-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Amos,
we are don't care about experts in the IETF.
What is the Squid Team position about SSL bumping and caching? Will
Squid be only content filtering proxy or remains caheable? What will be
next milestone?
3.5. now less used to cache SSL, only
Better to use:
# Adobe/Java and other updates
acl adobe_java_updates urlpath_regex "/usr/local/squid/etc/urlregex.updates"
# Youtube & CDN store rewrite ACLs
acl store_rewrite_list urlpath_regex
\/(watch\?|get_video|videoplayback\?)
\.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|webp|flv|f4f|mp4)\? \/ad
Means exactly your seen. You acl contains two lines with this
subnetwork. Check and correct.
29.06.15 14:55, Fiorenza Meini пишет:
Hi,
I see this error when I restart squid service:
please, what does it mean:
WARNING: because of this '192.168.100.164' is ignored to keep splay
tree searching p
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
In my installation I use caching DNS (unbound) in conjunction with Squid.
This cachind DNS directly on squid box and solves many problem with DNS.
Unbound cache itself uses custom TTL setting (maximal) for DNS records,
which is overrides provider
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Fred,
I'm talkin not about localhost installation.
My squid serves business-center. With hundreds of users.
In this environment, we use also transparent DNS interception onto DNS
cache. DNS cache itself uses clean sources for resolving, using dn
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Fred,
I'm talkin not about localhost installation.
My squid serves business-center. With hundreds of users.
In this environment, we use also transparent DNS interception onto DNS
cache. DNS cache itself uses clean sources for resolving, using dn
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
06.07.15 18:06, Amos Jeffries пишет:
> On 6/07/2015 9:30 p.m., adam900710 wrote:
>>
>> Here is some of my experiments:
>> 1) Remove "never_direct"
>> Then ssl_bump works as expected, but all traffic doesn't goes through
>> the SOCKS5 proxy. So a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
06.07.15 18:06, Amos Jeffries пишет:
> On 6/07/2015 9:30 p.m., adam900710 wrote:
>>
>> Here is some of my experiments:
>> 1) Remove "never_direct"
>> Then ssl_bump works as expected, but all traffic doesn't goes through
>> the SOCKS5 proxy. So a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
And also:
As long as you stay in the white robes, the whole world supports the
illusion of security HTTPS. The world has changed in the eyes of the
past three years. And by the way, your branch 3.4 has long been used in
commercial solutions. Doing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
And finally:
HTTPS is used for malware transmission - and we can't scan it!, for porn
viewing, for illegal P2P traffic and others.
And we are the paladines in white robes.
06.07.15 19:34, adam900710 пишет:
> 2015-07-06 20:06 GMT+08:00 Amos Jeffr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
My own solution in conjunction with Tor + Privoxy looks like this (Note:
for Squid 3.4.13):
# Tor acl
acl tor_url url_regex -i "/usr/local/squid/etc/url.tor"
# SSL bump rules
sslproxy_cert_error allow all
ssl_bump none localhost
ssl_bump none url
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I use 3.4 version. Yes, this is old directives.
3.5.x, on my opinion, don't do SSL Bump in NAT transparent interception
environment.
06.07.15 20:21, adam900710 пишет:
> 2015-07-06 22:05 GMT+08:00 Yuri Voinov :
>>
> My own soluti
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I'm afraid, you can't. WU uses TLS pinning, so, as Amos said, "Correct
TLS cannot be bumped".
That's all.
07.07.15 19:57, Jasper Van Der Westhuizen пишет:
> Hi list
>
> I have a problem with Windows 10 updates. It seems that Microsoft will
do upd
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Raf,
does you team close issue with cache_dir already?
07.07.15 14:39, Rafael Akchurin пишет:
>
> Greetings everyone,
>
>
> The CygWin based build of Squid proxy for Microsoft Windows version
3.5.6 is now available (amd64 only!).
>
>
> * Origi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I think,
we must forgot about SSL Bump as a feature and caching HTTPS. Due to all
world;s developer position.
