Thanks for the reply.
That really helped. I had an ACL for network and that blocked the https
traffic coming through.
It has been a journey settling it up. But without you guys help I think I
was not able to do it. Thanks for all help. Much appreciated.
Few settings that help with debugging and
On 17/08/18 20:39, pius wrote:
> Hi Amos,
>
>
> Thanks for the reply. It makes more things clear.
>
> I do apologize for a Friday message in advance.
>
> I will explain a bit more about my situation. We are using Jfrog artifactory
> in our private network. Artifactory host lots of remote repos
Hi Amos,
Thanks for the reply. It makes more things clear.
I do apologize for a Friday message in advance.
I will explain a bit more about my situation. We are using Jfrog artifactory
in our private network. Artifactory host lots of remote repos. We are
planning lock down the artifactory using
On 16/08/18 23:17, Amos Jeffries wrote:>
> The above config will only whitelist after the server cert is known and
> should terminate TLS without any HTTP(S) error page being delivered to
> clients - but can only do so if http_access does _not_ cause a "deny"
> part way through the handshake (eg fr
On 16/08/18 21:15, pius wrote:
> Hi,
>
> We are planning to control the traffic that goes out from the network. Few
> of them are HTTPS. we managed to whitelist HTTP traffic that going out the
> network. And we are really happy about it. Now only worry we got is the
> HTTPS traffic.
>
> I listen
Hi,
We are planning to control the traffic that goes out from the network. Few
of them are HTTPS. we managed to whitelist HTTP traffic that going out the
network. And we are really happy about it. Now only worry we got is the
HTTPS traffic.
I listen 2 port in squid. 3129(HTTP) and 3130 (HTTPS).
Hi,
It will be great if anybody can help.
I can see that the client can talk to squid and squid communicating to
google. But it responding with an error.
## Curl Log #
]# curl https://www.google.com -iv
* About to connect() to www.google.com port 443 (#0)
* Trying 216.58.204.68...
*
Hi,
I made some improvement. I added "ssl_bump splice all" and now it passing
through the step 1, but I can't whitelist the domain I want to connect
through the squid now. I am getting a new error
## cache.log ###
2018/08/13 13:37:02 kid1| SECURITY ALERT: Host header forgery detecte
Hi,
Thanks for the reply. I haven't got access to log on weekend, sorry about
the late reply.
I google about this error. I got some answer like connect message is in
plain text and squid is expecting a TCP communication and it gets rejected
in lower level before getting to step 2. I am not sure t
W dniu pt., 10.08.2018 o 20:28 Alex Rousskov <
rouss...@measurement-factory.com> napisał(a):
> On 08/10/2018 12:05 PM, pius wrote:
> > I am getting IP address of the client instead of the domain name I
> requested.
>
> I suspect you are getting your Squid https_port address
> (10.222.17.106:3130)
On 08/10/2018 01:04 PM, pius wrote:
> I had an ACL whitelist for IPs. I tried the test again removing that.
Sounds more like a blacklist than whitelist if removing the rule
_allows_ the request.
> Now I get an error TAG_NONE/200 0 CONNECT.
That is a good sign. The fake CONNECT request was not
Hi,
Thanks for the reply.
I had an ACL whitelist for IPs. I tried the test again removing that.
Now I get an error
TAG_NONE/200 0 CONNECT. Still, I am not getting server IP or domain name and
got squid IP instead. (10.222.17.106:3130).
Does that mean, the request is still blocked in step 1 O
On 08/10/2018 12:05 PM, pius wrote:
> I am getting IP address of the client instead of the domain name I requested.
I suspect you are getting your Squid https_port address
(10.222.17.106:3130) rather than the client IP address (10.222.25.60).
Logging Squid IP instead of the intended server IP fee
I am getting IP address of the client instead of the domain name I requested.
I am trying curl -iv https://www.google.com from a client machine
(10.222.17.106). I am not getting google.com in the access log and getting
TCP_DENIED. Looks like traffic is blocked before checking the certificate( I
a
14 matches
Mail list logo