Re: [squid-users] Which protocol uses when Stored-ID object returned by Squid?
On 13/08/2015 2:18 a.m., Yuri Voinov wrote: Also, Amos. What's happens when I normalize or completely suppress Vary header? The Internet breaks. * images show up as random colour garbage * what should be readable text shows up as binary characters * what should be downloadable objects show up as text pages lots more. Its not good. Suppress or normalize the Accept headers instead. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] Which protocol uses when Stored-ID object returned by Squid?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi all. Stupid question: Which protocol uses when Stored-ID object returned by Squid? I.e., when I use ssl bump, and use next rules: squid.conf: acl store_rewrite_list_web url_regex ^https?:\/\/(khms|mt)[0-9]+\.google\.[a-z\.]+\/.* ^https?:\/\/(kh[0-9]?)+\.google\.[a-z\.]+\/(.*) store_id_program /usr/local/squid/libexec/storeid_file_rewrite /usr/local/squid/etc/storeid.conf store_id_access allow store_rewrite_list_web store_id_access allow store_rewrite_list_web_CDN store_id_access allow adobe_java_updates store_id_access deny all and ^https?:\/\/(khms[\d]|mt[\d])+\.google\.[a-z\.]+\/(.*) http://gmaps.SQUIDINTERNAL/$1/$2 ^https?:\/\/(kh[\d]?)+\.google\.[a-z\.]+\/(.*) http://gearth.SQUIDINTERNAL/$1/$2 in storeid.conf, and user goes to Google Maps via HTTPS (and map is already Stored-ID), how Squid will be output stored object to client? Client shows green https connection with valid Squid CA. Access.log shows bumped https connection. HTTP or HTTPS? WBR, Yuri -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJVyypoAAoJENNXIZxhPexG8VYH/386odEaN6yvgno5sRbrkS60 U+/ayqmHIrkDq/gdxpcRRZS2ZsZWhylg0UQwcx0Ktwimeco4rJFREcMwjaPmlqDf 3qKGsdfDyMv0PPDfDT2zv2AmQpR2TNlqzpAYFd1cCAqfzIiKI6LvWmABC0Cy0Gi9 F1/vevGLur0yGbozvU3OWqDAk2tTeBm8g7r+3hp3vlBYmpJp79OCxkISqalkozYZ jUcyzCQ13H0l2rFhiglcI4aXrmr0ijVa/Ebx3URCEQWL5nDIBlGdukr5guluW3pC e+F5AU/8b20/x1GtJWg/wO99fpuLykkvuaiqUCPwKRKIURbpYgfj5G45ZYMcI5Q= =w+NR -END PGP SIGNATURE- ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Which protocol uses when Stored-ID object returned by Squid?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Good info, Eliezer. I'll research this next week. I've interested in video hostings caching. Thanks for idea and point to right direction! 12.08.15 22:04, Eliezer Croitoru пишет: Vimeo is using akamai and can be cached as far as I understand. There is always an ID out there in urls(not Vimeo specific if at all in Vimeo) but it's either encrypted or is inside the page that needs to be parsed. These are the two options I know about and I have seen couple times that there are something like a cookie url which can help to identify a common ID. I don't remember if it was to you that I recommended Adblock plus and video search at firefox. There was another software which I think is called FreeRapid Downloader and they have all bunch of plugins which written in java that helped me get started on couple things with video sites analytics. The software doesn't work very well these days but it gives a lot of basics if you have the needed java skills(I am not pushing you to dive into it since it's not a simple task). Adblock plus gives you many details on every page you browse into and have a nice filter option. You can get into the filter and urls list using the open blockable items option in the Adblock plus firefox menu. It' much simpler then plain firefox inspect elements or firebug but it is limited a bit. Eliezer * I have read people writing in forums something like we are not spoon feeding got read the man pages and I do not like the attitude!! - Also on this specific case there is not man pages or something similar and I encourage to ask. On 12/08/2015 17:17, Yuri Voinov wrote: I still see no problem, if the same content under HTTP/HTTPS will deduplicated as one record. 