wrote:
Tell about your network setup and what you are trying to achieve -
we might be
able to suggest solutions.
End
On 11/03/2021 15:50, Antony Stone wrote:
On Thursday 11 March 2021 at 14:41:11, Ben Goz wrote:
I tried to open squid with some special port other than the default 3128
port.
Obscurity is not equivalent to security.
But after a while I saw that my squid was being abused by unknown IP
g for the users to enter user/password repeatedly.
Is there any other solution than password protection that only authorized
users can have access to my squid server?
Regards,
Ben
___
squid-users mailing list
squid-users@lists.squid-cache.org
And especially mail_warranty(void)
On Mon, Nov 23, 2020 at 11:19 PM raki ben hamouda wrote:
> Hello, and good day there,
>
> I'm a higher institute student and while I'm taking a look at
> https://github.com/squid-cache/squid/blob/master/src/tools.cc
> I did not
Hello, and good day there,
I'm a higher institute student and while I'm taking a look at
https://github.com/squid-cache/squid/blob/master/src/tools.cc
I did not understand the functions provided by this code tools.cc.
Could you explain it to me in a detailed way?
Cordially,
Raki~BH.
and what squid configuration should I need to
consider in order to fix it?
בתאריך יום ב׳, 26 באוק׳ 2020 ב-18:08 מאת Matus UHLAR - fantomas <
uh...@fantomas.sk>:
> On 26.10.20 17:43, Ben Goz wrote:
> >Thanks for your quick answer, the example with squidclient is not a good
> >exam
27;ll work.
Thanks,
Ben
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
lient/3.5.27
Accept: */*
Connection: close
Any help will be appreciated.
Thanks,
Ben
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Dear Amos,
Thanks for the quick replywill check and let you know
regards
simon
On Saturday, October 17, 2020, 06:06:13 AM GMT+3, Amos Jeffries
wrote:
On 16/10/20 10:21 pm, simon ben wrote:
> I have squid running perfectly fine on centos 7 64 bit with no issues
> I want to
I have squid running perfectly fine on centos 7 64 bit with no issuesI want to
allow certain user ips to access a few sites and block everything else so below
is the configthe sites are 1) paloaltonetworks.com2) redcloak.secureworks.com
in squid.conf---acl userlist src "/etc/squid
B.H
Sorry I tried this and it doesn't work.
Any other suggestions please?
בתאריך יום ב׳, 25 במאי 2020 ב-13:40 מאת Amos Jeffries <
squ...@treenet.co.nz>:
> On 25/05/20 10:09 pm, Ben Goz wrote:
> > B.H
> >>Tunneling it elsewhere,
> > Where can I tu
ecure authentification (or at least the most possibile
secured authent) ?
Thank you in advance.
Regards,
Le mer. 27 mai 2020 à 02:08, Ronan Lucio a écrit :
> Hi Ben,
>
> I made working just using https_port (without ssl-bump).
>
> I think it's a good way to secure squid authe
ns to secure the
login/password.
Did you see my point / what I'm trying to talk about ?
Thank you in advance.
Regards,
Le lun. 25 mai 2020 à 12:26, Amos Jeffries a écrit :
> On 25/05/20 9:59 pm, ben benml wrote:
> > Hello,
> >
> > I'm contacting you for some help.
u mentioned,
Because I can do it before squid handles TCP session initialization.
The issue here is as I said that I want bypass WSS and other stuff that
squid can't technically support for known list of IPs (or URLS).
Do you have any recommended configuration for this requirement?
Regards,
Ben
Hello,
I'm contacting you for some help.
I need to deploy a secure proxy based on Squid.
I try to use https_port combined with sslbump. I get an error message about
a bungled line.
The reasons I want to do this :
- secure connection between the client browser and the proxy server, so
using https
B.H.
I'm using squid with c-icap module for specific content filtering. I
configured squid with ssl bump so website with WSS won't work on it as
mentioned on squid documentation. So for such URLs (with WSS) I need
bypassing squid. I read in some posts that squid doesn't fully supports
bypassing UR
www.esri.com:443 -
HIER_DIRECT/23.37.177.22 ---
but hotmail and other sites working fine
anyway I can try to debug more to find the issue
apprecite your help and advice
On Tuesday, December 10, 2019, 07:18:07 PM GMT+3, simon ben
wrote:
Dear Amos,
Thanks for
Dear Amos,
Thanks for the quick reply.
Yes its an old version as I use to install using yum.I will upgrade as you said
and check it out
thanks once again
Regards
simon
On Tuesday, December 10, 2019, 10:57:47 AM GMT+3, Amos Jeffries
wrote:
On 10/12/19 5:52 am, simon ben wrote:
> D
Dear All,
I am usingSquid version 3.5.2 on Centos 7 64 bit and its working fine with no
issuebut recently got a complain from one user saying that the below site Is
notopening.. just says page cannot be displayed
https://my.esri.com
but if I use a machine without squid itsworking f
Dear All,
I am usingSquid version 3.5.2 on Centos 7 64 bit and its working fine with no
issuebut recently got a complain from one user saying that the below site Is
notopening.. just says page cannot be displayed
https://my.esri.com
but if I use a machine without squid itsworking f
nfirm before pushing the reluctant client to make this change. Can
someone please confirm that the PATCH HTTP method is supported in modern
versions of Squid, and what minimum version of Squid is required for this
support.
Kind regards and thank you,
Ben
___
Thanks Amos - good points - thanks. Both now fixed - thought I still seem
to be getting errors...sorry to be a bit inept here!
squid -v
Squid Cache: Version 3.5.12
Service Name: squid
configure options:
'--prefix=/usr' '--localstatedir=/var' '--libexecdir=/lib/squid'
'--datadir=/share/squid' '--s
87 matches
Mail list logo
