-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Aha. And future of caching software too. With total HTTPS migration.
01.09.15 2:21, Jason Haar пишет:
> On 01/09/15 02:59, Shane King wrote:
>> Accessing via the browser may work but the sync clients that sit in
>> the system tray use certificate
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
But everything will very secure, is it? :)
01.09.15 2:21, Jason Haar пишет:
> On 01/09/15 02:59, Shane King wrote:
>> Accessing via the browser may work but the sync clients that sit in
>> the system tray use certificate pinning I believe.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
BTW, GoogleDrive web application still works with bump. Use it, Luke ;)
01.09.15 2:21, Jason Haar пишет:
> On 01/09/15 02:59, Shane King wrote:
>> Accessing via the browser may work but the sync clients that sit in
>> the system tray use certifica
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I see this one?
1441054231.642 21243 127.0.0.1 TCP_HIT_ABORTED/000 0 GET
http://wiki.squid-cache.org/wiki/squidtheme/js/kutils.js -
HIER_DIRECT/2001:4b78:2003::1 -
1441054231.642 21245 127.0.0.1 TCP_SWAPFAIL_MISS_ABORTED/000 0 GET
http://wiki.sq
: max-age=3600
> Cache-Control: max-age=3600
> < Expires: Tue, 01 Sep 2015 00:21:00 GMT
> Expires: Tue, 01 Sep 2015 00:21:00 GMT
> < Content-Type: text/html; charset=utf-8
> Content-Type: text/html; charset=utf-8
>
> <
> * Connection #0 to host wiki.squid-cache.o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I'm interested in.
My setup use custom build 3.4.14 under Solaris 10 x64, patched with
store_miss backported functionality.
Is it acceptable?
01.09.15 14:26, Kinkie пишет:
> Hi all,
>I am currently working on some performance improvements fo
e: text/html; charset=utf-8
>
> <
> * Connection #0 to host wiki.squid-cache.org left intact
>
> But from an ABORT it seems like a client side issue.. Chrome?
>
> Eliezer
>
> On 31/08/2015 23:52, Yuri Voinov wrote:
>>
> I see this one?
>
> 1441054231.642 21
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
01.09.15 18:40, FredB пишет:
>
>
>> Hi Fred,
>> By keeping objects 30 days maxi, does it mean you expect to upgrade
>> all
>> windowsupdate objects in 30 days ?
>>
>> I'm still thinking we should have an option forcing some type of
>> objects
>>
os to 77.93.254.178, timeout is 2 seconds:
.
Success rate is 0 percent (0/5)
And I thought this is my hand curves.
01.09.15 18:52, Amos Jeffries пишет:
> On 1/09/2015 10:42 p.m., Yuri Voinov wrote:
>>
>> Not available when IPv6 enabled on my outgoing interface.
>>
>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Check it.
This is ISP. They are hands-curved.
01.09.15 21:47, Amos Jeffries пишет:
> On 2/09/2015 1:06 a.m., Yuri Voinov wrote:
>>
>> Found it. My ISP can't pass ICMPv4/v6 to wiki.squid-cache.org . Here is
>> proble
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Better to write store-id rule which cut off parameters and store gif.
Something like this:
^https?:\/\/(.+?)\/(.+?)\.(js|css|jp(?:e?g|e|2)|gif|png|bmp|ico|svg|web(p|m))
http://$1.squidinternal/$2.$3
And, of course, universal rule for sto
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
And, finally, trackers is relatively easy to block ;) Simple. Against
caching and garbaging cache storage. With ufdbGuard, for example :)
02.09.15 0:00, Marcus Kool пишет:
>
>
> On 09/01/2015 05:14 AM, FredB wrote:
>> More precisely
>>
>> I reduce
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
02.09.15 0:16, Marcus Kool пишет:
>
>
> On 09/01/2015 03:08 PM, Yuri Voinov wrote:
>>
> Better to write store-id rule which cut off parameters and store gif.
>
> Something like this:
>
>
^https?:\/\/(.+?)\/(.+?)\
, you must cache all Internet and
all it variations. Yes, Vary is evil. But web-masters which is fight
against caching is more evil.
