On 3/12/2011 6:22 a.m., Sean Boran wrote:
Well yes, we are trying to incept...
I dont see where the "forgery" is, if my proxy CA is trusted and a
cert is generated for that target, signed by that CA, why should the
browser complain?
The "forgery" is that you are creating a certificate claiming
On 3/12/2011 12:45 p.m., Jose-Marcio Martins da Cruz wrote:
Pedro Correia Sardinha wrote:
Hello,
When I try to build the last version as usual, "make all" it's giving
me this output (my compiler is gcc-4.5.3):
ftp.cc: In member function 'void
FtpStateData::ftpAcceptDataConnection(const CommAcc
I Compiled 3.1.15 and 3.1.16 so far without any problems, today i try to
compile the last version 3.1.17 and i got errors:
./configure CFLAGS=-DNUMTHREADS=128 --with-filedescriptors=16384
--enable-removal-policies=heap,lru --enable-epoll
--enable-stopreio=ufs,aufs,diskd --enable-async-io=128 -
Pedro Correia Sardinha wrote:
Hello,
When I try to build the last version as usual, "make all" it's giving
me this output (my compiler is gcc-4.5.3):
ftp.cc: In member function 'void
FtpStateData::ftpAcceptDataConnection(const CommAcceptCbParams&)':
ftp.cc:3124:38: error: redeclaration of 'char
Hello,
When I try to build the last version as usual, "make all" it's giving
me this output (my compiler is gcc-4.5.3):
ftp.cc: In member function 'void
FtpStateData::ftpAcceptDataConnection(const CommAcceptCbParams&)':
ftp.cc:3124:38: error: redeclaration of 'char ntoapeer [75]'
ftp.cc:3076:31:
On Fri, 02 Dec 2011 15:15:59 +1300
Amos Jeffries wrote:
> On 2/12/2011 5:13 a.m., Matus UHLAR - fantomas wrote:
> > On 01.12.11 15:05, Josef Karliak wrote:
> >> I wanna use tmpfs for squid cache, is 8GB enough or too big ?
> >> We've about 3000 computers behind squid, for OS is 16GB
> >> sufficie
On 2 December 2011 01:01, Jenny Lee wrote:
> p4$ host download.windowsupdate.com
> mscom-wui-any.vo.msecnd.net has address 70.37.129.251
> mscom-wui-any.vo.msecnd.net has address 70.37.129.244
>
> p12$ host download.windowsupdate.com
> a26.ms.akamai.net.0.1.cn.akamaitech.net has address 92.123.69
Well yes, we are trying to incept...
I dont see where the "forgery" is, if my proxy CA is trusted and a
cert is generated for that target, signed by that CA, why should the
browser complain?
And why would FF not complain but IE9 does?
Sean
On 2 December 2011 17:29, Amos Jeffries wrote:
> On 3/
I have an Exchange 2007 Environment that I am upgrading to Exchange 2010. I
have Squid configured as a reverse proxy, and I placed it in front of my
Exchange 2007 CAS server. Both servers are located in the same Active Directory
site.
Exchange 2010 does not allow OWA proxying to Exchange 2007 s
On 3/12/2011 4:44 a.m., Sean Boran wrote:
With squid running sslbump in routing mode, and used by a handful of
users, squid is crashing regularly, linked to visiting SSL sites.
Logs
--
2011/11/29 11:39:36| clientNegotiateSSL: Error negotiating SSL connection on FD
45: error:1408F10B:SSL routines
Hello,
we are trying to set squid up as an SSL reverse proxy in front of SSL.
The flow is browser -> ssl -> squid -> ssl -> application.
When we do this we're not seeing persistent connections being used for
the backend connection. It appears that squid is starting a new SSL
connection for ever
On 2/12/2011 11:10 p.m., Josef Karliak wrote:
Hi,
I use 64-bit machine, HP DL380 G7. I thought that it should be
better to use tmpfs (part of the memory). After reboot it is clean and
empty, squid creates directories again automaticaly.
So you recommend use a few of disk capacity and set
On 3/12/2011 4:16 a.m., Sean Boran wrote:
Yes it was add to the Windows cert store. (Tools> Options> Content
Certiifcates> Trusted Root Certification Authorities).
Not all all HTTPS websites cause errors either, e..g
https://www.credit-suisse.com is fine.
Ouch. Their certificate is permit
On 3/12/2011 1:02 a.m., Maret Ludovic wrote:
Hi there !
