Re: [squid-users] Reverse Proxy Redirect - Stops in Browser

On 16/02/2023 10:56 am, squid wrote: I have a reverse proxy that that does the following: acl example_www url_regex -i ^https?:\/\/example-www?.example.com.* http_access allow internal_IPs example_www deny_info https://other-www.other.com%R example_www http_access deny example_www When a tool o

[squid-users] Reverse Proxy Redirect - Stops in Browser

I have a reverse proxy that that does the following: acl example_www url_regex -i ^https?:\/\/example-www?.example.com.* http_access allow internal_IPs example_www deny_info https://other-www.other.com%R example_www http_access deny example_www When a tool or a browser goes to http://example-www.

[squid-users] Reverse Proxy for Exchange server

Hi! I have an issue with the accel mode in front of an exchange server. When you configure more than one authentication scheme including the basic scheme the authentication does not work - connection will be closed. But when you configure the basic scheme only is starts working. When you have con

Re: [squid-users] reverse proxy Squid 4

On Thursday, June 25, 2020, 10:32:46 AM GMT+2, Amos Jeffries wrote: > >  tls-options=NO_SSLv3,NO_TLSv1_3 tls-min-version=1.0 > >  tls_options=NO_SSLv3,NO_TLSv1_1,NO_TLSv1_2,NO_TLSv1_3 > > removing the "sslflags=DONT_VERIFY_PEER" > > Then reduce the ssloptions= as much as you can. Remove if po

Re: [squid-users] reverse proxy Squid 4

On 6/24/20 8:16 PM, Vieri wrote: > This is what the squid cache log reports: > > 2020/06/25 00:29:05.467 kid1| 83,5| NegotiationHistory.cc(81) > retrieveNegotiatedInfo: SSL connection info on FD 15 SSL version NONE/0.0 > negotiated cipher > 2020/06/25 00:29:05.467 kid1| ERROR: negotiating TLS on

Re: [squid-users] reverse proxy Squid 4

On 25/06/20 2:57 am, Vieri wrote: > Hi, > > Today I just migrated from Squid 3 to Squid 4, and I found that a reverse > proxy that was working fine before is now failing. The client browser sees > this message: > > [No Error] (TLS code: SQUID_ERR_SSL_HANDSHAKE) > Handshake with SSL server faile

[squid-users] reverse proxy Squid 4

This is what the squid cache log reports: 2020/06/25 00:29:05.467 kid1| 83,5| NegotiationHistory.cc(81) retrieveNegotiatedInfo: SSL connection info on FD 15 SSL version NONE/0.0 negotiated cipher 2020/06/25 00:29:05.467 kid1| ERROR: negotiating TLS on FD 15: error::lib(0):func(0):reason

[squid-users] reverse proxy Squid 4

Hi, Today I just migrated from Squid 3 to Squid 4, and I found that a reverse proxy that was working fine before is now failing. The client browser sees this message: [No Error] (TLS code: SQUID_ERR_SSL_HANDSHAKE) Handshake with SSL server failed: [No Error] This is how I configured the backen

Re: [squid-users] reverse proxy

On 12/01/20 2:04 am, user wrote: > Hello. > I have use squid 4.8 as reverse proxy. The problem is remote (or local?) > side close connection every 2-4 minutes with message "TCP_MISS_ABORTED/200" > in log. That log tag is normal for traffic with Happy Eyeballs operating. Without extra information t

[squid-users] reverse proxy

Hello. I have use squid 4.8 as reverse proxy. The problem is remote (or local?) side close connection every 2-4 minutes with message "TCP_MISS_ABORTED/200" in log. Another one problem - downloader report incorrect speed and time. random.bin 100%[>] 2.00M --.-KB/s in 0.0

Re: [squid-users] reverse proxy and HTTP redirects

On Thu, Dec 5, 2019 at 11:48 AM Amos Jeffries wrote: > > external_acl_type location_rewriter % acl bad_Location external location_rewriter > > deny_info 302:%note{location-rewrite} bad_Location > acl 302 http_status 302 > http_reply_access deny 302 bad_Location I just read something abo