02.09.15 0:16, Marcus Kool пишет:
>
>
> On 09/01/2015 03:08 PM, Yuri Voinov wrote:
>>
> Better to write store-id rule which cut off parame
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
02.09.15 4:57, Marcus Kool пишет:
>
>
> On 09/01/2015 03:57 PM, Yuri Voinov wrote:
>>
> This is bad idea - to cache the same gifs with unique parameters. They
keeps unchanged for one HTTP-session in best case. You cache will
o
site - I'll write an exception. Do not
broke - do not fix it. But lowering cache hit by my own hands to
ridiculous values I will not ever. For whatever reason. Otherwise, it
makes no sense to put a caching proxy.
02.09.15 15:50, Eliezer Croitoru пишет:
> On 02/09/2015 12:46, Yuri Voinov
09.15 15:50, Eliezer Croitoru пишет:
> On 02/09/2015 12:46, Yuri Voinov wrote:
>> all, but I assume that you do not want innocent victims, like the few
>> gifs that actually have a different image depending on the parameter.
>> May be, may be not. Most often I deal with u
with store-ID works effectively and refresh_patterns are adequate.
And, finally, minimum user complains is a good enough indicator.
02.09.15 16:23, Eliezer Croitoru пишет:
> On 02/09/2015 13:00, Yuri Voinov wrote:
>>
>> I'm getting a very high hit ratio in my cache.And I do not in
cache more accurate to achieve maximum possible hit ratio.
02.09.15 16:23, Eliezer Croitoru пишет:
> On 02/09/2015 13:00, Yuri Voinov wrote:
>>
>> I'm getting a very high hit ratio in my cache.And I do not intend to
>> lower its with myself. Enough and that on the opposit
On 02/09/2015 13:00, Yuri Voinov wrote:
>>
>> I'm getting a very high hit ratio in my cache.And I do not intend to
>> lower its with myself. Enough and that on the opposite side of the
>> thousands of webmasters counteract caching their content on its own
>> grounds.
I know that the site in question, works perfectly and 100%
functional?
Don't think so.
02.09.15 16:23, Eliezer Croitoru пишет:
> On 02/09/2015 13:00, Yuri Voinov wrote:
>>
>> I'm getting a very high hit ratio in my cache.And I do not intend to
>> lower its with
effort to improve the efficiency of caching. Otherwise it
makes no sense to use a caching proxy. There are a lot of decisions
without caching.
03.09.15 0:48, Amos Jeffries пишет:
> On 3/09/2015 3:04 a.m., Yuri Voinov wrote:
>>
>> Here is another case with the same image:
>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
05.09.15 18:30, Xen пишет:
> On 09/05/2015 02:22 PM, Rafael Akchurin wrote:
>> Hello Xen,
>>
>> The certificate warning was most probably indeed caused by default
SHA-1 signature of the mimicked certificate in stock version of Squid
present by de
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Does anyone know - is it possible to send the connection, starting with
the CONNECT, to cache-peer?
I'll try to explain.
I need to send some sites, defined by ACL, connections with starts with
CONNECT (443 port), to the cache_peer first? Rather t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Is it possible to specifically - how exactly it is necessary to write
the configuration? The fact is that any variations on a similar theme
cause assertion.
15.09.15 23:17, Matus UHLAR - fantomas пишет:
> On 15.09.15 22:45, Yuri Voinov wr
accepts both HTTP and HTTPS connections. Yes, there
is Privoxy, which can tunnel CONNECT. How to tell Squid - "Forward this
URL and this URL into peer, whenever HTTP or HTTPS"?
15.09.15 23:17, Matus UHLAR - fantomas пишет:
> On 15.09.15 22:45, Yuri Voinov wrote:
>> Does anyone kn
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
There is no answer.
15.09.15 23:31, Matus UHLAR - fantomas пишет:
> On 15.09.15 23:27, Yuri Voinov wrote:
>> Is it possible to specifically - how exactly it is necessary to write
>> the configuration? The fact is that any variatio
read the manual. I outlined the
position quite clear?
If you do not know the exact answer - it is better to remain silent.
15.09.15 23:39, Matus UHLAR - fantomas пишет:
>>>>> On 15.09.15 22:45, Yuri Voinov wrote:
>>>>>> Does anyone know - is it possible to s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I want to get the answer the people who did it. And not those that
suggest that they could do it.
15.09.15 23:42, Matus UHLAR - fantomas пишет:
>>> On 15.09.15 22:45, Yuri Voinov wrote:
>>>> Does anyone know - is it
nto parent (with Tor) does not work.
