[squid-users] 2FA with Google Authenticator and squid login

Hey, I was wondering if anyone have implemented any 2FA with squid. IE a simple forward proxy that implements an external ACL helper that allows a specific user to access from a specific src ip address for a specific period of time. For example 1 Hour since login. The thing is that it can be

Re: [squid-users] Wpad

Hey Jonathan, Can you give more details on the setup? I am unsure how this setup work. Is this an intercept proxy or a simple forward proxy? Is the 192.168.1.1 the proxy ip and port? Also is the client on the same subnet? I understand that you are trying to use the proxy to serve the wpa

Re: [squid-users] Can I force certain destinations to ipv4?

Hey, From my tests you can use some reject rules on IPV6 in iptables/nftables and this will force squid by itself it use ipv4. This is a much better approach to my opinion rather then not responding to queries. Let me know if you need some help with this. Eliezer -Original Message

[squid-users] ECH Protocol and the complexities that comes with it

Hey, I have started to observe ECH usage in the wild and the next articles about it: https://blog.cloudflare.com/encrypted-client-hello/ https://developers.cloudflare.com/ssl/edge-certificates/ech / https://support.mo

Re: [squid-users] [SQUID] Some Web Page never complete download

Great to hear all the details. My general approach is to not intercept if possible. In my Setup I am using squid only as an assisting software. I wrote many tools to give squid features which are similar to other products like fortigate and checkpoint. All the products in the market are using very

Re: [squid-users] [SQUID] Some Web Page never complete download

Hey Slag, I want to understand the setup a bit more then what's written already. The Squid instance you are using, is it a simple forward proxy or an interception one? The C-ICAP is used with SquidClamAV? Are there any other C-ICAP functions you are using? What are you using UfdbGuard for? Tha

[squid-users] Fully Automating the Squid-Cache RPMs build and Squid-Nuggets beginning

unteer a little bit with the hope to gain some knowledge. Please feel free to contact me for any question. Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1ltd at gmail.com ___ squid-users mailing list squid-us

Re: [squid-users] Squid and AD integration

Hey Ben, I have tried to implement this in the past but got into some difficulties with this. If you are willing for us to work together on this in a lab and then publish the results in a video I will be more then happy to work with you on this. What do you say? Eliezer From: squid-users On

[squid-users] Rocky Linux 9 and other EL9 RPMs release

co.il/repo/rocky/9/ https://www.ngtech.co.il/repo/alma/9/ https://www.ngtech.co.il/repo/oracle/9/ Let me know if you need some help with the packages. Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1ltd at gmai

Re: [squid-users] Squid service not restarting properly

Hey Vivek, What OS are you using? Did you installed squid from the OS repository or you self compiled it? With more details we might be able to help you understand what to do. Eliezer From: squid-users On Behalf Of Vivek Saurabh (CONT) Sent: Tuesday, September 24, 2024 2:35 PM To: s

Re: [squid-users] Unable to access internal resources via hostname

Hey Josh, Configuring Squid is not a simple task in some cases. I used to think it's a pretty simple piece of software to configure and indeed with the right background and labs you can achieve specific goals easily and fast. However, I encountered over the years enough situations to understand th

Re: [squid-users] RFC: Removal of ESI Support from Squid

Hey Jonathan, The issues and comparison between 5.x to 6.x can be tested and verified. The ESI related code can be disabled in these tests and I think that the subject you are talking about is different then the subject of the thread. I will be happy to try and assist with testing these performan

[squid-users] A periodic update

Hey Everybody, Since https://cachevideos.com/ is no longer in development due to YouTube and other vendors usage of tokens and vbr streaming. Are there any specific video sites which are good to be cached? Can we cache Vimeo or any other specific sites without using ICAP or ECAP ie using plain Sto

[squid-users] Rocky 8 new repo

Hey List, After some time, work and testing I started maintaining the rocky squid cache packaging at: https://www.ngtech.co.il/repo/rocky/8/ Until now the tests are showing very good results in real usage. https://www.nethserver.org/ Are using Rocky linux and their 7 release is pretty good, I a

Re: [squid-users] Squid 6.10 on Fedora 40 cannot intercept and bump SSL Traffic

OK so the issue was that: The http_port was used for ssl bump with intercept while the only port which can really intercept ssl connections is: https_port so I believe that there should be a warning about such a line in the cache log. When there is http_port and intercept and ssl_bump there

