Re: [squid-users] Unable to cache Windows Update

It is possible, with some kind of work. However, better to use more appropriate tool to cache WU. This tool named WSUS. With inventory functions. Squid is not most appropriate tool for this job. At least, you will be forced not only cache - but keep terabytes of data. 11.10.2017 21:10, davide.mo

Re: [squid-users] Unable to cache Windows Update

The problem to cache WU with squid is: 1507749149.193   6476 172.16.100.103 TCP_HIT/206 1049109 GET http://download.win dowsupdate.com/c/msdownload/update/software/uprl/2017/09/windows-kb890830-v5.53- delta_b0898f8fe7445096d0e1085266012331038a729b.exe - HIER_NONE/- application/oct et-stream Reque

Re: [squid-users] Unable to cache Windows Update

12.10.2017 1:28, Heiler Bemerguy пишет: > >> Squid does not work well with 206. Also requires some additional work >> external relatively squid to cache WU. >> >> > > Actually it barely works with 206, there's a bug report open about it > We do not talk badly about the dead and the bugs discover

Re: [squid-users] Squid Proxy 3.5.12 - Certain Website not loading

Works okay for me. Tested on 3 squid's. 21.10.2017 22:06, jloldham пишет: > Hi, > > We have a website that we cannot access through squid, tracking the logs we > cannot see anything getting blocked. > > Can anyone else get to this website via squid https://crm.zoho.com/. Or > does anyone have an

Re: [squid-users] Squid Proxy 3.5.12 - Certain Website not loading

3.5.27 and 5.0.0 (latest) 23.10.2017 14:38, Jordan Oldham пишет: Hi Yuri, Thank you for testing, please can you let me know the version you are using so I can make sure ours matches :) Thanks for your help Jordan -Original Message- From: squid-users [mailto:squid-users-boun

Re: [squid-users] Opera (Win7SP1-x64) not connecting to google.com because of "HSTS"?

23.10.2017 23:51, L A Walsh пишет: > I've seen this before w/google in Opera -- but it doesn't seem > to happen with IE or Palemoon (both going through my SSL-bumping proxy). > Even my housemate, going through the proxy using Chrome doesn't > get this error (it also uses the system cert location)

Re: [squid-users] Opera (Win7SP1-x64) not connecting to google.com because of "HSTS"?

Sadly, I have no Opera to test. This works perfectly with Chrome/Firefox. Of course, it is require to reconfigure squid ;) 24.10.2017 4:12, L A Walsh пишет: > Yuri wrote: >> >> Try to add this: >> >> # Disable HSTS >> reply_header_access Strict-Transport-Security

Re: [squid-users] Opera (Win7SP1-x64) not connecting to google.com because of "HSTS"?

Wa, I dont like to make zoo on my laptop.. It is not softwarehouse, and, of course, not in junk dump ;) Well, may be test now on my remote station behind proxy. It is junk dump as well. :) 24.10.2017 5:28, L A Walsh пишет: > Yuri wrote: >> Sadly, I have no Opera to test. T

Re: [squid-users] Opera (Win7SP1-x64) not connecting to google.com because of "HSTS"?

5:28, L A Walsh пишет: > Yuri wrote: >> Sadly, I have no Opera to test. This works perfectly with >> Chrome/Firefox. Of course, it is require to reconfigure squid ;) >>   > >    Well rats! um, it is a free download for Win/Mac & Linux > @ http://www.op

Re: [squid-users] Opera (Win7SP1-x64) not connecting to google.com because of "HSTS"?

25.10.2017 8:14, L A Walsh пишет: > Yuri wrote: >> I see absolutely no problem with  Opera and HSTS via my proxy, as by as >> Chrome/Firefox. As shown on screenshoots. >>   > Well poo!... I see your access... but still have probs on my end. > > I don't have

[squid-users] Squid regex grammar

Just for clarify (it is not well-documented. At least I can't find any documentation about): Squid's regex supports only POSIX Basic grammar? -- ** * C++: Bug to the future * ** 0x3E3743A7.asc Description: application/pgp-keys signature.asc De

Re: [squid-users] Squid regex grammar

27.10.2017 12:01, Amos Jeffries пишет: > On 27/10/17 13:06, Yuri wrote: >> Just for clarify (it is not well-documented. At least I can't find any >> documentation about): >> >> Squid's regex supports only POSIX Basic grammar? >> > > The speci