I've tried to solve this, but unseccessful.
Yes, I can use Tor browser itself. But via Squid+Privoxy+Tor - doesn't work.
15.09.15 23:49, Antony Stone пишет:
> On Tuesday 15 September 2015 at 19:45:05, Yuri Voinov wrote:
>
>> I want to get
orwarded URL to splice directive is no matter.
I can't see any other error.
So, will be interesting - is it possible to forward HTTP/HTTPS for
specified URL to cache_peer without decrypting.
And I do not understand how to make this correctly.
16.09.15 0:15, Matus UHLAR - fantomas пишет:
> On
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
This:
http://osdir.com/ml/web.squid.general/2003-04/msg00800.html
does not work.
16.09.15 0:15, Matus UHLAR - fantomas пишет:
> On 15.09.15 23:42, Yuri Voinov wrote:
>> I asked a specific question. How does Squid as a whole - I am well
x27;t work.
I'e., most queries must outgoing via Squid, with SSL Bump if needed, but
selected URLs must goes via cache_peer to Tor, both HTTP/HTTPS, and
HTTPS without bumping.
Can't understand how to achieve this.
16.09.15 21:34, Amos Jeffries пишет:
> On 17/09/2015 3:18 a.m., Yuri V
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
16.09.15 21:34, Amos Jeffries пишет:
> On 17/09/2015 3:18 a.m., Yuri Voinov wrote:
>>
>> This:
>>
>> http://osdir.com/ml/web.squid.general/2003-04/msg00800.html
>>
>> does not work.
>
> Do you have
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hm.
If I understand correctly, the right configuration must be:
# Privoxy+Tor access rules
never_direct allow CONNECT
never_direct allow tor_url
# Local Privoxy is cache parent
cache_peer 127.0.0.1 parent 8118 0 no-query no-digest default
cache
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Deadly horrible.
It would be better if it did not exist.
17.09.15 2:00, Jorgeley Junior пишет:
> I think my squid is not optimezed due the percentage of hits, see the graph
> bellow:
>
>
>
>
>
> ___
>
17.09.15 10:50, Amos Jeffries пишет:
On 17/09/2015 4:36 a.m., Yuri Voinov wrote:
Hm.
If I understand correctly, the right configuration must be:
# Privoxy+Tor access rules
never_direct allow CONNECT
never_direct allow tor_url
# Local Privoxy is cache parent
cache_peer 127.0.0.1 parent 8118
If I disable SSL bump for tunneled sites, I've got an error SSL:
ssl_error_rx_record_too_long
17.09.15 10:50, Amos Jeffries пишет:
On 17/09/2015 4:36 a.m., Yuri Voinov wrote:
Hm.
If I understand correctly, the right configuration must be:
# Privoxy+Tor access rules
never_direct
17.09.15 16:18, Amos Jeffries пишет:
On 17/09/2015 7:57 p.m., Yuri Voinov wrote:
17.09.15 10:50, Amos Jeffries пишет:
On 17/09/2015 4:36 a.m., Yuri Voinov wrote:
Hm.
If I understand correctly, the right configuration must be:
# Privoxy+Tor access rules
never_direct allow CONNECT
:57 p.m., Yuri Voinov wrote:
>>
>>
>> 17.09.15 10:50, Amos Jeffries пишет:
>>> On 17/09/2015 4:36 a.m., Yuri Voinov wrote:
>>>> Hm.
>>>>
>>>> If I understand correctly, the right configuration must be:
>>>>
>>>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
18.09.15 21:22, Matus UHLAR - fantomas пишет:
> from earlier e-mail:
>
>> acl tor_url url_regex "C:/Squid/etc/squid/url.tor"
>
> On 17.09.15 18:47, Yuri Voinov wrote:
>> acl NoSSLIntercept ssl::server_name_reg
On 17/09/2015 10:07 p.m., Yuri Voinov wrote:
>> If I disable SSL bump for tunneled sites, I've got an error SSL:
>>
>> ssl_error_rx_record_too_long
>>
>
> If you "disabled" ssl_bump by removing its config, or using "ssl_bump
> none" for tha
se of only HTTP's forwarding possibility is
meaningless in HSTS-enabled world.
