Re: [squid-users] How to suppress SQUID_X509_V_ERR_DOMAIN_MISMATCH error for known domains?

What domain name I must splice to WU work? 26.03.16 17:21, Amos Jeffries пишет: On 26/03/2016 11:53 p.m., Yuri Voinov wrote: Look at this, gents. http://i.imgur.com/kxrOEVd.png How to suppress this? It stops WU right now. That is TLS doing its job correctly. The entire purpose of HTTPS is to p

Re: [squid-users] How to suppress SQUID_X509_V_ERR_DOMAIN_MISMATCH error for known domains?

I understand that it should not work. However, this is a given. Windows Updates is not the kind of thing where users are satisfied with explanations of Captain Obvious. Solution is required. 26.03.16 17:21, Amos Jeffries пишет: On 26/03/2016 11:53 p.m., Yuri Voinov wrote: Look at this

Re: [squid-users] How to suppress SQUID_X509_V_ERR_DOMAIN_MISMATCH error for known domains?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 26.03.16 23:25, Alex Rousskov пишет: > On 03/26/2016 04:53 AM, Yuri Voinov wrote: >> http://i.imgur.com/kxrOEVd.png >> >> How to suppress this? It stops WU right now. > > > Does the ssl::certDomainM

Re: [squid-users] How to suppress SQUID_X509_V_ERR_DOMAIN_MISMATCH error for known domains?

inMismatch sslproxy_cert_error deny all ? 26.03.16 23:25, Alex Rousskov пишет: > On 03/26/2016 04:53 AM, Yuri Voinov wrote: >> http://i.imgur.com/kxrOEVd.png >> >> How to suppress this? It stops WU right now. > > > Does the ssl::certDomainMismatch ACL work to bypass the

Re: [squid-users] How to suppress SQUID_X509_V_ERR_DOMAIN_MISMATCH error for known domains?

ypass all WU IP ranges on router with WCCP, WU works. But this is not an option, WU must be cached. So, I can't splice dst by IP with Squid 4.x, right? 26.03.16 23:25, Alex Rousskov пишет: > On 03/26/2016 04:53 AM, Yuri Voinov wrote: >> http://i.imgur.com/kxrOEVd.png >> >> Ho

Re: [squid-users] How to suppress SQUID_X509_V_ERR_DOMAIN_MISMATCH error for known domains?

is absent in CA bundle by default on fe2.update.microsoft.com. In additional with Akamai CN mismatch. Thanks all! 26.03.16 23:25, Alex Rousskov пишет: > On 03/26/2016 04:53 AM, Yuri Voinov wrote: >> http://i.imgur.com/kxrOEVd.png >> >> How to suppress this? It stops WU righ

Re: [squid-users] How to suppress SQUID_X509_V_ERR_DOMAIN_MISMATCH error for known domains?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 In additional, this is very old problem: http://answers.microsoft.com/en-us/windows/forum/windows8_1-update/ssl-problem-with-windows-update-error-0x800b0109d/df2c5206-7304-4e42-ac4b-40d00bfbca87?auth=1 Damned M$. 27.03.16 2:01, Yuri Voinov

Re: [squid-users] "ACCESS DENIED" page by ssl_bump terminate

t; > deny_info http://www.example.com blocked_https > ssl_bump terminate blocked_https > -------- > > > 25.03.2016 17:14, Yuri Voinov пишет: >> > # TAG: deny_info > #Usage: deny_info err_pa

Re: [squid-users] "ACCESS DENIED" page by ssl_bump terminate

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 28.03.16 20:59, Alex Rousskov пишет: > On 03/27/2016 11:59 PM, Alexandr Yatskin wrote: >> Directive "deny_info" didn't work when we blocked https site with option >> "ssl_bump". > > "deny_info" is not compatible with the ssl_bump "terminate" acti

Re: [squid-users] ssl + stunnel and cache peer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 He means something like privoxy. It possible tunnel https. The similar config often uses for tunnel some proxied connections to Tor or another ISP or something. But the thing he required is not possible. Cache peers does not support re-crypting

Re: [squid-users] ssl + stunnel and cache peer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 There is no workaround. 30.03.16 2:38, Baselsayeh пишет: > is there a workaround that i can use ssl bump with cache peer? > > > Yuri Voinov wrote > He means something like privoxy. > > It possible tunnel https. > > Th

