Re: [squid-users] How to configure a "proxy home" page ?

26.03.2018 05:05, Amos Jeffries пишет: > On 26/03/18 11:05, Yuri wrote: >> And yes, HTTPS is insecure by design and all our actions does not it >> less insecure :-D > We are not talking about HTTPS. Only about TLS. Because the TLS decrypt > is what is "failing" a

Re: [squid-users] How to configure a "proxy home" page ?

Waa. You're right. I hurried. Hmm. Seems we're can't distinguish unknown server CA and unknown proxy CA. Sadly. 26.03.2018 05:14, Amos Jeffries пишет: > On 26/03/18 11:15, Yuri wrote: >> I mean, for example: >> >> SSL_ERROR_CLIENT_DOES_NOT_KNOW_

Re: [squid-users] How to configure a "proxy home" page ?

26.03.2018 05:23, Amos Jeffries пишет: > On 26/03/18 12:07, Yuri wrote: >> 26.03.2018 05:05, Amos Jeffries пишет: >>> On 26/03/18 11:05, Yuri wrote: >>>> And yes, HTTPS is insecure by design and all our actions does not it >>>> less insecure :-D >>

Re: [squid-users] How to configure a "proxy home" page ?

26.03.2018 06:30, Amos Jeffries пишет: > On 26/03/18 12:34, Yuri wrote: >> 26.03.2018 05:23, Amos Jeffries пишет: >>> On 26/03/18 12:07, Yuri wrote: >>>> 26.03.2018 05:05, Amos Jeffries пишет: >>>>> On 26/03/18 11:05, Yuri wrote: >>>>&g

Re: [squid-users] How to configure a "proxy home" page ?

26.03.2018 06:41, Yuri пишет: > > 26.03.2018 06:30, Amos Jeffries пишет: >> On 26/03/18 12:34, Yuri wrote: >>> 26.03.2018 05:23, Amos Jeffries пишет: >>>> On 26/03/18 12:07, Yuri wrote: >>>>> 26.03.2018 05:05, Amos Jeffries пишет: >>>>

Re: [squid-users] How to configure a "proxy home" page ?

26.03.2018 07:08, Amos Jeffries пишет: > On 26/03/18 13:44, Yuri wrote: >> >> 26.03.2018 06:41, Yuri пишет: >>> 26.03.2018 06:30, Amos Jeffries пишет: >>>> On 26/03/18 12:34, Yuri wrote: >>>>> 26.03.2018 05:23, Amos Jeffries пишет: >>>

Re: [squid-users] How to configure a "proxy home" page ?

26.03.2018 15:33, Matus UHLAR - fantomas пишет: >>>>>> Le 25/03/2018 à 13:08, Yuri a écrit : >>>>>>> The problem is not install proxy CA. The problem is identify client >>>>>>> has no proxy CA and redirect, and do it only one time. >

Re: [squid-users] How to configure a "proxy home" page ?

e > elliptic-curve host key on each host for a time > [2] e.g. https://github.com/mitmproxy/mitmproxy > > > > Von: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] Im > Auftrag von Yuri > Gesendet: Montag, 26. März 2018 03:13 > An: squid-users@lists.squid-ca

Re: [squid-users] delay-pool based on authentication

Probably, yes. I'm not so good in delay pools, but I guess you moving to right direction. First require to make clean users separation. I think, Amos can consult you better. ;-) 26.03.2018 19:46, vv...@gmx.net пишет: > Dear Yuri, > > thank you for your quick reply. > I spe

Re: [squid-users] How to configure a "proxy home" page ?

26.03.2018 02:47, Eliezer Croitoru пишет: > Hey Nicolas and Yuri > > I do not know your level of JS or other thing but... a splash page is mearly > a transition step. > Since you can check using JS if the certificate is installed you can design > it in such a way that

Re: [squid-users] How to configure a "proxy home" page ?

26.03.2018 21:36, Matus UHLAR - fantomas пишет: > On 26.03.18 19:16, Yuri wrote: >> Disagree. >> >> My point about TLS is quite different. >> >> SSH, by design, assumes end-to-end encryption and do not assumes any >> third-party treats as trusty, like TLS d

Re: [squid-users] How to configure a "proxy home" page ?

Waaa, Matus, the idea is trivial. Catch SSL UNKNOWN ISSUER error on squid's acl and redirect by 302 to proxy page with instructions. Which requires user's involving. How much can repeat the obvious 26.03.2018 21:41, Matus UHLAR - fantomas пишет: > On 25.03.18 23:47, Eliezer Croitoru w

Re: [squid-users] How to configure a "proxy home" page ?

