On 9/10/19 8:36 pm, torson wrote:
> @Amos thank you for your detailed reply. It took me a while to get back to
> this task, sorry.
> I did some changes, added your suggestions, tested some more and here are my
> results using Squid 4.8 with a couple of questions:
>
> A short summary of my setup: S
@Amos thank you for your detailed reply. It took me a while to get back to
this task, sorry.
I did some changes, added your suggestions, tested some more and here are my
results using Squid 4.8 with a couple of questions:
A short summary of my setup: Squid that does only intercept for all servers
On 2/09/19 8:44 am, torson wrote:
> For me it works with "ssl_bump peek step1", not with "ssl_bump peek all".
>
That tells me that your clients are lying to your proxy.
"peek step1" means only the client-provided detail is available. eg the
client says it is going to example.net (a domain which
For me it works with "ssl_bump peek step1", not with "ssl_bump peek all".
My working config using Squid 4.8:
---
visible_hostname squid
debug_options ALL,1
positive_dns_ttl 0
negative_dns_ttl 0
client_persistent_connections off
http_port 3128
http_port 3129 intercept
acl allowed_http_sites dstdom_
On 02/12/17 07:05, James Lay wrote:
On 2017-11-29 07:29, Amos Jeffries wrote:
On 28/11/17 03:50, James Lay wrote:
On Sun, 2017-11-26 at 09:50 +0200, Alex K wrote:
Perhaps an alternative is to peek only on step1:
acl step1 at_step SslBump1
ssl_bump peek step1
acl allowed_https_sites ssl::serv
On 2017-11-29 07:29, Amos Jeffries wrote:
On 28/11/17 03:50, James Lay wrote:
On Sun, 2017-11-26 at 09:50 +0200, Alex K wrote:
Perhaps an alternative is to peek only on step1:
acl step1 at_step SslBump1
ssl_bump peek step1
acl allowed_https_sites ssl::server_name_regex
"/opt/etc/squid/http_u
On 28/11/17 03:50, James Lay wrote:
On Sun, 2017-11-26 at 09:50 +0200, Alex K wrote:
Perhaps an alternative is to peek only on step1:
acl step1 at_step SslBump1
ssl_bump peek step1
acl allowed_https_sites ssl::server_name_regex
"/opt/etc/squid/http_url.txt"
ssl_bump splice allowed_https_site
On Sun, 2017-11-26 at 09:50 +0200, Alex K wrote:
> Perhaps an alternative is to peek only on step1:
>
> acl step1 at_step SslBump1
>
> ssl_bump peek step1
> acl allowed_https_sites ssl::server_name_regex
> "/opt/etc/squid/http_url.txt"
> ssl_bump splice allowed_https_sites
> ssl_bump terminate al
Perhaps an alternative is to peek only on step1:
acl step1 at_step SslBump1
ssl_bump peek step1
acl allowed_https_sites ssl::server_name_regex "/opt/etc/squid/http_url.txt"
ssl_bump splice allowed_https_sites
ssl_bump terminate all
On Nov 25, 2017 14:46, "James Lay" wrote:
> On Sun, 2017-11-26
On Sun, 2017-11-26 at 01:33 +1300, Amos Jeffries wrote:
> On 26/11/17 00:52, James Lay wrote:
> >
> > On Sat, 2017-11-25 at 23:48 +1300, Amos Jeffries wrote:
> > >
> > > On 25/11/17 08:30, James Lay wrote:
> > > >
> > > > Topic says it...this setup has been working well for a long
> > > > time,
On 26/11/17 00:52, James Lay wrote:
On Sat, 2017-11-25 at 23:48 +1300, Amos Jeffries wrote:
On 25/11/17 08:30, James Lay wrote:
Topic says it...this setup has been working well for a long time, but
now there are some sites that are failing the TLS handshake. Here's
my setup: acl localnet src
On Sat, 2017-11-25 at 23:48 +1300, Amos Jeffries wrote:
> On 25/11/17 08:30, James Lay wrote:
> >
> > Topic says it...this setup has been working well for a long time,
> > but
> > now there are some sites that are failing the TLS handshake.
> > Here's my
> > setup:
> >
> > acl localnet src 192
On 25/11/17 08:30, James Lay wrote:
Topic says it...this setup has been working well for a long time, but
now there are some sites that are failing the TLS handshake. Here's my
setup:
acl localnet src 192.168.1.0/24
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 443
acl CON
I should add this is squid-3.5.27. Thank you.
On Fri, 2017-11-24 at 12:30 -0700, James wrote:
> Topic says it...this setup has been working well for a long time, but
> now there are some sites that are failing the TLS handshake. Here's
> my setup:
>
> acl localnet src 192.168.1.0/24
> acl SSL_po
Topic says it...this setup has been working well for a long time, but
now there are some sites that are failing the TLS handshake. Here's my
setup:
acl localnet src 192.168.1.0/24
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 443
acl CONNECT method CONNECT
acl allowed_http_sit
15 matches
Mail list logo
