On 4/10/2016 7:25 p.m., Egerváry Gergely wrote:
>>> 2016/10/03 17:08:03.233 kid1| Ip::Address::getInAddr : Cannot convert
>>> non-IPv4 to IPv4. IPA=[2001:738:7a00:a::14]:3128
>>
Okay your setup looks fine.
Apparently the IPFilter 5.1 code defines an 32-bit IPv4-only structure
for 64-bit IPv6 addr
On 01/10/2016 23:48, Egerváry Gergely wrote:
> Hi,
>
> Should "intercept" work with IPv6 on NetBSD 7-STABLE and IPFilter 5.1?
>
> I have the patch applied for kern/50198, and it's working fine with
> IPv4. I only get a connection reset by peer on IPv6.
I found the IPv4 bug and that PR and patch
Apparently the IPFilter 5.1 code defines an 32-bit IPv4-only structure
for 64-bit IPv6 addresses to be placed into. That was supposed to be
fixed in IPFilter 5.0.3.
Can you look through your system for code header files that define
"struct natlookup" and show me what they contain?
in sys/extern
On 4/10/2016 8:57 p.m., Egerváry Gergely wrote:
>> Apparently the IPFilter 5.1 code defines an 32-bit IPv4-only structure
>> for 64-bit IPv6 addresses to be placed into. That was supposed to be
>> fixed in IPFilter 5.0.3.
>>
>> Can you look through your system for code header files that define
>> "
> Is there another defined somewhere else? For some reason your Squid is
> managing to build with just "nl_inip" (no 'addr') in the field name.
There's a copy in /usr/include/netinet, but it's the same:
typedef struct natlookup {
i6addr_tnl_inipaddr;
i6addr_tnl_ou
All;
we have Squid proxy configured with Windows SSO with Kerberos which work
fine for WIndows AD users.
we have new requirement where one Linux application server need to access
Internet via squid proxy, we allowed Linux host access via ACL but getting
denied access error.
below is the configu
On Tuesday 04 October 2016 at 12:08:27, Nilesh Gavali wrote:
> All;
>
> we have Squid proxy configured with Windows SSO with Kerberos which work
> fine for WIndows AD users.
> we have new requirement where one Linux application server need to access
> Internet via squid proxy, we allowed Linux ho
ed. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
-- next part --
An HTML attachment was scrubbed...
URL: <
http://lists.squid-cache.o
On Tuesday 04 October 2016 at 12:28:44, Nilesh Gavali wrote:
> Hello Antony;
> I have double checked the current working configuration of my squid.conf
> and it has same settings which I posted earlier. somehow it is working for
> us.
I'm not saying the whole thing won't work; I'm saying there is
Eliezer,
Thankyou for your reply, I tried the following:
> Hey Luke,
>
> Try to use the next line instead:
> external_acl_type delay ttl=1 negative_ttl=0 cache=0 %SRC %SRCPORT %URI
> /tmp/delay.pl
>
> And see what happens.
But it's not introducing a delay into the response. Running strace ac
On 4/10/2016 10:52 p.m., Egerváry Gergely wrote:
>> Is there another defined somewhere else? For some reason your Squid is
>> managing to build with just "nl_inip" (no 'addr') in the field name.
>
> There's a copy in /usr/include/netinet, but it's the same:
>
> typedef struct natlookup {
>
Hi,
>> Whatever the reason,
>> for an end-user like me it seems that the XP client is able to
>> negotiate TLS correctly with Google and presumably using the cipher
>> DES-CBC3-SHA (maybe after failing with RC4-MD5 on a first attempt),
>> whereas Squid immediately fails with RC4-MD5. It doesn't ev
On 4/10/2016 11:36 p.m., Antony Stone wrote:
> On Tuesday 04 October 2016 at 12:28:44, Nilesh Gavali wrote:
>
>> Hello Antony;
>> I have double checked the current working configuration of my squid.conf
>> and it has same settings which I posted earlier. somehow it is working for
>> us.