Since the client should be involved, our business is to redirect him to the instructions page where he will make a decision - whether to put a proxy certificate or not. And on this page, in turn, is a script that makes this task easier. But does not install the certificate automatically - in this w

Re: [squid-users] ssl , TAG_NONE/503 0 CONNECT

With correctly configured SSL Bump-enabled Squid there is no problem to access this page. http://img04.imgland.net/O71or-y.png 15.11.2016 16:54, Dmitry Melekhov пишет: Hello! User complained that he can't access https://es.ciur.ru/auth/login-page over squid. I tried, and all I see in log i

Re: [squid-users] caching videos over https?

, --Ahmad-- <mailto:ahmed.za...@netstream.ps>> wrote: thanks yuri you have been great guy and still . kind regards On Nov 20, 2016, at 2:11 PM, Yuri Voinov mailto:yvoi...@gmail.com>> wrote: I'm not about it. There is a difference between help and pas

Re: [squid-users] How to block www.infobae.com

http://img02.imgland.net/IqkhVlQ.png So? Add this in squid.conf: acl ib dstdomain .infobae.com http_access deny ib Viola: http://img02.imgland.net/B4ZhnZm.png 25.11.2016 18:34, chcs пишет: I did it all changes, but again, doesnt works out. Please anybody, can test this domain (www.infobae.

Re: [squid-users] Setup wccp2 with squid3 and cisco switch 4507

oy. Best regards *From:*squid-users [mailto:squid-users-boun...@lists.squid-cache.org] *On Behalf Of *Yuri Voinov *Sent:* quarta-feira, 14 de dezembro de 2016 16:02 *To:* squid-users@lists.squid-cache.org *Subject:* Re: [squid-users] Setup wccp2 with squid3 and cisco switch 4507 May be, this

Re: [squid-users] Squid performance 3.5.20 → 3.5.23

"Premature optimization is root of all evlis". 13.01.2017 16:10, Stephen Baynes пишет: Is there a known performance fall off going 3.5.20 → 3.5.23? I am seeing a 15% to 20% performance drop on my normal download benchmark and a crude test of uploading shows a few percent slowdown. Running o

Re: [squid-users] Help with Certificate validation

18.01.2017 17:37, Amos Jeffries пишет: On 18/01/2017 8:31 a.m., Yuri Voinov wrote: Put your regression server to SSL Bump splice rule. If the situation requires SSL-Bump at all then there is no good solution, because the browser itself is doing CRL checks and rejection. Squid cannot change

[squid-users] Squid 4.x: Intermediate certificates downloader

Hi, gents. I have some stupid questions about subject. 1. How does it work? I.e., where downloaded certs stored, how it handles, does it saves anywhere to disk? Because of this feature is completely undocumented and it did not follow from the source code. 2. How this feature is related to ss

Re: [squid-users] Not all html objects are being cached

27.01.2017 9:10, Amos Jeffries пишет: On 27/01/2017 9:46 a.m., Yuri Voinov wrote: 27.01.2017 2:44, Matus UHLAR - fantomas пишет: 26.01.2017 2:22, boruc пишет: After a little bit of analyzing requests and responses with WireShark I noticed that many sites that weren't cached had diff

Re: [squid-users] Not all html objects are being cached

27.01.2017 17:54, Garri Djavadyan пишет: On Fri, 2017-01-27 at 15:47 +0600, Yuri wrote: --2017-01-27 15:29:54-- https://www.microsoft.com/ru-kz/ Connecting to 127.0.0.1:3128... connected. Proxy request sent, awaiting response... HTTP/1.1 200 OK Cache-Control: no-cache, no-store

Re: [squid-users] Not all html objects are being cached

? 27.01.2017 17:54, Garri Djavadyan пишет: On Fri, 2017-01-27 at 15:47 +0600, Yuri wrote: --2017-01-27 15:29:54-- https://www.microsoft.com/ru-kz/ Connecting to 127.0.0.1:3128... connected. Proxy request sent, awaiting response... HTTP/1.1 200 OK Cache-Control: no-cache, no-store

Re: [squid-users] Not all html objects are being cached

27.01.2017 18:05, Antony Stone пишет: On Friday 27 January 2017 at 12:58:52, Yuri wrote: Again. What is the difference? I open it from different workstations, from different browsers - I see the same thing. The code is identical. I can is to cache? Yes or no? You're entitled to do wha

Re: [squid-users] Not all html objects are being cached

27.01.2017 18:25, Antony Stone пишет: On Friday 27 January 2017 at 13:15:21, Yuri wrote: 27.01.2017 18:05, Antony Stone пишет: You're entitled to do whatever you want to, following standards and recommendations or not - just don't complain when choosing not to follow those sta

