[squid-users] Squid as an education tool

Hey Everybody, I am just releasing the latest 6.7 RPMs and binaries while running couple tests and I was wondering if this was done. As I am looking at proxy, in most cases it's being used as a policy enforcer rather than an education tool. I believe in education as one of the top priorities com

Re: [squid-users] Squid as an education tool

Hey Francesco and others, First thanks of the direction. I was thinking about using generic tools that are available as possible. Also, in education there is a whole thing about it not being an intercept proxy (with or without bump) so it simplifies some of the aspects of the setup. I would try

[squid-users] Basic Squid-Cache docker containers

Hey Everyone, As a part of the project I am currently working on I needed a basic squid-cache container. I have looked for these in Docker hub and wasn't able to find such a container image with the newest version of squid. Due to this I have created 3 containers: Alma8 based Debian 12 Based Ub

[squid-users] Anyone build Squid for on multiarch ie arm and arm64?

I have couple RouterOS devices which supports containers with the next CPU arches: • x86_64 • arm64 • armv6 • armv7 And I was wondering if someone bothered compiling squid containers for these arches? I know that there are packages for Debian and Ubuntu but these are not 6.x squid but rather 5

[squid-users] Squid Docker container

I started working on the docker containers of squid-cache these days. The first one is at: https://hub.docker.com/r/elicro/debian12squid/tags but it's not ready to use as is yet, just the build steps for now with the binaries in place. I need to add the supervisord damon and maybe couple other th

Re: [squid-users] [squid-dev] Using AWS and a SQUID server to create Residential Proxies

Hey Edwin, The best place to start is Squid-Users and please do not send emails to all the available lists. Squid-Cache is an open source project which you can use on any Linux OS (and couple others) and the project is not publishing any official AWS products in the any marketplace. There are

Re: [squid-users] Recommended squid settings when using IPS-based domain blocking

Hey Jason, I can try to build Squid 6.8 for RHEL 9, would this help you to test it as a solution? Eliezer From: squid-users On Behalf Of Jason Marshall Sent: Wednesday, March 6, 2024 4:49 PM To: squid-users@lists.squid-cache.org Subject: [squid-users] Recommended squid settings when using IPS

Re: [squid-users] Squid stops responding after 12 browser tabs opened

Hey, I should have built the newest version of squid for debian 11 but for some reason I didn't built and published them. I am using a tar.gz packages and not .deb ones. I will try to build one later on. Eliezer -Original Message- From: squid-users On Behalf Of nuit...@earthlink.net S

Re: [squid-users] Manipulating request headers

Hey Ben, There is another option which is to use an ICAP server to modify the headers and strip the br part if exists. It depends on the load on the server but you can edit only the headers and to not use any preview which will remove some un-needed overhead. Take a peek at the example: https:/

Re: [squid-users] Squid stops responding after 12 browser tabs opened

OK So I have built 6.8 for debian-11 but the NIS support has been removed. https://www.ngtech.co.il/repo/debian/11/x86_64/ https://www.ngtech.co.il/repo/debian/11/x86_64/squid-6.8-64-bin-stripped-only.tar I have yet to publish an installation script for it but there are couple binaries and shar

Re: [squid-users] Dynamic ACL with local auth

Hey Albert, The right way to do it is to use an external acl helper that will use some kind of database for the settings. The other option is to use a reloadable ACLs file. But you need to clarify exactly the goal if you want more then a basic advise. Eliezer -Original Message- From: sq

Re: [squid-users] Dynamic ACL with local auth

Hey Albert, It's preferable to use an external ACL compared to reloading the squid conf in general. It will probably require to use external acl helper with the authenticated username as a detail which is being sent to the helper. Let's take an example.org squid.conf for the "project". On what p

[squid-users] Any ideas for a project and\or research with AI about squid-cache?