Re: [squid-users] Squid regex grammar

27.10.2017 20:32, Amos Jeffries пишет: > On 28/10/17 02:59, Yuri wrote: >> >> >> 27.10.2017 12:01, Amos Jeffries пишет: >>> On 27/10/17 13:06, Yuri wrote: >>>> Just for clarify (it is not well-documented. At least I can't find any >>>>

Re: [squid-users] Squid regex grammar

27.10.2017 20:55, Alex Rousskov пишет: > On 10/27/2017 08:32 AM, Amos Jeffries wrote: >> On 28/10/17 02:59, Yuri wrote: >>> the regular expression is simply silently ignored and it is extremely >>> difficult to detect. >> That sounds like a library problem. If

Re: [squid-users] Squid regex grammar

27.10.2017 21:17, Antony Stone пишет: > On Friday 27 October 2017 at 17:06:01, Yuri wrote: > >> 27.10.2017 20:55, Alex Rousskov пишет: >>> When a regular expression is using extended features, the basic regular >>> expression compiler often (or even always?!) does

Re: [squid-users] Squid regex grammar

27.10.2017 21:33, Antony Stone пишет: > On Friday 27 October 2017 at 17:26:18, Yuri wrote: > >> 27.10.2017 21:17, Antony Stone пишет: >>> On Friday 27 October 2017 at 17:06:01, Yuri wrote: >>>> 27.10.2017 20:55, Alex Rousskov пишет: >>>>> When a re

Re: [squid-users] Squid regex grammar

27.10.2017 21:33, Antony Stone пишет: > On Friday 27 October 2017 at 17:26:18, Yuri wrote: > >> 27.10.2017 21:17, Antony Stone пишет: >>> On Friday 27 October 2017 at 17:06:01, Yuri wrote: >>>> 27.10.2017 20:55, Alex Rousskov пишет: >>>>> When a re

Re: [squid-users] Squid regex grammar

27.10.2017 22:01, Alex Rousskov пишет: > On 10/27/2017 09:43 AM, Yuri wrote: > >> So, in each separate case we're should make testcase for EACH regex in >> acl to make sure it will or not will work. >> >> Generally speaking, with thousands of regular express

Re: [squid-users] Certificate for bump?

Will not work. You need a root CA certificate with the "signing certificate request" property, not just "server/client authentication". 30.10.2017 21:29, erdosain9 пишет: > Hi. What you think about using certificate for bump from > https://letsencrypt.org??? > Thanks to all. > > > > -- > Sent fro

Re: [squid-users] WIndows Server AD+Squid Integration: Query User Specs

01.11.2017 2:16, Periko Support пишет: > HI Guys. > > I want to integrate my authtenticacion vs a Windows Server 2012 R2 AD, > my doubt is related to the user I have to use from the AD. > > What type of user can I use for squid config to query our AD? > > Must be from the Admin group or must a sp

Re: [squid-users] WIndows Server AD+Squid Integration: Query User Specs

(facepalm) Don't use superuser rights (or equivalent) - never - if you really won't require it. Yes, any user who has permissions to read access to AD. 01.11.2017 2:28, Periko Support пишет: > Don't hate me Yuri, this is why I ask first. > Group Users, them I can use

Re: [squid-users] Squid 3.5 with nonblocking ecap adapter

01.11.2017 21:23, Alex Rousskov пишет: > On 11/01/2017 03:20 AM, Christof Gerber wrote: > >> [Will Squid] be blocked until the eCAP API call returns? > To answer the exact question above: Yes, the Squid worker making an eCAP > API call will block until that call returns. The same is true for all

Re: [squid-users] Squid 3.5 with nonblocking ecap adapter

01.11.2017 21:23, Alex Rousskov пишет: > On 11/01/2017 03:20 AM, Christof Gerber wrote: > >> [Will Squid] be blocked until the eCAP API call returns? > To answer the exact question above: Yes, the Squid worker making an eCAP > API call will block until that call returns. The same is true for all

Re: [squid-users] Squid 3.5 with nonblocking ecap adapter

01.11.2017 21:23, Alex Rousskov пишет: > On 11/01/2017 03:20 AM, Christof Gerber wrote: > >> [Will Squid] be blocked until the eCAP API call returns? > To answer the exact question above: Yes, the Squid worker making an eCAP > API call will block until that call returns. The same is true for all

Re: [squid-users] Squid 3.5 with nonblocking ecap adapter

01.11.2017 23:37, Alex Rousskov пишет: > On 11/01/2017 09:26 AM, Yuri wrote: >>>> Is there a way other than >>>> programming the eCAP adapter in asynchronous mode? >>> I do not think there is a better alternative. AFAICT, you only have two >>> op