Sad, but true.
This feature dead now.
WBR, Yuri
07.07.15 19:57, Jasper Van Der Westhuizen пишет:
> Hi list
>
> I have a problem with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I think so.
07.07.15 21:23, Rafael Akchurin пишет:
> Hello Yuri,
>
> Is it - https://github.com/diladele/squid3-windows/issues/40?
>
> Raf
>
> From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org]
On Behalf
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Zzz... Still using 3.5.1 on my Win...
07.07.15 21:47, Rafael Akchurin пишет:
> Then it is still open ☹
>
> From: Yuri Voinov [mailto:yvoi...@gmail.com]
> Sent: Tuesday, July 7, 2015 5:28 PM
> To: Rafael Akchurin
&g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Looks like TCP/IP stack level issue.
09.07.15 0:26, David Touzeau пишет:
> Dear
>
> I would like to share a strange behavior.
>
> We have servers that stores Citrix application.
> Each Citrix server run about 10 users/session
> Each session execu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Yep, man.
Sad, but true.
11.07.15 16:13, David Touzeau пишет:
> To understand what you says:
>
> Means that squid try to understand the TLS protocol in order to
retrieve certificate information but some TAGS in certificate are not
properly unders
Man,
3.5.x don't work with server-first. It must be for backward
compatibility - but don't be.
Also, AFAIK, 3.5.x series don't work with transparent NAT interception
in bump mode. Fake certs are generated, but with IP against hostnames
(in all my test installations).
So, if you strictly ne
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Too complex setup for simple task.
You can simple re-connect squid box before router and configure it as
gateway for devices. And setup NAT redirection directly onto squid box.
Something like this:
Internet <-> Router + DHCP + NAT <--> S
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Note:
If you want to use two NIC onto Squid box, you need to configure this
box TCP stack as a static router.
But more better to aggregate both NIC and connect router and squid box
with switch.
14.07.15 2:15, John Pearson пишет:
> Hi Everyone,
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
And beware: Your current configuration is insecure. Very insecure.
Especially if you haven't firewall configured on squid box.
14.07.15 2:15, John Pearson пишет:
> Hi Everyone,
>
> My setup is: Internet <--> Squid-eth0 <--> Squid-eth1 <--> Router
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Ah,
forgot about:
Your squid in scheme I wrote will have static gray IP. And this IP must
be excluded from DHCP pool on router.
14.07.15 2:15, John Pearson пишет:
> Hi Everyone,
>
> My setup is: Internet <--> Squid-eth0 <--> Squid-eth1 <--> Rout
without
having to buy another Wireless AP.
I don't mind it being complex, do you have any suggestions on
getting Internet <---> Squid <---> Router (NAT) working ?
Thanks!
On Mon, Jul 13, 2015 at 1:26 PM, Yuri Voinov mailto:yvoi...@gmail.com>> wro
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
The key question: which OS using?
15.07.15 12:56, Stakres пишет:
> Hi All,
>
> I face a weird issue regarding DISKS cache-dir model and I would like to
> have your expertise here
>
> Here is the result of a cache object with an AUFS cache_dir:
> 1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
DIskd works perfectly on some OS'es, like Solaris, BSD.
Linux-based OS, AFAIK, works with diskd so slow. And AUFS is the best
choise in this case. Depending system settings, of course.
AFAIK, on some OS (like.h. Windows) "aufs" leads
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Are you surprised that the IO modules may be specific for different
operating systems? :)
15.07.15 15:59, Stakres пишет:
> Yury,
>
> you mean that having the DISKD 52 times slower then AUFS with linux OS is
> normal ?
> I cannot believe that, inc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Also - did you read this:
http://wiki.squid-cache.org/Features/DiskDaemon
?
Your seen, for which OS this feature designed? ;)
15.07.15 15:59, Stakres пишет:
> Yury,
>
> you mean that having the DISKD 52 times slower then AUFS with linux OS is
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
15.07.15 17:18, FredB пишет:
>
>> Your are right fred,
>>
>> It is is a difficult deal for us too...