>
> I'm n
On 4/10/2016 11:53 p.m., squid-us...@filter.luko.org wrote:
> Eliezer,
>
> Thankyou for your reply, I tried the following:
>
>> Hey Luke,
>>
>> Try to use the next line instead:
>> external_acl_type delay ttl=1 negative_ttl=0 cache=0 %SRC %SRCPORT %URI
>> /tmp/delay.pl
>>
>> And see what happens
> Aha. Damn macros.
>
> There are a few changes needed, for both v4/v6 inputs and 'realip'
> processing. This attached patch should be what you need for Squid-3.5 to
> work.
Getting closer, but still not there...
The browser client is 2001:738:7a00:a::a:d, the remote destination is
2001:4c48:2:2
Amos,
> This helper is the mechanism that we accepted. Anything else would be far
> less useful.
Makes sense.
> I think the results you are getting show that the http_status ACL is not
> working properly.
>
> Can you get a "debug_options 28,5" cache.log trace and see if
> "aclMatchHTTPStatus" i
On 5/10/2016 12:07 a.m., Vieri wrote:
> Hi,
>
>>> Whatever the reason, for an end-user like me it seems that the XP
>>> client is able to negotiate TLS correctly with Google and
>>> presumably using the cipher DES-CBC3-SHA (maybe after failing
>>> with RC4-MD5 on a first attempt), whereas Squid im
> Getting closer, but still not there...
Hah, we need to apply the kern/50198 patch to ipnat_6.c too.
--- ip_nat6.c.orig 2015-08-08 18:31:21.0 +0200
+++ ip_nat6.c 2016-10-04 14:04:21.0 +0200
@@ -2470,8 +2469,8 @@
}
}
On 5/10/2016 12:47 a.m., squid-users wrote:
> Amos,
>
>> This helper is the mechanism that we accepted. Anything else would be far
>> less useful.
>
> Makes sense.
>
>> I think the results you are getting show that the http_status ACL is not
>> working properly.
>>
>> Can you get a "debug_option
Finally I've managed to go on ftp.intel.com using FileZilla through my
squid gateway in standart (proxy) mode.
Squid conf:
ftp_port x.x.x.x 2122
Then I try to block FTP-Command and nothing happen. Some from my config:
acl rh req_header -i ^FTP-Command
http_access deny rh
http_access permit all
Thanks for quick replay,
I need to use my server, i configure my ip address in some software like
antivirus and ...
So, I want all of that working with my server ip address and for this
reason I cannot use torproxy or torproject.
I need a proxy server (squid) on my server ...
More details about 17
Hello,
I am trying to cache following deb files as its most requested file in
network. ( google chrome almost every few days many clients update it ).
http://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
http://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-beta_current_i386.
On 5/10/2016 1:16 a.m., Egerváry Gergely wrote:
>> Getting closer, but still not there...
>
> Hah, we need to apply the kern/50198 patch to ipnat_6.c too.
>
> --- ip_nat6.c.orig 2015-08-08 18:31:21.0 +0200
> +++ ip_nat6.c 2016-10-04 14:04:21.0 +0200
> @@ -2470,8 +2469,8 @@
On Tuesday 04 October 2016 at 14:51:13, Mehdi Yeganeh wrote:
> Thanks for quick replay,
> I need to use my server, i configure my ip address in some software like
> antivirus and ...
... and what?
I do not understand what antivirus software has to do with our discussion.
Please give details, d
On 04/10/2016 14:10, Amos Jeffries wrote:
> On 5/10/2016 1:16 a.m., Egerváry Gergely wrote:
>>> Getting closer, but still not there...
>>
>> Hah, we need to apply the kern/50198 patch to ipnat_6.c too.