Re: [squid-users] Deny ports to users

You choose not appropriate tool for you task. Squid is a proxy, not a firewall. 17.11.2017 1:40, Jonathan thomas Cho пишет: > Hello, I was curious how to restrict users from accessing ports .  > > I have 4 workers and need them to have their own ports and not able to > use the other 3.   > > I c

Re: [squid-users] block user agent

17.11.2017 21:27, Vieri пишет: > > From: Alex Rousskov >> 1. Your "works" and "does not work" setups currently differ in at least >> three variables: user agent name, slash after the user agent name, and >> acl negation in http_access. Find out which single varia

Re: [squid-users] change action of squid -v on squid

04.12.2017 23:49, Amos Jeffries пишет: > On 05/12/17 06:21, --Ahmad-- wrote: >> actually i guess its in somewhere in C++ files and i though it gonna >> be easy . >> >> anyway thanks i will check dev guys >> > > We two are "the dev guys" for the most part :-P Indeed :-P > > So my question is *why*

Re: [squid-users] Block a web just for a group inside another group, or how?

Indeed. Just enumerate this users in acl and put this acl above group acl. 05.12.2017 4:17, erdosain9 пишет: > I dont know if i explain well myself... > i just want block some web access (facebook, web.whatsapp, etc.) to just a > few users from a large group. > Thanks > > > > -- > Sent from: >

Re: [squid-users] Block a web just for a group inside another group, or how?

05.12.2017 4:38, erdosain9 пишет: > Sorry, i dont understand. > Just enumerate the user in a acl? Not just. You will have an subset of users which will fires first on specific URL. Same like any firewall works, squid process acls from top to bottom. > > a common acl or a kerberos acl?? No matter.

Re: [squid-users] Block a web just for a group inside another group, or how?

Well, something like this (just to illustrate principe, dont copy and paste ;)): # Subset who don't have access to web whatsapp acl no_web_whatsapp src IP1 IP2 IP3 IP4 acl web_whatsapp dstdomain web.whatsapp.com # Group incouding IP1-IP4; the rest of group has access to web whatsapp acl your_group

Re: [squid-users] Block a web just for a group inside another group, or how?

05.12.2017 5:06, erdosain9 пишет: > mmm > > Ok, thanks > i do that but, with users (calling a new group in the domain). Instead of > this i can do a list of users in a file?? > Anyway, i do that, but instead of > http access deny acl acl > > i do > > http access allow acl !acl > > This will be th

Re: [squid-users] Block a web just for a group inside another group, or how?

Amos, you are as always deep and brief. I did not look carefully at the list of rules;) 05.12.2017 5:16, Amos Jeffries пишет: > On 05/12/17 11:59, erdosain9 wrote: >> But, that's exactly the problem. >> >> Thats what i do. >> I do a have this large group >> i-full >> and a small group with a few

Re: [squid-users] net::err_cert_common_name_invalid just in squid page with dstdomain block

Everything can be much simpler. If the deny is redirected to the local web server with https, and the server certificate does not have the correct CN - or there is no subjectAltName - Chrome will give such an error. 06.12.2017 3:08, Alex Rousskov пишет: > On 12/05/2017 12:33 PM, erdosain9 wrote:

Re: [squid-users] net::err_cert_common_name_invalid just in squid page with dstdomain block

PS. And, of course, both CN/subjectAltName should be resolvable by client. If not - you will get such an error. This, automatically, point us to DNS (internal) which must have local zone to internal resolving resources such as proxy, local web, etc. 06.12.2017 5:17, Yuri пишет: > Everything

Re: [squid-users] net::err_cert_common_name_invalid just in squid page with dstdomain block

PPS. I want to add an obvious thing. Blocking https pages should also be redirected to the https page. This is obvious and required by the RFC. As I know. And the https page for the https deny must be opened correctly by the client browser. It's simple. 06.12.2017 5:24, Yuri пишет: > PS.

Re: [squid-users] Secure basic authentication on Squid

06.12.2017 16:57, Matus UHLAR - fantomas пишет: >>> On Wed, Dec 6, 2017 at 7:01 AM, Jason Haar wrote: To reiterate Alex, "yes you can". Squid supports "proxy over TLS" as well as the old/default "proxy over TCP" - you use the https_port option ...but getting bro

Re: [squid-users] SSL TAG_NONE/503 errors

Not necessarily certificates. Exactly the same code gives the SSL pinning. 07.12.2017 1:21, Alex Rousskov пишет: > On 12/06/2017 12:06 PM, Hugo Saavedra wrote: >> 2017/12/06 16:02:37 kid1| Error negotiating SSL connection on FD 61: >> error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknow

Re: [squid-users] SSL TAG_NONE/503 errors

RC4, may be. In practice, too restrictive security usually leads various issues, ever for big vendor site, like MS (some of this sites AFAIK still using RC4). To be related to your questions - yes, in theory it is possible to get security issue in this case. But it is require deep investigation.