>>
>> aufs -> good speed but more troubles ( assertion failed, "empty()",
>> HTTP
>> reply without date unstable rock system ) and must deal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
AFAIK,
diskd speed depends from backend fs (OS level).
I use diskd over zfs with some tunables and has acceptable response
time, approx 0.1 sec.
15.07.15 18:52, Stakres пишет:
> Fred,
> (Guys, 2 french Fred here, but not the sames)
>
> Did you c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Here is my stats:
client_http.all_median_svc_time = 0.097357 seconds
client_http.miss_median_svc_time = 0.097357 seconds
client_http.nm_median_svc_time = 0.00 seconds
client_http.nh_median_svc_time = 0.00 seconds
client_http.hit_median_svc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
SSD as squid cache?! You are really rich, man!
15.07.15 19:33, Eliezer Croitoru пишет:
> Just adding something to the subject.
> HDD vs SSD speeds are quite something.
> I have tried to test the benefits of a SSD in the past and in many
cases it w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Speaking in essence: Performance depends strongly on the process model
used by the operating system, from settings, the hardware configuration
and the actual configuration of the operating system. And it can not be
considered in isolation from all
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
It depends from your squid settings (memory cache size, etc), your OS
(as expected), your fs.
My installation works 4 years 24x7 with shipped HDD.
15.07.15 19:41, FredB пишет:
> I agree, but what about the life time ? I change every two years (m
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Look:
root @ cthulhu / # zpool status data
pool: data
state: ONLINE
scan: scrub repaired 0 in 1h49m with 0 errors on Sat Jul 11 07:49:01 2015
config:
NAME STATE READ WRITE CKSUM
data ONLINE 0 0
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
queue congestion means IO bottleneck. This will appears on regular
basis. With client delays, of course.
15.07.15 19:51, Stakres пишет:
> Hi Fred,
> tests from my side:
> DISKD with TCP_HIT objects: 564KB/s with wget, the same url you have
tested
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I think, that using datacenter (not consumer) class HDD is more
preferrable than SSD.
Cache content lost means cached traffic and money loss. And this is not
acceptable for big caches.
15.07.15 19:57, FredB пишет:
>
>>
>> -BEGIN PGP SIGNED ME
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
This test means nothing. Only very approximate overall IO performance
for IO subsystem.
15.07.15 19:58, FredB пишет:
>
>
>> Objet: Re: [squid-users] AUFS vs. DISKS
>>
>> Hi Fred,
>> tests from my side:
>> DISKD with TCP_HIT objects: 564KB/s with w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
And note this: TCP_HIT generally flows with other network traffic. We
don't know, how it handles during peak hours in network equipment, right?
To be sure, we must prioritizing TCP_HITS on network level, well?
15.07.15 19:58, FredB пишет:
>
>
>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Just remember: performance tuning is complex problem, especially for
high load installations. And must be solved as complex.
15.07.15 19:58, FredB пишет:
>
>
>> Objet: Re: [squid-users] AUFS vs. DISKS
>>
>> Hi Fred,
>> tests from my side:
>> DISKD
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
At this moment your user got partially loaded web page.
15.07.15 20:06, FredB пишет:
>
>>
>> All,
>> We have switched some ISPs from DISKD to AUFS this morning, the
>> "queue
>> congestion" appears at the begining then disappears from the
>> c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Amos,
I think, auds queue must be buffered more better and smoother. On some
OS (I've tested) peak loads leads performance degradation. Periodically.
That is why I'm not using aufs.
15.07.15 20:39, Amos Jeffries пишет:
> On 16/07/2015 1:51 a.m.,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Confirm.
ufdbguard is great redirector. It has a bit small problem with some
reporting tools (like SARG), but nothing important.
15.07.15 20:57, Amos Jeffries пишет:
> On 16/07/2015 2:42 a.m., Michael Monette wrote:
>> Hello,
>>
>> This might be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
15.07.15 20:45, Amos Jeffries пишет:
> On 16/07/2015 2:27 a.m., FredB wrote:
>>
>>> At this moment your user got partially loaded web page.