>>
>> --- ip_nat6.c.orig 2015-08-08 18:31:21.0 +0200
>> +++ ip_nat6.c 2016-10-04 1
On 5/10/2016 2:05 a.m., Hardik Dangar wrote:
> Hello,
>
> I am trying to cache following deb files as its most requested file in
> network. ( google chrome almost every few days many clients update it ).
>
> http://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
> http://dl-ssl.
Hey Amos,
We have about 50 clients which downloads same google chrome update every 2
or 3 days means 2.4 gb. although response says vary but requested file is
same and all is downloaded via apt update.
Is there any option just like ignore-no-store? I know i am asking for too
much but it seems ver
Hi Amos;
Ok, we can discussed the issue in Two part 1. For Windows AD
Authentication & SSO and 2. Linux server unable to access via squid proxy.
For First point-
Requirement to have SSO for accessing internet via squid proxy and based
on user's AD group membership allow access to specific sites
Hey Amos,
after referring to one of your old posts i found, we can use
reply_header_replace
to replace headers. Is it possible to replace vary * header with something
appropriate?
or
i need to look at squid's source code to ignore vary header and recompile ?
On Tue, Oct 4, 2016 at 7:04 PM,
On 5/10/2016 2:34 a.m., Hardik Dangar wrote:
> Hey Amos,
>
> We have about 50 clients which downloads same google chrome update every 2
> or 3 days means 2.4 gb. although response says vary but requested file is
> same and all is downloaded via apt update.
>
> Is there any option just like ignore
> Thanks for the testing and feedback. I've applied this as part-2 of the
> bug 4302 updates. It will be in the next releases of 3.5 and 4.x.
you are the hero of the day, thank you very much!
--
Gergely EGERVARY
___
squid-users mailing list
squid-user
Wow, i couldn't think about that. google might need tracking data that
could be the reason they have blindly put vary * header. oh Irony, company
which talks to all of us on how to deliver content is trying to do such
thing.
I have looked at your patch but how do i enable that ? do i need to write
On 10/04/2016 05:18 AM, Amos Jeffries wrote:
> On 4/10/2016 11:53 p.m., squid-us...@filter.luko.org wrote:
>> Would the developers be open to adding a configuration-based throttle to
>> authentication responses
> This helper is the mechanism that we accepted. Anything else would be
> far less use
On 10/04/2016 06:24 AM, oleg gv wrote:
> Then I try to block FTP-Command and nothing happen. Some from my config:
>
> acl rh req_header -i ^FTP-Command
Wrong syntax. Please read req_header documentation carefully and try
something like:
acl rh req_header FTP-Command -i LIST
I also recommend
Sorry for my bad english,
I want to make a anonymous https & http proxy that pass through any
requests without decrypting or change them,
only change ip address from client ip to my server ip address and define ip
address of my websites that i want to access them from my client in
/etc/hosts,
so i
On Tuesday 04 October 2016 at 17:00:24, KR wrote:
> Hello Anthony, Yuri,
>
> It seems every line is commented out in the config?
Impossible - otherwise it couldn't generate the error message "FATAL: Bungled
/etc/squid/squid.conf line 3467: cache_dir rock /ssd3 ..."
Thta is telling you that lin
Thank you very much. It's my fault - wrote wrong ACL .
That'll do it! Yahooo! LIST , C.?D blocked ok.
2016-10-04 17:55 GMT+03:00 Alex Rousskov :
> On 10/04/2016 06:24 AM, oleg gv wrote:
>
> > Then I try to block FTP-Command and nothing happen. Some from my config:
> >
> > acl rh req_header -i ^
On Mon, 2016-10-03 at 11:33 -0600, Alex Rousskov wrote:
On 10/03/2016 04:50 AM, Jasper Van Der Westhuizen wrote:
This morning I had some problems with some of our proxies. 2 Proxies in
cluster A crashed with the below errors. The shortly afterwards 4 in
cluster B did the same. Both clusters ar
> On Oct 4, 2016, at 11:45 AM, Antony Stone
> wrote:
>
> On Tuesday 04 October 2016 at 17:00:24, KR wrote:
>
>> Hello Anthony, Yuri,
>>
>> It seems every line is commented out in the config?
