Re: [squid-users] is it possible to restrict the use of websocket for security reason?

On 14/01/2023 12:13 am, Dieter Bloms wrote: Hello, is it possible to restrict the use of websockets for seurity reason like prevent long-lived Websocket communication or define a limit for total size of transfered payload? No. Squid support for WebSockets is only to reject its HTTP/1.1

[squid-users] is it possible to restrict the use of websocket for security reason?

Hello, is it possible to restrict the use of websockets for seurity reason like prevent long-lived Websocket communication or define a limit for total size of transfered payload? -- Regards Dieter -- I do not get viruses because I do not use MS software. If you use Outlook then please do

[squid-users] Is it possible to force some dstdomain to ipv4 protocol without define an outgoing ip address ?

Hello, I use squid 4.15 and want to configure it to connect to some destinations via IPv4. I know about the tcp_outgoing_address option, but my outgoing ipv4 and ipv6 addresses changes every day. So is there an option like: acl myipv4onlydest dstdomain .example1.com .example2.com

Re: [squid-users] Is it possible to force some dstdomain to ipv4 protocol without define an outgoing ip address ?

On 6/9/21 8:25 AM, Dieter Bloms wrote: > Hello, > > I use squid 4.15 and want to configure it to connect to some destinations > via IPv4. > > I know about the tcp_outgoing_address option, but my outgoing ipv4 and > ipv6 addresses changes every day. > > So is there an option like: > > acl

Re: [squid-users] Is it possible to apply squid delay pools on users/groups from AD ?

On Fri, Nov 17, 2017 at 3:39 AM, Amos Jeffries wrote: > On 17/11/17 03:40, Bike dernikov1 wrote: >> >> Thanks for info, we searched for solution but found that is not >> possible to combine delay polls, and forum is our last hope, so far we >> solved almost everything :) >>

Re: [squid-users] Is it possible to apply squid delay pools on users/groups from AD ?

On 17/11/17 03:40, Bike dernikov1 wrote: Thanks for info, we searched for solution but found that is not possible to combine delay polls, and forum is our last hope, so far we solved almost everything :) We have: Squid Object Cache: Version 3.5.23, so it could work. Can you give us example,

Re: [squid-users] Is it possible to apply squid delay pools on users/groups from AD ?

Thanks for info, we searched for solution but found that is not possible to combine delay polls, and forum is our last hope, so far we solved almost everything :) We have: Squid Object Cache: Version 3.5.23, so it could work. Can you give us example, how to use it. Colleague searched for

Re: [squid-users] Is it possible to apply squid delay pools on users/groups from AD ?

On 16/11/17 01:43, Bike dernikov1 wrote: Hi, this is my second topic, i wouldn't wan to mix with first. I hope that is ok. i hope that someone succeeded to apply delay pools on users/groups from AD. We are now using delay pool on whole 10.0.0.0/8, but that is a problem as different users have

[squid-users] Is it possible to apply squid delay pools on users/groups from AD ?

Hi, this is my second topic, i wouldn't wan to mix with first. I hope that is ok. i hope that someone succeeded to apply delay pools on users/groups from AD. We are now using delay pool on whole 10.0.0.0/8, but that is a problem as different users have different requirements. We have 30

Re: [squid-users] It is possible to use SSL_bump on my squid server 3.5.23, if my parent cache (cache_peer) does not use ssl_bump (not configured).

On 05/22/2017 08:14 AM, yuriang wrote: > It is possible to use SSL_bump on my squid server 3.5.23, if my parent > cache (cache_peer) does not use ssl_bump (not configured). I do not think it is possible to use SslBump steps 2+ with cache_peers that expect plain HTTP requests. AFAICT, for SslBump

[squid-users] It is possible to use SSL_bump on my squid server 3.5.23, if my parent cache (cache_peer) does not use ssl_bump (not configured).

