Sounds like a controlled at home environment
why not implement ssl bump ?
On 24 February 2016 at 00:40, Chris Horry wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
>
> On 2/23/2016 08:39, Antony Stone wrote:
>> On Tuesday 23 February 2016 at 13:57:52, Chris Horry wrote:
>>
>>> On 2/
from http://wiki.squid-cache.org/Features/SslPeekAndSplice
# Better safe than sorry:
# Terminate all strange connections.
ssl_bump splice serverIsBank
ssl_bump bump haveServerName
ssl_bump peek all
ssl_bump terminate all
I am not sure how haveServerName is constructed
I read this as
1) splice th
On 10 March 2016 at 14:17, Alex Rousskov
wrote:
>>
>> I am not sure how haveServerName is constructed
>
> It is up to the Squid admin.
Thanks for the replay to the other stuff
I'm the squid admin. I am presuming maybe wrongly that this is test to
see if squid has worked out a serverName.
___
Hi
running
rpm -qa squid
squid-3.5.14-1.el6.x86_64
doing a restart saw this
2016/03/10 14:36:28 kid1| Squid Cache (Version 3.5.14): Exiting normally.
FATAL: Received Segment Violation...dying.
2016/03/10 14:36:28 kid1| storeDirWriteCleanLogs: Starting...
in cache.log
and message log
Mar 10 14
Hi
i have
# Test src IPS
acl testIP src "/etc/squid/lists/noSSL-testip.lst"
# list of sites to splice only
acl spliceOnly_domain ssl::server_name "/etc/squid/lists/noSSL-spliceonly.lst"
acl spliceOnly_url urlpath_regex -i "/etc/squid/lists/noSSL-spliceonly-url.lst"
# for testing
# anything not
Hi
Looking at http://www.squid-cache.org/Doc/config/https_port/
I am trying to work out where I place intermediary CA certs.
I am setting up a reverse proxy setup, trying to terminate the SSL here.
cert= points to SSL certificate PEM file, this seems to be a public
and private combo file. can
Hi
I remember seeing some rules for caching microsoft updates. Is there
anything special to cache netflix ?
Alex
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Hi
I run 2 squid boxes, and I use pacemaker to float 2 VIP's between the 2 boxes.
Basically I just run squid on both and I create a VIP resource that
test if squid is running to allocate the VIP.
But this doesn't really give you load balancing. but very good resilience.
Pacemaker and Linux hav
Hi
I recently push my squid VM memory up to 65G
i pushed up squid usage (i thought) to 40G
squid.conf
cache_mem 40960 MB
cache.log
2015/06/18 22:12:33| Max Mem size: 41943040 KB
2015/06/18 22:12:33| Max Swap size: 177527808 KB
but it doesn't seem like its using it
free -g
tota
re downloading
them
On 19 June 2015 at 21:16, Eliezer Croitoru wrote:
> First goes first...
> Upgrade to 3.5 or 3.4 branch.
> Then try to use top or htop to get a snapshot of the virtual memory and
> resident memory that squid uses.
>
> Eliezer
>
> On 19/06/2015
Hi
UFS or AUFS ? guessing aufs
Any suggestions on the L1 L2 values, defaults ?
On 21 June 2015 at 11:57, Amos Jeffries wrote:
> On 20/06/2015 9:08 p.m., Alex Samad wrote:
>> Hi
>>
>> Are there any gotchas i need to look out for.
>> Also I have allocated a 1T lun to
Hi
why this, doesn't this block all traffic getting to the squid port.
iptables -t mangle -A PREROUTING -p tcp --dport $SQUIDPORT -j DROP
what I would do to test is run tcpdump on the squid box and capture
all traffic coming to it on the squid listening port, then go to a
test machine on the eth
aren't squid and nat box different ? that was my presumption..
On 25 June 2015 at 19:07, Amos Jeffries wrote:
> On 25/06/2015 12:45 p.m., Alex Samad wrote:
>> Hi
>>
>> why this, doesn't this block all traffic getting to the squid port.