This is feature request, Amos. Otherwise Squid lacks some critical
functionality.
22.09.15 0:13, Amos Jeffries пишет:
> On 22/09/2015 6:00 a.m., Yuri Voinov wrote:
>>
>> Can't understand, why it
spoofed), it can't be reacheable via Squid+tunneled proxy. Completely.
First CONNECT got timeout - and viola! - destination unreacheable.
22.09.15 0:13, Amos Jeffries пишет:
> On 22/09/2015 6:00 a.m., Yuri Voinov wrote:
>>
>> Can't understand, why it is not work.
>>
owser.
Apart from the fact that if the proxy has no meaning at all.
I want to give controlled access to the tunnel for specified sites. Not
extremism, not drugs etc.
Simple.
22.09.15 0:13, Amos Jeffries пишет:
> On 22/09/2015 6:00 a.m., Yuri Voinov wrote:
>>
>> Can't under
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
22.09.15 1:15, Amos Jeffries пишет:
> On 22/09/2015 6:25 a.m., Yuri Voinov wrote:
>>
>> This is dig result:
>>
>> ;; ANSWER SECTION:
>> torproject.org. 3600IN A 93.95.227.222
>> to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
22.09.15 1:23, Antony Stone пишет:
> On Monday 21 September 2015 at 21:20:19, Yuri Voinov wrote:
>
>> 22.09.15 1:15, Amos Jeffries пишет:
>>
>>> HSTS is opt-out. Strip the *response* header on the first contact and
CONNECT 443 port.
22.09.15 1:23, Antony Stone пишет:
> On Monday 21 September 2015 at 21:20:19, Yuri Voinov wrote:
>
>> 22.09.15 1:15, Amos Jeffries пишет:
>>
>>> HSTS is opt-out. Strip the *response* header on the first contact and it
>>> disappears.
>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Finally it ends up by this one:
http://i.imgur.com/izWY1cc.png
Antony, how it can be explained? ;)
22.09.15 1:23, Antony Stone пишет:
> On Monday 21 September 2015 at 21:20:19, Yuri Voinov wrote:
>
>> 22.09.15 1:15, Amos Je
parseHttpRequest:
HTTP Client local=127.0.0.1:3128 remote=127.0.0.1:37507 FD 57 flags=1
2015/09/22 21:54:34.377 kid1| client_side.cc(2338) parseHttpRequest:
HTTP Client REQUEST:
- -
22.09.15 3:38, Amos Jeffries пишет:
> On 22/09/2015 7:33 a.m., Yuri Voinov wrote:
>&
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
CONNECT torproject.org:443 HTTP/1.1
Host: torproject.org
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/45.0.2454.93 Safari/537.36
- --
2015/09/2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Ooops. After timed out:
- -
CONNECT torproject.org:443 HTTP/1.1
Host: torproject.org
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/45.0.2454.93 Safari/537.3
Look:
# Tor acl
acl tor_url url_regex -i "/usr/local/squid/etc/url.tor"
url.tor contains:
^https?.*torproject.*
May be, I'm an idiot, but where is the error?
All other url.tor entries works perfectly. WIth HTTP only.
23.09.15 7:44, Amos Jeffries пишет:
On 23/09/2015 4:39 a.
23.09.15 17:07, Matus UHLAR - fantomas пишет:
Hello,
On 17.09.15 18:47, Yuri Voinov wrote:
acl NoSSLIntercept ssl::server_name_regex -i localhost \.icq\.*
kaspi\.kz
ssl_bump splice NoSSLIntercept
# Privoxy+Tor access rules
never_direct allow tor_url
cache_peer_access 127.0.0.1 allow
20:03:30 kid1| Process ID 11160
23.09.15 17:24, Amos Jeffries пишет:
> On 23/09/2015 11:01 p.m., Yuri Voinov wrote:
>> Look:
>>
>> # Tor acl
>> acl tor_url url_regex -i "/usr/local/squid/etc/url.tor"
>>
>> url.tor contains:
>> ^https?.*torproje
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
24.09.15 7:12, Amos Jeffries пишет:
> On 24/09/2015 2:04 a.m., Yuri Voinov wrote:
>>
>> Through assertion and then restarts squid:
>>
>> 2015/09/23 20:03:25 kid1| Validated 35899 Entries
>> 2015/09/23
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
First. This is potentially dangerous. Can you guarantee your proxy never
has physical/network access by intruders? HTTPS can contain sensitive
data. You really sure you want problems with users? AS a minimum you
need protect your proxy at level B2
to use squid.