Hey Everyone, I was wondering if there are specific things which can be worked on with an AI as a testing project to challenge an AI. I am looking for a set of projects which a beginner squid-cache admin can try to implement to certify himself with real world experience. What are the most commo

Re: [squid-users] Any ideas for a project and\or research with AI about squid-cache?

Hey Jonathan, First of all, thanks for the response. I think that all squid-users knows that AI is there since very long ago. However, since it's a tool of the current times I want to be familiar with the tool capabilities. The AI tools which are published these days gives a specific response to

Re: [squid-users] Upgrade path from squid 4.15 to 6.x

Hey Akash, (Is this your first name?) There are ways to test the config step by step with docker containers but it depends on the config size and complexity. Even if you cannot share the squid.conf you can still summarize it to a degree. There are 2 types of proxy services which can be implement

Re: [squid-users] Squid Version squid-5.7-150400.3.6.1.x86_64 -- Squid is crashing continusly

Hey Anitha, There are couple missing details. Is it a brand new proxy? What OS are you using? What Distro? It looks like a very simple forward proxy setup. When is the proxy crashing? At startup? After a while? Thanks, Eliezer From: squid-users On Behalf Of M, Anitha (CSS) Sent: Thursday, July

Re: [squid-users] Squid 6.10 on Fedora 40 cannot intercept and bump SSL Traffic

Hey Alex, Sorry for the confusion, And we are back in the Squid-Users. I have tested this issue with Windows 11 as a client in an intercept and TPROXY mode. I can try to test it using another client such as linux or windows 10 but I assume that the issue is the same. I sniffed some packets on

Re: [squid-users] Squid 6.10 on Fedora 40 cannot intercept and bump SSL Traffic

Attached a gist with all the technical details (the email was too long) https://gist.githubusercontent.com/elico/bc5189e74aacf1f902f767fc1902d3a4/raw/afe876f5d46d2789d48b41dab7a73c7a6fd40be1/sslbump-issue-5.9.txt Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.

Re: [squid-users] Squid 6.10 on Fedora 40 cannot intercept and bump SSL Traffic

Attached a link for the pcap file that might shed some light on the issue from a technical perspective: https://cloud.hisstory.org.il/apps/maps/s/Mw8Cb8QLYto83rK Eliezer ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid

Re: [squid-users] Squid 6.10 on Fedora 40 cannot intercept and bump SSL Traffic

OK so the issue was that: The http_port was used for ssl bump with intercept while the only port which can really intercept ssl connections is: https_port so I believe that there should be a warning about such a line in the cache log. When there is http_port and intercept and ssl_bump there

[squid-users] Rocky 8 new repo

Hey List, After some time, work and testing I started maintaining the rocky squid cache packaging at: https://www.ngtech.co.il/repo/rocky/8/ Until now the tests are showing very good results in real usage. https://www.nethserver.org/ Are using Rocky linux and their 7 release is pretty good, I a

[squid-users] A periodic update

Hey Everybody, Since https://cachevideos.com/ is no longer in development due to YouTube and other vendors usage of tokens and vbr streaming. Are there any specific video sites which are good to be cached? Can we cache Vimeo or any other specific sites without using ICAP or ECAP ie using plain Sto

Re: [squid-users] RFC: Removal of ESI Support from Squid

Hey Jonathan, The issues and comparison between 5.x to 6.x can be tested and verified. The ESI related code can be disabled in these tests and I think that the subject you are talking about is different then the subject of the thread. I will be happy to try and assist with testing these performan

Re: [squid-users] Unable to access internal resources via hostname

Hey Josh, Configuring Squid is not a simple task in some cases. I used to think it's a pretty simple piece of software to configure and indeed with the right background and labs you can achieve specific goals easily and fast. However, I encountered over the years enough situations to understand th

Re: [squid-users] Anyone has experience with Windows clients DNS timeout

Hey Amos, For an INTERCEPT setup we still need to resolve before squid is touching the packets. There are registry keys for this purpose however we first need to identify this issue. The basic way to verify this is using the "set debug" on nslookup and use a fully "cold" DNS recurser. I was th