Re: [squid-users] reverse proxy and HTTP redirects

On Thu, Dec 5, 2019 at 11:48 AM Amos Jeffries wrote: > > external_acl_type location_rewriter % acl bad_Location external location_rewriter > > deny_info 302:%note{location-rewrite} bad_Location > acl 302 http_status 302 > http_reply_access deny 302 bad_Location Sorry to bother you again

Re: [squid-users] reverse proxy and HTTP redirects

On 6/12/19 1:41 am, Vieri Di Paola wrote: > By the way, if I were to upgrade to Squid 4, would the following do the trick? > > reply_header_add Strict-Transport-Security "max-age=31536000; > includeSubDomains; preload" all > Doubtful, but if you want to test it start with a very *small* max-age

Re: [squid-users] reverse proxy and HTTP redirects

By the way, if I were to upgrade to Squid 4, would the following do the trick? reply_header_add Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" all ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid

Re: [squid-users] reverse proxy and HTTP redirects

On Thu, Dec 5, 2019 at 11:48 AM Amos Jeffries wrote: > > Alternative to his would be an eCAP module that just re-writes the > Location headers in place. That would be simpler, but requires some > coding to create the module. Simpler, I like how that sounds... I presume a good starting point would

Re: [squid-users] reverse proxy and HTTP redirects

On 5/12/19 11:17 pm, Vieri Di Paola wrote: > I could try to use a redirector with location_rewrite_program, but > this directive is not available anymore. > I presume I need to use url_rewrite_program instead. No, that only re-writes the client requested URLs. You can try using a rewriter on the

Re: [squid-users] reverse proxy and HTTP redirects

I could try to use a redirector with location_rewrite_program, but this directive is not available anymore. I presume I need to use url_rewrite_program instead. I wonder if it will rewrite the "Location" header the origin server is sending to the client browser. Vieri _

Re: [squid-users] reverse proxy and HTTP redirects

On Wed, Dec 4, 2019 at 6:15 AM Amos Jeffries wrote: > > I'm trying to see for myself if this is actually normal/OK - since I > don't know how familiar you are with HTTP accel mode syntax. > > The requests in particular are most interesting, though what responses > are paired with each is also pote

Re: [squid-users] reverse proxy and HTTP redirects

On 4/12/19 3:02 am, Vieri Di Paola wrote: >> Hmm, what version of Squid is this? > > 3.5.27 (yes, I'm aware of the security vulnerability, but I'm unable > to upgrade right now) > >> Can you configure "debug_options 11,2" and see what the HTTP messages >> look like? > > Everything looks OK until

Re: [squid-users] reverse proxy and HTTP redirects

> Hmm, what version of Squid is this? 3.5.27 (yes, I'm aware of the security vulnerability, but I'm unable to upgrade right now) > Can you configure "debug_options 11,2" and see what the HTTP messages > look like? Everything looks OK until I get: 2019/12/03 14:52:26.509 kid1| 11,2| http.cc(720)

Re: [squid-users] reverse proxy and HTTP redirects

On 3/12/19 10:11 pm, Vieri Di Paola wrote: > > Whether I use vport=8080 or not, it still fails because the client > gets an HTTP redirection such as: > > http://squidserver.local:50443/whatever (without vport=) > > http://squidserver.local:8080/whatever (with vport=8080) > > Note the http://. >

Re: [squid-users] reverse proxy and HTTP redirects

Hi, On Tue, Dec 3, 2019 at 6:33 AM Amos Jeffries wrote: > > NP: you have not configured any Elliptic Curve to be used, so all those > EC ciphers will not be usable. Also you configured some DES based > ciphers and then disable DES. I'll review that, thanks. > The problem is that the client is t

Re: [squid-users] reverse proxy and HTTP redirects

On 3/12/19 3:46 am, Vieri Di Paola wrote: > Hi, > > I configured a reverse proxy with something like this: > > https_port 10.215.145.81:50443 accel cert=/etc/ssl/whatever.cer > key=/etc/ssl/whatever_key_nopassphrase.pem > options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE,CIPHER_SERVER_PREFERENCE,No_Compres

