Yes, here my usage case
1- Squid as explicit proxy connected to e2guardian with ICAP
2 - E2guardian block a SSL website (no bump) a 403 header is returned ->
I tried 302, 307, 200, without more success
3 - With IE or chrome the connection is well dropped but with FF (61 ->
next 67) the conne
-cache.org
Subject: Re: [squid-users] ICAP and 403 Encapsulated answers (SSL denied
domains)
Hello,
when a SSL website request is dropped by proxy with FF the connection is
not well finished
Example of this here, first message:
https://bugzilla.mozilla.org/show_bug.cgi?id=1522093
Hello,
when a SSL website request is dropped by proxy with FF the connection is
not well finished
Example of this here, first message:
https://bugzilla.mozilla.org/show_bug.cgi?id=1522093
___
squid-users mailing list
squid-users@lists.squid-cache.
-users@lists.squid-cache.org
Subject: Re: [squid-users] ICAP and 403 Encapsulated answers (SSL denied
domains)
Thanks, there a lot of impacts here, response time, load average, etc,
unfortunately we should wait that FF 66 (and after) is installed everywhere to
fix that ...
I'm really surp
Thanks, there a lot of impacts here, response time, load average, etc,
unfortunately we should wait that FF 66 (and after) is installed everywhere to
fix that ...
I'm really surprised that there is no more messages about this
Fred
___
squid-users m
On 2/19/19 1:40 AM, FredB wrote:
> there was a bug in Firefox with huge impact for some configurations
> https://bugzilla.mozilla.org/show_bug.cgi?id=1522093
Congratulations on getting that Firefox bug fixed!
Alex.
___
squid-users mailing list
squid-us
Amos, Alex
Ithought you might beinterested, there was a bug in Firefox with huge
impact for some configurations
https://bugzilla.mozilla.org/show_bug.cgi?id=1522093
Regards
Fredb
___
squid-users mailing list
squid-users@lists.squid-cache.org
htt
On 1/23/19 3:17 AM, FredB wrote:
> I found nothing in documentation about client_persistent_connections off
> impact, do you think this can be problematic with high load ?
Yes, disabling client-to-Squid persistent connections can increase load
on the proxy server. In SslBump environments that bum
As a workaround, you can try disabling client-to-Squid persistent
connections (client_persistent_connections off) or changing your ICAP
service to produce a response with a non-empty 403 body.
You are right this is a browser bug (firefox at least recent versions)
and this issue can be resol
On 1/22/19 1:22 AM, FredB wrote:
> Here a short tcpdump trace
> https://nas.traceroot.fr:8081/owncloud/index.php/s/egrcXnU3lxiU0mi
>
> 1 - I'm surfing to the website https://www.toto.fr
Yes (tcp.stream eq 30).
> 2 - I receive a 403 (blank page)
> HTTP/1.1 403 Forbidden
> Server: e2guardia
Hello Alex
But unfortunately Squid adds a "Connection: keep-alive" header
It is not clear _why_ you consider that header "unfortunate" and the
connection "wasted". That header may or may not be wrong, and the
connection may or may not be reusable, depending on many factors (that
you have not s
On 1/21/19 3:35 AM, FredB wrote:
> I'm playing with Squid4 and e2guardian as ICAP server.
>
> I'm seeing something I misunderstand, when a SSL website is blocked
> e2guardian returns a encapsulated "HTTP/1.1 403 Forbidden" header this
> part seems good to me with an encrypted website a denied or
Hello all,
I'm playing with Squid4 and e2guardian as ICAP server.
I'm seeing something I misunderstand, when a SSL website is blocked
e2guardian returns a encapsulated "HTTP/1.1 403 Forbidden" header this
part seems good to me with an encrypted website a denied or redirection
page can't be ad
13 matches
Mail list logo
