Is there any particular order to squid configuration??
Does this look correct?
I actually get allot of hits and it functions amazing, so I wanted to share
this in case I could improve something. Is there any issues with security? I am
concerned that an invasive container could become installed
}
Should the RC4 be removed or allowed?
https://github.com/pfsense/FreeBSD-ports/pull/1365
> On Apr 4, 2024, at 18:17, Amos Jeffries wrote:
>
> On 4/04/24 17:48, Jonathan Lee wrote:
>> Is there any particular order to squid configuration??
>
> Yes.
Can you please help I moved from 5.8 to 6.6 I am getting access denied for mgr
info.
Http manager is built in now right?
I can access it from the loopback
Sent from my iPhone
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.s
Correction I can’t access it from the loop back
Sent from my iPhone
> On Apr 5, 2024, at 22:40, Jonathan Lee wrote:
>
> Can you please help I moved from 5.8 to 6.6 I am getting access denied for
> mgr info.
>
> Http manager is built in now right?
> I can access it fro
for Amos OS on
Semens PBX systems and ROLM phones? I did training with you in Texas if that is
you.
Thanks agin for your reply
Jonathan Lee
Adult Student
> On Apr 6, 2024, at 20:00, Amos Jeffries wrote:
>
> On 5/04/24 17:25, Jonathan Lee wrote:
>>> ssl_bump splice https_
Hello fellow Squid Proxy Users can you please help
I am getting the following error in 6.6 after a upgrade from 5.8 does anyone
know what this is caused by?
SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR
After it says kick abandoned this if for bumped clients with certificates
Jonathan
Could it be related to this ??
"WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048'.
error:1E08010C:DECODER routines::unsupported”
> On Apr 10, 2024, at 08:38, Alex Rousskov
> wrote:
>
> On 2024-04-10 10:50, Jonathan Lee wrote:
>
>> I a
ver 6.6 it kick abandons my connections
5.8 is my everything bagel version it just works however like you said is the
errors not showing as it is slow at times
> On Apr 10, 2024, at 14:13, Alex Rousskov
> wrote:
>
> On 2024-04-10 16:22, Jonathan Lee wrote:
>>
s allow localnet
# Default block all to be sure
http_access deny allsrc
> On Apr 10, 2024, at 14:13, Alex Rousskov
> wrote:
>
> On 2024-04-10 16:22, Jonathan Lee wrote:
>> Could it be related to this ??
>> "WARNING: Failed to decode EC parameters '/etc/dh-p
SA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS";
}
Anything else you need I think you requested a pcap file I will create one with
2000 entries of
. But on 6.6 same
config same certificates I get this weird error, and it is very sluggish too.
> On Apr 11, 2024, at 11:25, Amos Jeffries wrote:
>
> On 11/04/24 08:22, Jonathan Lee wrote:
>> Could it be related to this ??
>> "WARNING: Failed to decode EC parameter
; saved [1016070144/1016070144]
>
> and the access.log entry looks like this:
>
> 1712936758.943 35825 10.40.1.2 TCP_HIT/200 1016070518 GET
> http://releases.ubuntu.com/18.04.6/ubuntu-18.04.6-live-server-amd64.iso -
> HIER_NONE/- application/x-iso9660-image
>
>
> I am
Just to confirm
the cache_object://url scheme was removed in Squid 6.6 was it replaced with
just squid-internal-mgr???
so squidclient mgr:info
can we still use this or no?
> On Apr 6, 2024, at 20:18, Amos Jeffries wrote:
>
> On 6/04/24 18:48, Jonathan Lee wrote:
>> Correction
Does anyone know the current warm cold download times for dynamic cache of
windows updates?
I can say my experience was a massive increase in the warm download it was
delivered in under a couple mins versus 30 or so to download it cold. The warm
download was almost instant on the second device.
024, at 23:55, Jonathan Lee wrote:
>
> Does anyone know the current warm cold download times for dynamic cache of
> windows updates?
