One month ago I asked in youtube's support forum on the possibility that
they have http for youtube.com in parallel with https, no response though.
Other than the login page, I don't see why video streaming from youtube
can not use http in the same time, will someone wiretap this
http-video-st
http://www.squid-cache.org/Versions/v3/3.5/cfgman/ssl_bump.html
at the end:
"
# Example: Bump all requests except those originating from
# localhost or those going to example.com.
acl broken_sites dstdomain .example.com
ssl_bump splice localhost
ssl_bump splice b
I have "cache deny all" and "cache mem 0MB", what is
/dev/shm/squid-ssl_session_cache.shm then? is it something else? how to
limit its size?
I'm trying to test the case with no-cache and thought 'cache deny all'
covered it already, then just happened to see this ssl-session-cache
file resides
I'm running squid/3.5.13/sslbump/intercept and saw the below when
visiting gmail.com from Chrome 48, gmail.com can not be opened.
However Firefox works fine, no errors in the log, gmail.com opens as
expected.
Error in the log:
==
Error negotiating SSL on FD 22:
error:140920F8:lib
http://www.squid-cache.org/Doc/config/logformat/ showed a new logformat
in Squid-3.3:
"New token %ssl::bump_mode to log the SSL-bump mode type performed on a
request. Logs values of: -, none, client-first, or server-first."
For Squid-3.5, does Squid have logformat that tells ssl-bump mode, e.
lysis.
Thanks,
xxiao
On 01/16/2016 10:06 AM, Alex Rousskov wrote:
On 01/15/2016 07:52 PM, xxiao8 wrote:
Just found out ssl::server_name_regex that should cover url_regex, for
urlpath_regex and referer_regex I think I can not get them for
https/sslbump, to get them an icap/ecap has to be used to rea
Just found out ssl::server_name_regex that should cover url_regex, for
urlpath_regex and referer_regex I think I can not get them for https/sslbump,
to get them an icap/ecap has to be used to read the decrypted content at the
moment, will squid plan to provide directives similar to
urlpath_rege
Thanks for the helps, while I could get the ssl::server_name to work but
not the url* directives so far.
xxiao
On 01/15/2016 04:39 PM, Alex Rousskov wrote:
On 01/15/2016 02:38 PM, xxiao8 wrote:
I wonder if the decrypted https message after sslbump is used
by icap/ecap client code in squi
ervers. "
https://answers.launchpad.net/ecap/+question/169016
Thanks,
xxiao
On 01/15/2016 04:49 AM, squid-users-requ...@lists.squid-cache.org wrote:
On 15/01/2016 2:08 p.m., xxiao8 wrote:
In Squid http-redirector can get access to the full url, for https
sslbump only gives us the host(
AP for HTTPS : Decrypt/Re-encrypts HTTPS connections and sends the
HTTP messages to ICAP servers. "
https://answers.launchpad.net/ecap/+question/169016
Thanks,
xxiao
On 01/15/2016 04:49 AM, squid-users-requ...@lists.squid-cache.org wrote:
On 15/01/2016 2:08 p.m., xxiao8 wrote:
>In Squi
In Squid http-redirector can get access to the full url, for https
sslbump only gives us the host(https://host), to get a full
url(https://host/path), are the only choices icap/ecap for content
filtering? in this case I really don't care about the https content
payload, just its http header tha
Found the issue, it's a conf syntax error. Sorry for the noise.
xxiao
On 01/08/2016 08:03 PM, xxiao8 wrote:
Hi,
I'm seeing the below errors, 25 bytes are the string of "'Initialization
SSL db..." itself, anyone else experienced this?
This is a typical https-transpare
Hi,
I'm seeing the below errors, 25 bytes are the string of "'Initialization
SSL db..." itself, anyone else experienced this?
This is a typical https-transparent case.
---
Sat Jan 9 01:46:25 2016 daemon.notice squid[4849]: helperHandleRead:
unexpected read from ssl_crtd #Hlpr1, 25 b
Under transparent mode, is it possible to get client's IP and assign a
specific ACL rule to it? is it possible to use the client-IP-address as
a variable in redirector scripts? Basically when transparent mode is
used we don't have the "user" for each requests and I'm thinking if I
can extract t
-9a-f:]+)?:([0-9a-f]+|[0-9\.]+)?\]))(:[0-9])?$
http_access deny CONNECT ips
deny_info TCP_RESET ips
Getting complicated...
So xxiao8, why does one want to censor these requests anyway?
Amos
---
Thanks for all the replies. The reason is to enforce dns-based filtering
so you can't type in
is it possible to enforce all http requests must use non-IP for the
destination, i.e. dns/hostname.
for example: http://www.google.com will be fine, but http://some-IP will
not.
Thanks,
xxiao
___
squid-users mailing list
squid-users@lists.squid-cac
Is it possible to bump a URL then splice it immediately after when the
client requests the same URL again?
Put another way, I can set a few URL lists and put them to ssl-bump or
ssl-splice statically, can I dynamically load the lists on the fly? so
the same URL can be either spliced or bumped
Both E2guardian and Squid now support SSL, how can they work together?
Can they share a single ssl certificate to avoid sslbump-encode-decode
twice?
Thanks,
xxiao
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache
18 matches
Mail list logo