>>>
>>
>> Yes bad experience for me, I guess I reach some limitations about aufs,
>
> That is the SWAP
auses.
;) I know it too. ;)
15.07.15 22:20, Eliezer Croitoru пишет:
> On 15/07/2015 16:36, Yuri Voinov wrote:
>> SSD as squid cache?! You are really rich, man!
>
> Please do separate two things Enterprise level SSD and Desktop SSD.
> They are different by nature and they do not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Fred.
It's depending your OS.
Depending your hardware.
Depending your OS configuration.
Tuning is very complex problem and tuning is EVIL.
Remember it.
PS. On MY platform diskd is the single choise. And it's very fast.
16.07.15 21:00, FredB
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Fred.
It's depending your OS.
Depending your hardware.
Depending your OS configuration.
Tuning is very complex problem and tuning is EVIL.
Remember it.
PS. On MY platform diskd is the single choise. And it's very fast. 0.1
sec latency.
16.0
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
In my case diskd only choice. On my platform aufs does not work at all.
And diskd gives the best result after careful tuning.
As I said earlier, the result is highly dependent on the platform,
hardware, and configuration. diskd was designed for a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Heh,
too much unknown options are dangerous. :)
19.07.15 16:03, HackXBack пишет:
> removing lines from my configure option make it work,
> now i have
> ./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin
> --libexecdir=/usr/lib/squid
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Take a look on thread "AUFS vs. DISKD"
19.07.15 16:12, HackXBack пишет:
> 2015/07/19 12:13:14 kid1| /cache05/2/07/FF/0007FF14
> 2015/07/19 12:13:15 kid1| DiskThreadsDiskFile::openDone: (2) No such
file or
> directory
> 2015/07/19 12:13:15 ki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Heh. Looks like images is less than:
minimum_object_size 512 bytes
this parameter. :)
23.07.15 22:02, Ulises Nicolini пишет:
> minimum_object_size 512 bytes
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQEcBAEBCAAGBQJVsRCPAAoJENNXIZxhPe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
No such file or directory
means "No such file or directory" exactly. :)
Your squid can't find libecap.
Simple.
23.07.15 21:18, HackXBack пишет:
> No
> such file or directory
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQEcBAEBCAAGBQJV
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sure. HTTPS also uses GZip ;)
23.07.15 23:33, HackXBack пишет:
> when we can use ecap with https contents ?
> Thanks.
>
>
>
> --
> View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/ecap-and-https-tp4672396.html
> Sen
t; -rw-r--r-- 1 rootroot 53K Jul 20 12:36 imagen1.gif
> -rw-r--r-- 1 rootroot130K Jul 21 19:27 imagen3.jpg
>
>
> I don't think tahat the size is the problem.
>
> Thanks
>
> Ulises
>
>
>
> El 23/07/15 13
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
HHh. what this module does?
And - for what you deny Accept-Encoding header?!
23.07.15 23:56, HackXBack пишет:
> request_header_access Accept-Encoding deny all
> loadable_modules /usr/local/lib/ecap_adapter_modifying.so
> ecap_enable o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
23.07.15 23:57, Amos Jeffries пишет:
> On 24/07/2015 4:02 a.m., Ulises Nicolini wrote:
>> Hello,
>>
>> I have a basic squid 3.5 configuration with
>>
>> maximum_object_size_in_memory 64 KB
>> maximum_object_size 10 KB
>> minimum_object_size 5
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Well, and so what? What exactly your doing with this adapter?
24.07.15 3:53, HackXBack пишет:
> read the Documentation
>
> http://www.e-cap.org/Documentation
>
>
>
> --
> View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Also your can disable HSTS ;)
24.07.15 10:33, d...@getbusi.com пишет:
> Not to go off-topic here, but you folks are all SSL Bumping youtube.com /
> googlevideo.com in order to
do this caching, right?