>
> I can say my experience was a massive increase in the warm download it was
> delivered in under a couple mins versus 30 or so to download
Hello fellow Squid Accelerator/Dynamic Cache/Web Cache Users/PfSense users
I think this might resolve any container based issues/fears if they happened to
get into the cache. Ie a Docker Proxy got installed and tried to data marshal
the network card inside of a freeBSD jail or something like tha
p terminate all # if its not on the list kill the connection
I did not know it could also check Layer 2 and Layer 3 addresses this way seems
more secure
Have a good day everyone
> On Apr 22, 2024, at 16:52, Jonathan Lee wrote:
>
> Hello fellow Squid Accelerator/Dynamic Cache/Web
Thanks
Sent from my iPhone
> On Apr 23, 2024, at 00:41, Amos Jeffries wrote:
>
> On 22/04/24 17:42, Jonathan Lee wrote:
>> Has anyone else taken up the fun challenge of doing windows update caching.
>> It is amazing when it works right. It is a complex configuration, but
mos Jeffries wrote:
>
> On 23/04/24 11:52, Jonathan Lee wrote:
>> Hello fellow Squid Accelerator/Dynamic Cache/Web Cache Users/PfSense users
>> I think this might resolve any container based issues/fears if they happened
>> to get into the cache. Ie a Docker Proxy got
acl block_hours time 01:30-05:00
ssl_bump terminate all block_hours
http_access deny all block_hours
In this a good way to time lock squid with times lock down?
My goal is to secure non use hours and just lock down squid when it is not
being used. Is this the best way to secure the system durin
.
Sent from my iPhone
> On Apr 27, 2024, at 00:41, Amos Jeffries wrote:
>
> On 26/04/24 17:15, Jonathan Lee wrote:
>> aclblock_hourstime01:30-05:00ssl_bumpterminateallblock_hourshttp_accessdenyallblock_hours
>> In this a good way to time lock squid with times lock down?
Thank you for the reply. Thank you for confirming that the connections that are
started are not effected by the last ACL, thus clients not on acls prior would
be blocked and not allowed to access the cache. However ones that are would be
able to use the cache.
Jonathan Lee
Adult Student
Sent
Squid -k parse also does not fail with use of the time ACL
Sent from my iPhone
> On Apr 27, 2024, at 07:49, Jonathan Lee wrote:
>
> The time constraints for termination do appear to lock out all new
> connections until that timeframe has elapsed. My devices have connection
>
Have you attempted to enable debugging ??Researching debug_options I found you can control detailed messages in the cache.logSent from my iPhoneOn May 3, 2024, at 10:37, Emre Oksum wrote:Hi Amos, thank you for your reply.>What your "for example,..." describes is Transparent Proxy (TPROXY).>Howeve
The only reason I know about this is the book I just purchased has a whole
section on debugging. This is in my Squid The Definitive Guide by O’REILLY
Duane Wessels (Older Book Still Good)
You can use 0 up to 84(helper process maintenance)
I think 6 is disk i/o routines and 9 is for FTP right?
for dynamic assignment you could could use domian based ACLs they are slow
match however you could make a list to do this with
From: squid-users on behalf of
Albert Shih
Sent: Wednesday, May 8, 2024 00:55
To: ngtech1...@gmail.com
Cc: squid-users@lists.squid-cac
Have you researched enabling pipeline_prefetch??
> On May 14, 2024, at 17:56, Andre Bolinhas
> wrote:
>
> Hi
>
> Sometimes my users complains that the internet navigation thought Squid is
> very slow.
>
> After checking the access.log, I can see a lot of ABORTED messages like this
>
> 17155
roperly implemented).
>>
>> I cannot currently answer your primary questions on this thread. I hope
>> somebody else will guide you through this triage.
>>
>> Alex.
>>
>>
>>> On 15/05/2024 18:15, Jonathan Lee wrote:
>>&
What about using COSS file system?
Sent from my iPhone
> On May 16, 2024, at 15:10, Andre Bolinhas
> wrote:
>
> Hi
> Well, the performance and NTLM issues that I had with persistent connections
> goes back to squid 3.5 😳, so I never re-enabled it again on new version, I'm
> using Squid 5.9
I do use ssl bump again it requires certificates installed on the devices, and
or some and a splice for the others. You must also add a url list for items
that must never be intercepted like banks etc. I agree it is not an easy task,
it took me years to get it to work correctly for what I needed
Marcus are you the same guy that does the pfSense Squid GUI package
interference code??