[squid-users] SSL-BUMP 5.0.4 not working as expected

I am trying to configure 5.0.4 with sslbump to bump only a set of domains. I am unsure about the right way it should be done. The basic constrains are POLICY vs a set of rules. * Should I bump all connections with exceptions? * Should I bump non else then the exceptions? * Bas

[squid-users] SSL-BUMP 5.0.4 not working as expected

ect: Re: [squid-users] SSL-BUMP 5.0.4 not working as expected On 3/01/21 9:08 am, ngtech1ltd wrote: > I am trying to configure 5.0.4 with sslbump to bump only a set of domains. > > I am unsure about the right way it should be done. > > The basic constrains are POLICY vs a set of rul

Re: [squid-users] SSL-BUMP 5.0.4 not working as expected

Comments bellow -Original Message- From: squid-users On Behalf Of Amos Jeffries Sent: Sunday, January 3, 2021 9:12 AM To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] SSL-BUMP 5.0.4 not working as expected On 3/01/21 9:08 am, ngtech1ltd wrote: > I am trying to config

[squid-users] PCI Certification compliance lists

I am looking for domains lists that can be used for squid to be PCI Certified. I have read this article: https://www.imperva.com/learn/data-security/pci-dss-certification/ And couple others to try and understand what might a Squid proxy ssl-bump exception rules should contain. So technically we n

Re: [squid-users] Setting up a transparent http and https proxy server using squid 4.6

Hey, I am missing a bit of the context, like: Did you self compiled squid? Is it from the OS repository? Squid -v might help a bit to understand what you do have enabled in your Squid. Eliezer Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email:

Re: [squid-users] PCI Certification compliance lists

Hey David. Indeed it should be done with the local websites however, These sites are pretty static. Would it be OK to publish theses lists online as a file/files? The main issue is that ssl-bump requires couple “fast” acls. I believe it should be a “fast” acl but we also need the option

Re: [squid-users] Setting up a transparent http and https proxy server using squid 4.6

Try as test to remove: ssl_bump terminate all Ie use only the next bump rules: ### START # TLS/SSL bumping definitions acl tls_s1_connect at_step SslBump1 acl tls_s2_client_hello at_step SslBump2 acl tls_s3_server_hello at_step SslBump3 ssl_bump peek tls_s1_connect ssl_bump splice al

Re: [squid-users] PCI Certification compliance lists

Thanks David, I don’t understand something: 1490677018.addr Are these integers representing of ip addresses? Eliezer Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com Zoom: Coming soon From: David Touz

Re: [squid-users] Setting up a transparent http and https proxy server using squid 4.6

Just take into account that it will not filter any https/ssl sites this way. You will need to create an acl to allow only exceptions to be spliced. Try to look at the ufdbguard manual at: https://www.urlfilterdb.com/files/downloads/ReferenceManual.pdf at section: 3.3.2Squid Example Configuration,

Re: [squid-users] PCI Certification compliance lists

Thanks Alex, So for now the next should work by the docs at: http://www.squid-cache.org/Versions/v5/cfgman/ssl_bump.html I just noticed that I didn't put helper in the right context as you wrote in another email. This way we can reload automatically lists on a change without reloading the whole

Re: [squid-users] There is the problems with instagram images and videos

Hey, You have reduced the conf. We are not trying to guess You can either share your entire configuration or just to not ask. We cannot try to help you if we are missing parts of the configuration. ( leaving aside the ip addresses and confidential information) You should share both squid.conf

Re: [squid-users] Reloading squid service results in connection resets

Hey Matt, Can you please verify what is the size of the squid.conf and all of the related files? How long does it take to reload the configuration? I do not know the exact details but it’s recommended that you will upgrade to the latest 4.x or 5.x. If this scenario is re-producible in anoth