Re: [squid-users] Squid 6.10 on Fedora 40 cannot intercept and bump SSL Traffic

Attached a link for the pcap file that might shed some light on the issue from a technical perspective: https://cloud.hisstory.org.il/apps/maps/s/Mw8Cb8QLYto83rK Eliezer ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid

Re: [squid-users] Squid 6.10 on Fedora 40 cannot intercept and bump SSL Traffic

Attached a gist with all the technical details (the email was too long) https://gist.githubusercontent.com/elico/bc5189e74aacf1f902f767fc1902d3a4/raw/afe876f5d46d2789d48b41dab7a73c7a6fd40be1/sslbump-issue-5.9.txt Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.

Re: [squid-users] Squid 6.10 on Fedora 40 cannot intercept and bump SSL Traffic

Hey Alex, Sorry for the confusion, And we are back in the Squid-Users. I have tested this issue with Windows 11 as a client in an intercept and TPROXY mode. I can try to test it using another client such as linux or windows 10 but I assume that the issue is the same. I sniffed some packets on

Re: [squid-users] Squid Version squid-5.7-150400.3.6.1.x86_64 -- Squid is crashing continusly

Hey Anitha, There are couple missing details. Is it a brand new proxy? What OS are you using? What Distro? It looks like a very simple forward proxy setup. When is the proxy crashing? At startup? After a while? Thanks, Eliezer From: squid-users On Behalf Of M, Anitha (CSS) Sent: Thursday, July

Re: [squid-users] Upgrade path from squid 4.15 to 6.x

Hey Akash, (Is this your first name?) There are ways to test the config step by step with docker containers but it depends on the config size and complexity. Even if you cannot share the squid.conf you can still summarize it to a degree. There are 2 types of proxy services which can be implement

Re: [squid-users] Any ideas for a project and\or research with AI about squid-cache?

Hey Jonathan, First of all, thanks for the response. I think that all squid-users knows that AI is there since very long ago. However, since it's a tool of the current times I want to be familiar with the tool capabilities. The AI tools which are published these days gives a specific response to

[squid-users] Any ideas for a project and\or research with AI about squid-cache?

Hey Everyone, I was wondering if there are specific things which can be worked on with an AI as a testing project to challenge an AI. I am looking for a set of projects which a beginner squid-cache admin can try to implement to certify himself with real world experience. What are the most commo

Re: [squid-users] Dynamic ACL with local auth

Hey Albert, It's preferable to use an external ACL compared to reloading the squid conf in general. It will probably require to use external acl helper with the authenticated username as a detail which is being sent to the helper. Let's take an example.org squid.conf for the "project". On what p

Re: [squid-users] Dynamic ACL with local auth

Hey Albert, The right way to do it is to use an external acl helper that will use some kind of database for the settings. The other option is to use a reloadable ACLs file. But you need to clarify exactly the goal if you want more then a basic advise. Eliezer -Original Message- From: sq

Re: [squid-users] Squid stops responding after 12 browser tabs opened

OK So I have built 6.8 for debian-11 but the NIS support has been removed. https://www.ngtech.co.il/repo/debian/11/x86_64/ https://www.ngtech.co.il/repo/debian/11/x86_64/squid-6.8-64-bin-stripped-only.tar I have yet to publish an installation script for it but there are couple binaries and shar

Re: [squid-users] Manipulating request headers

Hey Ben, There is another option which is to use an ICAP server to modify the headers and strip the br part if exists. It depends on the load on the server but you can edit only the headers and to not use any preview which will remove some un-needed overhead. Take a peek at the example: https:/

Re: [squid-users] Squid stops responding after 12 browser tabs opened

Hey, I should have built the newest version of squid for debian 11 but for some reason I didn't built and published them. I am using a tar.gz packages and not .deb ones. I will try to build one later on. Eliezer -Original Message- From: squid-users On Behalf Of nuit...@earthlink.net S

Re: [squid-users] Recommended squid settings when using IPS-based domain blocking

Hey Jason, I can try to build Squid 6.8 for RHEL 9, would this help you to test it as a solution? Eliezer From: squid-users On Behalf Of Jason Marshall Sent: Wednesday, March 6, 2024 4:49 PM To: squid-users@lists.squid-cache.org Subject: [squid-users] Recommended squid settings when using IPS

Re: [squid-users] [squid-dev] Using AWS and a SQUID server to create Residential Proxies

Hey Edwin, The best place to start is Squid-Users and please do not send emails to all the available lists. Squid-Cache is an open source project which you can use on any Linux OS (and couple others) and the project is not publishing any official AWS products in the any marketplace. There are

[squid-users] Squid Docker container

I started working on the docker containers of squid-cache these days. The first one is at: https://hub.docker.com/r/elicro/debian12squid/tags but it's not ready to use as is yet, just the build steps for now with the binaries in place. I need to add the supervisord damon and maybe couple other th

[squid-users] Anyone build Squid for on multiarch ie arm and arm64?