It is possible to use SSL_bump on my squid server 3.5.23, if my parent cache (cache_peer) does not use ssl_bump (not configured). # When I try to access an https: // # With this setting: http_port 127.0.0.1:3129 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB

[squid-users] It is possible to use SSL_bump on my squid server 3.5.23, if my parent cache (cache_peer) does not use ssl_bump (not configured).

It is possible to use SSL_bump on my squid server 3.5.23, if my parent cache (cache_peer) does not use ssl_bump (not configured). # When I try to access an https: // # With this setting: http_port 127.0.0.1:3129 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB

Re: [squid-users] Is it possible to modify cached object?

I managed to patch this adapter (I don't know many things in Linux, but I don't give up), properly configured Squid (with regex and quotes) and successfully replaced closing *body* tag with image tag and of course closing body tag. -- View this message in context:

Re: [squid-users] Is it possible to modify cached object?

On 02/06/2017 03:27 PM, boruc wrote: > So I've installed squid 3.5.12, libecap 1.0.1 and sample adapter 1.0.0. I > was able to test a simple "the -> a" replacement shown in documentation > . Next I tried some HTML injection, > also from documentation.

Re: [squid-users] Is it possible to modify cached object?

Hi again, So I've installed squid 3.5.12, libecap 1.0.1 and sample adapter 1.0.0. I was able to test a simple "the -> a" replacement shown in documentation . Next I tried some HTML injection, also from documentation. However, it didn't work and I got error

Re: [squid-users] Is it possible to modify cached object?

On 1/02/2017 7:34 a.m., boruc wrote: > Thank you for your answers Antony. > > On packages.ubuntu.com I searched for "squid3" and here's what I've found: > 12.04LTS - 3.1.19 > 14.04LTS - 3.3.8 > 16.04LTS - 3.5.12 > > For now the best option would be to upgrade Ubuntu to 16.04, but I cannot do >

Re: [squid-users] Is it possible to modify cached object?

Exactly, localhost system administrators can do what they want ;-) 01.02.2017 1:05, boruc пишет: > Well, basically I'm working on virtual machine with nothing special installed > on it so I don't have to worry about all of this. I wanted to give squid a > try, look how it works, learn something

Re: [squid-users] Is it possible to modify cached object?

Well, basically I'm working on virtual machine with nothing special installed on it so I don't have to worry about all of this. I wanted to give squid a try, look how it works, learn something new. Being here, reading all your answers and suggestions is a great experience for me :) -- View this

Re: [squid-users] Is it possible to modify cached object?

01.02.2017 0:34, boruc пишет: > Thank you for your answers Antony. > > On packages.ubuntu.com I searched for "squid3" and here's what I've found: > 12.04LTS - 3.1.19 > 14.04LTS - 3.3.8 > 16.04LTS - 3.5.12 > > For now the best option would be to upgrade Ubuntu to 16.04, but I cannot do > it now.

Re: [squid-users] Is it possible to modify cached object?

Thank you for your answers Antony. On packages.ubuntu.com I searched for "squid3" and here's what I've found: 12.04LTS - 3.1.19 14.04LTS - 3.3.8 16.04LTS - 3.5.12 For now the best option would be to upgrade Ubuntu to 16.04, but I cannot do it now. Also Amos has written earlier: "All the newer

Re: [squid-users] Is it possible to modify cached object?

On Tuesday 31 January 2017 at 18:19:14, boruc wrote: > Antony Stone wrote > > > What do you get from the following: > > /etc/init.d/squid status > > /etc/init.d/squid restart > > literally nothing. I just noticed that there isn't anything with "squid" in > name in /etc/init.d. Ah,

Re: [squid-users] Is it possible to modify cached object?

Antony Stone wrote > What do you get from the following: > > /etc/init.d/squid status > /etc/init.d/squid restart literally nothing. I just noticed that there isn't anything with "squid" in name in /etc/init.d. Here are some locations and files with "squid" in name:

Re: [squid-users] Is it possible to modify cached object?

On Tuesday 31 January 2017 at 17:28:15, boruc wrote: > 1. Ubuntu 12.04.5 LTS > 2. Squid downloaded from > http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.24.tar.gz Okay, so that's an official source tarball, good. > 3. About "sudo auto-apt run ./configure && sudo make && sudo

Re: [squid-users] Is it possible to modify cached object?