Re: [squid-users] There is the problems with instagram images and videos

Hey, Two things: First, you have lots of TCP_TUNNEL_ABORTED and I am not sure if the client or the server is the cause for these. Second, when you share the conf you can clean it up with the grep but just try to pay attention and make sure that it would be human readable, usually mail agents t

Re: [squid-users] There is the problems with instagram images and videos

Hey, I just compiled the newest version of Squid for Debian 11(bullseye) at: https://www.ngtech.co.il/repo/debian/11/x86_64/ However you need to know how to install it and I cannot work on the installer now. It's also doesn't include all of my patches yet. From what I have seen at: https://pac

Re: [squid-users] There is the problems with instagram images and videos

We will be in touch tomorrow (I'm in IST so it’s +2 UTC), I assume you are in a different TZ. In what TZ are you? Eliezer -Original Message- From: squid-users On Behalf Of simwin Sent: Wednesday, 15 June 2022 2:35 To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] There i

[squid-users] Squid-Cache 5.6 RPMs are out

Hey Everybody, Since 5.6 was recently published (and not all the masters has yet to pick it up) I have built RPM for: CentOS 7,8 Oracle Enterprise Linux 7,8 Amazon Enterprise Linux 2 All of the above includes couple of my personal patches. Feel free to pick the SRPMS and look at the sources.

Re: [squid-users] There is the problems with instagram images and videos

Hey, Let sum things up: Squid-Cache works all over the world and you are having a trouble in a specific environment. The main thing to do now is find the difference between others and you in the setup level. First you referenced to a danted sock5 proxy. So the issue is that your setup is more c

Re: [squid-users] Logrotate question

Rob, It will be different how you implement and use logrotate manually or with the logrotate tools. What OS are you using? Eliezer From: squid-users On Behalf Of robert k Wild Sent: Wednesday, 15 June 2022 20:19 To: Squid Users Subject: [squid-users] Logrotate question Hi all, ATM to

Re: [squid-users] Logrotate question

Hey Rob, First there is a difference between rotation and deletion. If it’s not a loaded system then 3 month is ok but… in most use cases it’s better to rotate every day but to delete after 3 month. You have the choice to compress the files or to leave them in plain text but it’s only a choice

Re: [squid-users] Logrotate question

You should combine them both. I am checking this for you right now… Eliezer From: squid-users On Behalf Of robert k Wild Sent: Thursday, 16 June 2022 12:32 To: Squid Users Subject: Re: [squid-users] Logrotate question Cool, Thanks all, il try the logrotate program instead of using squids o

Re: [squid-users] Logrotate question

Hey Rob, The next is the file: From: squid-users On Behalf Of robert k Wild Sent: Thursday, 16 June 2022 13:27 To: Squid Users Subject: Re: [squid-users] Logrotate question Cool, so I will rotate daily and delete after 91 days, thanks guys On Thu, 16 Jun 2022, 11:14 Matus UHLAR - fanto

Re: [squid-users] Logrotate question

Oops, The next is the file: /etc/logrotate.d/squid ##START /var/log/squid/*.log { weekly rotate 5 compress notifempty missingok nocreate sharedscripts postrotate # Asks squid to reopen its logs. (logfile_rotate 0 is set in squid.conf) # errors redirecte

Re: [squid-users] Logrotate question

How did you installed squid on CentOS 7? >From my packages or the OS default or self compiled or another source? Eliezer From: robert k Wild Sent: Thursday, 16 June 2022 14:05 To: Eliezer Croitoru Cc: Squid Users Subject: Re: [squid-users] Logrotate question Oops sorry you did say that, s

Re: [squid-users] Logrotate question

Since this one is from yum install it’s very simple to just change the config files of squid and logrotate. If you need more assistance let me know. Eliezer From: robert k Wild Sent: Thursday, 16 June 2022 14:52 To: Eliezer Croitoru Cc: Squid Users Subject: Re: [squid-users] Logrotate qu