I have couple RouterOS devices which supports containers with the next CPU arches: • x86_64 • arm64 • armv6 • armv7 And I was wondering if someone bothered compiling squid containers for these arches? I know that there are packages for Debian and Ubuntu but these are not 6.x squid but rather 5

[squid-users] Basic Squid-Cache docker containers

Hey Everyone, As a part of the project I am currently working on I needed a basic squid-cache container. I have looked for these in Docker hub and wasn't able to find such a container image with the newest version of squid. Due to this I have created 3 containers: Alma8 based Debian 12 Based Ub

Re: [squid-users] Squid as an education tool

Hey Francesco and others, First thanks of the direction. I was thinking about using generic tools that are available as possible. Also, in education there is a whole thing about it not being an intercept proxy (with or without bump) so it simplifies some of the aspects of the setup. I would try

[squid-users] Squid as an education tool

Hey Everybody, I am just releasing the latest 6.7 RPMs and binaries while running couple tests and I was wondering if this was done. As I am looking at proxy, in most cases it's being used as a policy enforcer rather than an education tool. I believe in education as one of the top priorities com

Re: [squid-users] Squid 6.2 with WCCP

@lists.squid-cache.org Subject: Re: [squid-users] Squid 6.2 with WCCP On 11/09/23 20:16, ngtech1ltd wrote: > Hey, > > What is required for testing the wccp code? At minimum a Router or Switch with WCCPv2, plus separate machines for client and proxy. Ideally; * at least two router/switch to

Re: [squid-users] Vey slow navigation

Hey Andre, The issue can be caused by couple technical reasons. If we want to find one of the reasons we first need to understand the setup. Lets start with the ISP part of the picture: Where the public IP is residing? On the Squid box or on a NAT gateway? ``` $ ip route show ``` Also, did you ma

[squid-users] Squid 6.3 RPMs Release

Hey List, I have updated the squid-latest repo at: https://github.com/elico/squid-latest It's now parses the www.squid-cache.org sources page instead of using some ftp mirrors to get the latest version of squid. This update is since the squid FTP mirrors I have used are no longer up-to-date sin

Re: [squid-users] Squid 6.2 with WCCP

Hey, What is required for testing the wccp code? I can try to get a Cisco device for a basic testing. Is there a specific bug report we can follow on this issue or maybe we should follow on the PR? Eliezer -Original Message- From: squid-users On Behalf Of Amos Jeffries Sent: Tuesday,

Re: [squid-users] How to upgrade correctly?

Hey Gabriel, The first thing before doing anything at all is to backup your binaries and configuration files. Then try to plan a way that will allow you to fall back to the older version if anything will turn bad. If you can test on a VM the installation process before production it would be t

Re: [squid-users] correct regular expression to use to capture all

Hey Rob, It uses more CPU then dstdomain and the equivalent of ssl::server_name but... You should only care about the cpu usage in case you have lots of regex in your config files. Usually a few of them are worth when it gets the job done. I have some config in my archives that used a lot of re

Re: [squid-users] make URL bypass squid proxy

Hey Rob, it’s a great question. I will assume you are using squid 5.x since it’s the stable one. There is a configuration reference documentation at: http://www.squid-cache.org/Versions/v5/cfgman/ And the relevant one is ‘acl’: http://www.squid-cache.org/Versions/v5/cfgman/acl.html In the config

[squid-users] Theoretically speaking about a proxy service

Hey Everybody, I have seen couple free proxy providers like: Urban vpn Nord vpn Clearvpn And couple other proxy services. A long time ago I wrote the article: A Proxy for each Internet user! The future! https://www1.ngtech.co.il/wpe/2016/05/02/proxy-per-internet-user-is-it-realistic/ And I was

Re: [squid-users] make URL bypass squid proxy

Hey Rob, The first thing is to allow the domain in the http_acces just to be sure and use a basic deny all bottom line. Let me try to simplify your squid.conf In a link: https://gist.github.com/elico/b49f4a28d4b5db5ba882b10d40872d5e In plain text: ## START OF FILE # SSL Interception basic rules

[squid-users] HSTS in browsers summary, help wanted.