>> iptables -
DoS for SQUID on another box, the only resources
I can think of is the NAT table, maybe conntrack
Alex
On 26 June 2015 at 22:49, Amos Jeffries wrote:
> On 27/06/2015 12:14 a.m., Alex Samad wrote:
>> aren't squid and nat box different ? that was my presumption..
>>
>
>
On 27 June 2015 at 16:33, Amos Jeffries wrote:
> On 27/06/2015 10:02 a.m., Alex Samad wrote:
>> Hi
>>
>> Sorry missing something here.
>>
>> I thought this was a mikrotek rtr , presumably acting as a default
>> gateway for the local lan to the interne
Thanks
On 29 June 2015 at 00:59, Eliezer Croitoru wrote:
> Hey list,
>
> I have created the new RPM's for CentOS 6 and 7 while not mentioning I also
> created the package for OracleLinux.(which was very annoy to find out that
> the download file from Oracle was not matching an ISO but something e
Hi
Thought I would re word what i got from this, see if I understood.
If squid and router (default gateway) are on the same box
then
DNAT to the SQUID listening port and local ip (Can you use localhost
suppose it doesn't matter)
else
router the packet to the SQUID box (if possible)
DNAT on the SQ
Hi
I want to get squid to not cache urls that terminate like this
updates/x86_64/repodata/repomd.xml
os/x86_64/repodata/repomd.xml
How do I organize that.
Having problems with old repmod.xml files making my yum updates fail..
Alex
___
squid-users mai
che deny nonCacheURL
A
On 26 August 2015 at 11:56, Alex Samad wrote:
> Hi
>
> I want to get squid to not cache urls that terminate like this
>
> updates/x86_64/repodata/repomd.xml
> os/x86_64/repodata/repomd.xml
>
> How do I organize that.
>
> Having problems wi
Hi
Sorry, answered my own question.
acl nonCacheURL urlpath_regex .*/x86_64/repodata/repomd.xml$
cache deny nonCacheURL
seems like "" makes it look for a file ?
On 26 August 2015 at 11:59, Alex Samad wrote:
> Hi
>
> Sorry add more info
>
> I have this alrea
Hi
I have squid setup to use
NTLM and then faill back to basic.
when it fails back to basic, my user put in
firstname.surname@a.b.c which fails.
if they put in firstname.surname it works
is there some way to get squid to strip off the @<.*>
also is there some way to change the info in the di
basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
On 2 September 2015 at 11:15, Amos Jeffries wrote:
> On 2/09/2015 11:50 a.m., Alex Samad wrote:
>> Hi
>>
>> I have squid setup to use
>> NTLM and then faill b
Would it be fair to say best practice is to get kerbose working in favour
of ntlm ?
On 21/10/2015 3:18 PM, "Amos Jeffries" wrote:
> On 2015-10-21 15:38, Ilias Clifton wrote:
>
>>
>>> On 20/10/2015 4:04 p.m., Ilias Clifton wrote:
>>> > Hi All,
>>> > I've been following the guide at this location
Hi
I have squid on centos 6. the version that comes with it unfortunately.
I have configured it to be a reverse proxy to our exchange box.
so it answers on office.abc.com
now I have 2 cache peers setup
10.1.1.1. the exchange box << all the predefined URIs go here
127.0.0.1 443 the rest go here.
, Alex Samad wrote:
> Hi
>
> I have squid on centos 6. the version that comes with it unfortunately.
>
> I have configured it to be a reverse proxy to our exchange box.
>
> so it answers on office.abc.com
> now I have 2 cache peers setup
>
> 10.1.1.1. the exchange box
On 24 October 2015 at 15:01, Amos Jeffries wrote:
> Set the cache_peer sslcafile= option with the PEM file containing the CA
> that was used to sign the office.abc.com server certificate.
Do i need to do that if the signing CA is part of the OS root bundle ?