[squid-users] reverse proxy and HTTP redirects

Hi, I configured a reverse proxy with something like this: https_port 10.215.145.81:50443 accel cert=/etc/ssl/whatever.cer key=/etc/ssl/whatever_key_nopassphrase.pem options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE,CIPHER_SERVER_PREFERENCE,No_Compression cipher=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128

Re: [squid-users] Reverse Proxy Detected

On 1/08/19 9:41 am, creditu wrote: > We have been using several squid servers in accelerator mode for a > number of years mainly for load balancing to send public requests to > backend servers. The requests to the squids typically come via a > well known commercial caching service. The squid

[squid-users] Reverse Proxy Detected

We have been using several squid servers in accelerator mode for a number of years mainly for load balancing to send public requests to backend servers. The requests to the squids typically come via a well known commercial caching service. The squids don't do any caching, they just forward r

Re: [squid-users] Reverse Proxy

On 11/06/19 6:24 pm, afkout wrote: > i try ssl_bump and header_replace , not working > TCP_MISS/503 5452 GET https://steamcommunity.com/ cjm > ROUNDROBIN_PARENT/72.246.190.104 text/html > > config > acl sc ssl::server_name steamcommunity.com > cache_peer steamuserimages-a.akamaihd.net parent 443 7

Re: [squid-users] Reverse Proxy

i try ssl_bump and header_replace , not working TCP_MISS/503 5452 GET https://steamcommunity.com/ cjm ROUNDROBIN_PARENT/72.246.190.104 text/html config acl sc ssl::server_name steamcommunity.com cache_peer steamuserimages-a.akamaihd.net parent 443 7 no-query proxy-only round-robin name=ak1 tls tls

Re: [squid-users] Reverse Proxy

On 4/06/19 1:58 am, afkout wrote: > sorry i dont explain clearly. > i want to implement same function in squid like caddy dose. > a.com is blocked for some reason. but b.com and a.com use the same cdn > network. > when caddy get a a.com request , send it to cdn network node and set the SNI > domain

Re: [squid-users] Reverse Proxy

sorry i dont explain clearly. i want to implement same function in squid like caddy dose. a.com is blocked for some reason. but b.com and a.com use the same cdn network. when caddy get a a.com request , send it to cdn network node and set the SNI domain a.com. can squid implement that? -- Sen

Re: [squid-users] Reverse Proxy

On 3/06/19 11:35 am, afkout wrote: > im using caddy for reverse proxy,  but caddy not support multiple local > ip. AFAICT 'caddy' is not Squid. So this does not appear to be a Squid related question. Have you tried the caddy support forum? Amos ___ squ

[squid-users] Reverse Proxy

im using caddy for reverse proxy, but caddy not support multiple local ip. here is my caddy configure https://steamcommunity.com { tls steamcommunity.crt steamcommunity.key #self signed proxy / https://steamuserimages-a.akamaihd.net https://steamcdn-a.akamaihd.net { policy random

Re: [squid-users] Reverse proxy and TUNNEL to same cache peer

On 08/08/18 16:49, Hariharan Sethuraman wrote: > I think giving name helped to fwd/reverse to same parent proxy port: > cache_peer parent-proxy.domain.com > parent 80       0  no-query no-digest login=PASS originserver > name=reverseproxy > cache_peer parent-proxy.d

Re: [squid-users] Reverse proxy and TUNNEL to same cache peer

I think giving name helped to fwd/reverse to same parent proxy port: cache_peer parent-proxy.domain.com parent 80 0 no-query no-digest login=PASS originserver name=reverseproxy cache_peer parent-proxy.domain.com parent 80 0 no-query no-digest login=PASS name=forwardproxy On Wed, Aug

Re: [squid-users] Reverse proxy and TUNNEL to same cache peer

> The traffic types have different syntax. It is possible to have a parent > proxy which receives both, but that has to be different ports and > different cache_peer links between them. As I said in same cache_peer (without changing the parent proxy port), both forward (removed originserver option

Re: [squid-users] Reverse proxy and TUNNEL to same cache peer

Yes correct, the parent Proxy is a forward, but the squid will have to do both from client aspect. Can I run two instances of squid - forward and reverse separately considering my configuration is good enough? On Tue, 7 Aug 2018, 22:00 Amos Jeffries, wrote: > On 08/08/18 04:01, Hariharan Sethur