Re: [squid-users] SSL TAG_NONE/503 errors

https://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery 07.12.2017 5:40, Hugo Saavedra пишет: > ooops!, we have another problem here, anyone knows what is this? > > 2017/12/06 19:30:23 kid1| SECURITY ALERT: on URL: login.live.com:443 > 2017/12/06 19:30:23 kid1| SECURITY ALERT: Host header fo

Re: [squid-users] net::err_cert_common_name_invalid just in squid page with dstdomain block

07.12.2017 21:27, Matus UHLAR - fantomas пишет: > On 07.12.17 08:05, erdosain9 wrote: >> Yes, Chrome tell this when i look the certificate >> >> "The certificate for this site does not contain a Subject Alternative >> Name >> extension containing a domain name or IP address." > > are you aware th

Re: [squid-users] (no subject)

https://i.imgur.com/bDw1O2b.png 08.12.2017 1:12, Ing. Pedro Pablo Delgado Martell пишет: > > I have been reading about the difference between a KB and a KiB, > Kilobyte and Kibibyte respectively. According to several websites, > also Google,  1KB = 1000 bytes and 1KiB = 1024 bytes. However, you >

Re: [squid-users] (no subject)

In our kilobyte - one thousand twenty-four bytes. :) PS. And in our zettabayte - ten in the twenty-first degree byte. :) 08.12.2017 1:29, Yuri пишет: > > https://i.imgur.com/bDw1O2b.png > > > 08.12.2017 1:12, Ing. Pedro Pablo Delgado Martell пишет: >> >> I have been r

Re: [squid-users] (no subject)

Oooops! zetta-byte :) 08.12.2017 1:34, Yuri пишет: > > In our kilobyte - one thousand twenty-four bytes. :) > > PS. And in our zettabayte - ten in the twenty-first degree byte. :) > > > 08.12.2017 1:29, Yuri пишет: >> >> https://i.imgur.com/bDw1O2b.png >>

Re: [squid-users] (no subject)

We are in trouble with bugs that do not close for years, they excite us, and you're here with units of measurement :) 08.12.2017 1:35, Yuri пишет: > > Oooops! zetta-byte :) > > > 08.12.2017 1:34, Yuri пишет: >> >> In our kilobyte - one thousand twenty-fou

Re: [squid-users] (no subject)

I love power of 2 :) And in our kilometer is 1024 m ;) 08.12.2017 1:40, Antony Stone пишет: > On Thursday 07 December 2017 at 20:34:22, Yuri wrote: > >> In our kilobyte - one thousand twenty-four bytes. :) > This has been the definition since the earliest days of computing

Re: [squid-users] (no subject)

Antonio, enough. I do not believe that no one here has a sense of humor. Are you serious about discussing it with animal seriousness? 08.12.2017 1:48, Antony Stone пишет: > On Thursday 07 December 2017 at 20:43:52, Ing. Pedro Pablo Delgado Martell > wrote: > >> "In our kilobyte - one thousand t

Re: [squid-users] SSL3_GET_SERVER_CERTIFICATE failed

In practice POST url always better to get splice. This prevents much errors. SSL3_GET_SERVER_CERTIFICATE itself means that some client application trying to establish secure connection uses old SSLv3 protocol. This applications also better to splice, if not possible to upgrade applications (often

Re: [squid-users] net::err_cert_common_name_invalid just in squid page with dstdomain block

Probably, both. Also squid fastly changes (especially in SSL part), so in any case when in doubt first consider upgrade. 13.12.2017 0:55, erdosain9 пишет: > Thanks. > I update to 3.5.27 and now i dont have this problem. > But, i have this doubt... so, this was a problem of my certificate or a b

Re: [squid-users] Warning in Cache.log

This warning does not prevent it from working normally. Has not broken - do not fix. 13.12.2017 18:13, Raju M K пишет: > Dear Team, > I installed squid 3.5.25 on Ubuntu and in windows 10 with Diladele MSI. > In both cache.log files, I am getting below warning. > Few users got the same error but n

Re: [squid-users] Squid configuration not working to set up connection between local and remote hosts

Most probably firewall issues. ALso not fact virtualized invironments permit TCP exchange between apps/instances without special settings. 19.12.2017 04:28, Amos Jeffries пишет: > On 19/12/17 09:45, tappdint wrote: >> Amos Jeffries wrote >>> ^^ localnet and localhost are permitted, nothing else.

