On 22/11/17 23:48, Vieri wrote:
From: Amos Jeffries
If you place that after the default "deny CONNECT !SSL_ports", and
before your UA checks, AND if you are using ssl_bump on the allowed
tunnels then you can relatively safely use "allow CONNECT".
Just be caref
From: Amos Jeffries
>
> If you place that after the default "deny CONNECT !SSL_ports", and
> before your UA checks, AND if you are using ssl_bump on the allowed
> tunnels then you can relatively safely use "allow CONNECT".
>
> Just be careful that the CONNECT al
On 21/11/17 23:06, Vieri wrote:
From: Amos Jeffries
http_access allow goodAgents !baddomains (AND)
If the first line matches the allow happens.
otherwise deny happens
ie. goodAgents are only allowed to non-baddomains. All non-goodAgents
are denied to e
From: Amos Jeffries
>
> http_access allow goodAgents !baddomains (AND)
>
> If the first line matches the allow happens.
> otherwise deny happens
>
> ie. goodAgents are only allowed to non-baddomains. All non-goodAgents
> are denied to everything.
From this
On 20/11/17 21:45, Vieri wrote:
From: Alex Rousskov
You may be conflating two very different goals:
A) Understanding why Squid does X.
B) Configuring Squid to do what you want.
My response was focused on the former. Once you understand, you can
probably
From: Alex Rousskov
>
> You may be conflating two very different goals:
>
> A) Understanding why Squid does X.
> B) Configuring Squid to do what you want.
>
> My response was focused on the former. Once you understand, you can
> probably accomplish the latter o
On 18/11/17 04:27, Vieri wrote:
From: Alex Rousskov
1. Your "works" and "does not work" setups currently differ in at least
three variables: user agent name, slash after the user agent name, and
acl negation in http_access. Find out which single variable is
res
On 11/17/2017 08:27 AM, Vieri wrote:
> From: Alex Rousskov
>> 1. Your "works" and "does not work" setups currently differ in at least
>> three variables: user agent name, slash after the user agent name, and
>> acl negation in http_access. Find out which single variable is
>> responsible for the b
17.11.2017 21:27, Vieri пишет:
>
> From: Alex Rousskov
>> 1. Your "works" and "does not work" setups currently differ in at least
>> three variables: user agent name, slash after the user agent name, and
>> acl negation in http_access. Find out which single varia
From: Alex Rousskov
> 1. Your "works" and "does not work" setups currently differ in at least
> three variables: user agent name, slash after the user agent name, and
> acl negation in http_access. Find out which single variable is
> responsible for the breakage by
On 11/16/2017 01:44 AM, Vieri wrote:
> Let me rephrase my previous question "So why does my first example
> actually work even for https sites?" to "So why does my first example
> actually work even for https sites in an ssl-bumped setup (the same
> as in example 2)?"
AFAICT, there is not enough i
From: Amos Jeffries
>
> If you are decrypting the traffic, then it works as I said exactly the
> same as for HTTP messages.
>
> If you are not decrypting the traffic, but receiving forward-proxy
> traffic then you are probably blocking the CONNECT messages that
On 16/11/17 21:29, Vieri wrote:
From: Amos Jeffries
The following works:
acl denied_useragent browser Chrome
acl denied_useragent browser MSIE
acl denied_useragent browser Opera
acl denied_useragent browser Trident
[...]
http_access deny denied_useragent
htt
Let me rephrase my previous question "So why does my first example actually
work even for https sites?" to "So why does my first example actually work even
for https sites in an ssl-bumped setup (the same as in example 2)?"
___
squid-users mailing list
From: Amos Jeffries
>
>> The following works:
>>
>> acl denied_useragent browser Chrome
>> acl denied_useragent browser MSIE
>> acl denied_useragent browser Opera
>> acl denied_useragent browser Trident
>> [...]
>> http_access deny denied_useragent
>> http_reply_
On 16/11/17 00:18, Vieri wrote:
Hi,
I'm trying to block some user agents (I know it's easy to fake, but most users
won't try to fake that header value).
The following works:
acl denied_useragent browser Chrome
acl denied_useragent browser MSIE
acl denied_useragent browser Opera
acl denied_use
16 matches
Mail list logo
