Re: [squid-users] TCP_MISS/304 question

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 14.10.2016 2:48, Alex Rousskov пишет: > On 10/13/2016 01:44 PM, Yuri Voinov wrote: > >> However, this is nothing more than word games, Alex. > > ... unless the definition of a hit affects your billing or your > in

Re: [squid-users] TCP_MISS/304 question

access.log, and this is wrong. It seems like bug. 14.10.2016 3:44, Yuri Voinov пишет: > > > > 14.10.2016 2:48, Alex Rousskov пишет: > > On 10/13/2016 01:44 PM, Yuri Voinov wrote: > > >> However, this is nothing more than word games, Alex. > > > ... unless the defi

Re: [squid-users] TCP_MISS/304 question

e object via HTTPS goes with TCP_MISS? As shown above, object has no headers preventing caching. Is it bug or feature? Because of, when site goes under HTTPS, it will has lower hit with the same content. It seems wrong. Note: This is news site. There is no private headers or any other cache-pre

Re: [squid-users] TCP_MISS/304 question

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 14.10.2016 18:30, Amos Jeffries пишет: > On 15/10/2016 12:34 a.m., Yuri Voinov wrote: >> >> A bit more details. >> >> This is 4 transactions in chronological order. Two from wget -S and two >> from sam

Re: [squid-users] TCP_MISS/304 question

y reason for this example, why it must be different. Agreed? All the rest is sophistry and does not explain anything. 14.10.2016 18:36, Yuri Voinov пишет: > > > > 14.10.2016 18:30, Amos Jeffries пишет: > > On 15/10/2016 12:34 a.m., Yuri Voinov wrote: > >> > >>

Re: [squid-users] Squid 2.7 to Squid 3.5

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 16.10.2016 19:20, Johnny Lam пишет: > Dear All, > > I've encountered a issue during upgrade from 2.7 to 3.5, please find my config below. Seems everything changed in version 3.5. Not a word, man. 10 years in IT - eternity :) You'd still awake in

Re: [squid-users] Squid 2.7 to Squid 3.5

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Come on! You think so?! :) 17.10.2016 3:02, reinerotto пишет: > Off topic, but anyway: >> Not a word, man. 10 years in IT - eternity :)< > Not true. > 40yrs ago we already did interrupt driven programming or 20 yrs ago online > apps for mobile to

Re: [squid-users] Squid 2.7 to Squid 3.5

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 In _your_ environment :) All world uses DNS caches ;) 17.10.2016 3:07, reinerotto пишет: > Sorry, I forgot: Another difference is, that response times are lower today. > (BTW: I also did a SM-4 ...) > > > > -- > View this message in context:

Re: [squid-users] Squid 2.7 to Squid 3.5

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 You have in the cryochamber, apparently, there was no internet :) :) It's not been :) 17.10.2016 4:17, Yuri Voinov пишет: > > In _your_ environment :) All world uses DNS caches ;) > > > 17.10.2016 3:07, reinerotto пишет:

Re: [squid-users] Caching http google deb files

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 This is inappropriate. Just all we are need that to make the option "F*ck the RFC and f*ck anyone who opposes caching" in the SQUID. 22.10.2016 1:07, Eliezer Croitoru пишет: > Instead of modifying the code, would you consider to use an ICAP servi

Re: [squid-users] Caching http google deb files

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 But I think it will be quite sufficient to bring back one of the options HTTP violations, namely - "Ignore cache-control". That's all. The rest we do ourselves. 22.10.2016 1:28, Yuri Voinov пишет: > > This is inappropriate.

Re: [squid-users] Caching Google Chrome googlechromestandaloneenterprise64.msi

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Try to use store-ID. Your URL seems dynamic. So, Squid never can cache it. Don't forget - Google, like many other web companies, actively counteracts caching. It is likely that you even Store ID will not help. 22.10.2016 14:53, Rui Lopes пишет:

Re: [squid-users] Caching Google Chrome googlechromestandaloneenterprise64.msi

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 22.10.2016 16:55, gar...@comnet.uz пишет: > On 2016-10-22 13:53, Rui Lopes wrote: >> Hello, >> >> I'm trying to receive a cached version of >> googlechromestandaloneenterprise64.msi with: >> >> refresh_pattern googlechromestandaloneenterprise64\.

