On 2/06/2016 6:33 p.m., Peter Viskup wrote:
> Hello all,
> just wondering whether it is possible to perform SSLBump/SSLSplit for
> non-HTTPs connections. At the moment we are interested in FTPs.
Only protocols supported for regular proxying by Squid can be
SSL-Bumped. There is no point in doing it
On 2/06/2016 7:29 a.m., Nilesh Gavali wrote:
> hello;
> where can I define below -
>
> KRB5_KTNAME=/etc/squid3/PROXY.keytab
> export KRB5_KTNAME
>
> Thanks & Regards
> Nilesh Suresh Gavali
>
Usually in the init scripts of relevant programs that use it.
PS. please stop quoting the entire daily
On 25/05/2016 8:26 a.m., Heiler Bemerguy wrote:
>
> If you connect to squid and ask it to get a file on a server which
> accepts the tcp connection but won't reply anything, the connection will
> never timeout.
>
> Like this: (client side)
>
> GET http://10.1.4.60:8080/pehasuzyjireohwwlik.txt HT
So.. with store_miss I could make squid store only some types of vary?
Wouldn't it "fix" the vary loop "bug" without messing with sources?
--
Best Regards,
Heiler Bemerguy
Network Manager - CINBESA
55 91 98151-4894/3184-1751
Em 08/06/2016 03:31, Amos Jeffries escreveu:
entry->mem_obj->var
Hum.. Amos, that store_miss would just make the object with that Vary
header to not be cached, right?
I've just tested it. But I think we need to choose what types of Vary
are valid/usable or not.
Reading the source code since yesterday, I made a patch that seems to
fix my vary loop proble
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
# Clean up Vary to increase caching
reply_header_access Vary deny all
reply_header_replace Vary Accept-Encoding
Hmmm? ;)
08.06.2016 22:02, Heiler Bemerguy пишет:
>
>
> Hum.. Amos, that store_miss would just make the object with that Vary
header
On 9/06/2016 4:02 a.m., Heiler Bemerguy wrote:
>
> Hum.. Amos, that store_miss would just make the object with that Vary
> header to not be cached, right?
It will prevent caching for any object using a Vary which matches any of
the ACLs regex patterns. The patterns being ones which match the head
On 9/06/2016 4:03 a.m., Yuri Voinov wrote:
>
> # Clean up Vary to increase caching
> reply_header_access Vary deny all
> reply_header_replace Vary Accept-Encoding
>
> Hmmm? ;)
>
Mangling the outgoing headers sent to the client so they no longer
describe the payload/content correctly will not he
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Ok, Amos.
How to correctly normalize headers?
I.e., to strip User-Agent, for example?
08.06.2016 23:02, Amos Jeffries пишет:
> On 9/06/2016 4:03 a.m., Yuri Voinov wrote:
>>
>> # Clean up Vary to increase caching
>> reply_header_access Vary deny
On 9/06/2016 5:06 a.m., Yuri Voinov wrote:
>
> Ok, Amos.
>
> How to correctly normalize headers?
>
> I.e., to strip User-Agent, for example?
Normalize what and how exactly? it differs by header.
Stripping UA header from outbound traffic is done with
request_header_access. (hint: not reply_...)
deny those will help
Strict-Transport-Security
Alternate-Protocol
alternate-protocol <--- i seen lower case duno if squid handel tha or we
shuld deny both
Alt-Svc
alt-svc
X-Firefox-Spdy
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Vary-object-loop-ret
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Alternate-Protocol - agreed. With both directions, for request and replies.
Alt-Svc -can be discussed.
X-Firefox-Spdy - can be discussed.
08.06.2016 22:47, joe пишет:
> deny those will help
>
> Strict-Transport-Security
> Alternate-Protocol
> a
On 7/06/2016 10:48 p.m., Yuri Voinov wrote:
>
>
>
> 07.06.2016 16:36, Amos Jeffries пишет:
>> On 7/06/2016 8:48 p.m., Yuri Voinov wrote:
>>>
>>> 07.06.2016 4:57, Amos Jeffries пишет:
On 7/06/2016 5:55 a.m., Yuri Voinov wrote:
>
> So.
>
> Squid DOES NOT and DON'T BE support g
Of course it would be nice if we could configure which Vary elements we
wanna store/use. But I'm afraid store_miss won't do this.
With this conf you're not caching any object that has any Vary elements
that's not "accept-encoding", right?
--
Best Regards,
Heiler Bemerguy
Network Manager -
Hi,
I've been using a few years ago squid+dansguardian. But nowadays, DG is not
maintained anymore. I know that exists squidGuard, ufdbGuard, and
e2guardian.