Re: [squid-users] HTTPS woes

Try to specify roots CA bundle/dir explicity by specifying one of this params: # TAG: sslproxy_cafile #file containing CA certificates to use when verifying server #certificates while proxying https:// URLs #Default: # none # TAG: sslproxy_capath #directory containing CA certific

Re: [squid-users] HTTPS woes

diate certs or do you have to download them all manually? No. You should build it by yourself. Cheers, oli...@lennox-it.uk lennox-it.uk <http://lennox-it.uk/> tel: 07900 648 252 ---- *From:* Yuri *To:* squid-users@lists.squi

Re: [squid-users] squid 4.0.19 error with certificates

35 GMT, Yuri Voinov <mailto:yvoi...@gmail.com>> wrote: Check this. It seems this is the issue: http://bugs.squid-cache.org/show_bug.cgi?id=4711 30.04.2017 12:02, snable snable пишет: hello i am using squid on a external box. i forward all traffic from my openw

Re: [squid-users] squid 4.0.19 error with certificates

. marco- Contact Using Hop <http://GetHop.com/?_hmid=1493630170> On May 1, 2017 at 9:13 GMT, Yuri <mailto:yvoi...@gmail.com>> wrote: Sorry, this is not solution. All https spliced means for me catastrophyc drop byte hit. I knew about this wrkarnd from the beginni

Re: [squid-users] ssl bump and chrome 58

[mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of Rafael Akchurin Sent: Wednesday, May 3, 2017 10:48 AM To: Flashdown ; Yuri Voinov Cc: squid-users@lists.squid-cache.org Subject: Re: [squid-users] ssl bump and chrome 58 [This sender failed our fraud detection checks and may not be who

Re: [squid-users] ssl bump and chrome 58

Exactly. 03.05.2017 16:32, Rafael Akchurin пишет: And on 3.5 too? -Original Message- From: Yuri [mailto:yvoi...@gmail.com] Sent: Wednesday, May 3, 2017 12:30 PM To: Rafael Akchurin ; Flashdown Cc: squid-users@lists.squid-cache.org Subject: Re: [squid-users] ssl bump and chrome 58

Re: [squid-users] Huge memory required for squid 3.5

s on behalf of Alex Rousskov *Sent:* Wednesday, April 26, 2017 7:37 PM *To:* squid-users@lists.squid-cache.org *Subject:* Re: [squid-users] Huge memory required for squid 3.5 On 04/26/2017 09:35 AM, Yuri Voinov wrote: > This is openssl issue or squid's? AFAIK, the underlying issue (i.e.,

Re: [squid-users] Squid works with ssl bump in intercept mode and root certificate in browser, but apps does not work

The issue is crystal: tlsv1 alert unknown ca Check you configured CA bundle available for squid. Either FB, Twitter works via browser. Apps (usually uses from mobiles) also required to install proxy CA into devices. If they pinned, just write splice acl to pass it without bump. 18.05.2017 16

Re: [squid-users] a bit off topic. New user question

--delete-after delete files locally after downloading them I know this by simple execution wget --help :-D Feel free to do RTFM :-D 23.05.2017 5:39, George Diaz пишет: Hi sorry this off-topic question ... I want pre-cache some object from some interest host with wget.

Re: [squid-users] Wrong timestamp??

You ask us, how do you have time zones on the your server configured? :) 25.05.2017 0:49, erdosain9 пишет: > Hi to all. > This is strange... > if a put "date" i get the actual time. I mean the time it's correct. > More or less in this moment it is > > [root@squid ~]# date > mié may 24 15:59:59 AR

Re: [squid-users] Wrong timestamp??

I've take a look on one of my servers: root @ khorne / # date Thu May 25 01:09:38 ALMT 2017 root @ khorne / # su - squid squid @ khorne $ date Thu May 25 01:10:01 ALMT 2017 Is is ok. Either from root, or from non-privileged user. Well, let's run squidclient: # su - squid squid @ khorne $ cd /u

Re: [squid-users] Wrong timestamp??