__
HI
I have had a look at http://wiki.squid-cache.org/Features/DelayPools
Wondering if somebody can maybe explain how it rate limits downloads.
So I can understand it would be able to limit proxy to client traffic
as squid is the sender and can limit how it sends.
But if I want to limit speed fro
Hi
I am trying to upgrade from the centos squid to the squid one
rpm -qa | grep squid
squid-3.1.23-9.el6.x86_64
rpm -Uvh squid-3.5.11-1.el6.x86_64.rpm
getting this error
error: unpacking of archive failed on file
/usr/share/squid/errors/zh-cn: cpio: rename failed - Is a directory
ls -l
drwxr-
6.x86_64.rpm
> 517a912a094501f226e715637e94bb63 squid-3.5.11-1.el6.x86_64.rpm
> The checksums are at:
> http://www1.ngtech.co.il/repo/centos/6/x86_64/squid-3.5.11-1.el6.x86_64.rpm.asc
>
> Eliezer
>
>
> On 27/11/2015 01:00, Alex Samad wrote:
>>
>> Hi
>>
>> I am trying to upgrad
med cache entry.
2015/11/27 11:03:33 kid1| WARNING: Ignoring malformed cache entry.
2015/11/27 11:04:26 kid1| Done scanning /var/spool/squid dir (153502 entries)
2015/11/27 11:04:44 kid1| WARNING: Ignoring malformed cache entry.
2015/11/27 11:06:15 kid1| WARNING: Ignoring malformed cach
Hi
I have a rather long list of blocked address in my squid config.
and the default start stop timeout values are a bit short for my setup.
when i did stop it failed because the time to parse the config took to
long. any reason it needs to parse to shutdown ?
that left the pid file behind, which
On 27 November 2015 at 17:12, Amos Jeffries wrote:
> On 27/11/2015 1:51 p.m., Alex Samad wrote:
>> Hi
>>
>> Just to add to this, I am not seeing a clean start of squid either.
>> the sysvinit comes back as failed, but the process is started and its
>> seems to be
On 27 November 2015 at 17:56, Amos Jeffries wrote:
>> Hi
>>
>> it was in the bottom of the previous mail, thats a copy of the log
>> starting from the start up
>
> Exactly. The new install of Squid is a newer version. With a new format
> of cache storage, updated data corruption protection, and de
a check first on shutdown ??
A
On 29 November 2015 at 09:14, Eliezer Croitoru wrote:
> What script are you using?
> If it's from my RPMs I might be able to patch it and make sure it will work
> better.
>
> Eliezer
>
> On 27/11/2015 08:09, Alex Samad wrote:
>>
>&
or not
> - the process exists or not(using "ps aux|grep squid")
> - check if the port in netstat is still in listening mode.
>
> Hope it helps,
> Eliezer
>
>
> On 29/11/2015 00:21, Alex Samad wrote:
>>
>> Hi
>>
>> yeah from the rpms. I found
Hi
I recently moved to squid-3.5.11-1.el6.x86_64 on centos 6.7.
from the centos 3.1 i think ?
This what I had originall
#cache_peer gsdmz1.xy.com sibling 3128 3130 proxy-only
#cache_peer alcdmz1.xy.com sibling 3128 3130 proxy-only
I had a shared config between the 2 server gsdmz1 and alcdmz1. I
Hi
recently upgraded to squid-3.5.11-1.el6.x86_64 from the centos 6.7 squid 3.1
I am now having problems with people who use active sync via this
connection . seems like emails with attachments aren't making it
through .
cache_peer 10.32.69.11 parent 443 0 proxy-only no-query no-digest
origins
Just to add to this I have a lot of these in the log file
TCP_MISS_ABORTED/000 0 RPC_IN_DATA
TCP_MISS_ABORTED/200 4322 RPC_OUT_DATA
TCP_MISS_ABORTED/000 0 RPC_IN_DATA https:
On 2 December 2015 at 17:24, Alex Samad wrote:
> Hi
>
> recently upgraded to squid-3.5.11-1.el6.x86_64
Hi
I am rolling back from 3.5 to 3.1
my cache directory was updated for the 3.1 to 3.5.