1. Ubuntu 12.04.5 LTS 2. Squid downloaded from http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.24.tar.gz 3. About "sudo auto-apt run ./configure && sudo make && sudo checkinstall", I just wanted to give it a shot, original command was "sudo ./configure && make && sudo make install" 4. Command

Re: [squid-users] Is it possible to modify cached object?

On Tuesday 31 January 2017 at 10:35:30, boruc wrote: > I ran command "sudo apt-get remove --purge squid3" Okay, that will remove the distribution (Debian or Debian-based) package. > then I downloaded squid-3.5.24 in browser What exactly did you download from where? > unpacked it So,

Re: [squid-users] Is it possible to modify cached object?

I ran command "sudo apt-get remove --purge squid3", then I downloaded squid-3.5.24 in browser, unpacked it, then "sudo auto-apt run ./configure && sudo make && sudo checkinstall". deb package is created, message says that it was also installed. So i ran command to see installed packages and that's

Re: [squid-users] Is it possible to modify cached object?

On 30/01/2017 7:52 a.m., boruc wrote: > What would be the safest way to rebuild squid and enable eCAP? > > I wanted to install libecap and some examples from e-cap.org/Documentation > for my squid. My version is 3.1.19, wiki Please upgrade. 3.1 is over 5

Re: [squid-users] Is it possible to modify cached object?

What would be the safest way to rebuild squid and enable eCAP? I wanted to install libecap and some examples from e-cap.org/Documentation for my squid. My version is 3.1.19, wiki says that suitable version of both

Re: [squid-users] Is it possible to modify cached object?

On 23/01/2017 4:34 a.m., boruc wrote: > So basically eCAP will allow me to modify any pages that is in response? What > about pages that are gzipped? Would I have to decode, modify it as I want > and encode? Yes you would. Squid just passes the data it gets. > If you could write a "lifecycle" of

Re: [squid-users] Is it possible to modify cached object?

So basically eCAP will allow me to modify any pages that is in response? What about pages that are gzipped? Would I have to decode, modify it as I want and encode? If you could write a "lifecycle" of object that is going to be cached, what would it look like? HTTP Request -> HTTP Response ->

Re: [squid-users] Is it possible to modify cached object?

On 9/01/2017 8:41 a.m., Rafael Akchurin wrote: > Hello Boruc, > > Please use https://en.wikipedia.org/wiki/Data_URI_scheme > boruc: Also you should not be manually (or even with a Script) editing cache objects on disk as a routine operation. As Alex already mentioned use ICAP or eCAP

Re: [squid-users] Is it possible to modify cached object?

On 9/01/2017 3:49 a.m., boruc wrote: > Thank you for your answer. > > Actually I managed to do what I want by simply editing that file and > changing content length if necessary. I don't know why sometimes I need to > restart Squid or reopen browser to see changed version of page. Sometimes > it

Re: [squid-users] Is it possible to modify cached object?

@lists.squid-cache.org Subject: Re: [squid-users] Is it possible to modify cached object? Sorry for multiple posts. I used tag in incorrect way so you can't see the code. Here's correct message: I can change content of the HTML in cached object, but not in every way. I have a trouble inserting an image

Re: [squid-users] Is it possible to modify cached object?

Sorry for multiple posts. I used tag in incorrect way so you can't see the code. Here's correct message: I can change content of the HTML in cached object, but not in every way. I have a trouble inserting an image to that site from my PC. If I simply put: img src="/home/username/Images/image.png"

Re: [squid-users] Is it possible to modify cached object?

I can change content of the HTML in cached object, but not in every way. I have a trouble inserting an image to that site from my PC. If I simply put: there's only a displayed icon which is refering to given location but on the page server. I also tried like this: but also with no effect. I

Re: [squid-users] Is it possible to modify cached object?