Re: [squid-users] Reverse proxy and TUNNEL to same cache peer

On 08/08/18 04:01, Hariharan Sethuraman wrote: > Thanks Amos: yes agree that I should have told forward proxy. > > When I remove the originserver option from cache_peer, the forward proxy > is working so which means the rewriter is not precluding from happening. > Does that give any clue to us?  >

Re: [squid-users] Reverse proxy and TUNNEL to same cache peer

Thanks Amos: yes agree that I should have told forward proxy. When I remove the originserver option from cache_peer, the forward proxy is working so which means the rewriter is not precluding from happening. Does that give any clue to us? Moreover the reverse proxy is in next hop to the client an

Re: [squid-users] Reverse proxy and TUNNEL to same cache peer

On 08/08/18 01:04, Hariharan Sethuraman wrote: > Hi, > > We have our company proxy and this is how the topology is expected to > look like for the deployment: > > Client > ---squid-host.com---company-proxyInternet > > Now I need to allow revers

[squid-users] Reverse proxy and TUNNEL to same cache peer

Hi, We have our company proxy and this is how the topology is expected to look like for the deployment: Client ---squid-host.com---company-proxyInternet Now I need to allow reverse proxy(3128) for some request from the client and tunnel (3129)

Re: [squid-users] Reverse proxy is not responding

On 19/03/18 19:13, Kiru Pananthan wrote: > Hi Amos > > I have removed *. dashboard and also timetable which is not in use. > > I have added the accel after port number and removed vhost as per your > advice. Can you check the file now, am I good to go. I have not yet run > the query  "squid -k pa

Re: [squid-users] Reverse proxy is not responding

On 20/03/18 03:40, Kiru Pananthan wrote: > Hi Amos > > I have run the command of "squid -k parse" and attached output in the > config file link  > Config file URL >  https://goo.gl/Q4a749 > You see anything looking odd in that output? Many of the wrong syntax things I have mentioned should also

Re: [squid-users] Reverse proxy is not responding

Hi Amos I have run the command of "squid -k parse" and attached output in the config file link Config file URL https://goo.gl/Q4a749 -- *Confidentiality Disclaimer:* This e-mail and any attachments are confidential and intended solely for the intended addressee and may also be privileged or e

Re: [squid-users] Reverse proxy is not responding

Hi Amos I have removed *. dashboard and also timetable which is not in use. I have added the accel after port number and removed vhost as per your advice. Can you check the file now, am I good to go. I have not yet run the query "squid -k parse" , later will run it and update you on the outcome.

Re: [squid-users] Reverse proxy is not responding

On 19/03/18 11:22, Kiru Pananthan wrote: > Hi Amos > > Thanks for your time and the information you shared, Great. I Have > modified the line you have requested to remove, but few other points you > have highlighted I am unsure about it, as I am new to squid and coding, > can you please correct me

Re: [squid-users] Reverse proxy is not responding

Hi Amos Thanks for your time and the information you shared, Great. I Have modified the line you have requested to remove, but few other points you have highlighted I am unsure about it, as I am new to squid and coding, can you please correct me on my question if possible. 1. I have removed the d

Re: [squid-users] Reverse proxy is not responding

On 19/03/18 03:22, Kiru Pananthan wrote: > Hi Amos > > Thanks for your reply, > > I have restarted the squid service using the command # > /etc/init.d/squid3 restart and also reboot the Linux server too. but > still, the problem exists. > * > * > I have removed the empty and # command line in the

Re: [squid-users] Reverse proxy is not responding

Hi Amos Thanks for your reply, I have restarted the squid service using the command # /etc/init.d/squid3 restart and also reboot the Linux server too. but still, the problem exists. I have removed the empty and # command line in the document for your review. can you please check now and provide

Re: [squid-users] Reverse proxy is not responding

On 19/03/18 01:48, Kiru Pananthan wrote: > Hi Amos > > Thanks for your reply, here I have attached the squid config file link > for your view, do I need to clear the squid cache in the squid server > for it works? You do not have any persistent cache enabled on that proxy. Restarting the proxy is