Re: [squid-users] Will Squid Proxy work if it is offline

You abstractly ask? Purely academically? Or are you pursuing a goal? It's easier to take and try. 21.12.2017 06:20, Medya пишет: > Hi here is my first post in this mailing list, hopefully it is the > right place to ask. > > Let say I access an image http:///example.com/image1.png >

Re: [squid-users] Will Squid Proxy work if it is offline

In detail: if the picture is in the cache, and the time of its validation has not arrived - some time will show. In case of all required DNS queries and, especially, answers is also cached. Harsh reality: Own Squid's DNS cache  is too tiny by default to store half of the Internet addresses. Only f

Re: [squid-users] Transparent proxy for WiFi users

03.01.2018 02:13, Amos Jeffries пишет: > On 03/01/18 02:48, Roberto Carna wrote: >> Dear, I've setup a Squid transparent proxy + Squidgard on pfSEnse 2.4 >> in order to filter HTTP and HTTPS web content for different types of >> WiFi clients on my company: >> >> - Android (different versions) >> -

Re: [squid-users] Internet Browsing very slow after implementing Squid peek & splice + Access log not tracing full URL

19.05.2016 18:03, Amos Jeffries пишет: On 19/05/2016 11:08 p.m., Sagar Malve wrote: Hi Team, I have done some modification as per thread and temporary removed Refresh pattern and have kept the Default refresh pattern ... This is how my Configuration looks like . # SSL bump acl acl net_

Re: [squid-users] Vary object loop returns

Heh, the issue occurs also with disabled collapsed_forwarding: 2016/05/31 16:58:12 kid1| varyEvaluateMatch: Oops. Not a Vary match on second attempt, 'https://ru.wikipedia.org/w/load.php?debug=false&lang=ru&modules=jquery.accessKeyLabel%2Cclient%7Cmediawiki.RegExp%2Cnotify%2Cutil%7Cmediawiki.l

Re: [squid-users] Vary object loop returns

Hmmm. Seems as dirty hack. I suggest better to correct strings encoding routines, or simple strip symbols starting with% from accept-encoding only. 31.05.2016 17:03, joe пишет: yup try accel the cache.log will have rely lots of those my idea of fixing this or having better hit % is by

Re: [squid-users] Vary object loop returns

Bluecoat can do what they want :) They rich and fat CIA-tails. :) 31.05.2016 17:07, joe пишет: bluecoat doing same as my idea i test my code against bluecoat server -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Vary-object-loop-returns-tp4677716p4677730

Re: [squid-users] Vary object loop returns

you'll have to wipe your cache to really test it... -- Heiler Bemerguy - (91) 98151-4894 Assessor Técnico - CINBESA (91) 3184-1751 Em 31/05/2016 08:00, Yuri escreveu: Heh, the issue occurs also with disabled collapsed_forwarding: 2016/05/31 16:58:12 kid1| varyEvaluateMatch: Oops.

Re: [squid-users] Vary object loop returns

rguy Network Manager - CINBESA 55 91 98151-4894/3184-1751 Em 31/05/2016 10:34, Yuri escreveu: This is too expensive action. Cold out cache will decrease hit-ratio for weeks. Also, I suggest force reloading objects must overwrite stale cached, no? 31.05.2016 19:32, Heiler Bemerguy пишет:

Re: [squid-users] Vary object loop returns

kid2| MemObject->nclients: 0 2016/05/31 11:35:14 kid2| MemObject->reply: 0x26bdf50 2016/05/31 11:35:14 kid2| MemObject->request: 0 2016/05/31 11:35:14 kid2| MemObject->logUri: 2016/05/31 11:35:14 kid2| MemObject->storeId: -- Best Regards, Heiler Bemerguy Network Manager - CINBESA

Re: [squid-users] Bug: Missing MemObject::storeId value

t;inmem_lo: 0 2016/05/31 11:43:52 kid3| MemObject->nclients: 0 2016/05/31 11:43:52 kid3| MemObject->reply: 0x2972cc0 2016/05/31 11:43:52 kid3| MemObject->request: 0 2016/05/31 11:43:52 kid3| MemObject->logUri: 2016/05/31 11:43:52 kid3| MemObject->storeId: -- Best Regards, Heiler