Re: [squid-users] Logrotate question

So just create the file I sent you before or extract the file from the squid RPM using “rpm2cpio squid…rpm |cpio -dimv” in some tmp dir. You will just need to copy the file into the proper location, disable the cron you have created and if the squid binary is in a specific different folder chang

Re: [squid-users] There is the problems with instagram images and videos

Hey, Take a peek at: https://www1.ngtech.co.il/wpe/2016/05/02/proxy-per-internet-user-is-it-realistic/ You might find ShadowSocks interesting. Let me know if one of the proxies in the article is good enough for your use case. Eliezer -Original Message- From: squid-users On Behalf Of

Re: [squid-users] The usage of extended SNMPD commands to monitor squid.

Hey Matus, The Squid-Cache project to my knowledge doesn't have a developer expert or have enough "free" time to maintain the SNMP parts of the code. Amos and Alex can correct me if I'm wrong. There were plans to make the cache manager pages in a yaml format to allow programs to work with instea

[squid-users] Squid ACLs by DSCP

Hey, I have been marking different clients with DSCP and have managed to redirect traffic to different squid ports based on DSCP. I am trying to use a single squid port that will read the DSCP of the connection as an ACL, is this even possible? Currently my best shot is to use couple squid port

Re: [squid-users] Squid ACLs by DSCP

nesday, 22 June 2022 13:08 To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] Squid ACLs by DSCP On 19/06/22 06:55, ngtech1ltd wrote: > Hey, > > I have been marking different clients with DSCP and have managed to > redirect traffic to different squid ports based on DSCP

[squid-users] APPs defintions

I have started working on APPs definitions by destination AS, Domains and Destination IP addresses. I am currently working on Netflix related domains. If anyone knows about a specific source that contains such lists please let me know. Thanks, Eliezer Eliezer Croitoru NgTech, Tech Supp

Re: [squid-users] WCCPV2 with fortigate ERROR: Ignoring WCCPv2 message: truncated record

Hey David, Just trying to understand something: Aren’t Fortinet something that should replace squid? I assumed that it should do a much better job then Squid in many aeras. What a Fortinet(I have one…) is not covering? Thanks, Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-

Re: [squid-users] WCCPV2 with fortigate ERROR: Ignoring WCCPv2 message: truncated record

Hey David, I am not sure and can spin up my Forti but from what I remember there are PBR functions in the Forti. Why would a WCCP be required? To pass only ports 80 and 443 instead of all traffic? Thanks, Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngte

[squid-users] MS-SQL with squid helpers

Hey Everybody, I was wondering if someone wrote a set of helpers that works with MS-SQL server database? I have a very big MSSQL Database that contains a set of domains and urls and I have a program that runs queries against this DB. If no one wrote such helpers I can manage to write a set of

[squid-users] the free domains blacklists are gone..

Hey, I have tried to download blacklists from couple sites that was publishing these in the past and all of them are gone. The only free resource I have found was DNS blacklists. I just wrote a dstdomain external helper that can work with a SQL DB and it seems to run pretty nice. Until now I

Re: [squid-users] Squid.conf in a DB Mysql

Hey Marcelo, It’s possible to use a SQL DB (Mysql,MSSQL,Oracle,PostgreSQL…) and a programming language to put the rules outside of squid.conf. It could be a combination of external acl helpers with DB backend and a configuration (squid.conf) generator based on a DB. However, you first need to d

[squid-users] 0 2 RO - Squid-Cache Zoom Meetup

Hey Everybody, https://www.ngtech.co.il/0-2-ro/index.php/2022/07/11/0-2-ro/ https://www.ngtech.co.il/0-2-ro/wp-content/uploads/2022/07/meeting-01-1024x576.png Up-coming 0 2 RO Squid-Cache community meetup next week the 21/07/2022 at 20:30 IST. The meeting will be in Zoom and I hope that we can