Hey Everyone, I am testing Squid 5.9 and 6.0.3 now and I am trying to understand what might go wrong in the client side with SSL Bump. I have a nice setup which works with a mysql DB and it can be recreated with vagrant in a very simple manner on-top of all EL8 based Distros. (Alma, Rocky, CentO

Re: [squid-users] Enable caching

I added the script to a gist just to keep it reachable: https://gist.github.com/elico/dfccc0905bc223c68c483e5074a6484a Eliezer From: squid-users On Behalf Of Andrey K Sent: Thursday, June 22, 2023 12:09 To: Alex Rousskov Cc: squid-users@lists.squid-cache.org Subject: Re: [squid-users] Enab

Re: [squid-users] make URL bypass squid proxy

Hey Robert, I am not sure what forward proxy setup you have there. A simple forward proxy? What tool are you using for whitelisting? You can use an external acl helper to allow dynamic updates of the whitelists or to periodic update your lists and reload. It will depend on the size of your lists.

Re: [squid-users] Squid Server on Android Devices?

Hey Marcelo, Squid was not designed for Android devices and would need an expert to make it work on a simple Android device. Squid-Cache is a server which provides services and it should be used on one. If you wish to convert your S10 to a server that's another story and you are probably on the

Re: [squid-users] Define Squid max connections limit

Hey Roberto, How are you with this? Still having issues? Eliezer -Original Message- From: squid-users On Behalf Of Roberto Carna Sent: Wednesday, May 10, 2023 19:52 To: squid-users@lists.squid-cache.org Subject: [squid-users] Define Squid max connections limit Dear all, is there any d

Re: [squid-users] TCP_TUNNEL/500 in squid logs in squid 5.9

Hey Sachin, What's the issue? That the logs don't reflect the reality? Thanks, Eliezer From: squid-users On Behalf Of sachin gupta Sent: Thursday, May 25, 2023 18:21 To: squid-users@lists.squid-cache.org Subject: [squid-users] TCP_TUNNEL/500 in squid logs in squid 5.9 Hi All We are migratin

Re: [squid-users] Proxy server to support a large number of simultaneous requests

Hey Ankor, Thanks for sharing the scenario. At the beginning I was thinking to myself: Why Squid? Is it the best choice for the scenario? And after walking through my list of caching proxies, including couple I wrote myself I got to the conclusion: Well.. Squid-Cache is simple to use and just wo

Re: [squid-users] Using tcp_outgoing_address with ACL

Hey Ankor, There is some missing context so I would be able to reproduce this issue. Is this some kind of CONNECT request? If you can describe in more technical details the setup and what client are you using, Maybe couple sanitized log lines it would help to understand better the scenario. El

Re: [squid-users] [EXTERNAL] FreeBSD 12 thousands connections

Hey, I know that the choice was made to use FreeBSD 12... But I can suggest to use Linux and not FreeeBSD. I have not tested this for a very long time but the last time I checked Linux was handling network traffic better then FreeBSD. I also believe that if you would have any issues, you would be

Re: [squid-users] Bypass ssl-bump urls that using web sockets

Hey Ben, For example: https://github.com/andybalholm/redwood is good if you are not using tproxy. Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com Web: https://ngtech.co.il/ My-Tube: https://tube.ngtech.co.il

Re: [squid-users] Issues with blacklist and a domain.

Hey, What you are using is regular expression and as Matus wrote you need dstdom and not dst_domrex. To understand better what maybe is going on we can try to use a regex visual editor. I like very much: https://rubular.com/ What you actually want is the next: \.(party|porn|xxx|vip|me)$ Which

Re: [squid-users] Bypass ssl-bump urls that using web sockets

Hey Ben, Depends on the size and the load of your setup there are other solutions out there you can try and make sure if they meet your needs. Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: mailto:ngtech1...@gmail.com Web: https://ngtech.co.il/ My-Tube: https:

Re: [squid-users] Issues with blacklist and a domain.