Re: [squid-users] Vary object loop returns

1 14:36:37 kid1| clientProcessHit: Vary object loop! 2016/06/01 14:36:37 kid1| varyEvaluateMatch: Oops. Not a Vary match on second attempt, 'http://egov.kz/wps/theme/jq/jsEgov.js' 'accept-encoding="gzip,%20deflate"' 01.06.2016 11:54, Amos Jeffries пишет: On 1/06/2

Re: [squid-users] Establishing secure conection problems (Chrome)

Any useful info? Squid version, config, logs? Thelepaty on vacation. 02.06.2016 18:03, William Ivanski пишет: Good time of the day! I've started experiencing some problems with Google Chrome after installing Squid in my Network. It gets stuck into a loop of "Establishing secure connection".

Re: [squid-users] Vary object loop returns

https://i1.someimage.com/rk2cwdN.png Two times HIT increase on diagram - was client_side.cc changed. But also some new problems occurs - partially, BBC video can't work after patch. Need more research by dev team. If they want to made Squid which it must be. 04.06.2016 1:33, Yuri V

Re: [squid-users] Vary object loop returns

Build with this patch now. Correctly formatted patch attached. 05.06.2016 2:39, joe пишет: Yuri can you test this pls if its better --- src/client_side.cc 2016-05-25 02:27:13.0 +0300 +++ src/client_side.cc 2016-06-04 23:14:16.0 +0300 @@ -140,7 +140,7 @@ #if LINGERING_CLOSE

Re: [squid-users] Vary object loop returns

Don't think so. Patch looks good and working. Now testing. Results is perfect - byte HIT increases two times minimum. Squid looks it must be. It is real CACHE now. 05.06.2016 15:10, joe пишет: what is the best way to create patch im using this diff -Naur /var/tmp/squid-3.5.19-20160524-r14057

Re: [squid-users] Vary object loop returns

Heh, and breaking Internet... So, for example, my Squid's built with ecap gzip support. What will be result? 06.06.2016 6:02, Amos Jeffries пишет: On 6/06/2016 8:42 a.m., joe wrote: im re writing the varyEvaluateMatch function will see after i done test with new one for now last patch is g

Re: [squid-users] Vary object loop returns

Turning on collarsed_foarwarding decreases HIT ratio to previous low level. Patch give high HIT only with disabled collapsed_forwarding. 06.06.2016 2:42, joe пишет: im re writing the varyEvaluateMatch function will see after i done test with new one for now last patch is good enough until the

Re: [squid-users] Vary object loop returns

Anyway effect is visible and reproduses. 06.06.2016 15:14, joe пишет: has nothing to do with collarsed_foarwarding on shuld look into collarsed_foarwarding function not varyEvaluateMatch Yuri Voinov wrote Turning on collarsed_foarwarding decreases HIT ratio to previous low level. Patch

Re: [squid-users] Vary object loop returns

Will test this patch version. Build with it now on production. 06.06.2016 15:40, joe пишет: yup new test patch vary_experimental3.patch -- View this message in context: http://squid-web-proxy-cache.1

Re: [squid-users] Vary object loop returns

variant 3 produced lower HIT. 06.06.2016 15:40, joe пишет: yup new test patch vary_experimental3.patch -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Vary-object-

Re: [squid-users] Vary object loop returns

Also some flash news video has playback problems with variant 3 06.06.2016 15:40, joe пишет: yup new test patch vary_experimental3.patch -- View this message in context: http://squid-web-proxy-cache.

Re: [squid-users] ECDSA and SSL bump

2.crt -config openssl.cfg -days 9125 I do not see, where I could make a mistake so stupid. 19.06.2016 15:18, Amos Jeffries пишет: On 19/06/2016 12:42 a.m., Yuri Voinov wrote: Good weekend to all. Gentlemen, somebody played with ECDSA-certificates and SSL bump with SQUID? I have when trying t

Re: [squid-users] ECDSA and SSL bump

Jeffries пишет: On 19/06/2016 12:42 a.m., Yuri Voinov wrote: Good weekend to all. Gentlemen, somebody played with ECDSA-certificates and SSL bump with SQUID? I have when trying to use ECDSA self-signed CA to bump, Squid (version no matter) gives an error SSLv3 (for unknown reasons) and can not