Sent from my iPhone
> On May 30, 2024, at 01:38, Marcus Kool wrote:
>
> Not sure if this message was meant for the Squid mailing list but for those
> who are interested, the DNS provider had an issue with
You can also add this to lock down the proxy after hours so nothing is used
much like locking a door, whatever is inside is going to keep working ie
connections already established however all new connections will be blocked. I
love this one
acl block_hours time 00:30-05:00
ssl_bump terminate
I hate to tell you this AI that you know has been around for many years. Anyone
remember Sandblaster 16 ISA card software Dr. Spatzo? All AI is, just adapted
improved 1980s ideas. It’s not new, its been here for years, still just if else
code with more data analytics.
Anyway I use Proxy for ch
Hello fellow Squid community can you please help?
Should I be using the following if I have SSL certificates, dynamic updates,
StoreID, and ClamAV running?
request_header_access Accept-Ranges deny all
reply_header_access Accept-Ranges deny all
request_header_replace Accept-Ranges none
reply_head
The reason I ask is sometimes Facebook when I am using it locks up and my fan
goes crazy I close Safari and restart the browser and it works fine again. It
acts like it is restarting a download over and over again.
> On Jun 10, 2024, at 21:45, Jonathan Lee wrote:
>
> Hello fel
FATAL: Received Segment Violation...dying. connection: conn749025
local=192.168.1.1:3128 remote=192.168.1.5:59502 flags=1
Does any know how to fix this??___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinf
ap_preview_size 1024
icap_service service_avi_req reqmod_precache icap://127.0.0.1:1344/squid_clamav
bypass=off
adaptation_access service_avi_req allow all
icap_service service_avi_resp respmod_precache
icap://127.0.0.1:1344/squid_clamav bypass=on
adaptation_access service_avi_resp allow all
&g
024, at 11:04, Alex Rousskov
> wrote:
>
> On 2024-06-11 13:24, Jonathan Lee wrote:
>> FATAL: Received Segment Violation...dying.
>> Does any know how to fix this??
>
> Please post full backtrace from this failure:
> https://wiki.squid-cache.org/SquidFaq/BugReportin
thanks i have enabled
coredump_dir /var/squid/logs
I will submit a dump as soon as it occurs again
> On Jun 11, 2024, at 11:17, Jonathan Lee wrote:
>
> I have attempted to upgrade the program fails to recognize ”DHParamas Key
> Size” and will no longer use my certificates an
at 11:24, Jonathan Lee wrote:
>
> thanks i have enabled
>
> coredump_dir /var/squid/logs
>
> I will submit a dump as soon as it occurs again
>
>> On Jun 11, 2024, at 11:17, Jonathan Lee wrote:
>>
>> I have attempted to upgrade the program fails to recogn
I can’t locate the dump file for segmentation fault it never generates one. I
am running cache it shows a swap file however it is not readable.
I fixed the other issues.
> On Jun 11, 2024, at 14:00, Alex Rousskov
> wrote:
>
> On 2024-06-11 14:46, Jonathan Lee wrote:
>> 2
When I run sysctl debug.kdb.panic=1 I get a crash report for pfsense in
var/crash should my path for core dumps use my swap drive too?
> On Jun 11, 2024, at 14:42, Alex Rousskov
> wrote:
>
> On 2024-06-11 17:06, Jonathan Lee wrote:
>
>> I can’t locate the dump file f
So I just run this on command line SIGABRT squid? It’s funny as soon as I
enabled the sysctl command and set the directory it won’t crash anymore. I also
changed it to reside on the loopback before it was only on my lan interface. I
run an external drive as my swap partition or a swap drive, it
024-06-11 23:32, Jonathan Lee wrote:
>
>> So I just run this on command line SIGABRT squid?
>
> On Unix-like systems, the command to send a process a signal is called
> "kill": https://www.man7.org/linux/man-pages/man1/kill.1p.html
>
> For example, if you wa
3, Alex Rousskov
>> wrote:
>>
>> On 2024-06-11 23:32, Jonathan Lee wrote:
>>
>>> So I just run this on command line SIGABRT squid?
>>
>> On Unix-like systems, the command to send a process a signal is called
>> "kill": https://w
If same user does not expose the difference, start the test script from the
directory where you told Squid to dump core.
Shell Output - /var/log/squid/try.sh
sh: /var/log/squid/try.sh: Permission denied
I can’t run it I have set it to chmod 777 and running it as root.