Is there going to be an issue when i roll back ?
thanks
Alex
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/
Discard you mean delete .. the cache directories
if so
I currently have 3 directories, is this an opportunity to consolidate
down to 1 directory is that better ?
On 3 December 2015 at 03:03, Amos Jeffries wrote:
> On 3/12/2015 12:30 a.m., Alex Samad wrote:
>> Hi
>>
>> I
Hi
Thanks I will do when I get back to 3.5. Had to roll back because of
my issues with 3.5 and reverse proxy and outlook.
Are these suggestions still valid with 3.1 ?
Thanks
On 3 December 2015 at 03:22, Amos Jeffries wrote:
> On 2/12/2015 6:50 p.m., Alex Samad wrote:
>> Hi
>>
:)
Okay done
is a VM on a single VMDK..
10G nics (virtual and physical)
On 3 December 2015 at 14:27, Amos Jeffries wrote:
> On 3/12/2015 9:18 a.m., Alex Samad wrote:
>> Discard you mean delete .. the cache directories
>>
>
> Yes, and redo the squid -z process to partitio
Hi
https://code.google.com/p/chromium/issues/detail?id=544255
Not a squid issue, but might stop people wasting time debugging squid
A
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Hi
Any suggestions on how to debug this... I wouldn't mind rolling
forward to 3.5 again
On 2 December 2015 at 20:39, Alex Samad wrote:
> Just to add to this I have a lot of these in the log file
>
> TCP_MISS_ABORTED/000 0 RPC_IN_DATA
> TCP_MISS_ABORTED/200 4322 RPC_OUT_DATA
&
Hi
Currently using 3.1 (from centos 6)
I have setup squid to auth against MS AD
I have
# ###
# Negotiate
# ###
# http://wiki.squid-cache.org/Features/Authentication
# http://wiki.squid-cache.org/Features/NegotiateAuthentication
auth_param negotiate program /usr/bin/ntlm_auth
--helper-pro
Hi
So what your saying is I should install the mskutil and let it manage
the squid krb keytab file.
Could you possible help with the changed to the squid.conf file do I
leave as is and just add kerberos first ?
On 8 December 2015 at 20:03, Amos Jeffries wrote:
> On 8/12/2015 7:44 p.m., A
ord of the AD
> account and thereby invalidate the extracted keytab.
>
> Markus
>
>
> "Alex Samad" wrote in message
> news:CAJ+Q1PW9Ue4zdT9GCt-4MjW=UjDWyBOPc4AFrcjG=qfnewm...@mail.gmail.com...
>
>
> Hi
>
> So what your saying is I should install the mskuti
Hi
Can't seem to find 3.5.12 for centos pre compiled at
http://www1.ngtech.co.il/repo/centos/6/x86_64/
On 8 December 2015 at 19:34, Amos Jeffries wrote:
> * try an upgrade to 3.5.12. There were some regressions in the .10/.11
> releases that can lead to really weird behaviour.
, not with 3.5 ..
still on .11 as I can't find centos 6 compile of .12
I think there is some issue with rpc sending or receiving ..
On 8 December 2015 at 19:34, Amos Jeffries wrote:
> On 8/12/2015 7:35 p.m., Alex Samad wrote:
>> Hi
>>
>> Any suggestions on how to deb
ve me trying to build one.