08.01.2017 20:49, boruc пишет: > Thank you for your answer. > > Actually I managed to do what I want by simply editing that file and > changing content length if necessary. I don't know why sometimes I need to > restart Squid or reopen browser to see changed version of page. Sometimes > it works

Re: [squid-users] Is it possible to modify cached object?

Thank you for your answer. Actually I managed to do what I want by simply editing that file and changing content length if necessary. I don't know why sometimes I need to restart Squid or reopen browser to see changed version of page. Sometimes it works fine on regular browser window, sometimes I

Re: [squid-users] Is it possible to modify cached object?

Content adaption can also be done without squid. Mod of message body "on-the-fly" can be achieved using commercial product(s). -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Is-it-possible-to-modify-cached-object-tp4681073p4681075.html Sent from the Squid -

Re: [squid-users] Is it possible to modify cached object?

On 01/06/2017 11:35 AM, boruc wrote: > I am facing a really big problem (for me). I've set up a home network (few > PCs, some mobiles) with squid proxying all requests. Is it possible to > change cached objects manually? Let's say I have an object that contains > /www.example.com/ page HTML

[squid-users] Is it possible to modify cached object?

Hi everyone, I am facing a really big problem (for me). I've set up a home network (few PCs, some mobiles) with squid proxying all requests. Is it possible to change cached objects manually? Let's say I have an object that contains /www.example.com/ page HTML source and what I want to do is e.g.

Re: [squid-users] Is it possible to log request's proxy hostname in the access log?

Thank you for immediate answer, Antony. Best Regards, Sergey 2016-04-21 23:26 GMT+03:00 Antony Stone : > On Thursday 21 April 2016 at 22:21:15, Ser de Bronce wrote: > > > I have a squid server that can be accessed from multiple subdomains. > > For example,

Re: [squid-users] Is it possible to log request's proxy hostname in the access log?

On Thursday 21 April 2016 at 22:21:15, Ser de Bronce wrote: > I have a squid server that can be accessed from multiple subdomains. > For example, user A does a proxy request on "aaa.myproxy.com" and user B on > "bbb.myproxy.com" > Is it possible to log which subdomain was requested by the user?

[squid-users] Is it possible to log request's proxy hostname in the access log?

Hi there, Maybe someone already knows any solution: I have a squid server that can be accessed from multiple subdomains. For example, user A does a proxy request on "aaa.myproxy.com" and user B on "bbb.myproxy.com" Is it possible to log which subdomain was requested by the user? Best Regards,

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 24.09.15 7:12, Amos Jeffries пишет: > On 24/09/2015 2:04 a.m., Yuri Voinov wrote: >> >> Through assertion and then restarts squid: >> >> 2015/09/23 20:03:25 kid1| Validated 35899 Entries >> 2015/09/23 20:03:25 kid1| store_swap_size =

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

On 25/09/2015 2:13 a.m., Yuri Voinov wrote: > > 24.09.15 7:12, Amos Jeffries пишет: >> On 24/09/2015 2:04 a.m., Yuri Voinov wrote: >>> >>> Through assertion and then restarts squid: >>> >>> 2015/09/23 20:03:25 kid1| Validated 35899 Entries >>> 2015/09/23 20:03:25 kid1| store_swap_size =

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Aha. Good news. This is something already. 25.09.15 1:57, Amos Jeffries пишет: > On 25/09/2015 2:13 a.m., Yuri Voinov wrote: >> >> 24.09.15 7:12, Amos Jeffries пишет: >>> On 24/09/2015 2:04 a.m., Yuri Voinov wrote: Through assertion and

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

On 23/09/2015 11:01 p.m., Yuri Voinov wrote: > Look: > > # Tor acl > acl tor_url url_regex -i "/usr/local/squid/etc/url.tor" > > url.tor contains: > ^https?.*torproject.* > > May be, I'm an idiot, but where is the error? The URL on the CONNECT requests ("torproject.om:443") are not starting