Re: [squid-users] ssl + stunnel and cache peer

s using ssl that squid dont need to re-crypting? > > Yuri Voinov wrote > He means something like privoxy. > > It possible tunnel https. > > The similar config often uses for tunnel some proxied connections to Tor > or another ISP or something. > > But the thing he

Re: [squid-users] Slowly rising CPU load (eventually hits 100)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Looks like permanently running clients, which is exausted network resources and then initiating connection abort. Try to add client_persistent_connections off to squid.conf. Then observe. 31.03.16 19:53, sq...@peralex.com пишет: > Hi, > > I'm

Re: [squid-users] Squid 3.5.16 and vary loop objects (bug ?)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Version 4.0.8 has the same issue after upgrading without cache clean-up. 04.04.16 14:28, FredB пишет: > Hello > > I migrated my Squid to the latest version 3.5.16 (from 3.5.10) and now I have many many "Vary loop objects" > What happen ? I made no

Re: [squid-users] squid 3.5 vs 4.0

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 http://wiki.squid-cache.org/RoadMap 04.04.16 21:06, Mike пишет: > Is there any list or page with any comparison information, say for the 2 > latest versions 3.5.16 and 4.0.8 beta? I understand many of the fixes coming out are being done for both,

Re: [squid-users] X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY error with transparent proxy configured with peek and splice

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 acl BrokenButTrustedServers2 dstdomain "/usr/local/squid/etc/dstdom2.broken" acl UnableGetIssuer ssl_error X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE sslproxy_cert_error allow BrokenButTrustedServers2 Un

Re: [squid-users] Error starting 3.5.16 on FreeBSD-8.4

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 http://bugs.squid-cache.org/show_bug.cgi?id=4486 07.04.16 20:16, Amos Jeffries пишет: > On 7/04/2016 3:16 a.m., Odhiambo Washington wrote: >> I am getting the following error in cache.log: >> >> Squid Cache (Version 3.5.16): Terminated abnormally.

Re: [squid-users] Error starting 3.5.16 on FreeBSD-8.4

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 https://vgy.me/GnhuDD.png 07.04.16 20:16, Amos Jeffries пишет: > On 7/04/2016 3:16 a.m., Odhiambo Washington wrote: >> I am getting the following error in cache.log: >> >> Squid Cache (Version 3.5.16): Terminated abnormally. >> CPU Usage: 0.082 se

Re: [squid-users] Error starting 3.5.16 on FreeBSD-8.4

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Seems fixed. http://bugs.squid-cache.org/show_bug.cgi?id=4486#c2 08.04.16 18:05, Amos Jeffries пишет: > On 8/04/2016 10:28 p.m., Odhiambo Washington wrote: >> Hello Yuri, >> >> Thanks, but this patch is for squid-4.0.8, right?? >> > > Yes the pat

[squid-users] Intermediace CA's repo

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I just put it here. :) https://github.com/iangcarroll/ca-intermediaries -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXB9JKAAoJENNXIZxhPexGyJwIAIYFfDZwBQ3CZJIDyWpNKvi1 URyu5/+JXTYf6CMR2ZSuuNaLSkLOjPAlI4itsbSX8hM/j4UBISJ5lQDTV7KH

Re: [squid-users] Error starting 3.5.16 on FreeBSD-8.4

theName.termedBuf(), xstrerr(xerrno)); > ^ > 5 errors generated. > *** Error code 1 > > Stop. > make[3]: stopped in /usr/home/wash/ILI/Squid/4.x/squid-4.0.8/src/ipc > *** Error code 1 > > Stop. > make[2]: stopped in /usr/h

Re: [squid-users] Error starting 3.5.16 on FreeBSD-8.4

ll :-) > > Could it be that you have a different code base from the tarballs available for everyone? > > > > On 8 April 2016 at 20:26, Yuri Voinov mailto:yvoi...@gmail.com>> wrote: > > > Note: Codebase for 4.0.x is different with 3.5.x. So, most patches for 4.x.x se

[squid-users] squid-cache.org misconfigured

https://i1.someimage.com/Mv9LdJN.png ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid-cache.org misconfigured

; > I do not know this specific system and I think that with the budget and tools of the project it's OK to have this kind of "down" time. > > Eliezer > > -Original Message- > From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of

