[squid-users] Squid modification to only read client SNI without bumping.

Greetings. I've been trying to make a patch for squid, so that it could read client hello on connect requests and set the SNI without using ssl_bump, as that requires generating certificates and is too complicated for my needs. Here's the patch I've come up with. It seems to be working, but I'm get

Re: [squid-users] Squid modification to only read client SNI without bumping.

Could you direct me to those scripts? Also, am I understanding correctly that in this mode: acl blocklist dstdomain ... ssl_bump peek all ssl_bump splice blocklist ssl_bump terminate all I will only need certs to display an error page from squid via ssl, but unblocked domains should be just fine?

[squid-users] maxconn acl equivalents

Hello. I know there's an acl that limits the amount of simultaneous connections to the proxy server, but it counts these connections for each incoming remote IP address. Is there some equivalent to making it use another key for counting? Like, after authorization every request gets a userid transac

Re: [squid-users] Log to statsd

You can write your own logger daemon that would dump stuff directly to statsd. I've done it myself to send logs to logstash. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Setting Squid to work with a remote DB?

You could write a service that occasionally dumps user credentials into some format, like json and have your external helpers download it, parse it and use it as local cache. There will be delay, when adding new users, but authentication would be very fast. Unless the database is huge of course. с

Re: [squid-users] Setting Squid to work with a remote DB?

doing now. I am creating a local install of MySQL > and than I am replicating the table into the local install, but I would > prefer to get around that. > > On Sun, Aug 29, 2021 at 4:01 AM His Shadow wrote: >> >> You could write a service that occasionally dumps user creden

Re: [squid-users] New line in logformat

I think it would be easier to just write a logfile daemon, than patching squid. The protocol is very easy. http://www.squid-cache.org/Doc/config/logfile_daemon/ You'd just ignore everything but lines starting with L. чт, 2 сент. 2021 г. в 16:49, Amos Jeffries : > > On 3/09/21 12:07 am, Moti Berger

Re: [squid-users] Reconfiguring Squid every few seconds

I once patched squid to use the local address of an incoming socket as the local address of the outgoing connection, instead of having 2k tcp_outgoing_address directives in my configuration. Perhaps something like this can be done here as well? вс, 20 мар. 2022 г. в 07:54, Amos Jeffries : > > On 1