, Yuri пишет: > I've take a look on one of my servers: > > root @ khorne / # date > Thu May 25 01:09:38 ALMT 2017 > root @ khorne / # su - squid > squid @ khorne $ date > Thu May 25 01:10:01 ALMT 2017 ^^^ Local TZ > > Is is ok. Either from r

Re: [squid-users] Youtube not TCP_HIT Squid3.5.21-25

With defrosting! Welcome from the cryocamera outside :-D http://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube/Discussion 26.05.2017 19:09, Eduardo Carneiro пишет: I have the same issue. And not just Youtube, but any dynamic content cache. If you need to rewrite doesn't work. --

Re: [squid-users] Youtube not TCP_HIT Squid3.5.21-25

To better understanding pls read this and all related: http://wiki.squid-cache.org/ConfigExamples/DynamicContent http://wiki.squid-cache.org/Features/StoreID YT, FB, Vimeo uses dynamic content and requires additional efforts to make content cacheable (with some restrictions). The issue your exp

Re: [squid-users] Youtube not TCP_HIT Squid3.5.21-25

28.05.2017 21:09, Eduardo Carneiro пишет: > Ok. Tell me what technical details you need and I post here. Configs. Logs. Topology. Usecases. Examples for single transactions. > > But if this were an ignoring cache-control issue, wouldn't that happen on > squid 3.5.19 and previous versions as well?

Re: [squid-users] Youtube not TCP_HIT Squid3.5.21-25

Yup, thank you, Amos, for details. I do not remember all changelogs exactly. 29.05.2017 3:09, Amos Jeffries пишет: > On 29/05/17 05:21, Yuri wrote: >> >> 28.05.2017 21:09, Eduardo Carneiro пишет: >>> Ok. Tell me what technical details you need and I post here. &g

Re: [squid-users] telegram app on android

http://wiki.squid-cache.org/ConfigExamples/Chat/Telegram 11.06.2017 18:31, snable snable пишет: > hi > > i get these error messages and telegram cant connect: > > squid 4.0.20 > bumping only specific sites > > > 1497184119.235 1 192.168.1.200 NONE_ABORTED/200 0 CONNECT > 149.154.167. > 51:4

Re: [squid-users] telegram app on android

Do not thank :) 11.06.2017 18:33, Yuri пишет: > > http://wiki.squid-cache.org/ConfigExamples/Chat/Telegram > > > 11.06.2017 18:31, snable snable пишет: >> hi >> >> i get these error messages and telegram cant connect: >> >> squid 4.0.20 >>

Re: [squid-users] source spoofing without tproxy?

Nice shoot, Eliezer :-D 14.06.2017 19:28, Eliezer Croitoru пишет: > Rephrase the "cheap nationally" into "cheat inernationally". > > > Eliezer Croitoru > Linux System Administrator > Mobile: +972-5-28704261 > Email: elie...@ngtech.co.il > > > -Original Message- > From: squid-users [m

Re: [squid-users] Squid and active directory

http://www.squid-cache.org/Versions/v3/3.1/manuals/squid_ldap_group.html http://lists.squid-cache.org/pipermail/squid-users/2015-October/007445.html http://www.squid-cache.org/mail-archive/squid-users/200210/0725.html http://www.squid-cache.org/mail-archive/squid-users/200309/0053.html http://w

Re: [squid-users] Get calling User Details on server

Let's open squid's default access.log: 1499201177.345155 *172.16.100.3* TCP_MISS/200 633 GET https://discovery-v4-4.syncthing.net/v2/?device=DEVICE_ID - ORIGINAL_DST/95.85.19.244 application/json third (.|awk {'print $3'}) is exactly client IP. How to get it in redirector? Read manual of

Re: [squid-users] Get calling User Details on server

e.org/Doc/config/logformat/ I guess Squid's doc answers all. > > On Wed, Jul 5, 2017 at 1:49 AM, Yuri <mailto:yvoi...@gmail.com>> wrote: > > Let's open squid's default access.log: > > 1499201177.345155 *172.16.100.3* TCP_MISS/200 633 GET &g

Re: [squid-users] Get calling User Details on server

? 05.07.2017 2:54, Muhammad Usman пишет: > Thanks a lot for your reply. > Can you please confirm if it is possible to receive custom attributes > in header and if yes, then how can I use those attributes like MAC etc? > > On Wed, Jul 5, 2017 at 1:49 AM, Yuri <mailto:yvoi...