Re: [squid-users] Reverse proxy is not responding

Hi Amos Thanks for your reply, here I have attached the squid config file link for your view, do I need to clear the squid cache in the squid server for it works? Config file url https://goo.gl/Q4a749 -- *Confidentiality Disclaimer:* This e-mail and any attachments are confidential and intende

Re: [squid-users] Reverse proxy is not responding

On 18/03/18 00:22, Kiru Pananthan wrote: > Dear Team > > squid  3.1.20 reverse proxy server running on Linux Debian, This has > been set up a few years before and working fine. > > Recently we are planning to host a new site on our local windows server > and setup for external access using squid

[squid-users] Reverse proxy is not responding

Dear Team squid 3.1.20 reverse proxy server running on Linux Debian, This has been set up a few years before and working fine. Recently we are planning to host a new site on our local windows server and setup for external access using squid proxy, so we tried to modify by adding the new site inf

[squid-users] reverse proxy HTTPS

Hello friends, I am using squid 4.0.18. It works for reverse proxy HTTP. Now I need to make HTTPS. I am not sure configure squid server and ssl keys. If you have any pointer or procedures in Ubuntu 16.04, please let me know. Thanks for your reponse. Best regards Sothy

Re: [squid-users] Reverse proxy with HTTPS

On 03/03/2017 08:41 AM, sothy shan wrote: > On Fri, Mar 3, 2017 at 4:29 PM, Alex Rousskov wrote: > > On 03/03/2017 04:59 AM, Matus UHLAR - fantomas wrote: > > On 03.03.17 10:02, sothy shan wrote: > >> I am trying to test reverse proxy with HTTPS. For example, client makes > >> HTT

Re: [squid-users] Reverse proxy with HTTPS

On 4/03/2017 4:58 a.m., sothy shan wrote: > I changed the configuration > > http_port 192.168.1.69:80 accel defaultsite=www.A.com > cache_peer 192.168.1.31 parent 80 0 no-query originserver > > > http_access allow all > +++

Re: [squid-users] Reverse proxy with HTTPS

On Fri, Mar 3, 2017 at 4:55 PM, Amos Jeffries wrote: > On 4/03/2017 3:53 a.m., sothy shan wrote: > > On Fri, Mar 3, 2017 at 2:56 PM, Matus UHLAR - fantomas < > uh...@fantomas.sk> > > wrote: > > > >> On 03.03.17 10:02, sothy shan wrote: > > > I am trying to test reverse proxy with HTTPS.

Re: [squid-users] Reverse proxy with HTTPS

On 4/03/2017 3:53 a.m., sothy shan wrote: > On Fri, Mar 3, 2017 at 2:56 PM, Matus UHLAR - fantomas > wrote: > >> On 03.03.17 10:02, sothy shan wrote: > I am trying to test reverse proxy with HTTPS. For example, client makes > HTTPS request to squid server which make another HTTPS req

Re: [squid-users] Reverse proxy with HTTPS

On Fri, Mar 3, 2017 at 4:29 PM, Alex Rousskov < rouss...@measurement-factory.com> wrote: > On 03/03/2017 04:59 AM, Matus UHLAR - fantomas wrote: > > On 03.03.17 10:02, sothy shan wrote: > >> I am trying to test reverse proxy with HTTPS. For example, client makes > >> HTTPS request to squid server

Re: [squid-users] Reverse proxy with HTTPS

On 03/03/2017 04:59 AM, Matus UHLAR - fantomas wrote: > On 03.03.17 10:02, sothy shan wrote: >> I am trying to test reverse proxy with HTTPS. For example, client makes >> HTTPS request to squid server which make another HTTPS request to web >> server. > what point does this have, except disabling

Re: [squid-users] Reverse proxy with HTTPS

On Fri, Mar 3, 2017 at 2:56 PM, Matus UHLAR - fantomas wrote: > On 03.03.17 10:02, sothy shan wrote: >>> I am trying to test reverse proxy with HTTPS. For example, client makes HTTPS request to squid server which make another HTTPS request to web server. >>> > On Fri, Mar 3, 2