I do not have the sudo enabl
Shell Output - ls -l /var/log/squid/try.sh
-rwxrwxrwx 1 root squid 46 Jun 12 17:55 /var/log/squid/try.sh
> On Jun 12, 2024, at 15:38, Alex Rousskov
> wrote:
>
> If same user does not expose the difference, start the test script from the
> directory where you told Squid to dump core.
___
Bug #1: Coredumps not functional for non-root processes. - pfSense - pfSense bugtrackerredmine.pfsense.orgThere is a bug in pfSense not allowing core dumps. Sent from my iPhoneOn Jun 12, 2024, at 17:58, Jonathan Lee wrote:Shell Output - ls -l /var/log/squid/try.sh-rwxrwxrwx 1 root squid
Thanks for the info. That makes this directive very clear.
Sent from my iPhone
> On Jun 14, 2024, at 01:46, Amos Jeffries wrote:
>
> On 11/06/24 16:47, Jonathan Lee wrote:
>> The reason I ask is sometimes Facebook when I am using it locks up and my
>> fan goes crazy I clo
I use them for ipv6 blocks they seem to work that way in 5.8
Sent from my iPhone
> On Jun 16, 2024, at 17:00, Alex Rousskov
> wrote:
>
> Hello,
>
>Does anybody still have src_as and dst_as ACLs configured in their
> production Squids? There are several serious problems with those ACLs, a
acl to_ipv6 dst ipv6
acl from_ipv6 src ipv6
I after block them with terminate connections.
I hope that helps our isp is ipv6 only
Sent from my iPhone
> On Jun 17, 2024, at 08:17, Alex Rousskov
> wrote:
>
> On 2024-06-16 19:46, Jonathan Lee wrote:
>> I use them for ipv6 b
Is there a different type of directive for source and destination acts?
Sent from my iPhone
> On Jun 17, 2024, at 11:03, Alex Rousskov
> wrote:
>
> On 2024-06-17 11:43, Jonathan Lee wrote:
>> acl to_ipv6 dst ipv6
>> acl from_ipv6 src ipv6
>
>
> Glad I aske
Has anyone ran this on a Banana Pi r3 or r4?
Sent from my iPhone
> On Jun 27, 2024, at 08:12, Nishant Sharma wrote:
>
> Hello,
>
> I am running squid 6.10 on Openwrt 23.05.2, which is cross compiled for
> ramips / mipsel_24kc which has a 32 bit CPU (MT7621A) with 2 cores and 2
> threads.
>
I have Squid 5.8 I can’t start it with multiple workers enabled in pfSense
also. It is a 64bit 2100MAX
Sent from my iPhone
> On Jun 27, 2024, at 08:12, Nishant Sharma wrote:
>
> Hello,
>
> I am running squid 6.10 on Openwrt 23.05.2, which is cross compiled for
> ramips / mipsel_24kc which ha
Does anyone have tips for getting the proxy to run faster when SSL intercept is
enabled along side splice lists with dynamic cache and ClamAV running?
I just seems to have slow traffic on the interception side.
Sent from my iPhone
___
squid-users mail
Hello fellow Squid users does anyone know how to fix this issue?
Squid - Cache Logs
Date-Time Message
31.12.1969 16:00:00
03.07.2024 10:54:34 kick abandoning conn7853 local=192.168.1.1:3128
remote=192.168.1.5:49710 FD 89 flags=1
31.12.1969 16:00:00
03.07.2024 10:54:29 kick
I forgot to mention my certificates I use on squid was generated from this
method
openssl req -x509 -new -nodes -key myProxykey.key -sha256 -days 365 -out
myProxyca.pem
Sent from my iPhone
> On Jul 3, 2024, at 10:56, Jonathan Lee wrote:
>
> Hello fellow Squid users does anyone
ut if and only if Squid is bumping a
CONNECT request that carries a domain name. In all other cases (CONNECT
to an IP address or an intercepted SSL connection), Squid cannot detect
the domain mismatch at certificate generation time when
bump-server-first is used.
&
wrote:
>
> On 2024-07-04 12:11, Jonathan Lee wrote:
>> failure while accepting a TLS connection on conn5887 local=192.168.1.1:3128
>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417
>
> A000417 is an "unknown CA" alert sent by client to Squid while the client is
&
ot;squid -k parse”
Do I append this to the options cipher list?
Jonathan Lee
> On Jul 4, 2024, at 14:45, Alex Rousskov
> wrote:
>
> On 2024-07-04 15:37, Jonathan Lee wrote:
>
>> in Squid.conf I have nothing with that detective.