Re: [squid-users] Sqid uses all RAM / killed by OOM

Hey Ronny, First to make the data more readable use a top snapshot to illustrate the memory usage. Second, use Squid 5.6 and not 5.2 The issue is not necessarily because of the Squid version but other things. We should narrow down the issues as any other Squid issue. First upgrade to 5.6 and th

Re: [squid-users] squid 3.x on Centos8 not working

Hey Ahmad, What is preventing you from using 4.x or 5.x? Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com Web: https://ngtech.co.il/ My-Tube: https://tub

Re: [squid-users] squid 3.x on Centos8 not working

Hey Ahmad, I really don’t know what to say. I am not using delay pools so I cannot say anything about that. About DNS IPV4/IPV6 I am not sure what you are referring to. Can you please refer me to the bug report on these? It should be testable. I have not seen anything about this in my environme

Re: [squid-users] 0 2 RO - Squid-Cache Zoom Meetup

OK So the meeting will be up in the next zoom link: https://us02web.zoom.us/j/83973796573?pwd=TTdjY1p1dFBVUDVta1Yxa3N6OEo0dz09 It's public but has restricted login so you will need to be admitted by me. To prepare for the meetup it would be nice to know who will be participating in the meetup. Pl

Re: [squid-users] 0 2 RO - Squid-Cache Zoom Meetup

IST = Israel Time Zone Which now is UTC+3 IST != India Standard Time Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com Web: https://ngtech.co.il/ My-Tube: https://tube.ngtech.co.il/ -Original Message- From: ngtech1...@gmail.com Sent: Wednesd

Re: [squid-users] MS-SQL with squid helpers

uid-users On Behalf Of Amos Jeffries Sent: Thursday, 14 July 2022 11:57 To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] MS-SQL with squid helpers On 26/06/22 23:27, ngtech1ltd wrote: > Hey Everybody, > > I was wondering if someone wrote a set of helpers that works w

Re: [squid-users] MS-SQL with squid helpers

/ -Original Message- From: squid-users On Behalf Of Amos Jeffries Sent: Thursday, 14 July 2022 11:57 To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] MS-SQL with squid helpers On 26/06/22 23:27, ngtech1ltd wrote: > Hey Everybody, > > I was wondering if someone wrote a set o

Re: [squid-users] MS-SQL with squid helpers

- From: squid-users On Behalf Of Amos Jeffries Sent: Thursday, 14 July 2022 11:57 To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] MS-SQL with squid helpers On 26/06/22 23:27, ngtech1ltd wrote: > Hey Everybody, > > I was wondering if someone wrote a set of helpers that w

Re: [squid-users] fool windows into thinking it has internet access

Take a peek at: https://docs.microsoft.com/en-us/powershell/module/nettcpip/test-netconnection?view=windowsserver2022-ps This will highlight your issue and will probably make more sense into what you see. Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtec

Re: [squid-users] fool windows into thinking it has internet access

Hey Robert, The internet reachability test is composed of couple parts. Only one of them is HTTP. There is also an ICMP and DNS part to it. You can customize it on the registry at: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet The windows internet acce

Re: [squid-users] pros/cons squid vs next generation firewall

Hey Dieter, You should differentiate between a SMB level appliances to a more advanced ones. The basic difference is simplicity of management via WEBUI. They also have API but you will need developer level skills for that. >From my experience with checkpoint they basically have a large DB of >a

Re: [squid-users] Fwd: Sqid uses all RAM / killed by OOM

Hey Alex, Just to clear out the doubts. Ronny was trying to use 5.2 on Ubuntu 22.04 as an upgrade from 20.04. The issue was that probably for the same traffic on 20.04 with another version of squid it consumed a lot of RAM. My first suggestion was to upgrade into latest 5.6 but since 22.04 uses

Re: [squid-users] slow TCP_TUNNEL [SOLVED]