Re: [squid-users] Get calling User Details on server

wiki.squid-cache.org/Features/ICAP However, content adaptation part is not so simple and can require some programming (up to C/C++ level), because of I don't know any ready-to-use and free solution to inject ads (Which is understandable, given that advertising is money). > > > On

Re: [squid-users] Get calling User Details on server

ustomer MAC as parameters to the JS script, in order to > keep track at user level. > Can I achieve all this through Squid or do I need to add other > software's as well. > > > On Wed, Jul 5, 2017 at 2:04 AM, Yuri <mailto:yvoi...@gmail.com>> wrote

Re: [squid-users] Get calling User Details on server

o do this using dansguardian. > The only part pending is to send IP & other information as parameter. > > data-cusip="10.1.0.1" request="" src="<a rel="nofollow" href="http://mysite.com/js"">http://mysite.com/js"

Re: [squid-users] Get calling User Details on server

Sure, http://c-icap.sourceforge.net/ http://e-cap.org/ however remember: you still require to write required module by yourself. ;-) 05.07.2017 3:31, Muhammad Usman пишет: > Can you please recommend tools designed for this? > > On Wed, Jul 5, 2017 at 2:27 AM, Yuri <mailto:yvoi.

Re: [squid-users] Get calling User Details on server

You are welcome :-) 05.07.2017 3:46, Muhammad Usman пишет: > Thanks a lot.. > > On Wed, Jul 5, 2017 at 2:42 AM, Yuri <mailto:yvoi...@gmail.com>> wrote: > > Sure, > > http://c-icap.sourceforge.net/ > > http://e-cap.org/ > > however rem

Re: [squid-users] Chaining icap and ecap services - FATAL: Received Segment Violation...dying.

Details. Squid's version, OS version, compiler version, core dump contents. 09.07.2017 22:59, bugreporter пишет: > Hi, > > Is it allowed (supported) to chain icap and ecap services (using > /adaptation_service_chain/)? I get a "FATAL: Received Segment > Violation...dying." when trying to do it wi

Re: [squid-users] Chaining icap and ecap services - FATAL: Received Segment Violation...dying.

10.07.2017 0:54, bugreporter пишет: > Thank you for your prompt response Yuri. Below information that you have > requested: > > - Squid 3.5.26 > - Linux kernel 3.10.100 on an LFS (Linux From Scratch) > - gcc-4.8.1, glibc-2.18 > > Don't yet have a core dump. Are you

Re: [squid-users] Chaining icap and ecap services - FATAL: Received Segment Violation...dying.

Also it can be issue with ecap-gzip adapter itself. AFAIK it has opened issue with segfault on some sites. Public version has not close this bug because of author abandoned project. 10.07.2017 0:54, bugreporter пишет: > Thank you for your prompt response Yuri. Below information that you h

Re: [squid-users] Chaining icap and ecap services - FATAL: Received Segment Violation...dying.

H. Bases on this log, issue occurs in ICAP processing. Most close to this: http://bugs.squid-cache.org/show_bug.cgi?id=4597 As I can remember, this bug occurs on ECAP, not with ICAP. Configuration was like you, chained ecap+icap services. Sadly, I can't show patch for 3.5, especially it was

Re: [squid-users] Chaining icap and ecap services - FATAL: Received Segment Violation...dying.

Yup, seems this is http://bugs.squid-cache.org/show_bug.cgi?id=4597 10.07.2017 13:45, bugreporter пишет: Hi Yuri , Below the gdb backtrace. I hope that it could help you resolving the issue. Regarding Squid-4.0 my understanding is that it is a beta version while I need a stable version

Re: [squid-users] Squid as gateway

Feel free to take a look inside wiki: http://wiki.squid-cache.org/SquidFaq/InterceptionProxy http://wiki.squid-cache.org/ConfigExamples/Intercept 11.07.2017 19:35, erdosain9 пишет: > Hi, and thanks. > Maybe i dont explain well. > I just want this: > > WanRouter---Squid-switch--

Re: [squid-users] Squid as gateway

Squid should be configured and built with interception support. Re-read more carefully. 11.07.2017 21:26, erdosain9 пишет: > Thanks > Yes, im looking the wiki and follow this > http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat > > And, it is not working. Nothing it is going to squid.

Re: [squid-users] WARNING: Disk space over limit

12.07.2017 3:25, Eliezer Croitoru пишет: > Hey, > > If you are using a single process ie not SMP(default) use aufs instead of > diskd cache_dir. > It's much more stable and efficient then diskd(to my knowledge). Not sure about you knowledge. Diskd is simple designed for another OS than Linux. On

Re: [squid-users] WARNING: Disk space over limit

12.07.2017 4:34, Yuri пишет: > > 12.07.2017 3:25, Eliezer Croitoru пишет: >> Hey, >> >> If you are using a single process ie not SMP(default) use aufs instead of >> diskd cache_dir. >> It's much more stable and efficient then diskd(to my knowledge).

Re: [squid-users] Chaining icap and ecap services - FATAL: Received Segment Violation...dying.