A
On 11/12/2015 4:32 AM, "Eliezer Croitoru" wrote:
> On 09/12/2015 12:49, Alex Samad wrote:
>
>> Hi
>>
>> Can't seem to find 3.5.12 for centos pre compiled at
>> http://www1.ngtech.co.il/repo/centos/6/x86_64/
>>
> Since
Hi
On 10 December 2015 at 23:44, dweimer wrote:
> https_port 10.50.20.12:443 accel defaultsite=mail.mydomain.com \
> cert=/certs/wildcard.certificate.crt \
> key=/certs/wildcard.certificate.key \
> options=NO_SSLv2:NO_SSLv3:NO_TLSv1:SINGLE_DH_USE:CIPHER_SERVER_PREFERENCE \
> dhparams=/usr/lo
Hi
Answer my own question
http://www.squid-cache.org/Versions/v3/3.5/cfgman/http_port.html
seems like there is a no-vhost, I presume vhost turns it on
On 11 December 2015 at 09:23, Alex Samad wrote:
> Hi
>
>
> On 10 December 2015 at 23:44, dweimer wrote:
>> https_port 10.
Hi
So I have taken this config done some slight customization for my site
and it appears to be working
Thanks for this ..
On 10 December 2015 at 23:44, dweimer wrote:
> On 2015-12-09 11:29 pm, Alex Samad wrote:
>>
>> Hi
>>
>> config
>> https_port 22.4.2.5:44
Hi
Is there any way to remove these from the log
kid1| Error negotiating SSL connection on FD 38: error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol (1/-1)
this is the corrosponding squid config
options=NO_SSLv2:NO_SSLv3:NO_TLSv1:SINGLE_DH_USE:CIPHER_SERVER_PREFERENCE
Not I do
Hi
I did the change over today.
Tested with Window 7 + exchange 2010 and it wouldn't connect whilst
there was no tls1 !
interesting IE worked against the web site so ..
Did you come across this issues ?
On 11 December 2015 at 11:09, dweimer wrote:
> On 2015-12-10 4:24 pm, Al
fries wrote:
> On 11/12/2015 4:52 p.m., Alex Samad wrote:
>> Hi
>>
>>
>> Is there any way to remove these from the log
>>
>> kid1| Error negotiating SSL connection on FD 38: error:140760FC:SSL
>> routines:SSL23_GET_CLIENT_HELLO:unknown protocol (
Hi
running on centos 6.7
3.5.12 still not available on centos 6.
rpm -qa | grep squid
squid-helpers-3.5.11-1.el6.x86_64
squid-3.5.11-1.el6.x86_64
This is the 2 cache_peer statements I use
# on alcdmz1
cache_peer gsdmz1.yieldbroker.com sibling 3128 4827 proxy-only htcp
no-query standby=10
#cach
Thanks
On 21 December 2015 at 21:57, Eliezer Croitoru wrote:
> Published at: http://www1.ngtech.co.il/wpe/?p=166
>
> I am happy to release the new RPMs of squid 3.5.12 for Centos 6 64bit, 32bit
> and CentOS 7 64bit.
>
> The new release includes couple bug fixes and improvements.
> I have also too
Hi
seems like .12 is now available for me. I will apply and retest. is
there anything you would like me to do if I see it again ?
A
On 21 December 2015 at 21:26, Amos Jeffries wrote:
> On 21/12/2015 2:00 p.m., Alex Samad wrote:
>> Hi
>>
>> running on centos 6.7
>>
&g
Hi
Do you provide the source rpms for RHEL/Centos
A
On 28 December 2015 at 23:35, Eliezer Croitoru wrote:
> I took the time to build and test a RPM for OpenSUSE leap 42.1 at:
> http://ngtech.co.il/repo/opensuse/leap/x86_64/squid-3.5.12-1.0.x86_64.rpm
>
> SRPM at:
> http://ngtech.co.il/repo/open
Hi
I have squid 3.5.12 working as a reverse proxy
cache_peer 127.0.0.1 \
parent 443 0 proxy-only no-query no-digest originserver \
login=PASS \
ssl \
sslcafile=/etc/pki/tls/certs/ca-bundle.crt \
sslflags=DONT_VERIFY_PEER \
name=webServer
This points to httpd which has a
Hi
Thanks I thought that might be the issue.