Re: [squid-users] squid-cache.org misconfigured

I believe that more support for any project is one of the big secrets of the black magic of up-time. > > On 10/04/2016 14:31, Yuri Voinov wrote: >> Yep, I understand. Simple this occurs some often and take long enough time. > -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEc

Re: [squid-users] squid-cache.org misconfigured

zer > > * I believe that more support for any project is one of the big secrets of the black magic of up-time. > > On 10/04/2016 14:31, Yuri Voinov wrote: >> Yep, I understand. Simple this occurs some often and take long enough time. > -BEGIN PGP SIGNATURE- Version: Gnu

[squid-users] Squid 4: Cloudflare SSL connection problem

Does anybody faces this problem with 4.0.8: https://i1.someimage.com/3lD2cvV.png ? It accomplished this error in cache.log: 2016/04/12 17:39:38 kid1| Error negotiating SSL on FD 54: error::lib(0):func(0):reason(0) (5/0/0) and "NONE/503" in access.log. Without proxy works like sharm

Re: [squid-users] Squid 4: Cloudflare SSL connection problem

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 UPDATE: https://i1.someimage.com/b8w5dFz.png This is answer from Cloudflare support. But: 3.5.16 can deal with ECDSA TLS 1.2 but 4.0.8 not? 12.04.16 17:55, Yuri Voinov пишет: > Does anybody faces this problem with 4.0.8: > > h

Re: [squid-users] Squid 4: Cloudflare SSL connection problem

https://www.cloudflare.com/* - HIER_NONE/- text/html Note: 198.41.215.162 is current cloudflare.com IP. Also: NONE_ABORTED/200 is often occurs in access.log with another accessible sites. 12.04.16 20:03, Yuri Voinov пишет: > > UPDATE: > > https://i1.someimage.com/b8w5dFz.png > > T

Re: [squid-users] Squid 4: Cloudflare SSL connection problem

ce html page. > I do not know what service cloudflare uses and how it all works but if openssl states that there is an issue with what the service is either sending or itself analyzing then the issue is in the openssl level rather then squid. > > I am sure that both cloudflare and openssl and

Re: [squid-users] Squid 4: Cloudflare SSL connection problem

ot; results with? > Also what OS are you using? I am using CentOS 7 up to date... > > Eliezer > > On 12/04/2016 21:39, Yuri Voinov wrote: >> root @ cthulhu /patch # openssl s_client -cipher 'ECDHE-ECDSA-AES128-GCM-SHA256' -connect www.cloudflare.com:443 > > > &

Re: [squid-users] Squid 4: Cloudflare SSL connection problem

_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM OPENSSLDIR: "/etc/opt/csw/ssl" 13.04.16 2:29, Yuri Voinov пишет: > > root @ cthulhu /patc

Re: [squid-users] Squid 4: Cloudflare SSL connection problem

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Any ideas? Anybody? 13.04.16 2:37, Yuri Voinov пишет: > > I suggests the matter can be openssl not OS: > > root @ cthulhu /patch # openssl version -a > OpenSSL 1.0.1s 1 Mar 2016 > built on: Tue Mar 1 15:42:26 2016 > platf

Re: [squid-users] Squid 4: Cloudflare SSL connection problem

plan to support? 14.04.16 20:38, Yuri Voinov пишет: > > Any ideas? > > Anybody? > > 13.04.16 2:37, Yuri Voinov пишет: > > > > I suggests the matter can be openssl not OS: > > > > > root @ cthulhu /patch # openssl version -a > > > Open

Re: [squid-users] Squid 4: Cloudflare SSL connection problem

cific for CF handshake. 15.04.16 0:31, Yuri Voinov пишет: > > Ok, nobody. > > Well. > > I've done my own research. > > My suggestions: > > CloudFlare now uses it's own custom OpenSSL 1.0.2 with very custom patches with CHACHA Poly support. > > This pa

Re: [squid-users] Squid 4: Cloudflare SSL connection problem

g Expires: Fri, 15 Apr 2016 00:19:42 GMT Cache-Control: public, max-age=14400 CF-RAY: 2939daae503c0f75-FRA Length: unspecified [text/html] Saving to: 'index.html.1' index.html.1[ <=> ] 15.23K --.-KB/s in 0.1s 2016-04-15 02:19:42 (121 KB/s) - &