>
>
>
>
> Want to make sure I’m not mi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Either privacy - or caching. Now you haven't alternative. HTTPS without
bump can't be caching. Never.
Antispam reading your letters - you is annoying? Do you want to talk
about it? You strains that Squid will see SSL? Turn strip_query_terms on
and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Firefox and Chrome use HSTS for yt and some other hardcoded sites, like
twitter. This means force use TLS. From client side.
24.07.15 18:01, joe пишет:
> http bro no ssl no https
> plain http any one know the way to force yt to use http
> you can
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Wrong. To block HSTS you need use
# Disable HSTS
reply_header_access Strict-Transport-Security deny all
alternate-protocol - this from another opera.
UDP/80 and UDP/443 - this about QUIC and SPDY protocol. It's nothing to
HSTS not.
Learn more ;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
BTW, it you are concern about user's privacy, you must not block neither
QUIC/SPDY nor HSTS. This all about user's privacy.
But in this case forget about caching yt or something. Completely.
24.07.15 18:22, joe пишет:
> you can deny those protoco
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
24.07.15 18:33, joe пишет:
> i dont see Strict-Transport-Security in my log header
> only alternate-protocol
> can you post an example link pls
>
>
>
> --
> View this message in context
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
24.07.15 21:15, Amos Jeffries пишет:
> On 25/07/2015 12:38 a.m., Yuri Voinov wrote:
>>
>> https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
>>
>> 24.07.15 18:33, joe пишет:
>>> i dont see Strict-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
No. He said that Squid does that itself. The only question - which Squid.
24.07.15 21:34, joe пишет:
> tks amos so
> doing replace beter as
> reply_header_access Strict-Transport-Security deny all
>
> request_header_replace Strict-Transport-Securi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Squid is 32 bit? And OS?
30.07.15 3:23, Sebastian Goicochea пишет:
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQEcBAEBCAAGBQJVuUW8AAoJENNXIZxhPexGDFoH/0i3JgkQYY40rnOuPBffv8H3
wMgLiqQJ322RB8bJKo+pQsG6mEdQiXsgXS2qOIVvAjLme3TIZgwntcA5UoaWo5v
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Squid is 32 bit? And OS?
30.07.15 3:23, Sebastian Goicochea пишет:
> Hello, I'm having a problem monitoring squid memory usage.
>
> Using SNMP:
> SQUID-MIB::cacheMemUsage.0 = INTEGER: -1355105
>
> Using squid-client:
> Memory accounted for:
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I would not do that. It is dangerously close to the illegal hacking.
Even the inclusion of GET query strings in the log is considered a
violation of privacy. And it has done solely for the purpose of
debugging caching.
05.08.15 18:38, tianchao ha
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Who knows anything about Vimeo caching? Any relevant and _actual_ info
are welcome.
WBR, Yuri
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQEcBAEBCAAGBQJVyNhDAAoJENNXIZxhPexGGRUH/jKW+F0y+dshSdMPj/f2yDBy
tvNGK/d9Zfqyhq4kkySoyTwJZCYBXr7KfAdap4
ng? Check out Billing for FusionPBX with FreeSWITCH
>
> 2015-08-10 13:01 GMT-04:00 Benjamin E. Nichols
> :
>
>> I am also interested in this thread.
>>
>>
>> On 8/10/2015 11:58 AM, Yuri Voinov wrote:
>>
> WBR, Yuri
>>>
>>> _
ownloads so it should be very simple to
cache some of the content using StoreID.
> From my memory I think that they use different ID for the images from
the videos.
>
> Eliezer
>
> * I know that they are using akamai as their CDN and you can check the
option for a cache
>
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi all.
Stupid question:
Which protocol uses when Stored-ID object returned by Squid?
I.e., when I use ssl bump, and use next rules:
squid.conf:
acl store_rewrite_list_web url_regex
^https?:\/\/(khms|mt)[0-9]+\.google\.[a-z\.]+\/.*
^https?:\/\
?