12.08.15 20:06, Eliezer Croitoru пишет: On 12/08/2015 16:44, Yuri Voinov wrote: Hmm. You want to say will better to have HTTP/HTTPS duplicate rules for the same content? This can lead problems with YT, for example. And make storage space bigger... Now I'm trying to produce some best practice with Store-ID for myself. This is why this question occurs. I think that it's not an issue if you are bumping. Youtube these days forces https whenever they can so you will probably won't have this issue at all. HSTS is not an issue - it's quite simple to disable or force URI to bump. Issue is still different. When rules for store id is dual - http and https - this occurs problems with Chrome on PC's and mobile devices. Youtube is not a basic case but take a look at their smaller content such as youtube images which consist of one key for them all using the video ID which is different from vimeo and many others. In our country YT is basic case. This is over 80% of all video traffic. All others either blocked, or not know or unused. Vimeo Vimeo is great undocumented problem, like Google YT. But if YT is partially solved, Vimeo is completely terra incognita. :) Are you looking for some sites to analyze for practice? Sure. Eliezer ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJVy28YAAoJENNXIZxhPexGD90H/0OX47ftwV4sMPgyrVDSStN9 PFv6ejEtDkuNTVupP15lxRIBTsFsGODGDgpavA0OG/KHkpwpkaJuZUGUeIrlcyM0 d9KzHkYqA002wGfVhqkA+ZoGkjz0eUuT+xuplxXYnEYUOtxpz2DxMmPEFhtjft2F I32ahfNQOSjwhDXPaoGt5gwIf5ugIIur8Pa0BdigJG6KMgr3zbFatdgJEi8NCWd6 T7z8248ORAzhvkC6JBQsWyQo6yBbumyEZNOELAlm6445CcbKbBYGOjMFJS6O/zYg I+RA6rJACuPd/1ZtN0s4PJ9qYEMQm0rFfxbscY7g3a7sbkMMNp1ifDvNVzsCTb0= =M+Ys -END PGP SIGNATURE- ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Which protocol uses when Stored-ID object returned by Squid?
Vimeo is using akamai and can be cached as far as I understand. There is always an ID out there in urls(not Vimeo specific if at all in Vimeo) but it's either encrypted or is inside the page that needs to be parsed. These are the two options I know about and I have seen couple times that there are something like a cookie url which can help to identify a common ID. I don't remember if it was to you that I recommended Adblock plus and video search at firefox. There was another software which I think is called FreeRapid Downloader and they have all bunch of plugins which written in java that helped me get started on couple things with video sites analytics. The software doesn't work very well these days but it gives a lot of basics if you have the needed java skills(I am not pushing you to dive into it since it's not a simple task). Adblock plus gives you many details on every page you browse into and have a nice filter option. You can get into the filter and urls list using the open blockable items option in the Adblock plus firefox menu. It' much simpler then plain firefox inspect elements or firebug but it is limited a bit. Eliezer * I have read people writing in forums something like we are not spoon feeding got read the man pages and I do not like the attitude!! - Also on this specific case there is not man pages or something similar and I encourage to ask. On 12/08/2015 17:17, Yuri Voinov wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I still see no problem, if the same content under HTTP/HTTPS will deduplicated as one record. 12.08.15 20:06, Eliezer Croitoru пишет: On 12/08/2015 16:44, Yuri Voinov wrote: Hmm. You want to say will better to have HTTP/HTTPS duplicate rules for the same content? This can lead problems with YT, for example. And make storage space bigger... Now I'm trying to produce some best practice with Store-ID for myself. This is why this question occurs. I think that it's not an issue if you are bumping. Youtube these days forces https whenever they can so you will probably won't have this issue at all. HSTS is not an issue - it's quite simple to disable or force URI to bump. Issue is still different. When rules for store id is dual - http and https - this occurs problems with Chrome on PC's and mobile devices. Youtube is not a basic case but take