Re: [squid-users] Squid 4: Cloudflare SSL connection problem

- HIER_NONE/- text/html and cache.log: 2016/04/16 17:12:59 kid1| Error negotiating SSL on FD 56: error::lib(0):func(0):reason(0) (5/0/0) 15.04.16 15:17, Amos Jeffries пишет: On 15/04/2016 6:31 a.m., Yuri Voinov wrote: Ok, nobody. Well. I've done my own research. My sugges

Re: [squid-users] Squid 4: Cloudflare SSL connection problem

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 3.5.16 on *NIX is also has this issue. Only 3.5.16 Win64 is works like sharm. 16.04.16 17:18, Yuri Voinov пишет: > mozilla.org now has the same issue on Squid 4 like CloudFlare: > > https://i1.someimage.com/P03GmSY.png > > All o

Re: [squid-users] Squid 4: Cloudflare SSL connection problem

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 So. Still has no ideas? 16.04.16 22:50, Yuri Voinov пишет: > > 3.5.16 on *NIX is also has this issue. > > Only 3.5.16 Win64 is works like sharm. > > 16.04.16 17:18, Yuri Voinov пишет: > > mozilla.org now has the sa

Re: [squid-users] Squid 4: Cloudflare SSL connection problem

orks. Only LAN connection can't handshake. 17.04.16 15:16, Amos Jeffries пишет: > On 17/04/2016 4:55 a.m., Yuri Voinov wrote: >> >> So. >> >> Still has no ideas? >> > > Only things I assume you probably already looked at: > > Maybe churn in

Re: [squid-users] Squid 4: Cloudflare SSL connection problem

this specific issue doesn't exit. > I assume that if it works on CentOS it will work almost the same for Ubuntu and Debian. > > Eliezer > > On 16/04/2016 19:50, Yuri Voinov wrote: >> 3.5.16 on *NIX is also has this issue. >> >> Only 3.5.16 Win64 is works like sha

Re: [squid-users] Squid 4: Cloudflare SSL connection problem

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 17.04.16 15:16, Amos Jeffries пишет: > On 17/04/2016 4:55 a.m., Yuri Voinov wrote: >> >> So. >> >> Still has no ideas? >> > > Only things I assume you probably already looked at: > > Maybe churn in t

Re: [squid-users] http_port with "transparent" or "intercept"?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 # interceptSupport for IP-Layer NAT interception delivering #traffic to this Squid port. #NP: disables authentication on the port. Squid tells you what's wrong: ERROR: No forward-proxy ports configured. In add

Re: [squid-users] Squid 4: Cloudflare SSL connection problem

Rousskov пишет: > On 04/17/2016 06:59 AM, Yuri Voinov wrote: >> IDK whats happening. > > The answer is probably in the ALL,9 log. Since you can reproduce this > problem on an isolated system with a single transaction, you may be able > to analyze that log to pinpoint the failure. If y

Re: [squid-users] Squid 4: Cloudflare SSL connection problem

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 18.04.16 22:11, Guy Helmer пишет: > >> On Apr 17, 2016, at 5:50 AM, Yuri Voinov wrote: >> >> >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA256 >> >> *NIX means UNIX. Solaris is AT&T UNIX. Li

Re: [squid-users] Squid 4: Cloudflare SSL connection problem

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 18.04.16 22:11, Guy Helmer пишет: > >> On Apr 17, 2016, at 5:50 AM, Yuri Voinov wrote: >> >> >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA256 >> >> *NIX means UNIX. Solaris is AT&T UNIX. Li

Re: [squid-users] Squid 4: Cloudflare SSL connection problem

oxy for it. Eliezer On 12/04/2016 14:55, Yuri Voinov wrote: Does anybody faces this problem with 4.0.8: https://i1.someimage.com/3lD2cvV.png ? It accomplished this error in cache.log: 2016/04/12 17:39:38 kid1| Error negotiating SSL on FD 54: error::lib(0):func(0):reason(0) (5

Re: [squid-users] High CPU Usage with ssl_bump

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 It must not be. My most active setup has 3% CPU all time dirung peak hours. Typical view: https://i1.someimage.com/NzM1erI.png 21.04.16 19:18, Odhiambo Washington пишет: > Is is expected that using ssl_bump results into high CPU usage all the

Re: [squid-users] High CPU Usage with ssl_bump

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Not necessary. May be bottleneck in OS. 21.04.16 19:25, Odhiambo Washington пишет: > So, what could possibly be wrong with my setup, that squid consumes so much > CPU? > > On 21 April 2016 at 16:22, Yuri Voinov mailto:yvoi...@gmail