>
> Sounds good; sslproxy_cert_sign d
Sorry
tls_outgoing_options
cipher=HIGH:MEDIUM:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
tls_outgoing_options options=NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE
Would I add this here?
> On Jul 4, 2024, at 15:12, Jonathan Lee wrote:
>
> I know before I
the past and it worked for a
long time after I imported it. I am wondering if this is outdated now
openssl req -x509 -new -nodes -key myProxykey.key -sha256 -days 365 -out
myProxyca.pem
> On Jul 4, 2024, at 15:13, Jonathan Lee wrote:
>
> Sorry
>
> tls_outgoing_options
You also stated .. " my current working theory suggests that we are looking at
a (default) signUntrusted use case.”
I noticed for Squid documents that default is now set to off ..
http://www.squid-cache.org/Versions/v5/cfgman/http_port.html
http://www.squid-cache.org/Versions/v6/cfgman/http_po
; On Jul 4, 2024, at 16:12, Jonathan Lee wrote:
>
> You also stated .. " my current working theory suggests that we are looking
> at a (default) signUntrusted use case.”
>
> I noticed for Squid documents that default is now set to off ..
>
> http://www.squid-cache.org
from that first
and hits the proxy next
Sent from my iPhone
> On Jul 5, 2024, at 06:33, Alex Rousskov
> wrote:
>
> On 2024-07-04 19:12, Jonathan Lee wrote:
>> You also stated .. " my current working theory suggests that we are looking
>> at a (default) signUntruste
tls_outgoing_options cipher=HIGH:MEDIUM:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSStls_outgoing_options options=NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USEDifferent thread for ciphers issuesERROR: Unsupported TLS option SINGLE_ECDH_USEI found researching in lists-squid-cache.org that someone
have inspected the file it is
present.
tls-dh=prime256v1:/etc/dh-parameters.2048
> On Jul 5, 2024, at 08:35, Jonathan Lee wrote:
>
> tls_outgoing_options
> cipher=HIGH:MEDIUM:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
> tls_outgoing_options options=NO_SSLv3,SIN
information with ssl.handshake.type
== 1
Or is there a wireshark particular filter you would like ran to help with
isolation?
> On Jul 5, 2024, at 08:23, Jonathan Lee wrote:
>
> Thanks for the email and support with this. I will get wireshark running on
> the client and get the info r
Wireshark shows Cipher Suite: TLS_AES_128_GCM_SHA256 is being used
How would I append the TLS13-AES-256-CGM-SHA384 cipher suite for use with
TLSv1.3 as it states change cipher spec on wireshark
> On Jul 5, 2024, at 08:46, Jonathan Lee wrote:
>
> More details for Unsupported T
-GCM-SHA384”
> On Jul 5, 2024, at 09:11, Jonathan Lee wrote:
>
> Wireshark shows Cipher Suite: TLS_AES_128_GCM_SHA256 is being used
> How would I append the TLS13-AES-256-CGM-SHA384 cipher suite for use with
> TLSv1.3 as it states change cipher spec on wireshark
>
>>
Side note: I have just found while analyzing Wireshark packets that this
A000417 error only occurs with use of the iMac and the Safari browser, this
does not occur on Windows 10 with the Edge browser.
> On Jul 5, 2024, at 09:02, Jonathan Lee wrote:
>
> per
>
> As the next st
> -Original Message-
> From: Alex Rousskov
> Sent: Friday, July 5, 2024 11:02 AM
> To: squid-users
> Cc: Jonathan Lee
> Subject: Re: [squid-users] Squid Cache Issues migration from 5.8 to 6.6
>
> On 2024-07-05 12:02, Jonathan Lee wrote:
>
>>>
firewall is where I
grabbed the pcap from
Sent from my iPhone
> On Jul 5, 2024, at 11:52, Jonathan Lee wrote:
>
> If it’s encrypted at TLS1.3 it should still work with the approved
> certificate authority as it is imported to my devices I own. I just enable
> TLS1.3 right?
>
>
-key myProxykey.key -sha256 -days 365 -out
myProxyca.pem
> On Jul 5, 2024, at 13:54, Jonathan Lee wrote:
>
> I have also tested in 5.8 and 6.6 both show the same condition, 6.6 shows
> errors for it however. I have also imported my certificates into wireshark.