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

Look: # Tor acl acl tor_url url_regex -i "/usr/local/squid/etc/url.tor" url.tor contains: ^https?.*torproject.* May be, I'm an idiot, but where is the error? All other url.tor entries works perfectly. WIth HTTP only. 23.09.15 7:44, Amos Jeffries пишет: On 23/09/2015 4:39 a.m., Yuri Voinov

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

23.09.15 17:07, Matus UHLAR - fantomas пишет: Hello, On 17.09.15 18:47, Yuri Voinov wrote: acl NoSSLIntercept ssl::server_name_regex -i localhost \.icq\.* kaspi\.kz ssl_bump splice NoSSLIntercept # Privoxy+Tor access rules never_direct allow tor_url cache_peer_access 127.0.0.1 allow

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

On 24/09/2015 2:04 a.m., Yuri Voinov wrote: > > Through assertion and then restarts squid: > > 2015/09/23 20:03:25 kid1| Validated 35899 Entries > 2015/09/23 20:03:25 kid1| store_swap_size = 1730768.00 KB > 2015/09/23 20:03:26 kid1| storeLateRelease: released 0 objects > 2015/09/23 20:03:26

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ooops. After timed out: - - CONNECT torproject.org:443 HTTP/1.1 Host: torproject.org Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.93

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - CONNECT torproject.org:443 HTTP/1.1 Host: torproject.org Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.93 Safari/537.36 - --

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

On 23/09/2015 4:39 a.m., Yuri Voinov wrote: > > Ooops. After timed out: > > - > CONNECT torproject.org:443 HTTP/1.1 > Host: torproject.org > Proxy-Connection: keep-alive > User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 > (KHTML, like Gecko) Chrome/45.0.2454.93

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - CONNECT www.torproject.org:443 HTTP/1.1 Host: www.torproject.org Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.93 Safari/537.36 - --

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Can't understand, why it is not work. Tor Browser works ok itself. The similar config via Squid 3.5.7+Privoxy - don't. CONNECT to torproject.org:443 goes directly, whenever config changes. 21.09.15 23:56, Amos Jeffries пишет: > On 17/09/2015

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

On 22/09/2015 6:00 a.m., Yuri Voinov wrote: > > Can't understand, why it is not work. > > Tor Browser works ok itself. > > The similar config via Squid 3.5.7+Privoxy - don't. > > CONNECT to torproject.org:443 goes directly, whenever config changes. I suspect some detail is being removed

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

On 17/09/2015 10:07 p.m., Yuri Voinov wrote: > If I disable SSL bump for tunneled sites, I've got an error SSL: > > ssl_error_rx_record_too_long > If you "disabled" ssl_bump by removing its config, or using "ssl_bump none" for that traffic then the error is strictly a problem between the client

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 22.09.15 1:23, Antony Stone пишет: > On Monday 21 September 2015 at 21:20:19, Yuri Voinov wrote: > >> 22.09.15 1:15, Amos Jeffries пишет: >> >>> HSTS is opt-out. Strip the *response* header on the first contact and it >>> disappears. >> >> I

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

On Monday 21 September 2015 at 21:20:19, Yuri Voinov wrote: > 22.09.15 1:15, Amos Jeffries пишет: > > > HSTS is opt-out. Strip the *response* header on the first contact and it > > disappears. > > I can't. Because first connection can't occur during ISP ban by IP. > First contact is never

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Finally it ends up by this one: http://i.imgur.com/izWY1cc.png Antony, how it can be explained? ;) 22.09.15 1:23, Antony Stone пишет: > On Monday 21 September 2015 at 21:20:19, Yuri Voinov wrote: > >> 22.09.15 1:15, Amos Jeffries пишет: >> >>>

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

On 22/09/2015 6:25 a.m., Yuri Voinov wrote: > > This is dig result: > > ;; ANSWER SECTION: > torproject.org. 3600IN A 93.95.227.222 > torproject.org. 3600IN A 154.35.132.70 > torproject.org. 3600IN A 86.59.30.40 >

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 This is dig result: ;; ANSWER SECTION: torproject.org. 3600IN A 93.95.227.222 torproject.org. 3600IN A 154.35.132.70 torproject.org. 3600IN A 86.59.30.40 torproject.org.