Re: [squid-users] Caching Google Chrome googlechromestandaloneenterprise64.msi

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 22.10.2016 18:43, gar...@comnet.uz пишет: > On 2016-10-22 16:05, Yuri Voinov wrote: >> Good explanations do not always help to get a good solution. A person >> needs no explanation and solution. >> >> So far I've

Re: [squid-users] Caching Google Chrome googlechromestandaloneenterprise64.msi

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I will explain why I am extremely outraged by this position. Every single major players - both from the Web companies and from suppliers caching solutions (BlueCoat, ThunderCache etc.) - to one degree or another violate RFC. And developers of posit

Re: [squid-users] Caching Google Chrome googlechromestandaloneenterprise64.msi

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 22.10.2016 19:32, gar...@comnet.uz пишет: > On 2016-10-22 17:56, Antony Stone wrote: >> Disclaimer: I am not a Squid developer. >> >> On Saturday 22 October 2016 at 14:43:55, gar...@comnet.uz wrote: >> >>> IMO: >>> >>> The only reason I believe [

Re: [squid-users] Slowness in Squid

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Keep in mind - a huge in-memory cache does not always give the acceleration. Moreover, in most cases you can get the opposite effect expected. It is a common misconception - that the giant memory cache will give a giant performance gain. 23.10.20

Re: [squid-users] Slowness in Squid

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 This effect is good known to all who have worked with relational databases. In fact, it is typical in general for all caches except purpose-built highly scalable systems. 23.10.2016 17:37, Matus UHLAR - fantomas пишет: > doesn't that imply kind o

Re: [squid-users] Slowness in Squid

. But this is from the category of personal experience. Everyone can choose their own road to hell. :) 23.10.2016 17:40, Yuri Voinov пишет: > > This effect is good known to all who have worked with relational > databases. In fact, it is typical in general for all caches except > purpose-

Re: [squid-users] Slowness in Squid

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 23.10.2016 18:09, Matus UHLAR - fantomas пишет: >> 23.10.2016 17:40, Yuri Voinov пишет: >>> This effect is good known to all who have worked with relational >>> databases. In fact, it is typical in general for all caches

Re: [squid-users] Slowness in Squid

. 23.10.2016 18:15, Yuri Voinov пишет: > > > > 23.10.2016 18:09, Matus UHLAR - fantomas пишет: > >> 23.10.2016 17:40, Yuri Voinov пишет: > >>> This effect is good known to all who have worked with relational > >>> databases. In fact, it is typical in gene

Re: [squid-users] squid-users Digest, Vol 26, Issue 82

re specific > than "Re: Contents of squid-users digest..." > > > Today's Topics: > >1. Slowness in Squid (Krishna Kulkarni) >2. Re: Slowness in Squid (Antony Stone) >3. external_acl_type problem (reiner

Re: [squid-users] squid-users Digest, Vol 26, Issue 82

23 October 2016 at 15:26:54, Yuri Voinov wrote: > >> You can have slow DNS. Consider to use local caching DNS recursor as >> source for proxy & users. > > Why would that result in requests via Squid being slower than direct? > > @Krishna: You *have* confirmed that Squi

Re: [squid-users] Squid with ASR9001

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 https://supportforums.cisco.com/discussion/12227051/ios-xr-and-wccp https://supportforums.cisco.com/discussion/11561126/wccp-not-working-after-asr-migration-done 23.10.2016 23:16, Garth van Sittert | BitCo пишет: > Cisco ASR9000 -BEGIN PGP

Re: [squid-users] Squid with ASR9001

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 23.10.2016 23:16, Garth van Sittert | BitCo пишет: > > Good day all > > > > Has anyone had any experience setting up Squid with any IOS XR Cisco routers? The Cisco ASR9000 range doesn’t support WCCP and I cannot find any examples online. > Seri