Great! I’m happy you were able to resolve the issue easily. All The Bests, Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com Web: https://ngtech.co.il/ My-Tube:

Re: [squid-users] regex for normal websites

I would assume that if you want to match something like dstdomain you would use: (^(.*\.)?)adobe\.com$ Or two regex: \.adobe\.com$ ^adobe\.com$ I like very much: https://rubular.com/ Which allows you to see visually the matches. Eliezer Eliezer Croitoru NgTech, Tech Support Mobil

Re: [squid-users] regex for normal websites

Hey Robert, The docs at http://www.squid-cache.org/Doc/config/acl/ states: acl aclname ssl::server_name_regex [-i] \.foo\.com ... # regex matches server name obtained from various sources [fast] Which and I do not know exactly what it means but it will not work with a help

Re: [squid-users] adding cache_control = nocache to http request using squid transparent proxy

Hey Amos, I support what you wrote and I do not know why the service provider wants this but there are some cases which there is a need to lower the cache ratio of the clients. Usually fast service is what ISPs want but there are couple use cases that I have seen which makes sense to somehow try

[squid-users] Windows Server 2019-22 Kerberos transparent Windows client authentication help wanted. Try 2

Hey Everybody, Last time I have tried to test transparent windows client authentication to AD with Kerberos I have failed in any test. The documentation at: https://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos https://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDire

Re: [squid-users] regex for normal websites

I believe it should have been: ^adobe\.com$ ^.*\.adobe\.com$ ^\*\.adobe\.com$ But I don’t know the code to this depth. If I would have written the match I think it would have been something a bit different. * A match for SNI * A joker match for SAN ie *.adobe.com SAN should catch bot

Re: [squid-users] xcalloc error when installing squid in container on CentOS 9 host

I will try to publish a CentOS 9 version later on to make sure it will work on a VM. Thanks, Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com Web: https://ngtech.co.il/ My-Tube: https://tube.ngtech.co.il/ Fr

Re: [squid-users] regex for normal websites

Hey Matus, The question is not matching the browser only by what the client asks for but also for.. The request a the lower levels. The ACLS check (as I mentioned in the code snippets) also the certificate "Subject Alternative Name". Due to and based on this, it's relevant for couple use cases.

Re: [squid-users] filedescriptors on debian/systemd

Hey, What's the bug exactly? The design of systemd is to enforce the FD limit. This is coming from the init 0 level of the design and due to this, squid cannot "patch" the kernel at runtime like any other process. The OS and systemd do not give any API to allow a request for"more FD". I assume tha

Re: [squid-users] regex for normal websites

Hey Robert, I will test this with latest squid and my Apps helper and will verify. Thanks, Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com Web: https://ngtech.co.il/ My-Tube: https://tube.ngtech.co.il/ Fro

Re: [squid-users] filedescriptors on debian/systemd

Hey Amos, I was under the impression that Systemd does impose a basic limit but I can test it to verify my doubts. >From my point of view and testing until now systemd does impose a basic global >limit. Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1..

Re: [squid-users] regex for normal websites

Hey Amos, And just to be clear: ssl::server_name_regex has the same path as ssl::server_name ? I have not read the code yet but it seems pretty obviates to me. Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com Web: https://ngtech.co.il/ My-Tu

Re: [squid-users] regex for normal websites

Hey Robert, I recorded this video for you: https://cloud1.ngtech.co.il/static/squid-data/regex-for-robert.mp4 This is what I did when I reviewed the question. I hope it will help you and others use this tool: https://rubular.com/ and squid. If you have any question regarding REGEX here we a

Re: [squid-users] Squid and Epic Games HCapctca

Hey Adam, I don’t remember where exactly epic games is hosted but, it should be spliced. If you need an app definition I can try to grab one from my local squid. Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: mailto:ngtech1...@gmail.com Web: https://ngtech.co.i