Re: [squid-users] High CPU Usage with ssl_bump

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 22.04.16 18:39, Odhiambo Washington пишет: > > > On 22 April 2016 at 13:45, Amos Jeffries mailto:squ...@treenet.co.nz>> wrote: > > On 22/04/2016 8:23 p.m., Odhiambo Washington wrote: > > > > Sure, I am really struggling to understand

Re: [squid-users] Need help with Squid on Windows

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Raf, I can confirm - perl helpers (I've tried to use store-ID with Active Perl) does not work with Win version of Squid. I've tried to configure it several times. Without success. With the same symptoms. WBR, Yuri 23.04.16 18:26, Rafael Akchurin

Re: [squid-users] Using Squid with 1 NIC

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 http://wiki.squid-cache.org/ConfigExamples/Intercept 23.04.16 23:08, Tom Ku пишет: > Hi All, > > I know this question has been beaten to death but I can't seem to find any answers via google. So i'm trying to set up a Squid proxy for my VMware i

Re: [squid-users] Using Squid with 1 NIC

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I've based on op's diagram. We are know nothing about what he want. Thelepaty on Bali on vacation. 23.04.16 23:46, Antony Stone пишет: > On Saturday 23 April 2016 at 19:12:56, Yuri Voinov wrote: > >> http://wiki.squid-ca

Re: [squid-users] Using Squid with 1 NIC

iction (but I don't think so) is only possible to proxying HTTP/HTTPS. > > On Sat, Apr 23, 2016 at 1:50 PM, Yuri Voinov mailto:yvoi...@gmail.com>> wrote: > > > I've based on op's diagram. We are know nothing about what he want. > Thelepaty on Bali on

Re: [squid-users] Using Squid with 1 NIC

not workstations. I need all servers in each network segment to go through the proxy so traffic can be monitored for each network. Now would a transparent proxy help?? Hope this make sense. > > On Sat, Apr 23, 2016 at 1:50 PM, Yuri Voinov mailto:yvoi...@gmail.com>> wrote: > > > I&#x

Re: [squid-users] Using Squid with 1 NIC

ed for each network. Now would a transparent proxy help?? Hope this make sense. > > On Sat, Apr 23, 2016 at 1:50 PM, Yuri Voinov mailto:yvoi...@gmail.com>> wrote: > > > I've based on op's diagram. We are know nothing about what he want. > Thelepaty on Bali on vacat

[squid-users] Why 3.5 and 4.x shows different tags in access.log due to CONNECT?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 4.x shows: 1461442623.529580 192.168.100.103 NONE_ABORTED/200 0 CONNECT 45.55.230.38:443 - ORIGINAL_DST/45.55.230.38 - and this CONNECT is NOT aborted! 3.5.x shows: 1461442791.695462 192.168.100.102 TAG_NONE/200 0 CONNECT 91.250.107.40:

Re: [squid-users] Why 3.5 and 4.x shows different tags in access.log due to CONNECT?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Opens bug? 24.04.16 3:25, Alex Rousskov пишет: > On 04/23/2016 02:38 PM, Yuri Voinov wrote: >> >> 4.x shows: >> >> 1461442623.529580 192.168.100.103 NONE_ABORTED/200 0 CONNECT >> 45.55.230.38:443 - ORIGINAL_

Re: [squid-users] Why 3.5 and 4.x shows different tags in access.log due to CONNECT?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 http://bugs.squid-cache.org/show_bug.cgi?id=4503 24.04.16 3:25, Alex Rousskov пишет: > On 04/23/2016 02:38 PM, Yuri Voinov wrote: >> >> 4.x shows: >> >> 1461442623.529580 192.168.100.103 NONE_ABORTED/200 0

Re: [squid-users] NTLM_AUTH authentification send BH SPNEGO request invalid prefix

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Any logs? 24.04.16 20:11, Hack Ensolo пишет: > Hi, > I try to log a user who is in active directory group "webusers" with ntlm_auth > but I have some problems. > > /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of=DOM

[squid-users] Intermediate CA's file for using in sslproxy_foreign_intermediate_certs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I'll just leave it here. https://drive.google.com/file/d/0B4nS4FYXsqTfTlo4UVQ3TF8xdms/view?usp=sharing Updates are performed as needed. On a relatively regular basis. WBR, Yuri -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJX

Re: [squid-users] Squid 3.4.8 helpers doesn't work how I want !