12.08.15 18:51, Amos Jeffries пишет:
> On 12/08/2015 11:13 p.m., Yuri Voinov wrote:
>>
>> Hi all.
>>
>> Stupid question:
>>
>> Which protocol uses when Stored-ID object returned by Squid?
>>
>> I.e., when I use ssl bump, and use next rules:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
12.08.15 19:39, Eliezer Croitoru пишет:
> On 12/08/2015 16:12, Yuri Voinov wrote:
>> Thank you, Amos, for explanation.
>>
>> It is an exhaustive answer to my doubts.:)
>>
>> So, finally, I can write Store-ID map
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I still see no problem, if the same content under HTTP/HTTPS will
deduplicated as one record.
12.08.15 20:06, Eliezer Croitoru пишет:
> On 12/08/2015 16:44, Yuri Voinov wrote:
>> Hmm. You want to say will better to have HTTP/HTTPS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Also, Amos.
What's happens when I normalize or completely suppress Vary header?
12.08.15 18:51, Amos Jeffries пишет:
> On 12/08/2015 11:13 p.m., Yuri Voinov wrote:
>>
>> Hi all.
>>
>> Stupid question:
>>
Accept-Encoding
?
12.08.15 20:31, Amos Jeffries пишет:
> On 13/08/2015 2:18 a.m., Yuri Voinov wrote:
>>
>> Also, Amos.
>>
>> What's happens when I normalize or completely suppress Vary header?
>
> The Internet breaks.
>
> * images show up as random colour ga
ebug but
it is limited a bit.
>
> Eliezer
>
> * I have read people writing in forums something like "we are not
spoon feeding got read the man pages" and I do not like the attitude!!
> - Also on this specific case there is not man pages or something
similar and I encourag
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
14.08.15 2:02, Marko Cupać пишет:
> On Fri, 14 Aug 2015 03:38:47 +1200
> Amos Jeffries wrote:
>
>> On 14/08/2015 12:47 a.m., Marko Cupać wrote:
>>> Hi,
>>>
>>> a few years ago I had a working setup of squid + dansguardian which
>>> was giving me
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
14.08.15 2:56, Alex Rousskov пишет:
> On 08/13/2015 09:38 AM, Amos Jeffries wrote:
>> On 14/08/2015 12:47 a.m., Marko Cupać wrote:
>>> Is it possible - by means of squid's peek and splice feature - to
>>> inspect file extensions and mime types of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
ufdbguard does.
16.08.15 20:27, Stanford Prescott пишет:
> I have SquidClamAV implemented with the Smoothwall Express 3.1 firewall. It
> works well and fast with ssl-bump, although the majority of our users only
> have relatively small networks wi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
O, really?
17.08.15 4:03, Stanford Prescott пишет:
> ufdbGuard is not a content filter.
>
> On Sun, Aug 16, 2015 at 4:07 PM, Yuri Voinov wrote:
>
>>
> ufdbguard does.
>
> 16.08.15 20:27, Stanford Prescott пишет:
ontent filter, like DansGuardian and
> E2Guardian are content filters which examine the content of web pages
> looking for unwanted things.
>
> On Sun, Aug 16, 2015 at 6:10 PM, Yuri Voinov wrote:
>
>>
> O, really?
>
> 17.08.15 4:03, Stanford Prescott пишет:
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
18.08.15 19:20, Amos Jeffries пишет:
> On 19/08/2015 12:20 a.m., adricustodio wrote:
>> Well the captive portal is not the importante here...
>
> It is the most critical part of the system. Its very existence
> determines whether the rest of your
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Also, AFAIK, exists Perl DBI interface to Oracle:
https://www.google.com/search?q=Perl+Oracle+RBDMS+interface
And this is real possibility to write own (or modify existing) auth helper.
18.08.15 19:20, Amos Jeffries пишет:
> On 19/08/2015 12:20
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Oracle has it's own LDAP server, named Oracle Internet Directory. With
Oracle RDBMS at backend.
Just go http://oracle.com.
Squid supports LDAP auth.