Re: [squid-users] skype connection problem

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 24.10.2016 4:11, N V пишет: > hi there, > i've had problems with windows skype clients with the only internet connection is through squid. the clients can login successful but when they make a call, it hangs after 12 secconds. > > I checked the c

Re: [squid-users] Caching Google Chrome googlechromestandaloneenterprise64.msi

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 24.10.2016 22:05, Garri Djavadyan пишет: > On 2016-10-24 19:40, Garri Djavadyan wrote: >> So, the big G sends 304 only to HEAD requests, although it is a >> violation [1], AIUI: >> >> curl --head -H 'If-Modified-Since: Thu, 20 Oct 2016 08:29:09 G

Re: [squid-users] skype connection problem

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 24.10.2016 22:19, Nicolas Valera пишет: > Hi Yuri, thanks for the answer! > > we don't have the squid in transparent mode in this network. So, you route all traffic to proxy box? > the squid configuration is very basic.

Re: [squid-users] skype connection problem

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 24.10.2016 22:28, Nicolas Valera пишет: > > > On 10/24/2016 01:21 PM, Yuri Voinov wrote: >> > > 24.10.2016 22:19, Nicolas Valera пишет: > >>> Hi Yuri, thanks for the answer! > >>> > >>> we

Re: [squid-users] Squid with ASR9001

System Administrator > Mobile: +972-5-28704261 > Email: elie...@ngtech.co.il > > > From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On > Behalf Of Yuri > Sent: Monday, October 24, 2016 14:06 > To: Garth van Sittert | BitCo ; > squid-users@lists.squid-cache.or

Re: [squid-users] Squid with ASR9001

x27;s really just all. The main thing to understand how the network works on L2 and L3 in OSI. And a bit network hardware knowledge. > > Eliezer > > > Eliezer Croitoru <http://ngtech.co.il/lmgtfy/> > Linux System Administrator > Mobile: +972-5-28704261 > Email: e

Re: [squid-users] Squid with ASR9001

ee how simple it would be to implement the same concepts with an > HTTP\tcp interface. > > Eliezer > > > Eliezer Croitoru <http://ngtech.co.il/lmgtfy/> > Linux System Administrator > Mobile: +972-5-28704261 > Email: elie...@ngtech.co.il > > > From

Re: [squid-users] Squid with ASR9001

e much more efficient then Policy > Based routing. > I believe it’s very simple to implement in linux. > > Eliezer > > > Eliezer Croitoru <http://ngtech.co.il/lmgtfy/> > Linux System Administrator > Mobile: +972-5-28704261 > Email: elie...@ngtech.co.il > &g

Re: [squid-users] Squid with ASR9001

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 No, Juniper is not my area ;) It is impossible to know everything :) -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYDpOEAAoJENNXIZxhPexGUWEH/jdttWLpJNQm49z0XlTMwwIM HfPo3gUEufPGtYSNqvx+XWq448BMr+VxvcMi5ojDhE43FhHpLgCaJK40mw8U2M/

Re: [squid-users] skype connection problem

colas Valera пишет: > Amos, thanks for the tips! > any idea about my skype problem? > > regards > > On 10/25/2016 08:13 AM, Amos Jeffries wrote: >> On 25/10/2016 5:19 a.m., Nicolas Valera wrote: >>> Hi Yuri, thanks for the answer! >>> >>> we

Re: [squid-users] skype connection problem

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 25.10.2016 20:35, Eliezer Croitoru пишет: > Hey Nicolas, > > I know that it should work but it will request all sort of weird CONNECT requests to other parties. > Skype is designed to work as a p2p network and there for might not work as expected

Re: [squid-users] skype connection problem

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Wireshark? :) No, I have no IP list. In my environment this not required. 25.10.2016 20:41, Andrea Venturoli пишет: > On 10/25/16 16:26, Yuri Voinov wrote: > >> You LAN settings is too restrictive. AFAIK you require to permit t

Re: [squid-users] skype connection problem

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 25.10.2016 21:45, Andrea Venturoli пишет: > On 10/25/16 16:43, Yuri Voinov wrote: >> >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA256 >> >> Wireshark? :) > > No good: I don't trust MS not to chang