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Logs from AD, man. 25.04.16 20:33, Hack Ensolo пишет: > Hi, > I try to authenticate a user in AD (windows server 2008 R2). > When he is in a group Webusers he must authenticated and when I remove the user of this group, he must not authenticated.

Re: [squid-users] Logging ACL that triggered denied access with http_access

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Usually for this task uses external url rewriter which has own block log. For example, ufdbguard/squidguard/dansguardian etc. Also you can use DB-based ACL's to this task. Which is better than manual maintained huge plain-text inclusions in squid.

Re: [squid-users] Logging in squid

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Read squid.cache.documented carefully again: # LOGFILE OPTIONS # - # TAG: logformat #Usage: # #logformat # #Defines an access log format. # #The is a

Re: [squid-users] help for my intercept proxy setup

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Show WCCP section of yout squid.conf please. 27.04.16 3:05, maileh пишет: > Hi > Here is my router wccp config > In global config i enable ip wccp > #ip wccp web-cache redirect-list WCCP_HTTP > #ip wccp 70 redirect-list WCCP_HTTPS > Interface fac

Re: [squid-users] help for my intercept proxy setup

g. > > ​ > thanks > > > ________ > From: Yuri Voinov [via Squid Web Proxy Cache] > Sent: Wednesday, April 27, 2016 10:24 AM > To: Maile Halatuituia > Subject: Re: help for my intercept proxy setup > > > Show WCCP section of yout squid.conf please. > > >

Re: [squid-users] help for my intercept proxy setup

cp2_rebuild_wait off > wccp2_assignment_method hash > wccp2_service standard 0 > wccp2_service dynamic 70 > wccp2_service_info 70 protocol=tcp flags=dst_ip_hash,src_ip_alt_hash,src_port_alt_hash priority=240 ports=443,80 > always_direct allow all > thanks > ____ >

Re: [squid-users] help for my intercept proxy setup

t; always_direct allow all > thanks > ____ > From: squid-users on behalf of Yuri Voinov > Sent: Wednesday, April 27, 2016 10:57 AM > To: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] help for my intercept proxy setup > > Show WCCP section of yout s

Re: [squid-users] Regex optimization

https://regex101.com is your best friend. 27.04.16 17:32, Alfredo Rezinovsky пишет: I saw in debug log that when an ACL has many regexes each one is compared sequentially. If I have www.facebook.com facebook.com www.google.com

Re: [squid-users] Regex optimization

27 19:11 GMT+06:00 Alfredo Rezinovsky : > Not my question. I'm asking about performance > > 2016-04-27 9:09 GMT-03:00 Yuri Voinov : > >> https://regex101.com is your best friend. >> >> 27.04.16 17:32, Alfredo Rezinovsky пишет: >> >> I saw in deb

Re: [squid-users] Regex optimization

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 27.04.16 20:01, Amos Jeffries пишет: > On 27/04/2016 11:32 p.m., Alfredo Rezinovsky wrote: >> I saw in debug log that when an ACL has many regexes each one is compared >> sequentially. >> >> If I have >> >> www.facebook.com >> facebook.com >> www

Re: [squid-users] Regex optimization

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Furthermore. The more specifically a regular expression, so it usually faster. 27.04.16 20:01, Amos Jeffries пишет: > On 27/04/2016 11:32 p.m., Alfredo Rezinovsky wrote: >> I saw in debug log that when an ACL has many regexes each one is compared

Re: [squid-users] Squid with a FTPD... glFTPD or ioFTPD

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hm.. for what? 27.04.16 23:42, sebastien.boulia...@cpu.ca пишет: > > Hi all, > > > > I would like to know if someone use Squid with a FTPD like glFTPD or ioFTPD or something like that. > > > > Thanks you very much for your answer. >

Re: [squid-users] Using dont_verify_peer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 With intermediate certificates better to use sslproxy_foreign_intermediate_certs for many reasons: 1. sslproxy_foreign_intermediate_certs not treated as trusted root CA's. They only uses for complete certificate chain. 2. Intermediate CA's most o