Hey, I am not sure how exactly how the domain: dof.gob.mx is being blocked by the: .me Domain suffix? What exactly your squid.conf is doing? (remove private info). Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com Web: https://ngtech.co.il/

[squid-users] Since Squid-Cache wiki is moving to another era I had to...

Overengineering your personal website. A very nice demo of how a single page can become a major headache if you do it the wrong way: https://www.youtube.com/watch?v=7NolBv9G2VE I hope someone will have a laugh a this :D Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Emai

Re: [squid-users] URL filtering technical

Hey, Depends on your needs but from my experience the most simple solution would be external_acl helper. I have used all 3 options and unless you really have foundation in ICAP and you do have a specific logic that can be done only via ICAP you should stick with external_acl. If you do ask m

Re: [squid-users] Update from Squid 4 to Squid 5 :

And just in case someone needs a demo how to remove netplan and install network manager on Ubuntu 22.04: https://www.youtube.com/watch?v=dy9MxgGzTk4 (I had it prepared for a good friend last week) Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail

Re: [squid-users] Update from Squid 4 to Squid 5 :

Hey, What is the content of: /etc/resolv.conf ? It could be something related to default systemd dns services. Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com Web: https://ngtech.co.il/ My-Tube: https://tube.ngtech.co.il/ -Original Mess

Re: [squid-users] Squid Degrading

Thanks Alex! I assume that for a testing purpose it should be good enough if it came from a known source. My assumption is that if someone knows how to compile squid from sources he should be able to understand what binaries he requires for basic tests. I am not sure if it's since I am also a pa

Re: [squid-users] Logs not showing ssl::servername

Hey Gabriel, Can you describe in words the desired state in squid 5.7? I know that squid ssl bump works and in the case of splice it also works pretty good. I can give you my logformat which results with the next: ## START 1669969405.114 9 10.200.191.117 NONE_NONE/000 0 CONNECT 3.126.56.137

Re: [squid-users] Squid Degrading

Hey Alex, Do you think an ubuntu "squid" binary would be fit for such a use case? IE replacing only the /usr/sbin/squid binary from another source? For my simple usage (A simple forward proxy) on Ubuntu I am installing squid from the repo and then just replace the squid binary. I remember that

Re: [squid-users] transparent mode squid on centos 9 with iptables (part 2)

Hey Lola, I have created a demo video at: https://cloud1.ngtech.co.il/static/squid-data/CentOS%209%20-%20Intercept%20Demo.mp4 This gives a demo on how to configure squid in intercept (transparent) mode for both port 80 HTTP and port 443 HTTPS. It’s not in a tutorial, it’s a demo. The client is

Re: [squid-users] transparent mode squid on centos 9 with iptables (part 2)

Hey, There are no technical details about the relevant subject which is the iptables, iproute and squid.conf I will try to give a demo for such a setup later on. Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com

Re: [squid-users] Squid 5: server_cert_fingerprint not working fine...

Hey Fred, First take into account that to the Squid-Users no question is ridicules at any time There are couple sides for a forum/list and only one of them is the technical one. I was told by a good mentor of me the next sentence: Think about the other side of the conversation on the line l

Re: [squid-users] transparent mode squid on centos 9 with iptables (part 2)

Hey, CentOS 9 is mainly uses nftables when possible. I have not seen any example of squid intercept examples with nftables. If for any reason the iptables command would not work on CentOS 9 (stream) let me know and I might be able to provide these. Eliezer Eliezer Croitoru NgTech, Tech Sup

Re: [squid-users] Squid 5: server_cert_fingerprint not working fine...

Hey Fred, Just a tiny question, can you share this php script so we can make sense of what is this script doing compared to what squid is doing? Thanks, Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com Web: https://ngtech.co.il/ My-Tube: htt

Re: [squid-users] ACL based DNS server list

Hey James, No it’s not possible. There is a possibility to run a single proxy per client however you should really try to make sense in doing so. Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com Web:

Re: [squid-users] Squid performance recommendation

Hey Szabolcs, Since Amos answered your question regarding a simple VM I would like to refer to the k8s part. A huge Kubernetes cluster is good for very specific use cases. It’s not “easy” to scale and or change the config and update out of the box, you will need to work on that since there are

[squid-users] Squid alpine latest(5.5) container

Since I have tried to find a decent and tiny squid container and yet to find one I took the time to push one int docker hub. At: https://hub.docker.com/r/hack2003/squid-alpine I will push later on an RPM based squid container, which will be an overkill for many but will not be based on ulibc w