Re: [squid-users] filtering http(s) sites, transparently

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jok, it can be DNS leak. Does you tested it? 8.8.8.8 can be poisoned (probably) or intercepted by ISP. 27.10.2016 0:01, Jok Thuau пишет: > After being side-tracked with a few different project, I ended up with the > config below. It appears to

Re: [squid-users] filtering http(s) sites, transparently

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 27.10.2016 0:54, Jok Thuau пишет: > > On Wed, Oct 26, 2016 at 11:45 AM, Yuri Voinov mailto:yvoi...@gmail.com>> wrote: > > > > Jok, > > it can be DNS leak. Does you tested it? 8.8.8.8 can be poisoned (p

Re: [squid-users] filtering http(s) sites, transparently

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 27.10.2016 4:37, Amos Jeffries пишет: > On 27/10/2016 7:55 a.m., Yuri Voinov wrote: >> >> 27.10.2016 0:54, Jok Thuau пишет: >> >>> Setting up the client and the proxy to use a common infrastructure for >>>

Re: [squid-users] Transparent and non Transparent at the same time

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 You absolutely sure, Eliezier? :) 27.10.2016 23:46, Eliezer Croitoru пишет: > You need routing policy not DNAT. > > Eliezer > > > Eliezer Croitoru > Linux System Administrator > Mobile: +972-5-28704261 > Email: elie...@ngtech.co.il > > > ---

Re: [squid-users] Transparent and non Transparent at the same time

details instructions on how to do it in a mikrotik. > > Eliezer > > > Eliezer Croitoru > Linux System Administrator > Mobile: +972-5-28704261 > Email: elie...@ngtech.co.il > > > -Original Message- > From: squid-users [mailto:squid-users-boun...@list

Re: [squid-users] Transparent and non Transparent at the same time

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 erdosain9, here is documentation your required. http://wiki.squid-cache.org/ConfigExamples/Intercept Sadly, but interception proxy with modern Squid, in addition to router with PBR/WCCP redirection, also always required NAT, configured on proxy

Re: [squid-users] Transparent and non Transparent at the same time

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 You know method to do this without NAT? ;) 28.10.2016 0:54, Antony Stone пишет: > On Thursday 27 October 2016 at 19:51:22, Yuri Voinov wrote: > >> You absolutely sure, Eliezier? :) > > Yes - you do not use DNAT. > > Yo

Re: [squid-users] Transparent and non Transparent at the same time

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 (facepalm) rdr(REDIRECT) is NAT functionality? Yes or no? 28.10.2016 0:59, Antony Stone пишет: > On Thursday 27 October 2016 at 20:57:04, Yuri Voinov wrote: > >> You know method to do this without NAT? ;) > > I know how to

Re: [squid-users] Transparent and non Transparent at the same time

at do we argue? Op originally wrote - "I have no iptables and so on." He needs specific guidance, not word games. So, no? 28.10.2016 1:04, Yuri Voinov пишет: > > (facepalm) > > rdr(REDIRECT) is NAT functionality? Yes or no? > > > 28.10.2016 0:59, Antony Stone пишет: &

Re: [squid-users] Transparent and non Transparent at the same time

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Good. We are came to an agreement :) Peace :) Let's support to op :) 28.10.2016 1:14, Antony Stone пишет: > On Thursday 27 October 2016 at 21:09:44, Yuri Voinov wrote: > >> OP originally wrote - "I have no IPtables a

Re: [squid-users] Squid Logs local and remote

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 or on writable NFS-mount from remote server. :) 28.10.2016 1:40, Ambrose LI пишет: > 2016-10-27 15:35 GMT-04:00 Jose Torres-Berrocal : >> Is there a way that I can have the squid logs locally and remotely? >> >> I need them locally for l

Re: [squid-users] Default state for the option generate-host-certificates

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 It seems bug. Just always specify option explicity. 28.10.2016 18:56, Garri Djavadyan пишет: > Hello list, > > The last sentence for generate-host-certificates[=] option > paragraph states: > > This option is enabled by default when ssl-bump i

