Hallo squid-users,
i migrated our Proxy from 3.1.20 to 3.4.8. Here are the changes I made:
I commented out:
#acl manager proto cache_object
#acl localhost src 127.0.0.1/32 ::1
#acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
And added the following entry:
http_port xxx.xxx.xxx.xxx.:3129 intercep
On Tue, 2015-06-09 at 21:39 +0200, Klavs Klavsen wrote:
> Amos Jeffries wrote on 2015-06-09 17:10:
> [CUT]
> > You have to first configure ssl_bump in a way that lets Squid receive
> > the clientHello message (step1 -> peek) AND the serverHello message
> > (step2 -> peek). Then you can use those c
Hi again,
I finally had some time to get back into this, been a busy couple weeks. I
compiled squid with the "--with-openssl --enable-ssl-crtd" you mentioned, and
now things seem to be working better with ssl::servername. But for some reason
I can't get HTTPS traffic to get a cert from squid. A
Sorry for the noise - I figured it out.
HTTPS was completely dead which made me wonder if squid was working properly.
It turns out I had some folder permission issues. I needed to chmod -R 777
/var/lib/ssl_db. I guess lack of permissions to that directory caused cert
generation to fail and HTT
On 10/06/15 06:39, Diercks, Frank (VRZ Koblenz) wrote:
Hallo squid-users,
i migrated our Proxy from 3.1.20 to 3.4.8. Here are the changes I made:
why going to 3.4 if it's already 'old' code ? Why not going
straight to 3.5 which is the current release ?
--
Atenciosamente /
On 10/06/2015 9:39 p.m., Diercks, Frank (VRZ Koblenz) wrote:
> Hallo squid-users,
>
> i migrated our Proxy from 3.1.20 to 3.4.8. Here are the changes I made:
>
> I commented out:
> #acl manager proto cache_object
> #acl localhost src 127.0.0.1/32 ::1
> #acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
On 10/06/2015 5:24 a.m., Michael Pelletier wrote:
> Hello,
>
> I am getting these errors on 3.5.5 any ideas? Here is my build configuration
>
Please try with the latest 3.5 snapshot. There is a pinning related
patch there which may help.
Amos
___
squ
On 10/06/2015 4:46 p.m., dkandle wrote:
> I would like to be able to inspect traffic from my android device. I have a
> transparent squid proxy working with SSL bump (using WiFi to get traffic
> through my proxy server). Everything works fine as long as I go through a
> browser. But I would like to
On 2015-06-10 10:22 AM, Amos Jeffries wrote:
On 10/06/2015 4:46 p.m., dkandle wrote:
I would like to be able to inspect traffic from my android device. I
have a
transparent squid proxy working with SSL bump (using WiFi to get
traffic
through my proxy server). Everything works fine as long as I
2015-06-10 19:28, James Lay yazmış:
On 2015-06-10 10:22 AM, Amos Jeffries wrote:
On 10/06/2015 4:46 p.m., dkandle wrote:
I would like to be able to inspect traffic from my android device. I
have a
transparent squid proxy working with SSL bump (using WiFi to get
traffic
through my proxy server)
Amos , it worked great from other paid proxy
Can you help plz ?
I used proxy 186.93.127.34:8080
And it worked !!
Can you assit me plz ?
Subject: RE: [squid-users] TCP_MISS/403 353 HEAD text/plain Error help !!
Hi Amos thanks for explanation
But the issue is it works fine from other pai
Hello everyone, I just have a quick question
Is there any difference in how Squid 3.5 measures DNS Service Time
compared to 2.7 branch?
We monitor this value using SNMP and it has been nearly 0 for months,
but after the upgrade it went up to 6ms (with 8ms peaks)
All other Service times have var
OK. I went back to 3.4.13 for prod. I will try upgrading one proxy this
weekend.
On Wed, Jun 10, 2015 at 12:11 PM, Amos Jeffries
wrote:
> On 10/06/2015 5:24 a.m., Michael Pelletier wrote:
> > Hello,
> >
> > I am getting these errors on 3.5.5 any ideas? Here is my build
> configuration
> >
>
> Pl
On 11/06/2015 2:50 p.m., snakeeyes wrote:
>
> Amos , it worked great from other paid proxy
> Can you help plz ?
>
> I used proxy186.93.127.34:8080
>
> And it worked !!
>
> Can you assit me plz ?