could you point me to an example for requesting client certs for a directory
Thanks
Alex
On 30 December 2015 at 21:56, Matus UHLAR - fantomas wrote:
> On 30.12.15 15:11, Alex Samad wrote:
>>
>> I have squid 3.5.12 working as
Hi
I installed 3.5.12 and when I try and get to a page that is blocked. I
used to get an message page that said contact the admin person.
trying to get to
http://bcp.crwdcntrl.net/squid-internal-static/icons/SN.png
This is part of the error generated
The following error was encountered while tr
On 2 January 2016 at 09:22, Amos Jeffries wrote:
> On 2016-01-01 23:28, Alex Samad wrote:
>>
>> Hi
>>
>> I installed 3.5.12 and when I try and get to a page that is blocked. I
>> used to get an message page that said contact the admin person.
>>
>>
On 2 January 2016 at 12:23, Amos Jeffries wrote:
> On 2016-01-02 13:19, Alex Samad wrote:
>>
>> On 2 January 2016 at 09:22, Amos Jeffries wrote:
>>>
>>> On 2016-01-01 23:28, Alex Samad wrote:
>>>>
>>>>
>>>> Hi
>>>
Hi
Is there a way to see what is being downloaded by whom before it has finished.
I had somebody doing a big download and I wanted to find it . only way
I could do that was by stoping squid and checking the log file.
is there another way of doing that ?
_
Hi
Just wanted to confirm my understanding of delay pools and the ability
to ratelimit inbound traffic.
Today one of our W10 machines did it windows update .. New patch ..
.MS SQL SP3 - 384M big patch
So it contacts our squid proxy with then downloaded it from WSUS
update ... which is geocached
ded
On 5 January 2016 at 10:57, Alex Samad wrote:
> Hi
>
> Just wanted to confirm my understanding of delay pools and the ability
> to ratelimit inbound traffic.
>
> Today one of our W10 machines did it windows update .. New patch ..
> .MS SQL SP3 - 384M big patch
>
> So
from the logs
# these 2 are from my laptop to alcdmz which then talks to gsdmz1,
which responds with a 504
Jan 05 11:55:53 2016.808 0 alcdmz1.abc.com TCP_HIT/504 4800 GET
http://wiki.squid-cache.org/wiki/squidtheme/js/niftyCorners.css -
HIER_NONE/- text/html
Jan 05 11:55:55 2016.332 0 a
On 5 January 2016 at 12:40, Amos Jeffries wrote:
> What the above does is not limit any particular user. But limits the
> total server bandwidth to those domains (combined) to 10Mbps. It is a
> good solution, but still has a few problems.
>
> WU will now be very slow, proportional to how many user
Hi
I burnt up 172G of download in 24 hours with multi machines doing the
download of the same file (MS SQL patch)
I think I am running into the same issue
So multiple machines are trying to do the download...
Q) why don't they share the same download !
1452459804.945 64052 10.172.208.108 TCP_
Hi
On 11 January 2016 at 18:54, Amos Jeffries wrote:
>> guessing I have to bump up the 200M max to 800mb.
>
> Maybe. But IMHO use the ACLs tat range_offset_limit can take.
your suggesting to limit the offset limit to just the windows update sites
>
>> are the other values still okay ?
>
> Yes.
Hi
so I have this in place now
This works well for delaying YAY
#
# Delay Pools
# http://wiki.squid-cache.org/Features/DelayPools
#
http://www.serverwatch.com/tutorials/article.php/3357241/Reining-in-Bandwidth-With-Squid-Proxying.htm
delay_pools 1
delay_class 1 1
# 10Mb/s fille rate , 20Mb/s r
Hi
Is it possible to implement delay pools such that
if file is less than 10M
then
allow 60Mb/s
else
allow 20Mb/s
fi
is that possible the aim is to allow a higher through put for smaller
files, but to limit bigger / longer connections
Alex
___
sq
On 19 January 2016 at 16:59, Amos Jeffries wrote:
>
> Hmm. Are you using the exact same HTTP headers as WU tools on the other
> machines do to prefetch the URL into the cache ?