13.07.2017 5:13, bugreporter пишет: > Hi Antony, > > If they effectively don't *distribute* their modifications... But we don't > know. Thank you so much for the clarification. We're not so brainless. Even we not threat GPL as religious dogma, we're never distribute our solutions. Especially, as

Re: [squid-users] Chaining icap and ecap services - FATAL: Received Segment Violation...dying.

13.07.2017 5:13, bugreporter пишет: > Hi Antony, > > If they effectively don't *distribute* their modifications... But we don't > know. Thank you so much for the clarification. And in general, making such statements, you need to be ready to prove them in court. When you can prove that we are dis

Re: [squid-users] Chaining icap and ecap services - FATAL: Received Segment Violation...dying.

r happened again on another platform. Fortunately, on current versions there is no problem. 13.07.2017 13:38, bugreporter пишет: > Dear Yuri, > > My goal is not to hurt anybody here and if you consider that I offended you > (or rather your "sponsor") I apologize. So sorry! The

Re: [squid-users] Chaining icap and ecap services - FATAL: Received Segment Violation...dying.

14.07.2017 23:17, Amos Jeffries пишет: > On 13/07/17 22:22, Yuri wrote: >> Apologies are accepted. No problems. We ourselves were not pleased that >> we did not have enough time to write the correct and beautiful patch. At >> that time it was quite an unpleasant problem. Th

Re: [squid-users] Squid Version 3.5.20 Any Ideas

http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit http://i.imgur.com/A153C7A.png 19.07.2017 21:34, Cherukuri, Naresh пишет: > > Hi All, > > > > I installed Squid version 3.5.20 on RHEL 7 and generated self-signed > CA certificates, My users are complaining about certificate

Re: [squid-users] Squid Version 3.5.20 Any Ideas

, as the error messages are in > cache.log, which is not a browser problem ... > > the question: are the SSL bumped sites in intranet, which use a self > signed CA cert itself, which squid doesn't know? > > On 19.07.2017 17:36, Yuri wrote: >> >> http://wiki.squid-c

Re: [squid-users] Squid Version 3.5.20 Any Ideas

he.log, which is not a browser problem ... > > the question: are the SSL bumped sites in intranet, which use a self > signed CA cert itself, which squid doesn't know? > > On 19.07.2017 17:36, Yuri wrote: >> >> http://wiki.squid-cache.org/ConfigExamples/Intercep

Re: [squid-users] Squid Version 3.5.20 Any Ideas

No. Only proxy's CA public key. Private should remains on proxy only. 20.07.2017 2:49, Cherukuri, Naresh пишет: > > Thanks Yuri for quick turnover! > > > > We inly installed root certificate on all clients. We didn’t install > proxy CA’s public key on clients. So

Re: [squid-users] Squid Version 3.5.20 Any Ideas

Related OpenSSL public CA bundle - in theory it should be installed together with OpenSSL. 20.07.2017 2:49, Cherukuri, Naresh пишет: > > Thanks Yuri for quick turnover! > > > > We inly installed root certificate on all clients. We didn’t install > proxy CA’s public k

Re: [squid-users] Squid Version 3.5.20 Any Ideas

Aha, 20.07.2017 3:04, Cherukuri, Naresh пишет: > > Yuri, > > > > I am sorry I didn’t get you I already installed certificate on all > clients(trusted root certificate authorities). You want me install > proxy public key also on clients, if so were should I put the prox

Re: [squid-users] Squid Version 3.5.20 Any Ideas

20.07.2017 3:09, Cherukuri, Naresh пишет: > > Yuri, > > > > I am new to squid I learned it through searching google. My question > is I generated self-signed SSL certificates and install certificates > on IE all clients. I didn’t install proxy public key. Can you tell m

Re: [squid-users] TLS: 1st time w/intermediate cert: not working; ideas on what I'm doing wrong?

08.09.2017 3:14, L A Walsh пишет: > Got an error message from squid where I'm doing https-bumping: > > -- > The following error was encountered while trying to retrieve the URL: > https://help.ea.com/ > >    *Failed to establish a secure connection to 52.0.220.87* > > The

Re: [squid-users] TLS: 1st time w/intermediate cert: not working; ideas on what I'm doing wrong?

Ops, miss end of message :) Check all CA's chain. It is possible your root CA's bundle not complete. I usually use root CA's from Mozilla (added to squid.conf as one file) and own self-supported intermediate CA's list (file). But in addition I'm using Squid 5.x with working cert's downloade

Re: [squid-users] TLS: 1st time w/intermediate cert: not working; ideas on what I'm doing wrong?