>
I cant with the data available sorry. You will have to find out what
that other proxy is do
Hi all, it's me again, just a simple question
I've configured an squid 2.7 with ntlm auth and i want to let some AD users
to listen spotify
My problem is that spotify streaming is being blocked by squid to this
group and idk why. Maybe another syntax problem?
here's my squid.conf
On 11/06/2015 5:16 a.m., Sebastian Goicochea wrote:
> Hello everyone, I just have a quick question
> Is there any difference in how Squid 3.5 measures DNS Service Time
> compared to 2.7 branch?
> We monitor this value using SNMP and it has been nearly 0 for months,
> but after the upgrade it went u
FYI access.log
1433958220.321227 192.168.27.81 TCP_MISS/504 0 CONNECT
wevhbpyvhx.spotilocal.com:4370 proxyvipstr DIRECT/127.0.0.1 -
1433958220.421 2 192.168.27.81 TCP_MISS/504 0 CONNECT
wevhbpyvhx.spotilocal.com:4371 proxyvipstr DIRECT/127.0.0.1 -
1433958220.595 3 192.168.27.81 TCP_M
On 11/06/2015 5:39 a.m., Jonathan Filogna wrote:
> Hi all, it's me again, just a simple question
>
> I've configured an squid 2.7 with ntlm auth and i want to let some AD users
> to listen spotify
>
> My problem is that spotify streaming is being blocked by squid to this
> group and idk why. May
Ty Amos.
one more question
if i run apt-get install squid3 on my debian server, i must change some
lines like http_body_reply. But i can conserve my old squid.conf right?
I meant, how can i upgrade succesfully?
should i start the installation from scratch?
This server's almost on production but
where saids http_body_reply should said reply_body_max_size
i'm so tired right now...i apologize
Jonathan
2015-06-10 15:39 GMT-03:00 Jonathan Filogna :
> Ty Amos.
>
> one more question
>
> if i run apt-get install squid3 on my debian server, i must change some
> lines like http_body_reply. But
On 08/06/15 08:10, Helmut Hullen wrote:
Hallo, Amos,
Du meintest am 08.06.15:
Under squid 3.4 (and many earlier versions) I use
url_rewrite_program /usr/bin/squidGuard
How must I change this line for squid 3.5?
You should not have to change the SG command line or configuration.
On 08/06/15 08:10, Helmut Hullen wrote:
Hallo, Amos,
Du meintest am 08.06.15:
Under squid 3.4 (and many earlier versions) I use
url_rewrite_program /usr/bin/squidGuard
How must I change this line for squid 3.5?
You should not have to change the SG command line or configuration.
On 11/06/2015 6:39 a.m., Jonathan Filogna wrote:
> Ty Amos.
>
> one more question
>
> if i run apt-get install squid3 on my debian server, i must change some
> lines like http_body_reply. But i can conserve my old squid.conf right?
>
Yes. The squid3 package will currently install a whole separa
i'll glad to sent you those errors
Amos, thank you so much for your attention and participation.
Jonathan
El 10/06/15 a las 16:25, Amos Jeffries escibió:
On 11/06/2015 6:39 a.m., Jonathan Filogna wrote:
Ty Amos.
one more question
if i run apt-get install squid3 on my debian server, i must ch
Hi Mate
I have this set on my squid.conf
but seems that this is obsolete so how can nicely convert that for that
version is true that log suggest
always_direct
hierarchy_stoplist cgi-bin ? .js .jsp
acl QUERY urlpath_regex cgi-bin \? .js .jsp
no_cache deny QUERY
2015/06/10 20:53:42| ERROR: Dir
Amos ,
Do u want me do for you more debug ??
thankx
-Original Message-
From: Amos Jeffries [mailto:squ...@treenet.co.nz]
Sent: Wednesday, June 10, 2015 10:28 AM
To: snakeeyes
Cc: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] TCP_MISS/403 353 HEAD text/plain Error help !!
All,
>From the docs at:
http://wiki.squid-cache.org/Features/SslPeekAndSplice
peek
step1, step2
Receive SNI and client
certificate (step1), or
server certificate
(step2) while preserving
the possibility of
splicing the connection.
Peeking at the server
certificate usually
precludes future bu
Hello,
I am attempting to patch the security issues from CVE-2014-7141 and
CVE-2014-7142 for Squid 3.1.23 using the 3.1 patch provided here:
http://www.squid-cache.org/Advisories/SQUID-2014_4.txt
However, I am running into the following error:
/builds/sachi/squid-component/components/squid/
Squid log says Permission denied for the file /etc/squid/mime.conf
While permission on it is
-rwxrwxrwx1 nobody root 11364 May 9 15:40 mime.conf
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.or
29 matches
Mail list logo