> Man, most of sites are https, what's the purpose of using squid?
>
> 2015-09-24 16:13 GMT-03:00 Yuri Voinov :
>
>>
> First. This is potentially dangerous. Can you guarantee your proxy never
> has physical/network access by intruders? HTTPS can contain
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Aha. Good news. This is something already.
25.09.15 1:57, Amos Jeffries пишет:
> On 25/09/2015 2:13 a.m., Yuri Voinov wrote:
>>
>> 24.09.15 7:12, Amos Jeffries пишет:
>>> On 24/09/2015 2:04 a.m., Yuri Voinov wrote:
>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Absolutely.
25.09.15 2:13, Amos Jeffries пишет:
> Problems with SSL-Bump are more legal related than technical.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQEcBAEBCAAGBQJWBGMTAAoJENNXIZxhPexGd78H/2LyU5wK7nlOgbWUVE2jGUAm
Y6paNJn8yi+Erv5+rAS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
It not seems blocked.
Blocked URL has TCP_DENIED tag.
28.09.15 1:54, Henry McLaughlin пишет:
>>
>> On 27 September 2015 at 17:07, Henry McLaughlin
>> wrote:
>>
>>> I am having problems using a radio streaming application on my
phone. The
>>> pho
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I suggest, a good idea to bypass bankings around bump. As by as pinned
Apple apps.
In another word - use splice, Luke! ;)
28.09.15 20:43, HackXBack пишет:
> this happen with me on all apple applications, and to make them work fine you
> must none
Don't think so we can detect pinned apps automatically. You need find it
manually this time AFAIK.
29.09.15 2:29, HackXBack пишет:
Yuri, Dear friend.
use splice HAA ? ok and how you cant detect automatically to make squid
splice the pinned app automatically ?
other wise , it is a real problem
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Don't do it. Never.
You make most sites broken for your clients.
Dynamic content not ended up by cgi-bin. Caching dynamic content is not
so simple and trivial task.
01.10.15 1:35, Magic Link пишет:
> Hi,i configure squid to use cache. It seems t
01.10.15 17:26, Job пишет:
Hello,
by reading the 3.5 Squid verson "Peek and splice" features:
http://wiki.squid-cache.org/Features/SslPeekAndSplice
i would like to ask you two questions, please:
1. in this implementations, i have to install the selfmade Certification
Authority as for SSL Bu
Da: squid-users [squid-users-boun...@lists.squid-cache.org] per conto di Yuri
Voinov [yvoi...@gmail.com]
Inviato: giovedì 1 ottobre 2015 13.29
A: squid-users@lists.squid-cache.org
Oggetto: Re: [squid-users] SSL Peek and Splice
01.10.15 17:26, Job пишет:
Hello,
by reading the 3.5 Squid verson
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
FTP In 2015 Really?!
04.10.15 3:04, David Touzeau пишет:
> Hi
>
> Since the 3.5.x branch allows FTP gateway, is there any plan to
support transparent FTP proxy ?
>
> Best regards
> ___
> squid-u
and fourth. Consider correct usage of Store-ID.
07.10.15 14:59, Amos Jeffries пишет:
On 7/10/2015 10:47 a.m., Ishtiaq Iqbal wrote:
Dear All Please guide me how to cache facebook content with squid
First; discover whether man-in-middle decryption is legal for your
situation. This is VERY I
/2015 10:00 p.m., Yuri Voinov wrote:
and fourth. Consider correct usage of Store-ID.
For facebook? they are/were pretty good for cacheability before the
HTTPS fanatics got to them.
Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
Sure, Eliezer. I've took this as a basis for my partial solution.
07.10.15 17:38, Eliezer Croitoru пишет:
Just wondering if you can contribute to the StoreID DB at:
http://wiki.squid-cache.org/Features/StoreID/#A_CDN_Pattern_Database
Eliezer
On 07/10/2015 12:10, Yuri Voinov wrote:
This is security theatre.
07.10.15 18:01, FredB пишет:
For facebook? they are/were pretty good for cacheability before the
HTTPS fanatics got to them.