Re: [squid-users] Reverse proxy with HTTPS

On 03.03.17 10:02, sothy shan wrote: I am trying to test reverse proxy with HTTPS. For example, client makes HTTPS request to squid server which make another HTTPS request to web server. On Fri, Mar 3, 2017 at 12:59 PM, Matus UHLAR - fantomas wrote: what point does this have, except disablin

Re: [squid-users] Reverse proxy with HTTPS

On Fri, Mar 3, 2017 at 12:59 PM, Matus UHLAR - fantomas wrote: > On 03.03.17 10:02, sothy shan wrote: > >> I am trying to test reverse proxy with HTTPS. For example, client makes >> HTTPS request to squid server which make another HTTPS request to web >> server. >> > > what point does this have,

Re: [squid-users] Reverse proxy with HTTPS

On 03.03.17 10:02, sothy shan wrote: I am trying to test reverse proxy with HTTPS. For example, client makes HTTPS request to squid server which make another HTTPS request to web server. what point does this have, except disabling client certificates? -- Matus UHLAR - fantomas, uh...@fantomas.

[squid-users] Reverse proxy with HTTPS

Hello, I am trying to test reverse proxy with HTTPS. For example, client makes HTTPS request to squid server which make another HTTPS request to web server. To test the scenario, what setup I need to do? If u have any document , please share me or point me key step. However, after reading on web,

Re: [squid-users] Reverse proxy for HTTPS cloudfront server

From what I can tell the SNI is not added for cache peers. In Ssl::PeerConnector::initializeSsl if "peer" is set then the call to Ssl::setClientSNI is skipped. Also the SSL context doesn't have the hostname or a callback set, and sslCreateClientContext doesn't appear to be able to set it either. I

Re: [squid-users] Reverse proxy for HTTPS cloudfront server

openssl test to reproduce the error: openssl s_client -connect www.coursera.org:443 - FAILS (Testing with cousera since it is also hosted on cloudfront, and uses TLS/SNI) CONNECTED(0003) 140225331586752:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt

Re: [squid-users] Reverse proxy for HTTPS cloudfront server

On 14/02/2017 4:40 a.m., Philip Munaawa wrote: > I am trying to reverse proxy a site hosted on cloudfront, using the normal > https_port accel. I have the key/cert pair for the origin. The cloudfront > uses TLS/SNI to negotiate an SSL connection. However, when I try to connect > through the proxy,

[squid-users] Reverse proxy for HTTPS cloudfront server

I am trying to reverse proxy a site hosted on cloudfront, using the normal https_port accel. I have the key/cert pair for the origin. The cloudfront uses TLS/SNI to negotiate an SSL connection. However, when I try to connect through the proxy, I get the error below in the logs: Error negotiating S

Re: [squid-users] Reverse proxy: session expired in 15 minutes

On Tuesday 15 Dec 2015 at 13:02, Roberto Carna wrote: > Development team say that a session is conformed by cookies, and the > expiration time defined is 3 hours. Squid will not change the content of the cookies (although it's possible it could remove them, depending on the configuration). Does

Re: [squid-users] Reverse proxy: session expired in 15 minutes

On 16/12/2015 2:02 a.m., Roberto Carna wrote: > Development team say that a session is conformed by cookies, and the > expiration time defined is 3 hours. Squid has nothing to do with Cookie headers. Except to ensure that they are erased from cached responses as per the Cookie requirements. Amos

Re: [squid-users] Reverse proxy: session expired in 15 minutes

Development team say that a session is conformed by cookies, and the expiration time defined is 3 hours. 2015-12-15 9:32 GMT-03:00 Antony Stone : > On Tuesday 15 Dec 2015 at 11:39, Roberto Carna wrote: > >> Dear, we have a Squid3 as reverse proxy with default configuration. >> >> We have a domain

Re: [squid-users] Reverse proxy: session expired in 15 minutes

On Tuesday 15 Dec 2015 at 11:39, Roberto Carna wrote: > Dear, we have a Squid3 as reverse proxy with default configuration. > > We have a domain pointed to a web server. In this server the user > session expiration is setup in 3 hs, but each 15 minutes the session > expires. What is your definit

Re: [squid-users] Reverse proxy: session expired in 15 minutes

I add that the main line in squid3.conf is: cache_peer 10.10.1.10 parent 80 0 no-query originserver login=PASS name=SiteXXX Thanks again. 2015-12-15 8:39 GMT-03:00 Roberto Carna : > Dear, we have a Squid3 as reverse proxy with default configuration. > > We have a domain pointed to a web server.