I have a script that checks the squid logs and then does a download of
the files through the cache -- for now
>
>>
>> S
On 19 January 2016 at 16:59, Amos Jeffries wrote:
>> refresh_pattern -i
>> microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80%
>> 129600 reload-into-ims
>> refresh_pattern -i
>> windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320
>> 80% 129600 reload-into-ims
>>
Hi
Think I answered my own on this
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
Does the last refresh_pattern config win ?
On 19 January 2016 at 17:08, Alex Samad wrote:
> On 19 January 2016 at 16:59, Amos Jeffries wrote:
>>> refresh_pattern -i
>>> microsoft.com/
a]|dat|zip)[^?]"
On 19 January 2016 at 17:15, Amos Jeffries wrote:
> On 19/01/2016 7:11 p.m., Alex Samad wrote:
>> Hi
>>
>> Think I answered my own on this
>> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
>>
>>
>> Does the last refresh_pattern c
.download.windowsupdate.com/c/msdownload/update/software/secu/2015/12/ie11-windows6.1-kb3124275-x86_da23592568a57c26665a23d23d888428d831d739.psf
- HIER_NONE/- application/octet-stream
# ##
any comments welcome
Thanks
On 20 January 2016 at 14:27, Amos Jeffries wrote:
> On 20/01/2016 1:56 p.m., A
ain -i "/etc/squid/lists/delayDom.lst"
delay_access 1 deny DMZSRV
delay_access 1 allow Delay_Domain
"
On 25 January 2016 at 12:09, Amos Jeffries wrote:
> On 25/01/2016 11:20 a.m., Alex Samad wrote:
>> Hi
>>
>> Seems like I getting a bit confused in my conf now ..
HI
Back to my Windows update issues :)
1454566851.333 63 10.172.208.208 TCP_MISS/206 6520 GET
http://wsus.ds.download.windowsupdate.com/d/msdownload/update/software/secu/2015/11/windows6.1-kb3109103-x64_66e00af753e3faae5d558534711af7dc29a9160d.psf
- HIER_DIRECT/203.213.73.25 application/octe
Hi
Starting to look at ssl-bump found
http://wiki.squid-cache.org/Features/SslPeekAndSplice
http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit
I gather I need to modify my http_port to look someting like
http_port 3128 ssl-bump \
cert=/etc/squid/ssl_cert/myCA.pem \
generate
! testIP
ssl_bump splice NoBump
ssl_bump bump haveServerName
ssl_bump peek all
ssl_bump splice all
On 9 February 2016 at 10:52, Alex Samad wrote:
> Hi
>
> Starting to look at ssl-bump found
> http://wiki.squid-cache.org/Features/SslPeekAndSplice
> http://wiki.squid-cache.org
Hi
Got this working. wondering what the benefits are, wandering around
google, you tube, facebook not seeing much cache. Atleast I can pass
downloads through clamav...
Are other people seeing caching of these sites ??
On 9 February 2016 at 11:09, Alex Samad wrote:
> got the ACL backwa
auth_param negotiate program /usr/bin/ntlm_auth
--helper-protocol=gss-spnego --configfile /etc/samba/smb.conf-squid
auth_param negotiate children 20 startup=0 idle=3
auth_param negotiate keep_alive on
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp --configfile
/etc/s
Bump... No comments ?
On 10 February 2016 at 09:55, Alex Samad wrote:
> auth_param negotiate program /usr/bin/ntlm_auth
> --helper-protocol=gss-spnego --configfile /etc/samba/smb.conf-squid
> auth_param negotiate children 20 startup=0 idle=3
> auth_param negotiate keep_alive on
>
Hi
I am running squid on Centos 6.5
squid-3.1.10-29.el6.x86_64
when I browse to https://www.quadriserv.com from IE or Chrome via the
squid proxy, it seems to corrupt the server cert.
when i browse to the site by passing squid it works fine.
I have tried wget from the squid box works fine also t
me (Alex)?
forward proxy ?