Re: [squid-users] Certificate transparency: problem for ssl-bumping, no effect, or?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 When the future comes - then we will worry. What wonder, then? October 2017 is not tomorrow. 01.11.2016 4:13, L. A. Walsh пишет: > Google is pushing this for all websites by October 2017 > > One issue to be "caught" are subordinated CA certs tha

Re: [squid-users] Certificate transparency: problem for ssl-bumping, no effect, or?

wave :) 01.11.2016 4:41, Yuri Voinov пишет: > > When the future comes - then we will worry. What wonder, then? > > October 2017 is not tomorrow. > > > 01.11.2016 4:13, L. A. Walsh пишет: > > Google is pushing this for all websites by October 2017 > > > One issue to b

Re: [squid-users] Getting "browser history" from squid logs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 As you certainly know, the history of the browser is not the same as the proxy access log. Putting the problem, as a rule should clarify - what you want to achieve? If the purpose forensic - from this point of view there is no difference. 01.11.2

Re: [squid-users] Getting "browser history" from squid logs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 01.11.2016 23:01, Andrea Venturoli пишет: > Hello. > > I'd think this question would have appeared so many times, still searching the web did not help... > > I'm familiar with Squid logs and even with some of the several software that produces re

Re: [squid-users] iOS 10.x, https and squid

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 02.11.2016 0:47, Eugene M. Zheganin пишет: > Hi. > > Does anyone have issues with iOS 10.x devices connecting through proxy (3.5.x) to the https-enabled sites ? Because I do. Non-https sites work just fine, but https ones just stuck on loading. F

Re: [squid-users] iOS 10.x, https and squid

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 02.11.2016 0:47, Eugene M. Zheganin пишет: > Hi. > > Does anyone have issues with iOS 10.x devices connecting through proxy (3.5.x) to the https-enabled sites ? Because I do. Non-https sites work just fine, but https ones just stuck on loading. F

Re: [squid-users] Certificate transparency: problem for ssl-bumping, no effect, or?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 02.11.2016 2:03, Alex Rousskov пишет: > On 10/31/2016 04:13 PM, L. A. Walsh wrote: >> Google is pushing this for all websites by October 2017 > > Just Extended Validation (EV) sites, to be exact AFAICT. All other sites > will be forced into the n

Re: [squid-users] Certificate transparency: problem for ssl-bumping, no effect, or?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 02.11.2016 2:58, Alex Rousskov пишет: > On 11/01/2016 02:47 PM, Yuri Voinov wrote: > >> if the SSL bump will be impossible to do - >> whether it should be understood that in such a situation you close the >> proj

Re: [squid-users] squid warning

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 04.11.2016 18:39, Matus UHLAR - fantomas пишет: > On 04.11.16 18:23, Yuri wrote: >> This warning is irrelevent to your google issue. > > are you sure that creating fake google certificate is not the reason of > delay? I&#x

Re: [squid-users] SSL bump not working w/some sites.

It seems simple no intermediate certificate in chain. Root CA bundle(s) usually does not contain all intermediate CA's, because of browsers can simple download it from server/site. Squid can't do auto-downloading (autocomplete) certificate chains and require to confiugure sslproxy_foreign_interme

Re: [squid-users] SSL bump not working w/some sites.

Squid 4 still beta. 08.11.2016 1:41, Alex Rousskov пишет: > On 11/07/2016 12:36 PM, Yuri Voinov wrote: >> Squid can't do auto-downloading (autocomplete) certificate chains > Squid v4 can do that since r14769 (included in v4.0.13). > > Alex. > -- Cats - delicious. Y

Re: [squid-users] Squid multithread

http://wiki.squid-cache.org/Features/SmpScale http://wiki.squid-cache.org/MultipleInstances 14.11.2016 20:22, Eduardo Carneiro пишет: > Hi everyone! > > I have a Squid 3.5.19 with dynamic content cache using url rewrite. It's a > virtual machine (VMWare) with 2 quad-core processors each. Squid p