Re: [squid-users] ECDSA and SSL bump

Aa, found my mistake. :) Stupid openssl manuals. :) 19.06.2016 15:18, Amos Jeffries пишет: On 19/06/2016 12:42 a.m., Yuri Voinov wrote: Good weekend to all. Gentlemen, somebody played with ECDSA-certificates and SSL bump with SQUID? I have when trying to use ECDSA self-signed CA to

Re: [squid-users] ECDSA and SSL bump

Must be: openssl ecparam -name secp384r1 -genkey -param_enc named_curve -out rootCA.key :) I.e. -param_enc can't be default, named_curve argument required :) 19.06.2016 15:18, Amos Jeffries пишет: On 19/06/2016 12:42 a.m., Yuri Voinov wrote: Good weekend to all. Gentlemen, som

Re: [squid-users] flickr.com redirect error

Try to do something like: # 301 loop acl text_mime rep_mime_type text/html text/plain acl http301 http_status 301 store_miss deny text_mime http301 send_hit deny text_mime http301 24.06.2016 18:14, Ozgur Batur пишет: I receive too many redirects(301 responses with same page URL) error on br

Re: [squid-users] Some websites doesn't work with squid anymore

One note: I have the same issue with *supportforums.cisco.com*. It also blocked/filter by ISP? Every time via Squid I has this issue. Directly connected browser still works. 27.06.2016 19:30, Amos Jeffries пишет: On 28/06/2016 1:13 a.m., Adam Wright wrote: Nothing changed, I'm still tryin

Re: [squid-users] Cipher suites errors

This is GOST-based ciphers included in LibreSSL. Don't worry about it. 27.06.2016 19:30, C. L. Martinez пишет: Hi all, After some tunning to configure my squid's host with ssl_bump and intermediate CA (many thanks Yuri), I have tested my setup against https://www.ssllabs.com

Re: [squid-users] Skype Issues

help. I've configured the tls-dh param with a strong Diffie-Hellman group (2048 bits) and configured the cipher as Yuri specified and I was able to get pass the unknown cipher, however now I get a "SSL routines:SSL3_GET_RECORD:wrong version number". Here's the configuratio

Re: [squid-users] Some websites doesn't work with squid anymore

ee my http traffic, but will the ISP see which websites I'm surfing? If anyone can see HTTP traffic they can see what the traffic is about. - Browser is using the proxy. But access.log only shows the websites which the browser connected successfully. For example I see cisco.com which I entered min

Re: [squid-users] Some websites doesn't work with squid anymore

ic is about. - Browser is using the proxy. But access.log only shows the websites which the browser connected successfully. For example I see cisco.com which I entered minutes ago for Yuri. 1467035091.072 15004 85.107.208.29 TCP_MISS/200 246 CONNECT supportforums.cisco.com:443 yeni DIRECT/141.101.11

Re: [squid-users] Skype Issues

shown. Renato Jop On Mon, Jun 27, 2016 at 8:29 AM, Yuri <mailto:yvoi...@gmail.com>> wrote: Try to remove NO_SSLv2,NO_SSLv3 from options. SSLv2 already not supported everywhere, RC4/3DES is SSLv3 ciphers, so it can be confuse software. I.e., you use custom ciphers/

Re: [squid-users] Some websites doesn't work with squid anymore

squid - viola! All opens right now like charm. Something wrong with squid, right? 27.06.2016 20:40, Yuri пишет: Forgot about it: during testing reddit connectivity via squid squid itself got errors in cache.log: 2016/06/27 20:37:21 kid1| Error negotiating SSL on FD 7: error::lib(0):func(0

Re: [squid-users] squid with HTTPS and some APPs not working

28.06.2016 13:39, --Ahmad-- пишет: Hi , i have squid that is working on 3.5 . traffic of t 80 and 443 traffic to Squid via IPTables. Squid then passes traffic to ClamAV via C-ICAP. Squid is configured to intercept all SSL traffic and PKI has been setup and distributed to all clients. we h

Re: [squid-users] squid with HTTPS and some APPs not working

28.06.2016 13:39, --Ahmad-- пишет: Hi , i have squid that is working on 3.5 . traffic of t 80 and 443 traffic to Squid via IPTables. Squid then passes traffic to ClamAV via C-ICAP. Squid is configured to intercept all SSL traffic and PKI has been setup and distributed to all clients. we h

Re: [squid-users] squid-users Digest, Vol 22, Issue 136

day's Topics: 1. Re: squid with HTTPS and some APPs not working (Yuri) -- Message: 1 Date: Tue, 28 Jun 2016 14:00:12 +0600 From: Yuri To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] squid with HTTPS and

