[squid-users] reverse proxy Squid 4

-https=on name=MyServer The NO_TLSv* options are because the backend server is an old Windows 2003 (which hasn't changed either). How can I debug this? Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cach

[squid-users] reverse proxy Squid 4

This is what the squid cache log reports: 2020/06/25 00:29:05.467 kid1| 83,5| NegotiationHistory.cc(81) retrieveNegotiatedInfo: SSL connection info on FD 15 SSL version NONE/0.0 negotiated cipher 2020/06/25 00:29:05.467 kid1| ERROR: negotiating TLS on FD 15: error::lib(0):func(0):reason

Re: [squid-users] reverse proxy Squid 4

):func(0):reason(0) (5/-1/0) > A packet trace of what is being attempted will be useful then. Will try to save one. Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Squid 4 and on_unsupported_protocol

espond all How can I change this to allow websockets through Squid, but preferably only for a specific SRC IP addr. acl? Regards, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid 4 and on_unsupported_protocol

not being able to connect to wss://web.whatsapp.com/ws. Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid 4 and on_unsupported_protocol

x.domain.org/proxy-error/?a=%a&B=%B&e=%e&E=%E&H=%H&i=%i&M=%M&o=%o&R=%R&T=%T&U=%U&u=%u&w=%w&x=%x&acl=bad_mimetypes bad_requested_mimetypes deny_info http://fwprox.domain.org/proxy-error/?a=%a&B=%B&e=%e&E=%E&H=%H&i=%i&M=%M&

Re: [squid-users] Squid 4 and on_unsupported_protocol

On Tuesday, June 30, 2020, 1:41:57 PM GMT+2, Eliezer Croitor wrote: > ^(w[0-9]+|[a-z]+\.)?web\.whatsapp\.com$ Yes, it does. I should have seen that... Thanks for your help! Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org h

[squid-users] Cannot access web servers with a specific browser

hrome? Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Cannot access web servers with a specific browser

x27;? If I let the clients by-pass the Squid proxy and connect directly to the servers the web pages are properly accessed -- no issues. Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Cannot access web servers with a specific browser

On Monday, September 14, 2020, 6:01:43 PM GMT+2, Alex Rousskov wrote: >> I get this when trying to access a web page with a specific browser (Google >> Chrome). > > What is your Squid version? Does it have a fix for GREASE support as > detailed in https://github.com/squid-cache/squid/pull/66

Re: [squid-users] Cannot access web servers with a specific browser

an confirm that fixed the issue. Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] acl for urls without regex

\{\} Regards, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] ACL matches when it shouldn't

gging  to see which record in this ACL is actually triggering the denial? I'm trying with: debug_options rotate=1 ALL,1 85,2 88,2 Then I grep the log for bad_dst_urls and DENIED, but I can't seem to find a clear match. Regards, Vieri ___ squid-

[squid-users] ACL matches when it shouldn't

MG162xHfYRV9vx_47kWuXs/view?usp=sharing Squid doesn't complain about syntax errors so I'm assuming the ACL is as expected. Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] ACL matches when it shouldn't

Thank you very much. I will try to set up an external ACL so I don't have to worry about regular expressions. Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] ACL matches when it shouldn't

lead to searching only 2 files: topdir/w/domains topdir/w/urls An example for a client requesting https://01.whatever.com/x would also lead to searching only 2 files: topdir/0/domains topdir/0/urls An example for a client requesting https://8.8.8.8/xyz would also lead to searching only 2 files: topdir/8/domains topdir/8/urls Any ideas or links to scripts that already prepare lists for this? Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] websockets through Squid

orted_protocol tunnel serverTalksFirstProtocol on_unsupported_protocol respond all I am obviously not using on_unsupported_protocol properly. Any suggestions? Regards, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cac

[squid-users] websockets through Squid

I also tried: on_unsupported_protocol tunnel all on Squid v. 4.13. I don't see any denials in the access log. The only thing I see regarding the URL I mentioned earlier is: TCP_MISS/200 673 GET https://ed1lncb62202.webex.com/direct? - ORIGINAL_DST/62.109.225.31 text/html It is easy to reprodu

[squid-users] websockets through Squid

Hi, Using Google Chrome instead of Firefox gives me the same result: Error during WebSocket handshake: Unexpected response code: 200 I'm not sure what to look for in cache.log. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists

[squid-users] websockets through Squid

llow direct_dst_domains Thanks Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] websockets through Squid

OK, so I'm now trying to compile Squid 5 instead of backporting to V 4, but I'm getting this silly error: cp ../../src/tests/stub_fd.cc tests/stub_fd.cc cp: cannot create regular file 'tests/stub_fd.cc': No such file or directory make[3]: *** [Makefile:1452: tests/stub_fd.cc] Error 1 I guess it