[squid-users] Seems like the 5.7 was picked automatically at the git

Hey, Per the request for an updated version of squid for automation, it seems that the repo is working file at: https://github.com/elico/squid-latest and is being updated automatically and the 5.7 was just released… It will be built in the next hour and will be deployed. I have not receive

Re: [squid-users] [Troubleshoot] Squid 3.3 - Lots of 403 erros when reducing the workers number

He Xavier, I believe that there are couple logformat options that you should add to understand better this issue. The first thing in this scenario is to have the squid.conf and access.log output. If you have a load of about 100 rps you shouldn't be required to have more then 1-2 workers tops.

[squid-users] MySQL backend for time restrictions of clients

Hey Everyone, I have seen a very nice to restrict internet access by hours. The concept is pretty simple. Per client you have a time table which contains the day and the hour in the day as integers. For example the next table: ## user_id, day, hour, allow 1, 0, 8, 0 1, 0, 9, 1 … 1, 0, 20, 1 1, 0

Re: [squid-users] [squid][v5.6] : problem with "slow" or "fast" acl

Hey Eric and David, I am thinking about the best place to put a note acl. What is the actual requirement? Do you want to limit a specific client or all of them? I have not used delay pools for a very long time so I am not sure about what you want these to do. Eliezer Eliezer Croitoru

Re: [squid-users] squid-users Digest, Vol 97, Issue 4

Hey Rahul, I’m trying to understand: Did you turned on the debug in level 9 since you turned spined the container? If so it’s pretty reasonable that it will run out of space pretty fast. Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com

Re: [squid-users] squid-users Digest, Vol 97, Issue 2

I have a container specification at: https://github.com/elico/squid-container if it’s helping you and others. It’s a simple forward proxy with RAM cache only. If you want to use CentOS stream 8 you can modify the Dockerfile a bit and it should work in a similar way. Eliezer Eliezer Croi

Re: [squid-users] squid-users Digest, Vol 97, Issue 2

Hey Rahul, You can create a customized container like described in the official document at: https://docs.aws.amazon.com/AmazonECS/latest/userguide/create-container-image.html It’s pretty simple and is doable. You shouldn’t run Squid 5.0.4 since it’s very old and there for would not get suppo

Re: [squid-users] Squid container stopped with exit 1 recursively

Hey Rahul, You should use the latest squid stable version 5.6. Depends on the container you are running but you might be able to use the latest RPMs of: CentOS, Oracle, Fedora, Alma, Rocky, AMZN >From my repository at: https://www.ngtech.co.il/repo/ To know the error with squid you will need

Re: [squid-users] Squid 5.2 TCP_MISS_ABORTED/100 erros when uploading

Hey David, This should do the trick for you: https://www.ngtech.co.il/repo/alma/8/x86_64/ @Amos, 5.6 is not ready for OpenSSL 3 and there for cannot be compiled on RHEL 9 and similar. Eliezer * A rocky version should be available later on at: https://www.ngtech.co.il/repo/rocky/8/x86_64/ ---

Re: [squid-users] How to enable squid to use more server resources when

http://www.squid-cache.org/Doc/config/workers/ Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com Web: https://ngtech.co.il/ My-Tube: https://tube.ngtech.co.il/ -Original Message- From: squid-users On Behalf Of Marcelo Sent: Monday, 29 Augus

Re: [squid-users] How to enable squid to use more server resources when using 500+ http_ports?

Hey Marcelo, Have you been using workers by any chance? Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com Web: https://ngtech.co.il/ My-Tube: https://tube

Re: [squid-users] Programmatically fetch the latest stable version of squid

I believe this should do: https://raw.githubusercontent.com/elico/squid-latest/main/latest.json Maybe it would be possible to update a git repository using a git web hook on the project. If the Squid-Cache project will have some defined way of tagging versions in the git repository it would pret

Re: [squid-users] Programmatically fetch the latest stable version of squid

Hey Justin, Would json file be fine? Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com Web: https://ngtech.co.il/ My-Tube: https://tube.ngtech.co.il/ Fr

Re: [squid-users] Programmatically fetch the latest stable version of squid

Hey Amos, The page really need an update and also if it's something that we can rely on then.. we need something a bit more "working". The only working http mirrors are: http://mirror.marwan.ma/squid/archive/ http://mirror.marwan.ma/squid/software/ http://squid.mirror.globo.tech/archive/ http://

[squid-users] SquidGuard.org is not responding

Hey, If anyone knows the www.squidguard.org domain and hosting owner, can you verify if they know that the domain/server is not responding? Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...