a look at their smaller content such as youtube images which consist of one key for them all using the video ID which is different from vimeo and many others. In our country YT is basic case. This is over 80% of all video traffic. All others either blocked, or not know or unused. Vimeo Vimeo is great undocumented problem, like Google YT. But if YT is partially solved, Vimeo is completely terra incognita. :) Are you looking for some sites to analyze for practice? Sure. Eliezer ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJVy1VqAAoJENNXIZxhPexGe44IAKdrqMTNOy1P7gIn6SU66CBI Wh6cLMb8A3w/rGlhGmQ5rifpfx9BD6voYpudNhPTpnfhjZgq2ObXuS9OEV9JSwNe NcZP8KuwW196sPIvrsaK5Elc+xK1Zg52eLk9d14bpNiBu+KgG++h2BbAxX7acoyk qnYB9yR3V0VDS/HIjKBopCJ3i6COZx9lDRzyTD2IrEg2tnhJdKaPd33wLr1B474m pJEl1zek5ZSKXm6hSPg3o05K6OJNbFCnYmrz8nEm+ct/SZUbKIoNFvTm9YbyoqjP k2sqaVINekT4TSJEJAjS3I1TQDr134VkDYblZ7BUvwnsyG6rS4m3kykD/7hoNOY= =C7Ec -END PGP SIGNATURE- ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] Android
Hi guys. Is there a way to work around android under squid authentication??? I could make an ACL to a range of address that my wifi router distribute to my wifi network and deny auth for them, but I'd like to identify the Android clients and specify that just them do not need authentication. Any ideas? Thanks since now -- ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Configuring squid reverse proxy
On Wednesday 12 August 2015 at 14:38:55, joseph jose wrote: Hi, I have set up squid in reverse proxy mode to cache an apache webserver hosted in linux vm. IP of my squid reverse proxy is 10.0.0.1 and 10.0.0.2 is the ip of webserver which is also a linux vm Your squid server has only one interface and IP address? my config is as follows #acl squidallow dstdomain testsquid.com # # #http_port 10.0.0.1:80 accel defaultsite=testsquid.com # # #cache_peer 10.0.0.2 parent 80 0 no-query originserver name=squidtest #cache_peer_access squidtest allow allowsquid I sincerely hope you don't mean that these directives are all commented out, thus not having any effect? Even if they're not commented out, do you see the discrepancy between squidallow in the first line and allowsquid in the last? In the squid proxy machine i have edited the host file and set testsquid.com 10.0.0.1 (which is the ip of proxy machine itself), as proxy is configured in reverse mode, it is supposed to serve the static page from webserver (10.0.0.2). What's more important than /etc/hosts on the squid server is what machine you are running the browser on, and what does *that* machine resolve testsquid.com to? But when i open browser and search for testsquid.com, squid is logging request but returning a TCP_DENIED/403 status. Sounds like the browser is successfully seeing testsquid.com as 10.0.0.1, then, however you should be careful about trying to run tests like this on too few machines - you should have the browser on one machine, squid on a second, and the web server on a third (no matter whether any of these are real machines or VMs). Regards, Antony. -- Users don't know what they want until they see what they get. Please reply to the list; please *don't* CC me. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Which protocol uses when Stored-ID object returned by Squid?
On 12/08/2015 11:13 p.m., Yuri Voinov wrote: Hi all. Stupid question: Which protocol uses when Stored-ID object returned by Squid? I.e., when I use ssl bump, and use next rules: squid.conf: acl store_rewrite_list_web url_regex ^https?:\/\/(khms|mt)[0-9]+\.google\.[a-z\.]+\/.* ^https?:\/\/(kh[0-9]?)+\.google\.[a-z\.]+\/(.*) store_id_program /usr/local/squid/libexec/storeid_file_rewrite /usr/local/squid/etc/storeid.conf store_id_access allow store_rewrite_list_web store_id_access allow store_rewrite_list_web_CDN store_id_access allow adobe_java_updates store_id_access deny all and ^https?:\/\/(khms[\d]|mt[\d])+\.google\.[a-z\.]+\/(.*) http://gmaps.SQUIDINTERNAL/$1/$2 ^https?:\/\/(kh[\d]?)+\.google\.[a-z\.]+\/(.