Amos
HTTPS everywhere is the new mantra
Fred
___
squid-users mailing list
squid-users@lists.squi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Squid has its own in-memory cache, what's the point to put the disk
cache to the same ?!
13.10.15 20:05, Nelson Manuel Marques пишет:
>
> Hi all,
>
> We have a squid running for quite a few years and with the increase of
> traffic we noticed a bit
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Web-server.
DNS, which serves this zone, has not PTR record without www for domain,
or web-server itself has not rewrite rule for hostname without www.
16.10.15 20:00, sebastien.boulia...@cpu.ca пишет:
> Hi,
>
> When I try to access www.domain.qc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Feel free to check out our Wiki:
http://wiki.squid-cache.org/ConfigExamples/DynamicContent/Coordinator
http://wiki.squid-cache.org/ConfigExamples/DynamicContent
http://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube/Discussion
You can
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Start from here:
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ldap
16.10.15 23:51, sebastien.boulia...@cpu.ca пишет:
> Hi all,
>
> Like you know, Microsoft discountinued the TMG.
> The TMG was used as a reverse proxy.
> Since many days
chments is strictly prohibited. If you are not the
intended recipient, please notify the sender immediately by return
e-mail, and delete this message and any attachments from your system.
Thank you.
>
> « Gérer c’est prévoir (voir avant, avoir une vision de l’avenir) »
> [cid:image002.jpg@01D10
s [mailto:squid-users-boun...@lists.squid-cache.org] De
la part de Yuri Voinov
> Envoyé : 16 octobre 2015 15:03
> À : squid-users@lists.squid-cache.org
> Objet : Re: [squid-users] Replacing Microsoft TMG by Squid.
>
>
> http://wiki.squid-cache.org/Features/Authentication
>
> 17
t; There is no /usr/lib/squid directory.
>
> De : squid-users [mailto:squid-users-boun...@lists.squid-cache.org] De
la part de Yuri Voinov
> Envoyé : 16 octobre 2015 15:03
> À : squid-users@lists.squid-cache.org
> Objet : Re: [squid-users] Replacing Microsoft TMG by Squid.
>
ble-icap-client'
'--enable-ident-lookups' '--enable-linux-netfilter'
'--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-ssl'
'--enable-ssl-crtd' '--enable-storeio=aufs,diskd,ufs' '--enable-wccpv2'
'--e
tune=core2 -pipe -lmtmalloc' 'CXXFLAGS=-O3 -m64 -mtune=core2 -pipe
-lmtmalloc' 'CPPFLAGS=-I/opt/csw/include' 'LDFLAGS=-fPIE -pie
-Wl,-z,now' 'PKG_CONFIG_PATH=/usr/local/lib/pkgconfig'
--enable-build-info="Intercept/WCCPv2/SSL/CRTD/AUFS/eCAP/64/GCC/mtm
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
As I said earlier, this is a problem on the side of the web server.
Either the DNS or the web server is configured incorrectly.
20.10.15 2:17, Antony Stone пишет:
> On Monday 19 October 2015 at 19:54:23, sebastien.boulia...@cpu.ca wrote:
>
>> If I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
20.10.15 2:30, sebastien.boulia...@cpu.ca пишет:
> Hi again,
>
> Thanks you very much for your prompt answer.
> @Yuri: Before I switched to Squid, twice addresses pointed to the same
page.
> I used a TMG and it worked perfectly.
It may be DNS iss
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
20.10.15 19:25, joe пишет:
> tks eliezer you answer my Question
>
> instead off going to check for the latest release
> http://www.squid-cache.org/Versions/
>
>
> so im making full install script shell that will do all stuff auto get the
> latest
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Intelligent people usually test new versions before dragging them into
production. Lol.
20.10.15 20:16, joe пишет:
>> I think, this is very bad idea.
>
>> Proxy is not AV-software, and blind update may lead you production proxy
>> to death.
> auto
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
And that's what I think. Daily updates - it's not what you need for a
productive system. Do not broke - do not fix it. I'm easy, by
subscribing to a mailing list about new releases, check out the release
notes, think, do I need this, if necessary,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
First, you should put in order configurations.
22.10.15 0:31, luizca...@gmail.com пишет:
> Hello,
> So what I am trying to accomplish here is to basically have a
whitelist of domains that is allowed via http/https. If the UID is
squid,apache, or
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
You miss local web-server, which must serve this picture.