[squid-users] websockets through Squid

> As a workaround, try sequential build ("make" instead of "make -j...") I removed -j, but I'm still getting a similar error: cp ../../src/tests/stub_fd.cc tests/stub_fd.cc cp: cannot create regular file 'tests/stub_fd.cc': No such file or directory make[3]: *** [Makefile:1402: tests/stub_fd.cc]

Re: [squid-users] websockets through Squid

../src/tests/stub_fd.cc tests/stub_fd.cc cp: cannot create regular file 'tests/stub_fd.cc': No such file or directory Would you like to review the full build log? Regards, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] websockets through Squid

I'm also getting this other file that can't be copied: cp ../../src/tests/stub_debug.cc tests/stub_debug.cc cp: cannot create regular file 'tests/stub_debug.cc': No such file or directory make[3]: *** [Makefile:1490: tests/stub_debug.cc] Error 1 Tried "make" and "make -j1", but the error message

Re: [squid-users] websockets through Squid

Just a quick test and question. If I manually create the tests subdirs and run make then I get an error such as: /bin/sh ../../libtool  --tag=CXX   --mode=link x86_64-pc-linux-gnu-g++ -Wall -Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Woverloaded-virtual -pipe -D_REENTRANT -O2 -pipe  -

[squid-users] websockets through Squid

ade36 all's well: https://drive.google.com/file/d/1y-3wlDT_OrwSp7epvDq63xpkYv8gu9Pq/view?usp=sharing So now I'm just going to have to spot the difference. Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org htt

Re: [squid-users] websockets through Squid

ystem to "patch" cfgaux so I guess "econf" automatically detects something in the squid tarball that makes it patch the config.* files. Thanks for your time. Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] websockets through Squid

E/000 0 CONNECT 62.109.225.174:443 - ORIGINAL_DST/62.109.225.174 - What does NONE_NONE/000 mean? Where can I go from here? What can I try to debug this further? Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] websockets through Squid

=binary&rand=1602830016480&uuidtag=5659FGE6-DF29-47A7-859A-G4D5FDC937A2&gatewayip=PUB_IPv4_ADDR_2 was interrupted while the page was loading. Thanks for all the help you can give me. Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] websockets through Squid

force connections out one interface only for the Squid cache or tell Squid to only bind to one interface. It's only a wild guess though. Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] websockets through Squid

change the way "local" is assigned an address. Is there a way to keep "local" always the same? Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] websockets through Squid

drive.google.com/file/d/1OrB42Cvom2PNmV-dnfLVrnMY5IhJkcpS/view?usp=sharing I see a lot of '101 Switching Protocols' and references to upgrade to websockets, but I'm not sure where it is actually failing. I don't know how to narrow this down further, but if someo

Re: [squid-users] websockets through Squid

stination server is not the same one as in the packet trace, but that's what the client gets each time (it keeps showing '101 Switching Protocols' over and over). Please let me know if I should add something to the bug report, or if you see anything

[squid-users] sslbump https intercepted or tproxy

use tproxy with https traffic? I'm asking because I don't see any issues with tproxy, with the added advantage of being able to route on the gateway per source IP addr. (in intercepted mode, the source is always Squid). Are there any reasons for which one would not use TPROX

[squid-users] squid restart

n to restart Squid once daily. I'll try not to, but I was hoping to see if there was a reliable way to fully restart the Squid process. Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid restart

squid restart) from > crontab, that ulimit is not honored. I guess that's the root cause of my > issue because I am asking cron to restart Squid once daily. I'll try not to, > but I was hoping to see if there was a reliable way to fully restart the > Squid process. >

[squid-users] squid restart

iptors: 63959     Reserved number of file descriptors:   100     Store Disk files open:       0 I'm not sure why, but it works. Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] websockets through Squid

On Wednesday, November 4, 2020, 3:27:25 AM GMT+1, Alex Rousskov wrote: >   https://bugs.squid-cache.org/show_bug.cgi?id=5084 Hi, I added a comment to that bug report. I cannot reproduce the problem anymore, at least not with the latest version of Squid 5. Thanks, Vi

[squid-users] Squid 5 service stops after assertion failure

ly exits. A manual restart works, but I don't know for how long. The external script "bllookup" is probably responsible for bad output, but maybe Squid could handle it without crashing. Regards, Vieri ___ squid-users mailing list squid-