Features should be:
- Blocking https url's
- Not need of interception. is that possible?
- Simple for configure and good perfomance
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
AFAIK ufdbguard has no alternative.
09.06.2016 2:05, Sergio Belkin пишет:
> Hi,
>
> I've been using a few years ago squid+dansguardian. But nowadays, DG
is not maintained anymore. I know that exists squidGuard, ufdbGuard, and
e2guardian.
>
> Feat
On 06/08/2016 05:05 PM, Sergio Belkin wrote:
Hi,
I've been using a few years ago squid+dansguardian. But nowadays, DG is not
maintained anymore. I know that exists squidGuard, ufdbGuard, and e2guardian.
Features should be:
- Blocking https url's
Blocking HTTPS URLs is easy.
However, provi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I confirm.
I've replaced squidGuard with ufdbguard significantly long time ago and
uses it in production. With SSL Bump.
It's very fast, has not unlimited memory consumption. And - this is
important - has client-server model.
09.06.2016 2:37, M
We have many satisfied subscribers who use our blacklists with ufdbguard
as their primary content filter and they seem to be quite satisfied.
Of course we are going to promote our services, but to be forthright
with a response,
UfdbGuard seems to have gained quite a lot of traction and there
2016-06-08 17:37 GMT-03:00 Marcus Kool :
>
>
> On 06/08/2016 05:05 PM, Sergio Belkin wrote:
>
>> Hi,
>>
>> I've been using a few years ago squid+dansguardian. But nowadays, DG is
>> not maintained anymore. I know that exists squidGuard, ufdbGuard, and
>> e2guardian.
>>
>> Features should be:
>>
>>
On 06/08/2016 05:54 PM, Sergio Belkin wrote:
- Not need of interception. is that possible?
It depends. If you support smartphones, you most likely need interception
since not all apps can be configured to use a proxy.
With only desktops, interception is not required but
Hey Sergio,
There are couple approaches to content filtering in the Linux world and in
other spaces.
Squid is open source and gives a lot but there are other ideas and ways to
perform content filtering.
Squid was designed for caching and does things in a specific way while other
solution m
2016-06-08 19:07 GMT-03:00 Marcus Kool :
>
>
> On 06/08/2016 05:54 PM, Sergio Belkin wrote:
>
>>
>> - Not need of interception. is that possible?
>>
>> It depends. If you support smartphones, you most likely need
>> interception since not all apps can be configured to use a proxy.
2016-06-08 19:09 GMT-03:00 Eliezer Croitoru :
> Hey Sergio,
>
>
>
> There are couple approaches to content filtering in the Linux world and in
> other spaces.
>
> Squid is open source and gives a lot but there are other ideas and ways to
> perform content filtering.
>
> Squid was designed for cach
here is error when i run squid :
2016/06/08 18:48:29 kid2| commBind: Cannot bind socket FD 782 to [::]: (2) No
such file or directory
2016/06/08 18:48:29 kid1| HTCP Disabled.
2016/06/08 18:48:29 kid1| Squid plugin modules loaded: 0
2016/06/08 18:48:29 kid1| Adaptation support is off.
2016/06/08 18
On 06/08/2016 07:53 PM, Sergio Belkin wrote:
Thanks Eliezer, good summary. I've changed the subject to reflect better the
issue. As far I undestand from documention one can bump https only by
interception.
No. ssl-bump works very well with regular proxy mode, i.e. the browsers
configure
Hey Sergio,
It depends on couple aspects of the setup.
The basic rule is that in the case you require authentication you are required
to use a configured proxy and without Interception.
For SSL BUMP to work you need the clients to either access the proxy directly
or to Intercept their conne
Hey Ahmed,
Have you tried my RPMs for CentOS 7?
The latest version is 3.5.19 which is far more advanced then 3.5.2 and it works
for me..
This issue you mentioned has lots of references in the mailing list history.
I assume it's a simple issue.
If you can try my RPMs and verify that you get
HSC ISS FREE
www.issfree.com
;-)
__
Rômulo Giordani Boschetti
IT Analyst - HSC Brasil
telefone 55 (51) 3 216-7007 – Porto Alegre
telefone 55 (11) 3522-8191 – São Paulo
fax : 55 (51) 3 216-7001
site: www.hscbrasil.com
On 9/06/2016 7:00 a.m., Heiler Bemerguy wrote:
>
> Of course it would be nice if we could configure which Vary elements we
> wanna store/use. But I'm afraid store_miss won't do this.
>
Proxy does not get to pick and choose what algorithm the server already
used for producing the variant. Vary do
30 matches
Mail list logo