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I'm in a coffin seen all purulent politics. But when suddenly my customers lose access to their documents on Google documents - I pick up instruments. And I want them to work. At the same time, I can not put everything and everyone Tor Browser.

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The torproject.org is just an example. This is not so important like, for example, google docs, google mail, google drive (all web interface at minimum), archive.org. All of this uses HSTS now and, if banned by IP by ISP (note: dns is not

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 22.09.15 1:15, Amos Jeffries пишет: > On 22/09/2015 6:25 a.m., Yuri Voinov wrote: >> >> This is dig result: >> >> ;; ANSWER SECTION: >> torproject.org. 3600IN A 93.95.227.222 >> torproject.org. 3600IN A

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

On 22/09/2015 7:33 a.m., Yuri Voinov wrote: > > Here is access log when using IE: > > 1442863815.068785 127.0.0.1 TCP_MISS/302 506 GET > http://torproject.org/ - FIRSTUP_PARENT/127.0.0.1 text/html > 1442863816.542 105231 127.0.0.1 TAG_NONE/200 0 CONNECT > www.torproject.org:443 -

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

On 19/09/2015 4:48 a.m., Yuri Voinov wrote: > > 18.09.15 21:22, Matus UHLAR - fantomas пишет: >> from earlier e-mail: > >>> acl tor_url url_regex "C:/Squid/etc/squid/url.tor" > >> On 17.09.15 18:47, Yuri Voinov wrote: >>> acl NoSSLIntercept ssl::server_name_regex -i localhost \.icq\.* kaspi\.kz

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 18.09.15 21:22, Matus UHLAR - fantomas пишет: > from earlier e-mail: > >> acl tor_url url_regex "C:/Squid/etc/squid/url.tor" > > On 17.09.15 18:47, Yuri Voinov wrote: >> acl NoSSLIntercept ssl::server_name_regex -i localhost \.icq\.* kaspi\.kz

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

from earlier e-mail: acl tor_url url_regex "C:/Squid/etc/squid/url.tor" On 17.09.15 18:47, Yuri Voinov wrote: acl NoSSLIntercept ssl::server_name_regex -i localhost \.icq\.* kaspi\.kz ssl_bump splice NoSSLIntercept # Privoxy+Tor access rules never_direct allow tor_url cache_peer_access

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

17.09.15 10:50, Amos Jeffries пишет: On 17/09/2015 4:36 a.m., Yuri Voinov wrote: Hm. If I understand correctly, the right configuration must be: # Privoxy+Tor access rules never_direct allow CONNECT never_direct allow tor_url # Local Privoxy is cache parent cache_peer 127.0.0.1 parent 8118

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

If I disable SSL bump for tunneled sites, I've got an error SSL: ssl_error_rx_record_too_long 17.09.15 10:50, Amos Jeffries пишет: On 17/09/2015 4:36 a.m., Yuri Voinov wrote: Hm. If I understand correctly, the right configuration must be: # Privoxy+Tor access rules never_direct allow

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Squid 3.5.7 the same result: 1442420915.874 207879 127.0.0.1 TAG_NONE/200 0 CONNECT torproject.org:443 - HIER_DIRECT/2001:41b8:202:deb:213:21ff:fe20:1426 - 1442493956.863 168528 127.0.0.1 TAG_NONE/200 0 CONNECT torproject.org:443 -

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 16.09.15 21:34, Amos Jeffries пишет: > On 17/09/2015 3:18 a.m., Yuri Voinov wrote: >> >> This: >> >> http://osdir.com/ml/web.squid.general/2003-04/msg00800.html >> >> does not work. > > Do you have always_direct rules that match the request(s)?