Also. Symantec's root's can be already removed from most bundles (you should hear about it, is it?). So. May be can be required to add Symantec's root(s) manually to proxy root CA bundle. 08.09.2017 3:24, Yuri пишет: > Ops, > > miss end of message :) > > Check

Re: [squid-users] TLS: 1st time w/intermediate cert: not working; ideas on what I'm doing wrong?

Hi, Raf. Just checking on two my servers - works like charm without any movings :) I'm already have good intermediate CA's bundle :) 08.09.2017 3:42, Rafael Akchurin пишет: > Hello LA, Yuri, > > The server analysis at > https://www.ssllabs.com/ssltest/analyze.html?d=hel

Re: [squid-users] TLS: 1st time w/intermediate cert: not working; ideas on what I'm doing wrong?

08.09.2017 3:46, L A Walsh пишет: > Yuri wrote: >> Ops, >> >> miss end of message :) >>   > --- >    I did search first! ;^) > > > >> Check all CA's chain. It is possible your root CA's bundle not complete. >>   > ---

Re: [squid-users] TLS: 1st time w/intermediate cert: not working; ideas on what I'm doing wrong?

08.09.2017 3:49, Yuri пишет: > > 08.09.2017 3:46, L A Walsh пишет: >> Yuri wrote: >>> Ops, >>> >>> miss end of message :) >>>   >> --- >>    I did search first! ;^) >> >> >> >>> Check all CA's

Re: [squid-users] TLS: 1st time w/intermediate cert: not working; ideas on what I'm doing wrong?

You r welcome ;) 08.09.2017 5:25, L A Walsh пишет: > Yuri wrote: > >>>> Check all CA's chain. It is possible your root CA's bundle not >>>> complete. >>>>   >>> --- >>>    Likely problem... > > > Fixed as per UR

Re: [squid-users] Need assistance debugging Squid error: ssl_ctrd helpers crashing too quickly

It tells you what's happens. 11.09.2017 23:50, Rohit Sodhia пишет: > (ssl_crtd): Uninitialized SSL certificate database directory: > /var/lib/ssl_db. To initialize, run "ssl_crtd -c -s /var/lib/ssl_db". signature.asc Description: OpenPGP digital signature _

Re: [squid-users] Need assistance debugging Squid error: ssl_ctrd helpers crashing too quickly

s guy familiar with this kind > of stuff; I don't see anything on how to figure out what to do about it. > > On Mon, Sep 11, 2017 at 2:17 PM, Yuri <mailto:yvoi...@gmail.com>> wrote: > > It tells you what's happens. > > > 11.09.2017 23:50, Rohit Sodhi

Re: [squid-users] Need assistance debugging Squid error: ssl_ctrd helpers crashing too quickly

erts > -rw-r--r--.  1 root root    0 Sep 11 12:42 index.txt > -rw-r--r--.  1 root root    1 Sep 11 12:42 size > > > On Mon, Sep 11, 2017 at 2:22 PM, Yuri <mailto:yvoi...@gmail.com>> wrote: > > Show output of > > ls -al /var/lib/ssl_db > > >

Re: [squid-users] Need assistance debugging Squid error: ssl_ctrd helpers crashing too quickly

If this folder has incorrect permissions are there possibly other > permission issues? > > On Mon, Sep 11, 2017 at 2:25 PM, Yuri <mailto:yvoi...@gmail.com>> wrote: > > Here you root of problem. > > Should be (on my setups): > > # ls -al /var/lib/ssl_d

Re: [squid-users] Need assistance debugging Squid error: ssl_ctrd helpers crashing too quickly

those values are set in my config. Even though I'm not > using squid for caching, I need those values? They aren't set in the > default configs either. > > On Mon, Sep 11, 2017 at 2:33 PM, Yuri <mailto:yvoi...@gmail.com>> wrote: > > Most probably you squ

Re: [squid-users] Need assistance debugging Squid error: ssl_ctrd helpers crashing too quickly

ohit Sodhia <mailto:sodhia.ro...@gmail.com>> wrote: > > I'll try that immediately, thanks! I appreciate all your advice; > hopefully I won't have to reach out again :p > > On Mon, Sep 11, 2017 at 2:39 PM, Yuri <mailto:yvoi...@gmail.com>> wr

Re: [squid-users] Need assistance debugging Squid error: ssl_ctrd helpers crashing too quickly

Wait. Squid 3.5.20? So ancient? 12.09.2017 1:58, Rohit Sodhia пишет: > sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB > > I used the line from the Stack Overflow question I linked earlier. > > On Mon, Sep 11, 2017 at 3:41 PM, Yuri <mailto:yvoi...