On 27 February 2015 at 05:18, Eliezer Croitoru wrote:
> On 25/02/2015 06:18, Alex Samad wrote:
>>
>> Hi
>>
>> I am running squid on Centos 6.5
>> squid-3.1.10-29.el6.x86_64
>
>
> Hey Mike,
>
> Can you share your sq
This is mine against 2008. haven't had any issues with attachments up to 10M
cache_peer 127.0.0.1 parent 443 0 proxy-only no-query no-digest
originserver login=PASS ssl sslflags=DONT_VERIFY_PEER
sslcert=/etc/httpd/conf.d/o.crt sslkey=/etc/httpd/conf.d/o.key
name=webServer
cache_peer 10.32.69.11 p
I have to admit this was built from a lot of googling for a working config.
On 11 March 2015 at 19:09, Amos Jeffries wrote:
> On 11/03/2015 7:16 p.m., Alex Samad wrote:
[snip]
>> # List of acceptable URLs to send to the Exchange server
>> acl exch_url url_regex -i /exchange
Hi
Quick on
squid.x86_647:3.4.10-1.el6 @squid
squid-debuginfo.x86_64 7:3.4.10-1.el6 squid
squid-helpers.x86_647:3.4.10-1.el6 squid
squid-sysvinit.x86_64 7:3.4.3-1.el6 squid
the
Hi
I have 2 squid boxes that exist in my 2 DC.
They are on the same vlan/ ip network and i use dns round robin
cache_peer sibling 3128 3130 proxy-only
in addition to this I added in
# ICP ALLOW
acl icp_allowed src 10.3.2.1/32 << the ip of the other squid box to allow icp
http_access allow
Hi
Sorry gmail sent before I could finish
On 16 March 2015 at 09:24, Alex Samad wrote:
> Hi
>
> I have 2 squid boxes that exist in my 2 DC.
>
> They are on the same vlan/ ip network and i use dns round robin
>
> cache_peer sibling 3128 3130 proxy-only
>
> in
[snip]
>>>
>>> Config questions
>>> 1) how to I get user authentication to flow through
>>> if a user requests from squid-a and it takes it from squid-b. I
>>> would like the user id's logged on both
>>> if a user requests from new squid to either squid-a or squid-b. I
>>> would like the auth
What I found, was I couldn't yum install . yum update but I would
directly download the rpm with wget (with out a proxy as well !).
strange !
On 9 April 2015 at 16:47, Henri Wahl wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hi list,
> does anybody know what is the matter with ww
Hi
I have squid-3.5.2-2.el6.x86_64 on centos 6.6
I am trying to direct certain destinations from certain ip addresses
acl viaTest dstdomain .abc.com
tcp_outgoing_address 192.168.11.11 viaTEst
This works well for
www.abc.com and test.abc.com when they resolve to ipv4 addresses
but when they r
Hi
Is there any way to make some sites to be access only via ipv4 ? So
even if there is a ipv6 address I reject it
Thanks
Alex
On 15 April 2015 at 19:52, Amos Jeffries wrote:
> On 15/04/2015 8:32 p.m., Alex Samad wrote:
>> Hi
>>
>> I have squid-3.5.2-2.el6.x86_64 on
015 2:33 p.m., Alex Samad wrote:
>> Hi
>>
>> Is there any way to make some sites to be access only via ipv4 ? So
>> even if there is a ipv6 address I reject it
>
> Not in the way you are thinking.
>
> acl to_ipv6 dst ipv6
> http_access deny to_ipv6
>
> w
On 16 April 2015 at 14:54, Amos Jeffries wrote:
> On 16/04/2015 3:20 p.m., Alex Samad wrote:
>> :) Living in Australia that has just sign into law meta data
>> recording. So I am sending some of my traffic OS via a vpn service.
>>
>> But I still want some things to go
I presume ssl proxy (peek/splice) doesn't work with client certs ?
Alex
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
1 - 100 of 102 matches
Mail list logo