Re: [squid-users] Anyone able to sell me some squid consulting? (advanced routing+cache peering)

Hey Marcelo, I am not sure how and what exactly you want to implement with squid but you must understand that there are specific things you cannot do with squid. Let say you will have 3-4 squid instances and you will have couple users. To test your solution you we will need: * Squids *

Re: [squid-users] forwarding TPROXY squid and multi-ISP

Hey Vieri, I am missing couple pieces to understand and maybe re-produce the issue. What Linux and Squid version are you using? A tproxy setup is using the OS network stack for selecting the proper source and destination addresses. I have not implemented such a setup for a very long time but it'

Re: [squid-users] Squid 4.8+ intercept

Hey K, I need your Mikrotik and squid.conf and iptables to understand what the issue might be. You will need to describe your setup in a way I can relate to it. There is not much of a difference between port 80 to 443 just that the port need to have ssl-bump settings If you are using it. The CON

Re: [squid-users] Squid 4.8+ intercept

Hey K, What RouterOS version are you using? Also, what rules have you applied? If there is a very long delay and then a failure you should verify that the rules you wrote are proper to your environment. You should route packets based on connection marks and mark only new connections from LAN IP

Re: [squid-users] Squid as Reverse Proxy with Parent Proxy, http inbound and https outbound

Hey Joel, I don’t know if squid would be able to do what you want/need but I know that nginx can do some part of what you want. Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com Web: https://ngtech.co.il/ My-

Re: [squid-users] Squid 4.8+ intercept

Hey Grant, The issue is very simple, if squid and the clients sits on the same subnet( not the same network segment) then squid will send the traffic back directly to the client. WCCP is not related to the network level of things and will not resolve this exact same issue in most similar use cas

Re: [squid-users] Squid 4.8+ intercept

Hey K, Here a video example on how to implement what you probably want: https://cloud1.ngtech.co.il/static/squid-data/mikrotik-v7-intercept.mp4 If the proxy sits in the same network that the clients sit it won’t work. Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-2870426

Re: [squid-users] Squid 4.8+ intercept

Hey Rafael, This document covers on the V6 branch of Mikrotik and the stable is 7.4. If you do have the resources to publish a V7 document upgrade it would help others. Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com

Re: [squid-users] Squid 4.8+ intercept

Hey K, I am not sure about the network topology. Preferably the Squid should reside on another network then the clients if it’s intercepting the traffic. Also, I assume it’s not a TPROXY setup so it should be pretty simple and straight forward. I understand why are you asking this question. A

[squid-users] SQL DB squid.conf backend, who was it that asked about it?

Hey Everybody, I don’t remember who was it but I was asked about using a SQL DB backend for squid.conf. If the question is still in place I can try to help and give an example how it’s being done and also how to implement such a feature. Eliezer Eliezer Croitoru NgTech, Tech Support Mo

Re: [squid-users] Trying to recompile squid 4.13 with ./configure CXXFLAGS="-DMAXTCPLISTENPORTS=256"

Hey Marcelo, What OS are you using? Debian? Ubuntu? The `which squid` command will show you where squid binary of squid -v is being take/used from. And also, just wondering why 4.13? and not 4.17? Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail

Re: [squid-users] regex for normal websites

OK Robert, I have seen the issue you were having and indeed it’s because cloudflare understands that there is some kind of MITM in the path. It’s good but there should be a way to allow such MITM from cloudflare side. I believe that the cloudflare client should have the ability to allow or disa

Re: [squid-users] Squid and Epic Games HCapctca

Please don’t bang your head… everybody is here for you. Sometimes it takes time to respond but you will get your answers. https://www.ngtech.co.il/squid/support-save/support-save-2022-08-05_00-51-47.tar.gz Is not the fastest connection and it has a blacklist in the DB dump so for now it’s a pr

Re: [squid-users] Squid and Epic Games HCapctca

You are welcome. I wrote an app that does everything for me so I just need to dump the database into a: ssl::server_name directive it’s basically: ## START acl NoBump_server_name ssl::server_name "/etc/squid/no-ssl-bump-server-name.list" acl tls_to_splice any-of inspect_only NoBump_src NoBu

  1   2   >