Re: [squid-users] Need assistance debugging Squid error: ssl_ctrd helpers crashing too quickly

On Mon, Sep 11, 2017 at 4:02 PM, Yuri <mailto:yvoi...@gmail.com>> wrote: > > Wait. Squid 3.5.20? So ancient? > > > 12.09.2017 1:58, Rohit Sodhia пишет: >> sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB >> >> I used the li

Re: [squid-users] Need assistance debugging Squid error: ssl_ctrd helpers crashing too quickly

t; > On Mon, Sep 11, 2017 at 4:07 PM, Yuri <mailto:yvoi...@gmail.com>> wrote: > > Seems latest 4.0.21 is good enough. Most critical SSL-related bugs > almost closed or closed. > > At least latest 3.5.27 is released. AFAIK this is minimum to > pr

Re: [squid-users] Need assistance debugging Squid error: ssl_ctrd helpers crashing too quickly

Everything happens once for the first time;) 12.09.2017 2:18, Rohit Sodhia пишет: > Ok. Looks like 3.5.20 is the latest on the yum repo I'm using, so > guess I'll have to learn how to compile it myself; never compiled a > package before. > > On Mon, Sep 11, 2017 at 4:

Re: [squid-users] squid cache takes a break

It is just enough not to reinvent the wheel. What needs op - already exists and is called ufdbguard. And it's works perfectly with shallalist :) 13.09.2017 2:51, Eliezer Croitoru пишет: > I just must add that if you understand how TCP works(which the helpers use to > communicate with squid) then

Re: [squid-users] [squid for windows] article on how to enable sslbump

13.09.2017 21:32, Rafael Akchurin пишет: > > Greetings everyone, > >   > > For all those using Squid version for Microsoft Windows – here is the > article explaining how to enable HTTPS decryption (sslbump) on Windows > platforms. > > Please see https://docs.diladele.com/faq/squid/sslbump_squid_w

Re: [squid-users] squid-users Digest, Vol 37, Issue 30

squid-users digest..." > > > Today's Topics: > >1. Re: Need assistance debugging Squid error: ssl_ctrd helpers > crashing too quickly (Rohit Sodhia) > > > -- > > Message: 1 > Date:

Re: [squid-users] SSL Bump Failures with Google and Wikipedia

I guess in HTTP headers. =-O :-D 01.10.2017 7:05, Eliezer Croitoru пишет: > Hey Rafael, > > Where have you seen the details about brotli being used? > > Thanks, > Eliezer > > > Eliezer Croitoru > Linux System Administrator > Mobile: +972-5-28704261 > Email: elie...@ngtech.co.il > > > > -

Re: [squid-users] SSL Bump Failures with Google and Wikipedia [SOLVED]

Opera, AFAIK, now abandoned and can contain obsolete CA bundle (not sure it uses system CA storage). So, it seems this is quite different issue. 02.10.2017 5:46, L A Walsh пишет: > Jeffrey Merkey wrote: >> >> One caveat about this I discovered that there are quite a few websites >> which complet

Re: [squid-users] Content injection

Hm, Amos. But 1986 - it is ancient in 2017, yes? Over 20 years. Ethernity in IT. 02.10.2017 8:47, Amos Jeffries пишет: > On 02/10/17 02:33, B Hirsch wrote: >> Any legal references someone could point to? > > > > > > "HTML" can contain

Re: [squid-users] Content injection

In addition, hypertext is not a literary work, as it seems to me. Moreover, it is somehow attracted to the ears, do not you think? 02.10.2017 8:47, Amos Jeffries пишет: > On 02/10/17 02:33, B Hirsch wrote: >> Any legal references someone could point to? > > > >

Re: [squid-users] Content injection

And it's still said softly - it's arrtacted to the ears. Speech, as I understand it, is about the insertion of advertising banners in the pages given to clients from the proxy (cache). What are the literary works and copyright? The insertion of advertising is money, and considerable. If op is to de

Re: [squid-users] Caching URL with ?

Not enough information. Is token persistent from GET to GET? Or it changed from day to day (by hash from date, for example?) If ir persistent, it can be stored by store-ID. If not -no. The other way here is not to blame. It is necessary to understand, whether the token is really unique for unique

Re: [squid-users] Pages sometimes load as a mess of random (?) symbols

There where no idea till you show your configs. Thelepathy on vacation. 04.10.2017 20:13, Grey пишет: Hi, I'm running Squid version 3.5.23 with caching disabled. Sometimes when accessing various websites (the sites that cause this problem are always the same, such as www.tomshardware.com for ex

<    1   2   3   4   5   6   7   8   9   10   >