Re: [squid-users] Using dont_verify_peer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 For the future: using SSL Bump dangerous enough itself, so the less it will be all kinds of exceptions - the better. 29.04.16 2:56, Rafael Akchurin пишет: > > Hello Bruce, > > > > According to https://www.ssllabs.com/ssltest/analyze.html?d=agenti

Re: [squid-users] Block VPN access like hola.org ,ultrasurf

Not with squid, man. Only on Cisco/another router by IP. ip access-list extended TO_INET remark Hamachi deny ip 25.0.0.0 0.255.255.255 any deny ip 64.34.106.0 0.0.0.255 any deny ip any host 69.25.21.195 deny ip any host 74.201.75.195 deny ip any host 146.255.195.92 remark ZenMat

Re: [squid-users] Block VPN access like hola.org ,ultrasurf

Not with squid, man. Only on Cisco/another router by IP. ip access-list extended TO_INET remark Hamachi deny ip 25.0.0.0 0.255.255.255 any deny ip 64.34.106.0 0.0.0.255 any deny ip any host 69.25.21.195 deny ip any host 74.201.75.195 deny ip any host 146.255.195.92 remark ZenMat

Re: [squid-users] Block VPN access like hola.org ,ultrasurf

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The another option is using advanced DPI with database. Like China government uses. Squid itself can't. 29.04.16 16:33, Reet Vyas пишет: > Hi, > > I have working trasparent squid , Some users are using proxy vpn in moziilla as addon and bypassing

Re: [squid-users] Block VPN access like hola.org ,ultrasurf

othing. Only trained administrator with experienced network administrator and two pairs bodied brain can more or less hinder the life of these smart-ass users. This day-by-day battle is significant part of IT security, which is not product, but process. Hard luck, Yuri 29.04.16 22:0

Re: [squid-users] runing squid on second processor

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I do admit I do not understand how Сalamaris may slow Squid. My Calamaris runs once a day, at night, I do not see any significant load on the server with four cores. No, of course, if it is run with each rotation of the log, every hour, on the high

Re: [squid-users] runing squid on second processor

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 02.05.16 0:56, Alex Rousskov пишет: > On 04/29/2016 04:17 PM, joe wrote: >> hi i have 2 cpu 4 core each >> i need to leave alone first processor and use the second one for squid and >> its helper >> is that will do ??? taskset 0x00f0 squid

Re: [squid-users] runing squid on second processor

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 02.05.16 0:56, Alex Rousskov пишет: > On 04/29/2016 04:17 PM, joe wrote: >> hi i have 2 cpu 4 core each >> i need to leave alone first processor and use the second one for squid and >> its helper >> is that will do ??? taskset 0x00f0 squid

Re: [squid-users] runing squid on second processor

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 And moreover - we are talking not about Squid in SMP environment. :) Too bad not to have Fair Share Scheduler, is it? :) https://en.wikipedia.org/wiki/Fair-share_scheduling 02.05.16 0:56, Alex Rousskov пишет: > On 04/29/2016 04:17 PM, joe wrot

Re: [squid-users] runing squid on second processor

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 02.05.16 0:56, Alex Rousskov пишет: > On 04/29/2016 04:17 PM, joe wrote: >> hi i have 2 cpu 4 core each >> i need to leave alone first processor and use the second one for squid and >> its helper >> is that will do ??? taskset 0x00f0 squid

Re: [squid-users] runing squid on second processor

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Just as a possibility of solution: https://docs.oracle.com/cd/E22645_01/html/817-1592/rmfss-1.html 02.05.16 0:56, Alex Rousskov пишет: > On 04/29/2016 04:17 PM, joe wrote: >> hi i have 2 cpu 4 core each >> i need to leave alone first processor

Re: [squid-users] Is there a way to allow connection according to user certificate?

04.05.16 17:20, Ser de Bronce пишет: Hi there, Maybe someone already knows any solution: I have transparent proxy and according to some reasons I can’t use login/password authentication. However I still need to control who can access my proxy. Transparent proxy can't use any authentif

Re: [squid-users] Is there a way to allow connection according to user certificate?

04.05.16 18:05, Amos Jeffries пишет: On 4/05/2016 11:20 p.m., Ser de Bronce wrote: Hi there, Maybe someone already knows any solution: I have transparent proxy and according to some reasons I can’t use login/password authentication. However I still need to control who can access my proxy.