>
> Just to c
tls_outgoing_options options=NO_SSLv3,NO_TLSv1_3
NO_TLSv1_3 is the directive if you need to disable this I have found for all
other users with this problem
> On Jul 5, 2024, at 14:21, Jonathan Lee wrote:
>
> output of versions
>
> Shell Output - openssl ciph
know how to resolve this or wants
me to try something else let me know. I was originally looking for the
certificate when this error occurs however the error comes from the TLS_v1.3 as
seen in the pcap files below.
Thanks again everyone
> On Jul 4, 2024, at 16:02, Jonathan Lee wr
FIXED
I think it wanted a new certificate generated mine became to weak I needed one
that ECDSA with prime256v sha256 and not RSA anymore that solved my errors
The error is gone when this cert is used :)
> On Jul 5, 2024, at 14:33, Jonathan Lee wrote:
>
> However even with it mar
Hello fellow Squid Users
I am using Bump with certificates installed on devices does anyone know what
this error is...
kick abandoning conn43723 local=192.168.1.1:3128 remote=192.168.1.5:52129 FD
178 flags=1
Does anyone know how to fix my last weird error I have with Squid 6.6
This is my la
…
> On Jul 3, 2024, at 08:28, Jonathan Lee wrote:
>
> Does anyone have tips for getting the proxy to run faster when SSL intercept
> is enabled along side splice lists with dynamic cache and ClamAV running?
>
>
> I just seems to have slow traffic on the interception side.
Hello fellow Squid Users,
When watching facebook reels everything works as expected after about 15
minutes the system starts to attempt to use QUIC and after my iMac fan goes
crazy and the website locks up..
HTTPS was reserved for 443. QUIC is also using UDP 443 and not following proper
protoc
Hello fellow Squid Users,
When watching facebook reels everything works as expected after about 15
minutes the system starts to attempt to use QUIC and after my iMac fan goes
crazy and the website locks up..
HTTPS was reserved for 443. QUIC is also using UDP 443 and not following proper
protoc
Does anyone use this directive for QUIC in the mean time… what’s weird is that
IP address is Apple when Facebook is running
on_unsupported_protocol <>
> On Jul 7, 2024, at 21:24, Jonathan Lee wrote:
>
> I have just found... YEAH!!! has anyone tested this? Does Squid 6.6 ha
I can confirm I have no ipv6 our isp is ipv4 only and I have IPv6 disabled on
the firewall and with layer 2 and 3 traffic
Sent from my iPhone
> On Jul 8, 2024, at 09:15, Alex Rousskov
> wrote:
>
> On 2024-07-05 21:07, Jonathan Lee wrote:
>
>> I am using Bump with cert
This shows access denied in 6.6 I have a password for cache_manager does that
cause any issues with accessing this new mgr directive ?
> On Apr 6, 2024, at 20:18, Amos Jeffries wrote:
>
> On 6/04/24 18:48, Jonathan Lee wrote:
>> Correction I can’t access it from the loop bac
Also
squidclient -h 192.168.1.1:3128 mgr:info@PASSWORD
squidclient -h 1287.0.0.1 mgr:info@PASSWORD
Gives the following error
Embedding a password in a cache manager command requires providing a username
with -U: mgr:info@PASSWORDHERE
> On Jul 8, 2024, at 15:13, Jonathan Lee wr
Thanks do I still append the cache manager password ?
Sent from my iPhone
> On Jul 9, 2024, at 05:47, Stuart Henderson wrote:
>
> On 2024-07-08, Jonathan Lee wrote:
>>
>> Also=20
>> squidclient -h 192.168.1.1:3128 mgr:info@PASSWORD
>> squidclient -h 1287.0.0
gt;>
>>> On 2024-07-08, Jonathan Lee wrote:
>>> squidclient -h 192.168.1.1:3128 mgr:info@PASSWORD squidclient -h
>>> 1287.0.0.1 mgr:info@PASSWORD
>>>
>>> Gives the following error
>>>
>>> Embedding a password in a cache mana
I have it says denied as if it requires an entry for one to use password, again
if I remove the password the same thing happens. Weird right? Could WPAD cause
this?