PS. BTW, you know how much does Oracle license's cost? Per CPU core? OID
and RDBMS licenses sepa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
18.08.15 23:57, adricustodio пишет:
> Ok, last question
>
> Squid is able to authenticate on mysql right ?
Yes.
>
>
> If i create a mysql base and import all my oracle data there ? will
that be
> possible ?
Yes. The only point is how you will
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Join to the wish. It would be very cool functionality.
24.08.15 18:29, Amos Jeffries пишет:
> On 21/08/2015 2:56 a.m., Stakres wrote:
>> Hi All,
>>
>> There is an existing case in the bugzilla
>> (http://bugs.squid-cache.org/show_bug.cgi?id=1913)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Eliezer,
how to take a look on sources?
25.08.15 20:25, Eliezer Croitoru пишет:
> I am pleased to publicly release the first version of SquidBlocker which
> considered by me stable
enough for production use.
>
> SquidBlocker can replace squidgua
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I'll be interested in test redirector on my platform (this is Solaris),
this is why I asked about sources
I have databases. :) Need only code.
25.08.15 22:31, Eliezer Croitoru пишет:
> On 25/08/2015 18:14, Yuri Voinov wrote:
&g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Fred,
look ;)
http://i.imgur.com/UBu13g0.png
Store-ID rulez! :)
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQEcBAEBCAAGBQJV3LEfAAoJENNXIZxhPexGvhAH/2XZARm3G1ZA73ikAZAGo5h3
/EYrU+ZdZc0E4GxLhO8a49jD8gSQ4H/Wc8MMkbXT/+Dflhcpy70N0CQ8M8IBAL54
t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
http://i.imgur.com/3jwftYC.png
Bytes ratio is a less, of course. But not so dramatically.
YT seems not cacheable now. I made some research and AFAIK we can't
cache YT now without VERY special store-ID rewriter.
Also, of course, I use SSL-bump. S
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Amos,
this issue looks like very similar to bug 4188, isn't it?
WBR, Yuri
26.08.15 11:36, Amos Jeffries пишет:
> On 26/08/2015 6:51 a.m., Oliver Webb wrote:
>> TLDR Skip to --
>>
>> I have squid 3.5.7 installed on linux with the followin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
SARG has Windows version now.
26.08.15 19:00, Paul LINDEN пишет:
> Hello,
>
> I'm working with SQUID 3.5.6 win64 version et i'm very happy with.
> I'm looking for a loganalysis software running under Windows... Does
anybody know one ? I'm running
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Btw,
when Squid will directly support gzip, inflate compression itself?
27.08.15 2:15, Amos Jeffries пишет:
> On 27/08/2015 7:53 a.m., Sebastián Goicochea wrote:
>> After I sent you my previous email, I continued investigating the
>> subject .. I
, which "will not
be implemented neve because we do not want to do that." But you will
agree that my arguments are essential.
27.08.15 9:49, Amos Jeffries пишет:
> On 27/08/2015 8:50 a.m., Yuri Voinov wrote:
>>
>> Btw,
>>
>> when Squid will directly support gzip, in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sure. This is a bit difficult, but possible. Excluding YT videos
(googlevideo), of course. Due to YT construction.
29.08.15 4:31, Gabriel Ordoñez пишет:
> Hello, first of all this it is my first time here.
> I'm trying to use squid for content sit
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Here is my squidview screenshots:
http://i.imgur.com/svyWY6i.png
http://i.imgur.com/0ChSDql.png
H means TCP_HIT. :)
29.08.15 4:31, Gabriel Ordoñez пишет:
> Hello, first of all this it is my first time here.
> I'm trying to use squid for content
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
30.08.15 21:52, Amos Jeffries пишет:
> On 29/08/2015 12:17 a.m., Oliver Webb wrote:
>> Thanks for your reply Amos. I will explain a bit more of my setup in
the hope it clarifies a few of the issues.
>>
>> I have installed the certificate portion
701 - 800 of 1449 matches
Mail list logo