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sure. I've tried all possible combinations. Including this: # SSL bump rules sslproxy_cert_error allow all acl DiscoverSNIHost at_step SslBump1 ssl_bump peek DiscoverSNIHost acl NoSSLIntercept ssl::server_name_regex -i localhost \.icq\.*

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 This: http://osdir.com/ml/web.squid.general/2003-04/msg00800.html does not work. 16.09.15 0:15, Matus UHLAR - fantomas пишет: > On 15.09.15 23:42, Yuri Voinov wrote: >> I asked a specific question. How does Squid as a whole - I am well >>

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

On 17/09/2015 3:18 a.m., Yuri Voinov wrote: > > This: > > http://osdir.com/ml/web.squid.general/2003-04/msg00800.html > > does not work. Do you have always_direct rules that match the request(s)? or "nonhierarchical_direct on" ? The order of invocation is: nonhierarchical_direct (on means

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hm. If I understand correctly, the right configuration must be: # Privoxy+Tor access rules never_direct allow CONNECT never_direct allow tor_url # Local Privoxy is cache parent cache_peer 127.0.0.1 parent 8118 0 no-query no-digest default

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

On 17/09/2015 4:36 a.m., Yuri Voinov wrote: > > Hm. > > If I understand correctly, the right configuration must be: > > # Privoxy+Tor access rules > never_direct allow CONNECT > never_direct allow tor_url > > # Local Privoxy is cache parent > cache_peer 127.0.0.1 parent 8118 0 no-query

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

On 15.09.15 22:45, Yuri Voinov wrote: Does anyone know - is it possible to send the connection, starting with the CONNECT, to cache-peer? cache_peer_access with proper ACLs should do that. note that always_direct can avoid it. I need to send some sites, defined by ACL, connections with

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 There is no answer. 15.09.15 23:31, Matus UHLAR - fantomas пишет: > On 15.09.15 23:27, Yuri Voinov wrote: >> Is it possible to specifically - how exactly it is necessary to write >> the configuration? The fact is that any variations on a similar

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Antony, thank your for answer. My problem is a bit specific. I have some permanently ISP-banned sites. I need to pass-through it from transparent interception Squid to cache_peer - both plain HTTP and HTTPS tunnels without decryption. Sites

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

On 15.09.15 22:45, Yuri Voinov wrote: Does anyone know - is it possible to send the connection, starting with the CONNECT, to cache-peer? 15.09.15 23:17, Matus UHLAR - fantomas пишет: cache_peer_access with proper ACLs should do that. note that always_direct can avoid it. On 15.09.15

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I asked a specific question. How does Squid as a whole - I am well aware. Before asking a question - I tried everything I seemed right. And I asked, hoping to get a specific answer or intelligible explanation, not the common words and sentences to

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I want to get the answer the people who did it. And not those that suggest that they could do it. 15.09.15 23:42, Matus UHLAR - fantomas пишет: >>> On 15.09.15 22:45, Yuri Voinov wrote: Does anyone know - is it possible to send the

[squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Does anyone know - is it possible to send the connection, starting with the CONNECT, to cache-peer? I'll try to explain. I need to send some sites, defined by ACL, connections with starts with CONNECT (443 port), to the cache_peer first? Rather

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

On 15.09.15 22:45, Yuri Voinov wrote: Does anyone know - is it possible to send the connection, starting with the CONNECT, to cache-peer? 15.09.15 23:17, Matus UHLAR - fantomas пишет: cache_peer_access with proper ACLs should do that. note that always_direct can avoid it. On 15.09.15

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Is it possible to specifically - how exactly it is necessary to write the configuration? The fact is that any variations on a similar theme cause assertion. 15.09.15 23:17, Matus UHLAR - fantomas пишет: > On 15.09.15 22:45, Yuri Voinov wrote: >>

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

On 15.09.15 23:27, Yuri Voinov wrote: Is it possible to specifically - how exactly it is necessary to write the configuration? The fact is that any variations on a similar theme cause assertion. just combine it with proper acl of type dst or dstdomain... 15.09.15 23:17, Matus UHLAR -

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Squid working in transparent SSL Bump mode. AFAIK, here is SSL decrypts. AFAIK, decrypted tunnel denied to be forwarded to parent. I need to forward some URLs without decryption to peer. Whole session starting with CONNECT. Problem: Peer must

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

Here is my testing config from test system. This is original configuration, which is works well with HTTP but not with HTTPS. I've tried to permit CONNECT access to cache_peer, config cache_peer as ssl, splice forwarded URL's... without any result. When I've turned URL into cache_peer -

[squid-users] Is it possible to tunnelize http traffic?