22.10.15 0:52, sebastien.boulia...@cpu.ca пишет:
> Hi again,
>
> I would like to change the Squid'slogo that appear on an ccess denied
page...
> I replace the picture /usr/share/squid/icons
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
https://www.google.com/search?q=RDP+via+Squid
Some results:
http://superuser.com/questions/713359/i-want-to-rdp-to-my-server-that-is-behind-a-squid3-proxy
http://sengstar2005.hubpages.com/hub/How-to-Remote-Desktop-to-a-Terminal-Server-via-a-Web-P
s I am open for suggestion. This
configuration minus the peek/splice part works fine in 3.4.2. Not sure
what changed in
> 3.5 that causes this to fail.
>
>
>> Date: Thu, 22 Oct 2015 00:59:36 +0600
>> From: Yuri Voinov
>> To: squid-users@lists.squid-cache.org
>>
age like we do for our “403 blocked
> page” – see
http://docs.diladele.com/faq/filtering/logo.html
>
> Best regards,
> Rafael Akchurin
> Diladele B.V.
>
>
> From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org]
On Behalf Of Yuri Voinov
> Sent: Wednesday,
[mailto:squid-users-boun...@lists.squid-cache.org] De
la part de Yuri Voinov
> Envoyé : 21 octobre 2015 15:05
> À : squid-users@lists.squid-cache.org
> Objet : Re: [squid-users] Remote Desktop Gateway thru Squid.
>
>
> https://www.google.com/search?q=RDP+via+Squid
>
> Some results
eplaced…
>
> Did you ever replace the Squid logo ?
>
> Thanks.
>
> Sebastien.
>
> De : squid-users [mailto:squid-users-boun...@lists.squid-cache.org] De
la part de Yuri Voinov
> Envoyé : 21 octobre 2015 15:01
> À :
squid-users@lists.squid-cache.org<mailto:squid-us
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Show piece of
allowed_domains
file.
22.10.15 2:29, luizca...@gmail.com пишет:
> Could you suggest a configuration that you think should be working ? I would
> like both
HTTP/HTTPS domains whitelisted via file all other domains blocked. What
am
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Working config snippet for 3.5.x looks like this:
acl get_sni_at_step1 at_step SslBump1
ssl_bump peek get_sni_at_step1
acl spliced_hosts ssl::server_name_regex -i
"/usr/local/squid/etc/url.nobump"
ssl_bump splice spliced_hosts
ssl_bump bump net_bu
22.10.15 15:58, Amos Jeffries пишет:
On 21/10/2015 4:53 p.m., Dan Charlesworth wrote:
I’m getting these very frequently for api.github.com and github.com
I’m using the same DNS servers as my intercepting squid 3.5.10 proxy and they
only return the one IP when I do an nslookup as well …
Any
g wrong here.
>
>
>> On Oct 21, 2015, at 8:16 PM, luizca...@gmail.com wrote:
>>
>> Alex,
>> So what do you recommend to do here ? I just need a simple whitelist
file for both http/https. I have a config that works on 3.4 but would
like to upgrade to 3.5 and the current c
ve a config that works on 3.4 but would
like to upgrade to 3.5 and the current config we have won't cut it. Just
need a simple if you are in this list allow if not deny. No need for any
ssl validation or anything.
>>
>>> On Oct 21, 2015, at 6:49 PM, Alex Rousskov
wrote:
&g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi gents,
Pay attention to whether someone from the test SQUID 4 as extremely low
of cache hits from the new version? Particularly with respect to sites
HTTPS directive "no cache"? After replacing the Squid 3.4 to 4 squid
cache hit collapsed from
email and if
required you can get a hold of the man behind the software(while he is a
human).
>
> And I will try to write it in a geeky way:
> deny_info 302:https://support.google.com/youtube/
big_system_that_doesnt_want_to_be_cached
>
> Eliezer
>
> * P.S If you do want to write
ehind the software(while he is a
human).
>
> And I will try to write it in a geeky way:
> deny_info 302:https://support.google.com/youtube/
big_system_that_doesnt_want_to_be_cached
>
> Eliezer
>
> * P.S If you do want to write an ICAP service or an ECAP module to
replace the &quo
801 - 900 of 1449 matches
Mail list logo