Re: [squid-users] Squid multithread

14.11.2016 21:59, Eduardo Carneiro пишет: > Yuri Voinov wrote >> http://wiki.squid-cache.org/Features/SmpScale >> >> http://wiki.squid-cache.org/MultipleInstances >> >> >> 14.11.2016 20:22, Eduardo Carneiro пишет: >>> Hi everyone! >>> &

Re: [squid-users] Squid multithread

14.11.2016 21:59, Eduardo Carneiro пишет: > Yuri Voinov wrote >> http://wiki.squid-cache.org/Features/SmpScale >> >> http://wiki.squid-cache.org/MultipleInstances >> >> >> 14.11.2016 20:22, Eduardo Carneiro пишет: >>> Hi everyone! >>> &

Re: [squid-users] 21 sec connect timeout

No, TAG_NONE/503 is not able to connect. 15.11.2016 2:05, Patrick Flaherty пишет: > > Hello, > > > > Can anyone tell me if the ‘*HIER_NONE’* entries below is Squid not > able to connect to www.website.com ? The 21 > sec timeout is a classic Windows TCP connection timeou

Re: [squid-users] squid-users Digest, Vol 27, Issue 26

15.11.2016 2:46, Patrick Flaherty пишет: > RE: squid-users Digest, Vol 27, Issue 26 > > Message: 3 > > Date: Tue, 15 Nov 2016 02:12:49 +0600 > > From: Yuri Voinov mailto:yvoi...@gmail.com>> > > To:squid-users@lists.squid-cache.org<mailto:squid-users@lists.squi

Re: [squid-users] Youtube redirection loop?

05.05.15 4:07, HackXBack пишет: Okay Sir, this is the solution 1st: put this conf in your squid.conf for looping 302 on youtube acl text-html rep_mime_type text/html acl http302 http_status 302 store_miss deny text-html store_miss deny http302 send_hit deny text-html send_hit deny http302

Re: [squid-users] squid does not send cached object to an icap-server

This is not squid issue but your AV engine library or ICAP intermediate AV library configuration. 05.05.15 16:43, Stefan Kügler пишет: Hello. I have a short question using squid as an ICAP-client. It seems that squid doesn't send an already downloaded (and cached) object to an ICAP-server.

Re: [squid-users] squid does not send cached object to an icap-server

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 http://i.imgur.com/mW7gNwD.png http://squidclamav.darold.net/config.html This is for squidclamav (I use it and have no problems with malware). 05.05.15 17:45, Stefan Kügler пишет: > Hi Yuri. > > Am 05.05.2015 um 12:51 schrieb Yu

Re: [squid-users] Youtube redirection loop?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 For 3.4.x series need patch. Correct patch. This copy-n-pasted is broken. Also, you have forgotten one thing: YT redirector has text/plain mime type, not text/html. Just trace your YT session and check every exchange between client and server. In

Re: [squid-users] Best solution for content filtering using squid?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ufdbguard 08.05.15 0:52, Bob Cochran пишет: > Hi, > > What is the best solution with squid for content filtering using lists of domains that should be blocked? > > We have been using squidGuard, and it works. However, we would like to know if the

Re: [squid-users] Youtube redirection loop?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I think, this loop is changed in YT during last year. HTML5 was winished since 2015. YT URL scheme was chagnged this year. So, text/html is not valid for prevention looping. I see text/plain redirector in YT exchange. 08.05.15 2:59, HackXBack пиш

Re: [squid-users] Youtube redirection loop?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Feature with acl will be useful. Not only YT uses this redirection scheme. 08.05.15 3:25, HackXBack пишет: > you are right, but this patch still work with me. > i dont know if we can find better solution for this like you said by acl > > > > -- >

Re: [squid-users] Squid as transparent in 'caching layer'

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Amos, independent proxies also supported by Cisco WCCP. For redundancy it can group any numbers of transparent proxies. WBR, Yuri 10.05.15 12:57, Amos Jeffries пишет: > On 10/05/2015 6:31 p.m., Ibrahim Lubis wrote: >> Hi, >> >

Re: [squid-users] Client IP spoofing via squid proxy

I think, this is requirement for invisible proxy, Amos 11.05.15 16:30, Amos Jeffries пишет: On 11/05/2015 5:56 p.m., Ambadas Hibare wrote: Hi Amos, But in my requirement, the clients are configured with Squid IP & Port. Is there any possible way/approach by which I can make "Squid IP" hide to

Re: [squid-users] Youtube redirection loop?