Re: [squid-users] Squid 5 service stops after assertion failure

neral crash. On the other hand a general failure forces me to look into this issue with greater celerity. ;-) Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid 5 service stops after assertion failure

On Sunday, January 24, 2021, 11:08:49 PM GMT+1, Alex Rousskov wrote: > Filing a bug report with Squid Bugzilla may increase chances of this problem > getting fixed. Done here: https://bugs.squid-cache.org/show_bug.cgi?id=5100 Thanks,

[squid-users] c-icap, clamav and squid

heck regarding this? Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Why some traffic is TCP_DENIED

BTW this might be irrelevant but these messages seem to come up when accessing office 365 sites. Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] kswapd0 and memory usage

,1 in my squid config file, and sifting through cache.log doesn't give me any clues. If this were to happen again (not sure when or if) what should I try to search for? Regards, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org

Re: [squid-users] kswapd0 and memory usage

out to happen. It runs something like timeout 30 squidclient mgr:info and if it actually times out then it restarts both squid and c-icap. So I'm afraid I might not get anything out of "squidclient mgr:mem", but I will run top -b -n 1 and ps waux. Thanks, Vieri __

[squid-users] SSL handshake

t might be because of change in the remote web service. It might be that my openssl version is already too old (1.1.1g), and that the web site forces the use of an unsupported cypher? Regards, Vieri ___ squid-users mailing list squid-users@lists.squid

Re: [squid-users] SSL handshake

Hi, I don't know if my situation is like Nishant's, but today my issues have gone away without intervention on my behalf. I'm guessing the cause was on the remote server's side or some in-between SSL inspection... Thanks, Vieri ___

Re: [squid-users] TCP out of memory

get the same partial improvement as the one I've witnessed this week. Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] TCP out of memory

, at least at first. I must say that it seems to be growing faster now. I had 4k two days ago, now I have: Largest file desc currently in use: 6664 Number of file desc currently in use: 6270 So it seesm that the more days go by, the faster the FD numbers rise. Vieri

Re: [squid-users] TCP out of memory

E page. Is this expected? Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] TCP out of memory

An error occured in end-of-data handler !return code : -1, req->allow204=1, req->allow206=0 Here's Squid's log: https://drive.google.com/file/d/18HmM8pOuDQmE4W_vwmSncXEeJSvgDjDo/view?usp=sharing I was hoping I could relate this to the original topic, but I'm afraid they ar

Re: [squid-users] ICAP 500 is not bypassed

Alex, thanks for your time. Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] installing Squid: /run dir creation

e /run dir. Is it necessary to keep this in the Makefile? Shouldn't the /run/* files be created at runtime anyway? The /run dir is also created by the OS. Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.

Re: [squid-users] installing Squid: /run dir creation

lation is trying to write to /run, or if there are other parts of the installation code that might do so too. I'll make a few tests first, but correct me if I'm wrog when I say that if one *always* passes the same PID file path to the configure script then that mkin

Re: [squid-users] installing Squid: /run dir creation

I can add the following info to my previous e-mail. Here's the configure command (the pid file name is always the same -- other options may vary according to user preferences or system deps): $ ./configure --prefix=/usr --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --mandir=/usr/share/

[squid-users] daily releases

daily". Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] daily releases

7;s download page are hand-picked because they are known to solve bugs, and are considered to be somewhat "stable". For instance, if I were to rsync today would I get the same code as that of the above mentioned tarball? Another simple solution would be to be able to list the fi

[squid-users] external helper

this message: external_acl.cc(1085) Start: externalAclLookup: will wait for the result of 'http www.fltk.org 80 / -' in 'bllookup' (ch=0x5633eaab2118). Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] external helper

On Thursday, March 5, 2020, 11:37:28 AM GMT+1, Amos Jeffries wrote: > > It means the 'acl' line in squid.conf did not contain any value to pass as > extra parameter(s) to that helper lookup. > > See > Thanks! _

[squid-users] debug a failure connection

would be more useful? Regards, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] dynamic ACLs

eload Squid, a bit like ipsets with iptables/nftables without the need to reload rules? Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] tproxy sslbump and user authentication

through a tproxy ssl-bump host (Squid #2) which would basically analyze/filter traffic via ICAP. Has anyone already dealt with this problem, and how? Regards, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid

Re: [squid-users] tproxy sslbump and user authentication

do. If you have > ability to use explicit-proxy, do so. Unfortunately, some programs don't support proxies, or we simply don't care and want to force-filter traffic anyway. Vieri ___ squid-users mailing list squid-users@lists.squid-cache.o