Sent from my iPhone
> On Jul 10, 2024, at 09:21, Matus UHLAR - fantomas wrote:
>
> On 10.07.24 08:52, Jonathan
squidclient -w /squid-internal-mgr/info -u admin
squidclient -w /squid-internal-mgr/info@redacted -u admin
squidclient -w http://192.168.1.1:3128/squid-internal-mgr/info@redacted -u admin
squidclient -w http://127.0.0.1:3128/squid-internal-mgr/info@redacted -u admin
squidclient -w http://127.0.0.1:
Has anyone seen this before? on hits?
10.07.2024 09:56:30 clientProcessHit: Vary object loop!
10.07.2024 09:56:30 varyEvaluateMatch: Oops. Not a Vary match on second
attempt,
'https://zagent20.h-cdn.com/cmd/get_thumb_info?customer=foxnews&ver=1.165.67&url=https%3A%2F%2F247preview.foxnew
Thanks
Sent from my iPhone
> On Jul 10, 2024, at 11:08, Alex Rousskov
> wrote:
>
> On 2024-07-10 12:55, Jonathan Lee wrote:
>
>>> Embedding a password in a cache manager command requires providing a
>>> username with -U
>
>> squidclient -w /squid-in
Thanks what about the password is it set with@ or -p where would I place that?
Sent from my iPhone
> On Jul 11, 2024, at 10:17, Amos Jeffries wrote:
>
>
>> On 11/07/24 06:08, Alex Rousskov wrote:
>> On 2024-07-10 12:55, Jonathan Lee wrote:
>>>> Embedding a pa
Shell Output - squidclient -v -U admin -W REDACTED mgr:info
Request:
GET http://localhost:3128/squid-internal-mgr/info HTTP/1.0
Host: localhost:3128
User-Agent: squidclient/6.6
Accept: */*
Authorization: Basic YWRtaW46R09Qc3lzdGVtYWRtaW4xIQ==
Connection: close
.
HTTP/1.1 403 Forbidden
Server: squ
Connection: close
> On Jul 11, 2024, at 10:57, Jonathan Lee wrote:
>
> Shell Output - squidclient -v -U admin -W REDACTED mgr:info
> Request:
> GET http://localhost:3128/squid-internal-mgr/info HTTP/1.0
> Host: localhost:3128
> User-Agent: squidclient/6.6
> Accept: */
at 11:02, Jonathan Lee wrote:
>
> also
>
> Shell Output - squidclient -h 127.0.0.1 -v -U admin -W redacted mgr:info
> Request:
> GET http://127.0.0.1:3128/squid-internal-mgr/info HTTP/1.0
> Host: 127.0.0.1:3128
> User-Agent: squidclient/6.6
>
e 1 seconds
negative_dns_ttl 5 minutes
Does the MAC address and bump have anything to do with it? This worked in the
older versions without having to input a MAC for the loopback
> On Jul 11, 2024, at 11:08, Jonathan Lee wrote:
>
> I use http access acl set as followed
>
> ac
Could this cause the issue?
acl https_login url_regex -i ^https.*(login|Login).*
cache deny https_login
> On Jul 11, 2024, at 11:12, Jonathan Lee wrote:
>
> cachemgr_passwd disable offline_toggle reconfigure shutdown
> cachemgr_passwd PASSWORDREDCATED all
> eui_lookup o
does not match any domain IP)
31.12.1969 16:00:00
11.07.2024 11:36:16 SECURITY ALERT: on URL: mask-h2.icloud.com:443
31.12.1969 16:00:00
11.07.2024 11:36:16 SECURITY ALERT: Host header forgery detected on
conn9975 local=17.248.245.229:443 remote=192.168.1.10:55721 FD 102 flags=33
(lo
Ok I sent output prior email that shows the right path but says access denied
Sent from my iPhone
> On Jul 11, 2024, at 12:59, Amos Jeffries wrote:
>
> On 12/07/24 05:27, Jonathan Lee wrote:
>> Thanks what about the password is it set with@ or -p where would I place
>> t
1 14:09:28| Loaded signing certificate:
/CN=internal-ca/C=US/ST=California/L=Roseville/O=Homeuse
2024/07/11 14:09:29| Not requiring any client certificates
2024/07/11 14:09:29| Loaded signing certificate:
/CN=internal-ca/C=US/ST=California/L=Roseville/O=Homeuse
2024/07/11 14:09:30| Not requiring a
1 - 100 of 187 matches
Mail list logo