Solved. I've add 3975 backport patch, then this one: acl text-html rep_mime_type text/html acl http302 http_status 302 store_miss deny text-html store_miss deny http302 send_hit deny text-html send_hit deny http302 and this one: # For YT block useragent header acl googledomain_ua_deny dstdoma

Re: [squid-users] SSL Peak and Splice

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit 13.05.15 0:17, Casey Daniels пишет: > Hi, > I've been trying to figure out how to do some web filtering on HTTPs, with no really good options given the layout I have. But then

Re: [squid-users] Need help debugging my squid configuration

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Latest Squid source's not in repositories. They are here: http://www.squid-cache.org/Download/ 13.05.15 19:53, Jose Torres-Berrocal пишет: > As said I followed the thread I included in the initial email. I have > added the --enable-ssl and --with

Re: [squid-users] Youtube redirection loop?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 UPDATE: It is enoudg to strip User-Agent only for one domain: # For YT block useragent header acl youtube_dom dstdomain .youtube.com request_header_access User-Agent deny youtube_dom Note: Some clips can't play for unknown reason. Will research.

Re: [squid-users] squid stop working without any error

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Because this is not assert. alert unknown ca 16.05.15 0:56, HackXBack пишет: > in cache.log i found this, > > 2015/05/15 21:06:41 kid1| clientNegotiateSSL: Error negotiating SSL > connection on FD 11185: error:14094418:SSL routines:SSL3_READ_B

Re: [squid-users] squid does not send cached object to an icap-server

you to activate this directive. trust_cache 0 Trusted cache is disable by default as you may want to start with a fresh cache. Why you need rescan cached object again? You don't trust your cache? Or what? 18.05.15 17:17, Stefan Kuegler пишет: Hi Yuri. http://i.im

Re: [squid-users] squid does not send cached object to an icap-server

15, Stefan Kuegler пишет: Am 18.05.2015 um 14:01 schrieb Yuri Voinov: http://squidclamav.darold.net/config.html Trust your cache (obsolete/unused in v6.x) One of the main configuration directive for performance improvement is 'trust_cache'. SquidClamav detect if the file to

Re: [squid-users] block inappropriate images of google

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 You need to use solution which is exists over 10 years. url_rewrite_program. With good blacklist good redirector can be block almost all unwanted content. Three most known programs: squidgiard DansGuardian ufdbguard and more. 18.05.15 23:49, A

Re: [squid-users] block inappropriate images of google

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Transparent DNS interception is more reliable technics, but requires some advanced things. Including continious support. And also this will not proof against browser anti-proxy plugins. BTW, gents, we are talking about advanced internet users - H

Re: [squid-users] block inappropriate images of google

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Also note: Most browser's anti-proxy plugins exists for Android/Apple. 19.05.15 0:25, Dwayne Hottinger пишет: > There is a way to use an internal dns server to redirect all google > searches to their safe search google. This does help with inapp

Re: [squid-users] How to cache Chrome Installer ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 # Adobe/Java and other updates acl adobe_java_updates urlpath_regex "/usr/local/squid/etc/urlregex.updates" range_offset_limit none adobe_java_updates store_id_access allow adobe_java_updates store_id_program /usr/local/squid/libexec/storeid_file

Re: [squid-users] How to cache Chrome Installer ?