Re: [squid-users] tproxy sslbump and user authentication

che.org/SquidFaq/InterceptionProxy#Why_can.27t_I_use_authentication_together_with_interception_proxying.3F> >>> >>> Why bother with the second proxy at all? The explicit proxy has access >>> to all the details the interception one does (and more - such as >>> credentials). It should be able to do all filt

[squid-users] explicit proxy and iptables

e on the "first node" with the explicit Squid proxy. I presume that in this case there is NO WAY I can somehow inform the gateway on node 2 of the "real" clent IP addresses? I can imagine the answer to this silly question, but nonetheless I prefer to as

[squid-users] squid reverse proxy (accelerator) for MS Exchange OWA

'10.215.144.21'. HTTP request sent, awaiting response... 200 OK Length: 1546 (1.5K) [text/html] What can I try? Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid reverse proxy (accelerator) for MS Exchange OWA

penssl' '--with-nettle' '--with-gnutls' '--enable-ssl-crtd' '--disable-ecap' '--disable-esi' '--enable-htcp' '--enable-wccp' '--enable-wccpv2' '--enable-linux-netfilter' '--with-mit-krb5' '--without-heimdal-krb5' 'build_alias=i686-pc-linux-gnu' 'host_alias=i686-pc-linux-gnu' 'CC=i686-pc-linux-gnu-gcc' 'CFLAGS=-O2 -march=i686 -pipe' 'LDFLAGS=-Wl,-O1 -Wl,--as-needed' 'CXXFLAGS=-O2 -march=i686 -pipe' 'PKG_CONFIG_PATH=/usr/lib/pkgconfig' Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid reverse proxy (accelerator) for MS Exchange OWA

nd I finally got a clear hint. Basically, I was missing sslcafile. My setup works now. Thanks Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid reverse proxy (accelerator) for MS Exchange OWA

#x27; '--disable-snmp' '--with-openssl' '--with-nettle' '--with-gnutls' '--disable-ssl-crtd' '--disable-ecap' '--disable-esi' '--enable-htcp' '--enable-wccp' '--enable-wccpv2' &#x

Re: [squid-users] squid reverse proxy (accelerator) for MS Exchange OWA

ceed. Regardless, it all seems to be working now, even with Squid 3.5.14. Thanks again, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid reverse proxy (accelerator) for MS Exchange OWA

L had logged how they were actually hitting on the server. Anyway, it's not a big deal now that I know what to do if this kind of connection issue comes back up. It could be useful to others though if the logging could be a tad more verbose or if Squid could retry connections by explict

Re: [squid-users] squid reverse proxy (accelerator) for MS Exchange OWA

the connection still fails then you will need to analyze traffic with the peer to find out the reason." In my case, that would have been enough info in Squid's log to fix the issue. Thanks again. Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid reverse proxy (accelerator) for MS Exchange OWA

, which fails. The end.", but whenever that happens (and the info is 0, only "handshake error") wouldn't it be safe to just print a hint line in the server's log? Anyway, as I said before, I know what to do from now on so it's not a big deal. ;-) Thanks again, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] renegotiation

ING How can I disable client renegotiation? Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] renegotiation

- Original Message - From: Amos Jeffries > Renegotiating to an insecure version or cipher set is an issue to be > fixed by configuring tls-min-version=1.Y and tls-options= disabling > unwanted ciphers etc. > > The potential DoS related to renegotiation is now prevented by rate > limit

[squid-users] choose TLS version

Hi, Are the following two lines equivalent? https_port ... options=NO_SSLv3,NO_SSLv2,NO_TLSv1_1,NO_TLSv1 https_port ... tls-min-version=1.2 Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org

[squid-users] Cannot access https site

d this? If I add 151.101.1.69 to allowed.domains I get a SQUID SSL handshake error page with https://*.stackexchange.com/* (bad write retry). What am I doing wrong? Also, would I have performance issues if the "allowed.domains" ACL file beco

Re: [squid-users] Cannot access https site

ion,unix_group,wbinfo_group,LDAP_group,eDirectory_userip,kerberos_ldap_group' '--enable-log-daemon-helpers' '--enable-url-rewrite-helpers' '--enable-cache-digests' '--enable-delay-pools' '--enable-eui' '--enable-icmp' &#x

[squid-users] squid and c-icap ERR_ICAP_FAILURE

a known issue and update to the latest version first, right? Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Squid TPROXY issues with Google sites

cond, I am unable to scan content since Squid is splicing all Google traffic. However, if I "bump AllowTroublesome", I can enter my username in https://accounts.google.com, but trying to access to the next step (user password) fails with an unreported error. Any suggestions? Vieri