Re: [squid-users] URL/P2P blocking

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Facebook uses Akamai as background CDN, so you need to block Akamai (related URL's, which can be difficult, so consider to use Cisco NBAR DPI functionality). too in case to completely block FB. YT still uses QUIC/SPDY, so read this http://wiki.sq

Re: [squid-users] URL/P2P blocking

what means - and what is not. Especially P2P - this is at all not about Squid. 05.05.16 3:11, Yuri Voinov пишет: > > Facebook uses Akamai as background CDN, so you need to block Akamai (related URL's, which can be difficult, so consider to use Cisco NBAR DPI functionality). too in case t

Re: [squid-users] URL/P2P blocking

ies. This is only URL/HTTP based tool, which required some more forces to use it with HTTPS. And this can't be other means to replace when it comes to other protocols. Squid is only HTTP/HTTPS proxy. Not at all existing protocols. 05.05.16 3:18, Yuri Voinov пишет: > > Generally, for

Re: [squid-users] URL/P2P blocking

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Finally, read this thread too: http://www.spinics.net/lists/squid/msg81113.html Some questions already answered here. 05.05.16 3:26, Yuri Voinov пишет: > > As a part of solution I recommend (by my own experience) consider to us

Re: [squid-users] URL/P2P blocking

, etc.etc.etc. Not as Squid's antagonist - but just as attitional tools to filter. Note: Cisco also has time-based ACL's. 05.05.16 3:28, Yuri Voinov пишет: > > Finally, > > read this thread too: > > http://www.spinics.net/lists/squid/msg81113.html > > Some questions a

Re: [squid-users] Is there a way to allow connection according to user certificate?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 05.05.16 19:06, Ser de Bronce пишет: > Dear Amos and Yuri, thanks a lot for your answers. > > Sorry for the mess, I'm novice here. > As it turned out my proxy is not transparent... > > By "some reasons" I meant clients' experience reasons, let me

Re: [squid-users] Is there a way to allow connection according to user certificate?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 05.05.16 19:19, Amos Jeffries пишет: > On 6/05/2016 1:06 a.m., Ser de Bronce wrote: >> Dear Amos and Yuri, thanks a lot for your answers. >> >> Sorry for the mess, I'm novice here. >> As it turned out my proxy is not transparent... >> >> By "some

Re: [squid-users] Is there a way to allow connection according to user certificate?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 05.05.16 22:07, Ser de Bronce пишет: > Yuri, > > > But this is the default behaviour for proxy with auth > > I didn't know that. > Initially I tested on iPhone using wi-fi connection and as I said earlier there are wi-fi proxy settings on iPhone

Re: [squid-users] SSL certifcate on android device not working

Android sucks and must die, yes :) 06.05.16 19:11, Alex Crow пишет: On 06/05/16 14:09, Reet Vyas wrote: Hi I have squid ssl bump working but when I added squid.crt to my android , it not working but working with Iphone cause they have certificate installer app , I dont know exact issue cau

Re: [squid-users] SSL certifcate on android device not working

<mailto:reet.vya...@gmail.com>> het volgende geschreven: Please let me know if this possible or not? On Fri, May 6, 2016 at 6:51 PM, Yuri Voinov <mailto:yvoi...@gmail.com>> wrote: Android sucks and must die, yes :) 06.05.16 19:11, Alex Crow пишет: On 06/05/16 14:0

Re: [squid-users] SSL certifcate on android device not working

schreven: Please let me know if this possible or not? On Fri, May 6, 2016 at 6:51 PM, Yuri Voinov mailto:yvoi...@gmail.com>> wrote: Android sucks and must die, yes :) 06.05.16 19:11, Alex Crow пишет: On 06/05/16 14:09, Reet Vyas wrote:

Re: [squid-users] SSL certifcate on android device not working

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hey, http://wiki.cacert.org/FAQ/ImportRootCert?action=show&redirect=ImportRootCert#Android_Phones can be answer? 06.05.16 20:46, Yuri Voinov пишет: > > I'm not sure, but can suggest, that android apps can contains it's own

Re: [squid-users] SSL certifcate on android device not working

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Or here http://wiki.pcprobleemloos.nl/android/cacert Google still rulezzz! :) PS. I haven't either iPhone or Android to verify :) because I'm not cyborg :) So.. try and tell us about results :) 07.05.16 2:18, Yuri Voinov пише

<    1   2   3   4   5   6   7   8   9   10   >