>
> Impossible - otherwise it couldn't generate the error message "FATAL: Bungled
> /etc/squid/squid
I uncommented that line and now I get
Initializing the Squid cache with the command squid3 -f /etc/squid/squid.conf
-z ..
FATAL: Bungled /etc/squid/squid.conf line 3410: cache_dir rock /hdd1 ...
min-size=10
Squid Cache (Version 3.5.12): Terminated abnormally.
CPU Usage: 0.008 seconds = 0.00
On Tuesday 04 October 2016 at 19:43:21, KR wrote:
> > On Oct 4, 2016, at 11:45 AM, Antony Stone wrote:
> >
> > On Tuesday 04 October 2016 at 17:00:24, KR wrote:
> >> Hello Anthony, Yuri,
> >>
> >> It seems every line is commented out in the config?
> >
> > Impossible - otherwise it couldn't gen
Hi Amos;
Ok, we can discussed the issue in Two part 1. For Windows AD
Authentication & SSO and 2. Linux server unable to access via squid proxy.
For First point-
Requirement to have SSO for accessing internet via squid proxy and based
on user's AD group membership allow access to specific sites
so... any advice about this??
Thanks!
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Kerberos-appropriate-log-file-tp4679740p4679901.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
I do not know the correct terms to the problem I have.
I have some clients that use a program that tries to connect to:
https://neodecksoftware.com/NeoMedOnline/NeoMedOnlineService.svc
Went to the access.log and found the neodecksoftware.com is being
denied even that I have it in a whitelist fil
Just to confirm that I sent the email
Jose E Torres
939-777-4030
JET System Services
On Tue, Oct 4, 2016 at 4:41 PM, Jose Torres-Berrocal
wrote:
> I do not know the correct terms to the problem I have.
>
> I have some clients that use a program that tries to connect to:
> https://neodecksoftwa
Yes we can see your messages to the group..
While im responding, this doesnt adress you problem, but we have a free
whitelist that we maintain you may or may not be interested in, but its
quite a bit larger. No adult, and no torrent sites.
http://www.squidblacklist.org/downloads/whitelist.tx
> > I set this up as you suggested, then triggered a 407 response from the
> cache. It seems that way; I couldn't see aclMatchHTTPStatus or http-
> response-407 in the log:
> >
>
> Strange. I was sure Alex did some tests recently and proved that even
> internally generated responses get http_repl
On Tue, Oct 4, 2016 at 1:41 PM, Jose Torres-Berrocal <
jetsystemservi...@gmail.com> wrote:
> I do not know the correct terms to the problem I have.
>
> I have some clients that use a program that tries to connect to:
> https://neodecksoftware.com/NeoMedOnline/NeoMedOnlineService.svc
>
>
note that
On 10/04/2016 06:20 AM, Amos Jeffries wrote:
> On 5/10/2016 12:47 a.m., squid-users wrote:
>> I set this up as you suggested, then triggered a 407 response from
>> the cache. It seems that way; I couldn't see aclMatchHTTPStatus or
>> http-response-407 in the log
> Strange. I was sure Alex did s
On 10/04/2016 05:16 PM, Jok Thuau wrote:
> On Tue, Oct 4, 2016 at 1:41 PM, Jose Torres-Berrocal wrote:
>> I have some clients that use a program that tries to connect to:
>> https://neodecksoftware.com/NeoMedOnline/NeoMedOnlineService.svc
>> /var/squid/acl/whitelist.acl:
>> .ass
On 5/10/2016 4:42 a.m., Shark wrote:
> Sorry for my bad english,
>
> I want to make a anonymous https & http proxy that pass through any
> requests without decrypting or change them,
> only change ip address from client ip to my server ip address and define ip
> address of my websites that i want
51 matches
Mail list logo