*) http://gearth.SQUIDINTERNAL/$1/$2 in storeid.conf, and user goes to Google Maps via HTTPS (and map is already Stored-ID), how Squid will be output stored object to client? Using the connection to the client. Whatever protocol that uses... Client shows green https connection with valid Squid CA. Access.log shows bumped https connection. HTTP or HTTPS? Store-ID is not involved with any protocols. It is simply a way to adjust the internal hash key used to store or lookup objects in the cache index. The HTTP/1.0 hash key is URI. The HTTP/1.1 hash key is URI, or for responses with Vary: header the URI plus list of all request headers named in the Vary. With Store-ID the URI is swapped with whatever the StoreID helper outputs. You could use a Store-ID helper to map like this and it would still work perfectly fine: ^https?:\/\/(khms[\d]|mt[\d])+\.google\.[a-z\.]+\/(.*) bwahahahahah@gmaps.SQUIDINTERNAL/$1/$2 ^https?:\/\/(kh[\d]?)+\.google\.[a-z\.]+\/(.*) ohnowhatyagonnado::://gearth.SQUIDINTERNAL/$1/$2 This is why we changed the name from Store-URL to Store-ID when polishing the feature port from 2.7. Its not a URL, its a cache index ID string. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Which protocol uses when Stored-ID object returned by Squid?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Thank you, Amos, for explanation. It is an exhaustive answer to my doubts. :) So, finally, I can write Store-ID map rules without any protocol prefix, or use any, no matter? I.e., ^https?:\/\/(.*?)\/(.*?)\;(?:.*?)$anysite$1.SQUIDINTERNAL/$2 ? 12.08.15 18:51, Amos Jeffries пишет: On 12/08/2015 11:13 p.m., Yuri Voinov wrote: Hi all. Stupid question: Which protocol uses when Stored-ID object returned by Squid? I.e., when I use ssl bump, and use next rules: squid.conf: acl store_rewrite_list_web url_regex ^https?:\/\/(khms|mt)[0-9]+\.google\.[a-z\.]+\/.* ^https?:\/\/(kh[0-9]?)+\.google\.[a-z\.]+\/(.*) store_id_program /usr/local/squid/libexec/storeid_file_rewrite /usr/local/squid/etc/storeid.conf store_id_access allow store_rewrite_list_web store_id_access allow store_rewrite_list_web_CDN store_id_access allow adobe_java_updates store_id_access deny all and ^https?:\/\/(khms[\d]|mt[\d])+\.google\.[a-z\.]+\/(.*) http://gmaps.SQUIDINTERNAL/$1/$2 ^https?:\/\/(kh[\d]?)+\.google\.[a-z\.]+\/(.*) http://gearth.SQUIDINTERNAL/$1/$2 in storeid.conf, and user goes to Google Maps via HTTPS (and map is already Stored-ID), how Squid will be output stored object to client? Using the connection to the client. Whatever protocol that uses... Client shows green https connection with valid Squid CA. Access.log shows bumped https connection. HTTP or HTTPS? Store-ID is not involved with any protocols. It is simply a way to adjust the internal hash key used to store or lookup objects in the cache index. The HTTP/1.0 hash key is URI. The HTTP/1.1 hash key is URI, or for responses with Vary: header the URI plus list of all request headers named in the Vary. With Store-ID the URI is swapped with whatever the StoreID helper outputs. You could use a Store-ID helper to map like this and it would still work perfectly fine: ^https?:\/\/(khms[\d]|mt[\d])+\.google\.[a-z\.]+\/(.*) bwahahahahah@gmaps.SQUIDINTERNAL/$1/$2 ^https?:\/\/(kh[\d]?)+\.google\.[a-z\.]+\/(.*) ohnowhatyagonnado::://gearth.SQUIDINTERNAL/$1/$2 This is why we changed the name from Store-URL to Store-ID when polishing the feature port from 2.7. Its not a URL, its a cache index ID string. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJVy0ZBAAoJENNXIZxhPexGgCoIALezJVmzCOSKHlPMmd5oVtWl E9ODopoyV1V29FnSnFhEJtpdXAac9CkygNMXaIBHSwW/X6O68OYiuhg8w2TRrSyS fXGhK7NXILwMEwCY/4GR51L/HSRMo8F8oS5hwYLcHiLd38o/0ceOPHHahoMSPoUI NLatPog1wtjksfR5FxUbFCKL4ATHxHbKRGlLwwbzI7ERH/01kKSGW059sPkV3nfR vMkv/LWS9mYP2LgTxBy2XMiMtAPSpghS9cg6Ewhn2BnKTrDBJX1fGOUWuPMCA+pz CQ62WL3MbRrlQhTGBNIZOn/IO2xh3tFjgr/FOyZ5uauwPtj/kv3PH6pZSqoEGjE= =RThk -END PGP SIGNATURE- ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Which protocol uses when Stored-ID object returned by Squid?