Re: [squid-users] host_verify_strict and wildcard SNI

07.07.2016 19:08, Marcus Kool пишет: On 07/07/2016 09:23 AM, Amos Jeffries wrote: On 7/07/2016 11:30 p.m., Marcus Kool wrote: On 07/07/2016 07:15 AM, Amos Jeffries wrote: On 7/07/2016 1:55 p.m., Marcus Kool wrote: On 07/06/2016 10:07 PM, Alex Rousskov wrote: On 07/06/2016 05:01 PM, M

[squid-users] BUG: Unexpected state while connecting to a cache_peer or origin server

Hi gents, What does this message means? 3.5.20. WIthout any peers. DIrectly connected to Internet. What bug? WTF? ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid CPU usage in cachemgr.cgi

http://wiki.squid-cache.org/KnowledgeBase/PerformanceAnalysis http://wiki.squid-cache.org/SquidFaq/SquidProfiling 06.09.2016 16:01, Faheem пишет: Hello, I am trying to setup proper monitoring for our squid farm so that we will be alerted when there is a performance issue. I was looking at s

Re: [squid-users] regarding to "cache videos" plugin now as open source

In world of the huge number of all kinds of software. We do not have even heard of it, not what to use. 06.09.2016 18:04, --Ahmad-- пишет: hi squid users just a question since the plugin that is called “cache videos “ became now free and open source why i don’t see many users dealing with i

Re: [squid-users] Squid CPU usage in cachemgr.cgi

, Faheem пишет: Thanks for that. But do you know the CPU usage shown in the cache manager is 24% of the total 4 CPU cores? If it says 100% does that mean that all 4 cores are fully utilized? On Tue, Sep 6, 2016 at 4:05 PM, Yuri <mailto:yvoi...@gmail.com>> wrote: http://w

Re: [squid-users] SQUID 3.4.8 on RPi 3

16.09.2016 17:50, VB пишет: Hi guys I'd like to ask you for a suggestion.. I'm running SQUID 3.4.8 under Rasberry PI3 (Rasbian Jesse) - proxy server "intercept" mode (with iptables forwarding rule to 3128). I've created ACL for devices (ipad, mobiles...) - time based, because I need to allow

Re: [squid-users] Squid with ASR9001

difference, if any. *From:*squid-users [mailto:squid-users-boun...@lists.squid-cache.org] *On Behalf Of *Yuri Voinov *Sent:* Sunday, 23 October 2016 9:35 PM *To:* squid-users@lists.squid-cache.org *Subject:* Re: [squid-users] Squid with ASR9001 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256

Re: [squid-users] Caching Google Chrome googlechromestandaloneenterprise64.msi

uses the Vary:* header. Just opinions of mine, but formed after actual discussions with the Chrome developers some years back. [I very much dislike writing this. But you seem to have been sucked in and deserve to know the history.] All the fuss that is going on AFAICS was started by Yuri. His comment

Re: [squid-users] Caching Google Chrome googlechromestandaloneenterprise64.msi

24.10.2016 16:42, Alex Crow пишет: On 24/10/16 11:26, Yuri wrote: No, Amos, I'm not trolling your or another developers. I just really do not understand why there is a caching proxy, which is almost nothing can cache in the modern world. And that in vanilla version gives a maximum

Re: [squid-users] Squid with ASR9001

ASR9001 has no commands that support wccp anywhere… http://www.loveburd.com/bitco/bitco-email-logo.jpg Garth van Sittert | Chief Executive Officer /(BSC Physics & Computer Science)/ Tel: 087 135 Ext: 201 ga...@bitco.co.za <mailto:ga...@bitco.co.za> bitco.co.za <http://www.bitco.co.za/&

Re: [squid-users] Caching Google Chrome googlechromestandaloneenterprise64.msi

I'm sorry to interrupt - I remember someone saying that you need to always abide by RFC? Well, as you say it to Google? 24.10.2016 20:40, Garri Djavadyan пишет: On Tue, 2016-10-25 at 01:22 +1300, Amos Jeffries wrote: On 25/10/2016 12:32 a.m., Garri Djavadyan wrote: On Mon, 2016-10-24 at 23:5

Re: [squid-users] squid warning

This warning is irrelevent to your google issue. Show your config. 04.11.2016 10:34, Raju M K пишет: Hi, I installed squid v3.5.22 on windows and enabled with ssl_bump. Now my issue is. Web page is opening very slowly. For ex. www.google.com its taking more than 30 se

<    1   2   3   4   5   6   7   8   9   10   >