Store ID can't get TCP_HIT. URL is changed. 19.05.15 3:18, Stakres пишет: Hi Yuri, Do you get a TCP_HIT with your rules ? From my side, i get this: *X-Cache: MISS* from blablabla... Bye Fred -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/How-to-

Re: [squid-users] Custom User-Agent header based on domain?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 acl you_dom dstdomain .youdomain.com request_header_access User-Agent deny you_dom request_header_replace User-Agent Nutscrape/1.0 (CP/M; 8-bit) 21.05.15 0:14, Shenan Hawkins пишет: > Is it possible to construct a stanza for squid such that a cust

Re: [squid-users] Squid cache youtube and other websites

HTTP/HTTPS for YT. http://wiki.squid-cache.org/KnowledgeBase/Block%20QUIC%20protocol 2. Configure and tune _correct_ SSL Bump. 3. Configure and refine Store ID feature. All of this above is know-how partially or completely. ;) WBR, Yuri 25.05.15 12:51, d...@getbusi.com пишет: Firstly, I thin

Re: [squid-users] Ssl-bump deep dive (self-signed certs in chain)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hm. Interesting. You want to say, you uses ordinal server certificate, signed with external trusted CA? And users can't see MiTM? 25.05.15 22:26, James Lay пишет: > So following advice and instructions on this page: > > http://wiki.squid-cache.o

Re: [squid-users] Ssl-bump deep dive (self-signed certs in chain)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ah, misunderstand. Error you got means that target server certificate's CA is not visible by Squid. Or for client. Huh. :) I had thought that Squid suddenly turned into a hackware :))) 25.05.15 22:26, James Lay пишет: > So following advi

Re: [squid-users] Block whatsapp with transparent proxy

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 https://www.google.com/search?q=squid+watsup+blocking Feel free to Google your question first. 08.06.15 20:37, Jonathan Filogna пишет: > Hi all, greetings from Argentina > > I want to know if can be possible block whatsapp for mobiles with a tran

Re: [squid-users] Block whatsapp with transparent proxy

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 This is the best solution in many cases. ;) 09.06.15 0:11, Jonathan Filogna пишет: > ty yuki, but i finally decided to block whatsapp with pfSense via firewall > rules and aliases > > > > El 08/06/15 a las 12:32, Yuri Voinov es

Re: [squid-users] Squid 3.5.5 fails to build for Solaris

I use this configuration parameters to build 64 bit 3.5.x Squid on Solaris: '--prefix=/usr/local/squid' '--enable-translation' '--enable-external-acl-helpers=none' '--enable-ecap' '--enable-ipf-transparent' '--enable-storeio=diskd' '--enable-removal-policies=lru,heap' '--disable-wccp' '--enab

Re: [squid-users] squid 3.5.5 bug 3279

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 http://bugs.squid-cache.org/attachment.cgi?id=3162 21.06.15 15:57, HackXBack пишет: > Yes sure, > can you give me the link to download chudy patch ? > > > > -- > View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squi

Re: [squid-users] problem with some ssl services

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 In other words, Amos, the new version is almost never be able to perform a bump, I understand you correctly? And there is no full configuration that will work in the same way as 3.4? 21.06.15 18:40, Amos Jeffries пишет: > *some* issues that Squid

Re: [squid-users] (no subject)

Squid 3.5.x? 24.06.15 17:59, Dalmar пишет: Hi, For over two weeks i am having a really headache in configuring squid transparent/intercept. I have tried different options and configurations but i couldn't get it to work. i think the problems lies in the Iptables / NAT but i really couldn't so

Re: [squid-users] Mikrotik and Squid Transparent

Squid 3.5.x? 24.06.15 18:03, Dalmar пишет: Hi, For over two weeks i am having a really headache in configuring squid transparent/intercept. I have tried different options and configurations but i couldn't get it to work. i think the problems lies in the Iptables / NAT but i really couldn't so

Re: [squid-users] Questions Regarding Transparent Proxy, HTTPS, and ssl_bump

? WBR, Yuri 24.06.15 21:41, Tom Mowbray пишет: > Squid 3.5.5 > > I seem to have some confusion about how acl lists are processed in > squid.conf regarding the handling of SSL (HTTPS) traffic, attempting to use > ssl_bump directives with transparent proxy. > > Based on avail

Re: [squid-users] Questions Regarding Transparent Proxy, HTTPS, and ssl_bump

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Never mind, Tom. I have own cockroaches in my head. Just only for content filtering, I would not put a caching proxy. Once that's it. 24.06.15 22:22, Tom Mowbray пишет: > Yuri, > > The proxy is being used as a content filter, i.e.

<    5   6   7   8   9   10   11   12   13   14   >