Hi againthank you for your reply.
sorry but I didn't yell only asked for help!
Is any way to disable security checks or disable host header forgery check in
squid?If I use host_verify_strict or client_lifetime or client_dst_passthru ,
can I prevent this error to be happens?
you said TLS is not
HICOULD YOU PLEASE HELP ME?
IN INTERCEPTED TOPOLOGY WITH TPROXY I HAVE PROBLEM.
WHAT IS SQUID SOLUTION FOR SITES THAT HAVE MORE THAN ONE IP ADDRESSES? FOR
EXAMPLE SITE LIKE GOOGLE.COM RETURN DIFFERENT IP ADDRESS IN EVERY REQUEST AND
IF CLIENT GET IP ADDRESS FOR EXAMPLE 1.1.1.1 THAT IS POSSIBLE T
GMT+4:30, Alex Rousskov
wrote:
On 4/20/20 2:04 PM, leomessi...@yahoo.com wrote:
> hi
> I have one question.
> why for each https request that squid do peek or bump or splice ,squid
> logs 2 lines?
> one with connect method and one with head method?
... because there are two H
hi
I have one question.why for each https request that squid do peek or bump or
splice ,squid logs 2 lines?one with connect method and one with head method?
thanx
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.o
hiyes I use it in different machines,but all of them are debian with the same
version!At firts I compiled squid in a vmware debian vm ,bit after then I use
the created package in my other debian machin in physical systems with
different cpu and memory!
Is there any compile option to solve this
..
HiAfter install my own compiled squid in a linux system i got Illegal
instruction error when I run squid!
This is my core dump result:
[New LWP 20036]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated b
..HiWhy do I see multiple different lines in access.log file?Is every line a
separate request?I used ssl-bump , peek at_step sslbump1 and then based on my
ACL,I bump them or splice them!my squid.conf for log:logformat squid2 %ts
%{%Y %b %d %H:%M:%S}tl %>a %Hs %http://detectportal.firefox.com/s
HiI use 2 server that connected to each other with IPsec tunnel.
client Server1 ==ipsec tunnel==Server2Internat
I configured Nat in Server2 toward internet and I use squid with tproxy and ssl
bump configuration to intercept https requests!without ipsec tunnel my squid
server wo
Hi again;No my system does not have that file!
Leo
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Hi;I compiled last git version of squid 4.6-VCS my last problem with UDP log is
solved but I still have problem with security_file_certgen!I reported this
problem before with squid 4.6.When I use last security_file_certgen binary file
that created with compiled files of squid 4.6-VCS or squid 4.
Hi,
Is this git version is stable?What is the different between git version and
squid website stable v4??
thank you!
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Hi squid membersMy squid version is 4.6 .
How can i disable buffering logs to send them to a UDP receiver daemon?I want
to get logs immediately without buffering them with squid!
I checked before and my daemon I/O is OK and gets logs immediately, when i
reload squid it send logs to my daemon but
Hi squid membersHow can i disable buffering logs to send them to a UDP receiver
daemon?I want to get logs immediately without buffering them with squid!
I checked before and my daemon I/O is OK and gets logs immediately, when i
reload squid it send logs to my daemon but it get some time to send
HiWhen i use curl -I http://foo.com squid will send his name and version to
clients that i don't want to!!
root@debian:~# curl -I http://youtube.com
HTTP/1.1 403 Forbidden
Server: squid/4.6
Mime-Version: 1.0
Date: Tue, 09 Apr 2019 13:34:36 GMT
Content-Type: text/html;charset=utf-8
Content-Lengt
> Have you initialized the /var/lib/ssl_db directory using the
> low-privilege account Squid operates as?
Yes i use -c option and set permissions for nobody and nogroup user which squid
use!
> The helper should have output a message before it shutdown. If that
> managed to get written it would occ
Hi allI compiled squid 4.6 with this options:./configure \
--with-openssl \
--enable-ssl-crtd \
--prefix=/usr \
--enable-linux-netfilter \
--with-netfilter-conntrack \
--exec-prefix=/usr \
--includedir=/usr/include \
--datadir=/usr/share/squid \
--libdir=/usr/lib64 \
--libexecdir=/usr/lib64/squid \
Hi Amos,tank you for your reply!
> Current Squid automatically erase that header to prevent HSTS breaking
> web traffic. Where possible try to get clients to upgrade to Browsers
> which have also dropped use of the feature.My clients have last Firefox
> browser but when i use squid and bumb sites
HiI compiled squid with this options:
./configure \
--with-openssl \
--enable-ssl-crtd \
--prefix=/usr \
--enable-linux-netfilter \
--with-netfilter-conntrack \
--exec-prefix=/usr \
--includedir=/usr/include \
--datadir=/usr/share/squid \
--libdir=/usr/lib64 \
--libexecdir=/usr/lib64/squid \
--loca
.
Hi My problem is when i disable generate-host-certificates
sslcrtd_program
I cant redirect HTTPS requests to block err page!!I don't really understand
what this configuration do!What does actually this configurations
"generate-host-certificates and dynamic-cert-mem-cach-size" do? generate c
---
Hi againtax for your reply Amos.My problem is when i disable
generate-host-certificates
sslcrtd_program
I cant redirect HTTPS requests to block err page!!I don't really understand
what this configuration do!What does actually this configurations
"generate-host-certificates and dynamic-cert-m
-
-
-
-
-
Hi all
Can i use this conf only for blocking purpose?!Is set
dynamic_cert_mem_cache_size=0MB wrong?I have more than 1000 clients and i only
want to block http and https pages and show err page for both of those.
My configurations is like this:
Hi allCan i use this conf only for blocking purpose?!Is set
dynamic_cert_mem_cache_size=0MB wrong?I have more than 1000 clients and i only
want to block http and https pages.
My configurations is like
this:-https_port 3130 tproxy ssl-bump \
cert
Today's Topics:
1. ssl-bump does not redirect to block page (leomessi...@yahoo.com)
2. Re: ssl-bump does not redirect to block page (Alex Rousskov)
3. Pass ip to server (erdosain9)
4. Re: Pass ip to server (Joey Officer)
5. Re: Filering HTTPS URLs - A complete configuration (Alex R
>> aka the 'bump' action.
> This part is misleading: Modern Squids _automatically_ bump connections
> to report [access denied] errors -- no explicit bump action is required
> (or even desirable). I do not know whether> * that bumping does not happen
> for leo (e.g., due to Squid bugs), or
> * i
Hi againDo i have to use CA and Certificate configuration if i want to block
only HTTPS requests with splice action?!
https_port 3130 tproxy ssl-bump \
cert=/etc/squid/ssl_cert/myCA.pem \
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
sslcrtd_program /usr/lib64/squid/securi
25 matches
Mail list logo