I want to configure a transparent proxy for HTTP and SSL. HTTP works
pretty well but i'm stuck with SSL even if i use the ssl-bump feature.
Right now, it almost works if i use 2 differents ports for the http_port
& https_port :
http_port
On 2/12/2011 10:51 p.m., David Touzeau wrote:
Le vendredi 02 décembre 2011 à 15:05 +1300, Amos Jeffries a écrit :
Hooray progress :)
On 2/12/2011 5:49 a.m., David Touzeau wrote:
Here it is the log in debug mode :
--
2011/12/01 17:49:14.106 kid1| HTTP Client local=4.26.235.254:80
remo
With squid running sslbump in routing mode, and used by a handful of
users, squid is crashing regularly, linked to visiting SSL sites.
Logs
--
2011/11/29 11:39:36| clientNegotiateSSL: Error negotiating SSL connection on FD
45: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number (1/-1)
I'm not sure you can use sslbump in transparent mode.
I remember reading something to that effect.
There are also articles like this that might help:
https://dvas0004.wordpress.com/2011/03/22/squid-transparent-ssl-interception/
Sean
On 2 December 2011 13:02, Maret Ludovic wrote:
> Hi there !
>
Yes it was add to the Windows cert store. (Tools > Options > Content
> Certiifcates > Trusted Root Certification Authorities).
Not all all HTTPS websites cause errors either, e..g
https://www.credit-suisse.com is fine.
Sean
On 2 December 2011 15:03, Guy Helmer wrote:
>
> On Dec 2, 2011, at 3:5
On 12/02/2011 12:44 AM, Amos Jeffries wrote:
I can't speak for what they know. I only pay attention to the details
directly affecting Squid features on the netfilter lists.
Of course you can't, sorry. I just thought that, out of the thousands of
sites we visit every day, accessing this particul
Hi there !
I want to configure a transparent proxy for HTTP and SSL. HTTP works
pretty well but i'm stuck with SSL even if i use the ssl-bump feature.
Right now, it almost works if i use 2 differents ports for the http_port
& https_port :
http_port 3129 transparent
https_port 3130 ssl-bump cert=
Hi,
I use 64-bit machine, HP DL380 G7. I thought that it should be
better to use tmpfs (part of the memory). After reboot it is clean and
empty, squid creates directories again automaticaly.
So you recommend use a few of disk capacity and set caching to memory only ?
Thanks
J.K.
Ci
I have squid 3.1.4 but using this conf, the rate limiting to 1Mbps does not
seem to work.
What can I change in the conf / delay parameters?
auth_param basic realm Myname proxy server
auth_param basic credentialsttl 2 hours
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
Hi,
I'm testing squid v3 with SSL interception (the interception is to do
AV checking with icap) in routing mode.
Sslbump/dynamic certs are configured. A self-signed cert is used on
the proxy, and installed as a ca on browsers.
https to several sites (such as Gmail.com boi.com) works with FF
(al
Le vendredi 02 décembre 2011 à 15:05 +1300, Amos Jeffries a écrit :
> Hooray progress :)
>
>
> On 2/12/2011 5:49 a.m., David Touzeau wrote:
> >
> > Here it is the log in debug mode :
> >
> > --
> > 2011/12/01 17:49:14.106 kid1| HTTP Client local=4.26.235.254:80
> > remote=192.168.1.228:10
I tried using the path end It works perfectly.
Thank you very much!!
>>> Amos Jeffries 02/12/2011 8.54 >>>
On 2/12/2011 4:37 a.m., Roberto Galluzzi wrote:
> Hi,
>
> I'm using Squid 3.1 and SquidGuard with success. Now I want to add
> SquidClamav 6.
>
> Versions 6.x need Icap and I didn't have p
Anyone know if it is possible to watch Bambuser live
broadcasts through squid, and if it should work "out
of the box" or if it needs special configuration?
We can watch finished Bambuser broadcasts, but live
broadcasts won't start.
www.bambuser.com/broadcasts
Their FAQ states:
"
To watch a broad
>
> Yes, welcome to the host header forgery mess. I don't know who
> benefited from this but a lot of people got bitten by it.
>
> I mentioned this first day
> http://bugs.squid-cache.org/show_bug.cgi?id=3325
>
> Anyone doing ANYCAST will be screwed (and a whole lotta people do
> that).
>
> p4
27 matches
Mail list logo