Hello, I'm trying to improve the bypass system we use in our servers. When a site is not shown as it should, or something is broken because of a poor server's side implementation, we bypass traffic to that server at ebtables level. This works just as expected, squid never sees this traffic,

[squid-users] It is possible using squid to cache YouTube ?

Hi, My freind asked why dont we cache youtube? In 2014 i read a website page about how to caching youtube using squid lusca, and later in comment section the author said the method not work anymore so I wonder it is possible to cache YouTube using squid ? For what I know it is impossible cause

Re: [squid-users] It is possible using squid to cache YouTube ?

- De: Ibrahim Lubis baim.lu...@gmail.com Para: squid-users@lists.squid-cache.org Enviadas: Sexta-feira, 29 de Maio de 2015 4:44:51 Assunto: [squid-users] It is possible using squid to cache YouTube ? Hi, My freind asked why dont we cache youtube? In 2014 i read a website page about how

Re: [squid-users] It is possible using squid to cache YouTube ?

Hi Antony, I consider the answer is 'it cant', even is yes it seems the road is dark and scary. Thx On May 29, 2015 2:57 PM, Antony Stone antony.st...@squid.open.source.it wrote: On Friday 29 May 2015 at 09:44:51 (EU time), Ibrahim Lubis wrote: Hi, My freind asked why dont we cache

[squid-users] Is it possible to configure a transparent caching proxy without iptables?

Hi together, I'm having trouble figuring a way to configure a `squid` 3.4.10 instance running in a Debian 7 chroot as a transparent caching proxy because I only find configuration examples involving `iptables` which on the one hand is very useful because it allows setups which work independently

Re: [squid-users] Is it possible to mark tcp_outgoing_mark (server side) with SAME MARK as incoming packet (client side)?

Hi So documentation is right but placement of the statement is possibly wrong. Its not highlighted right infront. i.e qos_flows applies only for packets from server to client(squid) NOT from client to server. Is it possible to do reverse too? Or atleast have an acl where I can check

Re: [squid-users] Is it possible to mark tcp_outgoing_mark (server side) with SAME MARK as incoming packet (client side)?

On Thu, 2014-03-27 at 10:26 +, Ed W wrote: Yes, I'm still really interested to implement this. I got as far as doing some investigation a few weeks back. Thanks for looking into it. I'd like to sort it myself, but don't have the time at the moment. In the meantime, I'll aim to submit a

Re: [squid-users] Is it possible to mark tcp_outgoing_mark (server side) with SAME MARK as incoming packet (client side)?

On 03/16/2014 03:02 AM, Andrew Beverley wrote: I used (and created) the patch to get the value from the remote server. However, I can't remember whether it does it the other way as well (at the time I thought I'd written the documentation so clearly, but coming back to it now it's not

Re: [squid-users] Is it possible to mark tcp_outgoing_mark (server side) with SAME MARK as incoming packet (client side)?

On 15/03/2014 6:46 p.m., Amm wrote: Hello, I would like to mark outgoing packet (on server side) with SAME MARK as on incoming (NATed or CONNECTed) packet. There is option tcp_outgoing_mark with which I can mark packets. But there is no ACL option to check incoming mark. If there

Re: [squid-users] Is it possible to mark tcp_outgoing_mark (server side) with SAME MARK as incoming packet (client side)?

On 03/15/2014 05:11 PM, Amos Jeffries wrote: On 15/03/2014 6:46 p.m., Amm wrote: I would like to mark outgoing packet (on server side) with SAME MARK as on incoming (NATed or CONNECTed) packet. http://www.squid-cache.org/Doc/config/qos_flows/ Squid default action is to pass the

  1   2   3   >