[squid-users] Reverse proxy: session expired in 15 minutes

Dear, we have a Squid3 as reverse proxy with default configuration. We have a domain pointed to a web server. In this server the user session expiration is setup in 3 hs, but each 15 minutes the session expires. At this time, we are not sure about the origin of the session expiration. Taking into

Re: [squid-users] reverse proxy setup

On 12/12/2015 4:07 p.m., Alex Samad wrote: > Hi > > I'm thinking it is outlook not being able to talk tls1.1 and/or tls > 1.2 to squid. I am in the process of patching up my test box. > > By ignoring that, I mean the reason its there is that outlook tried to > talk tls1 to it whilst I had tls1 tu

Re: [squid-users] reverse proxy setup

Hi I'm thinking it is outlook not being able to talk tls1.1 and/or tls 1.2 to squid. I am in the process of patching up my test box. By ignoring that, I mean the reason its there is that outlook tried to talk tls1 to it whilst I had tls1 turned off A On 11 December 2015 at 15:50, Amos Jeffries

Re: [squid-users] reverse proxy setup

On 11/12/2015 4:52 p.m., Alex Samad wrote: > Hi > > > Is there any way to remove these from the log > > kid1| Error negotiating SSL connection on FD 38: error:140760FC:SSL > routines:SSL23_GET_CLIENT_HELLO:unknown protocol (1/-1) > > this is the corrosponding squid config > options=NO_SSLv2:NO_

[squid-users] reverse proxy setup

Hi Is there any way to remove these from the log kid1| Error negotiating SSL connection on FD 38: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol (1/-1) this is the corrosponding squid config options=NO_SSLv2:NO_SSLv3:NO_TLSv1:SINGLE_DH_USE:CIPHER_SERVER_PREFERENCE Not I do

Re: [squid-users] Reverse proxy caching from SSL cache_peer depending on urlpath_regex

On 9/10/2015 11:42 a.m., Manuel wrote: > Hi, > > I am thinking about the idea of using Squid as a reverse proxy on https > (also on http), doing some caching and connecting to a SSL cache_peer and a > non SSL cache_peer depending on the address (e.g. login related addresses > would use the SSL cac

[squid-users] Reverse proxy caching from SSL cache_peer depending on urlpath_regex

Hi, I am thinking about the idea of using Squid as a reverse proxy on https (also on http), doing some caching and connecting to a SSL cache_peer and a non SSL cache_peer depending on the address (e.g. login related addresses would use the SSL cache_peer). The goal is to make faster the browsing

Re: [squid-users] Reverse Proxy translate public domain to internal path

Hi Amos, thanks for the information. Do I need to rewrite all requests from "site1.example.com" to "site1.example.com/test" in this case? -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Reverse-Proxy-translate-public-domain-to-internal-path-tp4671854p4671856

Re: [squid-users] Reverse Proxy translate public domain to internal path

On 24/06/2015 12:32 a.m., sqca wrote: > Hi folks, > > I have started to use Squid 3.5.5 to implement a reverse proxy for multiple > webservers. Some of them are publishing multiple websites on the same port > so I need to do the following: > Publish "site1.example.com" via Squid which points at 19

[squid-users] Reverse Proxy translate public domain to internal path

Hi folks, I have started to use Squid 3.5.5 to implement a reverse proxy for multiple webservers. Some of them are publishing multiple websites on the same port so I need to do the following: Publish "site1.example.com" via Squid which points at 192.168.0.1:8080/test Publish "site.example.com" via