Re: [squid-users] Squid and Epic Games HCapctca

Hey Adam, I recorded a video for you on how I do it at: https://cloud1.ngtech.co.il/static/squid-data/splice-epic-games.mp4 So basically the relevant domains are: epicgames-download1.akamaized.net .epicgames.com .unrealengine.com And you can peek at robert k Wild mail: “regex for normal web

Re: [squid-users] Squid and Epic Games HCapctca

You are welcome. I wrote an app that does everything for me so I just need to dump the database into a: ssl::server_name directive it’s basically: ## START acl NoBump_server_name ssl::server_name "/etc/squid/no-ssl-bump-server-name.list" acl tls_to_splice any-of inspect_only NoBump_src NoBu

Re: [squid-users] Squid and Epic Games HCapctca

Please don’t bang your head… everybody is here for you. Sometimes it takes time to respond but you will get your answers. https://www.ngtech.co.il/squid/support-save/support-save-2022-08-05_00-51-47.tar.gz Is not the fastest connection and it has a blacklist in the DB dump so for now it’s a pr

Re: [squid-users] regex for normal websites

OK Robert, I have seen the issue you were having and indeed it’s because cloudflare understands that there is some kind of MITM in the path. It’s good but there should be a way to allow such MITM from cloudflare side. I believe that the cloudflare client should have the ability to allow or disa

Re: [squid-users] Trying to recompile squid 4.13 with ./configure CXXFLAGS="-DMAXTCPLISTENPORTS=256"

Hey Marcelo, What OS are you using? Debian? Ubuntu? The `which squid` command will show you where squid binary of squid -v is being take/used from. And also, just wondering why 4.13? and not 4.17? Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail

[squid-users] SQL DB squid.conf backend, who was it that asked about it?

Hey Everybody, I don’t remember who was it but I was asked about using a SQL DB backend for squid.conf. If the question is still in place I can try to help and give an example how it’s being done and also how to implement such a feature. Eliezer Eliezer Croitoru NgTech, Tech Support Mo

Re: [squid-users] Squid 4.8+ intercept

Hey K, I am not sure about the network topology. Preferably the Squid should reside on another network then the clients if it’s intercepting the traffic. Also, I assume it’s not a TPROXY setup so it should be pretty simple and straight forward. I understand why are you asking this question. A

Re: [squid-users] Squid 4.8+ intercept

Hey Rafael, This document covers on the V6 branch of Mikrotik and the stable is 7.4. If you do have the resources to publish a V7 document upgrade it would help others. Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com

Re: [squid-users] Squid 4.8+ intercept

Hey K, Here a video example on how to implement what you probably want: https://cloud1.ngtech.co.il/static/squid-data/mikrotik-v7-intercept.mp4 If the proxy sits in the same network that the clients sit it won’t work. Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-2870426

Re: [squid-users] Squid 4.8+ intercept

Hey Grant, The issue is very simple, if squid and the clients sits on the same subnet( not the same network segment) then squid will send the traffic back directly to the client. WCCP is not related to the network level of things and will not resolve this exact same issue in most similar use cas

Re: [squid-users] Squid as Reverse Proxy with Parent Proxy, http inbound and https outbound

Hey Joel, I don’t know if squid would be able to do what you want/need but I know that nginx can do some part of what you want. Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com Web: https://ngtech.co.il/ My-

Re: [squid-users] Squid 4.8+ intercept

Hey K, What RouterOS version are you using? Also, what rules have you applied? If there is a very long delay and then a failure you should verify that the rules you wrote are proper to your environment. You should route packets based on connection marks and mark only new connections from LAN IP

Re: [squid-users] Squid 4.8+ intercept

Hey K, I need your Mikrotik and squid.conf and iptables to understand what the issue might be. You will need to describe your setup in a way I can relate to it. There is not much of a difference between port 80 to 443 just that the port need to have ssl-bump settings If you are using it. The CON

  1   2   >