Re: [squid-users] Squid TPROXY issues with Google sites

ice". 2) I am not denying access to any Google service except for "play" and "mail". Not being able to press "the Next button" is what I meant by "unreported error" in my previous e-mail. It is easy to reproduce with my squid.conf. Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid TPROXY issues with Google sites

example above even when peeking at step 1? If I need to peek at step 2 for GoogleAccounts to splice then I take it I won't be able to "bump all" (the rest). Likewise, If I need to stare at step 2 then I'll never be able to splice GoogleAccounts. Please let me know if I'm

[squid-users] squid block by Content-Type or Content-Disposition

his is obviously too restrictive. This must be a dumb mistake on my behalf. What am I missing? Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] squid sslbump and certificates

code: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) SSL Certficate error: certificate issuer (CA) not known: /C=US/O=GeoTrust, Inc./OU=Domain Validated SSL/CN=Secure Site Starter DV SSL CA - G2 Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org

Re: [squid-users] squid block by Content-Type or Content-Disposition

specific with ACL entries such as: ^application/x-cab$ Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid sslbump and certificates

;> /usr/local/share/proxy-settings/allowed.certs In squid.conf: sslproxy_foreign_intermediate_certs "/usr/local/share/proxy-settings/allowed.certs" Restarted Squid but still had the same error page. I guess I can stick to the system-wide

Re: [squid-users] Squid TPROXY issues with Google sites

L match with url_regex. Thanks Alex. Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid sslbump and certificates

From: Amos Jeffries > > Which version of Squid are you using now? I still haven't found the time to update my systems but the squid version I was running this on was/is 3.5.14. I probably need to catch up for this feature to work correc

[squid-users] failed to bump Twitter

Hi, I can't seem to be able to bump Twitter. Whenever a client tries to browse https://twitter.com there's a connection refusal error page (111). Any clue as to what I could try? # grep -v ^# squid.test.conf | grep -v ^$ http_access allow localhost manager http_access deny manager http_port 32

Re: [squid-users] squid sslbump and certificates

From: Eliezer Croitoru > > What OS? Linux 4.8.17-hardened ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] failed to bump Twitter

From: Amos Jeffries > > Squid is simply not able to make outbound TCP connections to twitter.com > (which according to your OS is hosted by 199.16.156.6). It seems to be a DNS issue. Thanks Vieri ___ sq

[squid-users] squid ssl bump and Adobe Connect

plyBody: INCOMPLETE_MSG from local=10.215.145.187:60291 remote=54.247.125.57:443 FD 15 flags=25 Any ideas? Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid ssl bump and Adobe Connect

From: Alex Rousskov > >> 1496665088.143 6 10.215.145.187 TAG_NONE/400 4428 NONE >> error:invalid-request - HIER_NONE/- >> text/html> > I recommend finding the place in the debugging cache.log where Squid > generates the above error response and then going

[squid-users] ACLs allow/deny logic

4.165.120:80 remote=10.215.144.237 FD 56 flags=17 2017/06/26 09:51:24.484 kid1| 11,2| client_side.cc(1392) sendStartOfMessage: HTTP Client REPLY: I see 2 apparently contradictory log messages (well, for me that is -- I'm still learning how to read the log): The reply for POST http://149.154.165.120/api is DENIED, because it matched allowed_restricted1_ips The reply for POST http://149.154.165.120/api is ALLOWED, because it matched allowed_restricted1_ips Why is this happening? Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] ACLs allow/deny logic

eny ... http_access deny intercepted !localnet http_access allow localnethttp_access deny all Is there anything wrong with this? Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] ACLs allow/deny logic

you suggested and see if that logic applies correctly (at least to my undertsanding ;-) ). Thanks for your valuable help, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Squid custom error pages and javascript/css url sources

he client requested an http site. However, for https sites the css and js files do not load. What alternatives do I have? Should I always redirect with deny_info instead? Is there a "catch-all" for deny_info? Thanks, Vieri ___ squid-users

Re: [squid-users] Squid custom error pages and javascript/css url sources

From: Eliezer Croitoru > > //%h/ It works great. Thanks Eliezer. Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] squid stops replying

low-x-forwarded-for' '--with-large-files' '--disable-strict-error-checking' '--disable-arch-native' '--with-ltdl-includedir=/usr/include' '--with-ltdl-libdir=/usr/lib64' '--with-libcap' '--enable-ipv6' '--disable-sn

Re: [squid-users] squid stops replying

: debug_options rotate=1 ALL,1 Should I set a different level BEFORE it "stops working", ie. "now"? I'm asking because it's going to take a long while to reproduce this issue, and I just want to make sure I'll have enough info when it happens. Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

  1   2   3   >