Re: [squid-users] Reverse Proxy and SSL client side renegotiation

On 8/05/2015 10:46 p.m., Jakob Curdes wrote: > Hello all, I have configured squid 3.3.8 (CentOS 7 rpm) as an SSL > reverse proxy which works fine. However, I would like to make it as > secure as possible. The SSLLabs test showed > "Secure Client-Initiated Renegotiation *Supported* *DoS DANGER* (mor

[squid-users] Reverse Proxy and SSL client side renegotiation

Hello all, I have configured squid 3.3.8 (CentOS 7 rpm) as an SSL reverse proxy which works fine. However, I would like to make it as secure as possible. The SSLLabs test showed "Secure Client-Initiated Renegotiation *Supported* *DoS DANGER* (more info

Re: [squid-users] Reverse Proxy Funny Logging Issue

On 14/03/2015 5:19 a.m., dweimer wrote: >> >> Last night I applied the FreeBSD 10.1-RELEASE-p6 Update and Upgraded >> the ports which included Squid 3.4.12, I enabled the LAX HTTP option >> in the ports configuration with adds the --enable-http-violations >> compile option. With the intention to en

Re: [squid-users] Reverse Proxy Funny Logging Issue

On 03/12/2015 10:31 am, dweimer wrote: On 01/23/2013 10:39 pm, Amos Jeffries wrote: On 24/01/2013 4:13 a.m., dweimer wrote: On 2013-01-23 08:40, dweimer wrote: On 2013-01-22 23:30, Amos Jeffries wrote: On 23/01/2013 5:34 a.m., dweimer wrote: I just upgraded my reverse proxy server last night

Re: [squid-users] Reverse Proxy Funny Logging Issue

On 13/03/2015 4:31 a.m., dweimer wrote: > On 01/23/2013 10:39 pm, Amos Jeffries wrote: >> On 24/01/2013 4:13 a.m., dweimer wrote: >>> On 2013-01-23 08:40, dweimer wrote: On 2013-01-22 23:30, Amos Jeffries wrote: > On 23/01/2013 5:34 a.m., dweimer wrote: >> I just upgraded my reverse pr

Re: [squid-users] Reverse Proxy Funny Logging Issue

On 01/23/2013 10:39 pm, Amos Jeffries wrote: On 24/01/2013 4:13 a.m., dweimer wrote: On 2013-01-23 08:40, dweimer wrote: On 2013-01-22 23:30, Amos Jeffries wrote: On 23/01/2013 5:34 a.m., dweimer wrote: I just upgraded my reverse proxy server last night from 3.1.20 to 3.2.6, all is working we

Re: [squid-users] reverse-proxy with client certificates pass-thru

On 17/02/15 11:34, Amos Jeffries wrote: > There is splice mode in 3.5. Which is to say "dont bump that traffic". If you have a reverse-proxy between a client and backend server and the backend server insists on seeing the client cert, then I think at best squid is simply a tcp forwarder (ie splice

Re: [squid-users] reverse-proxy with client certificates pass-thru

On 17/02/2015 3:16 a.m., Martin Fuchs wrote: > Hi ! > > > > I'm looking for a possibility to tell squid to pass a certificate presented > by the client to a cache peer. > > Since i did not find anything, i decided to ask here ;-) > > I saw that it's possibe to let squid pass a client crtifica

[squid-users] reverse-proxy with client certificates pass-thru

Hi ! I'm looking for a possibility to tell squid to pass a certificate presented by the client to a cache peer. Since i did not find anything, i decided to ask here ;-) I saw that it's possibe to let squid pass a client crtificate tot he cache peer, but this would not work for out purposes.

Re: [squid-users] Reverse proxy through a parent proxy

On 24/01/2015 8:14 a.m., Micah Parrish wrote: > Squid 3.1+RHEL6.5. > > I'd like to reverse proxy a linux distro repository, but I am stuck > behind a corporate web proxy which I do not control. The only way this can work is if the parent proxy is explicitly configured with a source to relay the t

[squid-users] Reverse proxy through a parent proxy

Squid 3.1+RHEL6.5. I'd like to reverse proxy a linux distro repository, but I am stuck behind a corporate web proxy which I do not control. This is how I accelerate an internal mirror, and it works well: http_port 80 accel defaultsite=myhostname.company.com cache_peer internal.repo.comany.c