On 12/08/2015 16:12, Yuri Voinov wrote: Thank you, Amos, for explanation. It is an exhaustive answer to my doubts.:) So, finally, I can write Store-ID map rules without any protocol prefix, or use any, no matter? I.e., ^https?:\/\/(.*?)\/(.*?)\;(?:.*?)$anysite$1.SQUIDINTERNAL/$2 ? Hey Yuri, Yes indeed you can but it's recommended to use some protocol and if you have an https map it to the right one that will de-duplicate for your needs. For example there are many sites which offers both https and http for the same content while redirecting to the https many times instead of http. In this case you are better to not save the same object for http and https. All The Bests, Eliezer ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Configuring squid reverse proxy
thanks for the quick reply. Actually those lines are no commented out. and ACL name is corrected. The browser is on the proxy machine(10.0.0.1) who host file points testsquid.com to 10.0.0.1 itself. Squid which is in reverse mode listen to port 80 in 10.0.0.1 is grabbing each request. but returning TCP_DENIED/403 for testsquid.com. Instead of returning the webserver static index file As you told i have one browser machine win7 machine. in which i edited host file and set testsquid.com to 10.0.0.1(proxy machine ip) But behaviour remains same. below is my actual squid config acl PURGE method purge acl SSL_ports port 443 445 448 563 1024-65535 acl Safe_ports port 80 acl Safe_ports port 21 acl Safe_ports port 443 acl Safe_ports port 70 acl Safe_ports port 210 acl Safe_ports port 1025-65535 acl Safe_ports port 280 acl Safe_ports port 488 acl Safe_ports port 591 acl Safe_ports port 777 acl CONNECT method CONNECT acl local_addresses dst /usr/local/squid/etc/local_addresses.conf acl allowsquid dstdomain testsquid.com httpd_suppress_version_string on cache allow all cache_effective_user nobody cache_effective_group nobody cache_log /usr/local/squid/var/logs/cache.1.100.log cache_store_log none half_closed_clients off hierarchy_stoplist $ cgi ? ; .asp .shtml localhost http_access allow manager localhost http_access allow allowsquid http_access allow manager cachemgr http_access deny manager http_access deny CONNECT !SSL_ports http_access deny CONNECT local_addresses http_access allow purge localhost http_access allow purge cachemgr http_access deny purge http_access allow all http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny all http_reply_access allow all log_icp_queries off maximum_object_size 0 KB maximum_object_size_in_memory 0 KB request_header_max_size 64 KB reply_header_max_size 64 KB strip_query_terms off uri_whitespace encode visible_hostname squidproxy icp_access allow all http_port 10.0.0.1:80 accel defaultsite=testsquid.com cache_peer 10.0.0.2 parent 80 0 no-query originserver name=squidtest cache_peer_access squidtest allow allowsquid cache_peer_access squidtest deny all acl QUERY urlpath_regex cgi-bin \? cache deny QUERY refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 Is there anything faulty in my config? Regards, Joseph On Wed, Aug 12, 2015 at 6:22 PM, Antony Stone antony.st...@squid.open.source.it wrote: On Wednesday 12 August 2015 at 14:38:55, joseph jose wrote: Hi, I have set up squid in reverse proxy mode to cache an apache webserver hosted in linux vm. IP of my squid reverse proxy is 10.0.0.1 and 10.0.0.2 is the ip of webserver which is also a linux vm Your squid server has only one interface and IP address? my config is as follows #acl squidallow dstdomain testsquid.com # # #http_port 10.0.0.1:80 accel defaultsite=testsquid.com # # #cache_peer 10.0.0.2 parent 80 0 no-query originserver name=squidtest #cache_peer_access squidtest allow allowsquid I sincerely hope you don't mean that these directives are all commented out, thus not having any effect? Even if they're not commented out, do you see the discrepancy between squidallow in the first line and allowsquid in the last? In the squid proxy machine i have edited the host file and set testsquid.com 10.0.0.1 (which is the ip of proxy machine itself), as proxy is configured in reverse mode, it is supposed to serve the static page from webserver (10.0.0.2). What's more important than /etc/hosts on the squid server is what machine you are running the browser on, and what does *that* machine resolve testsquid.com to? But when i open browser and search for testsquid.com, squid is logging request but returning a TCP_DENIED/403 status. Sounds like the browser is successfully seeing testsquid.com as 10.0.0.1, then, however you should be careful about trying to run tests like this on too few machines - you should have the browser on one machine, squid on a second, and the web server on a third (no matter whether any of these are real machines or VMs). Regards, Antony. -- Users don't know what they want until they see what they get. Please reply to the list; please *don't* CC me. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Which protocol uses when Stored-ID object returned by Squid?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 12.08.15 19:39, Eliezer Croitoru пишет: On 12/08/2015 16:12, Yuri Voinov wrote: Thank you, Amos, for explanation. It is an exhaustive answer to my doubts.:) So, finally, I can write Store-ID map rules without any protocol prefix, or use any, no matter? I.e., ^https?:\/\/(.*?)\/(.*?)\;(?:.*?)$anysite$1.SQUIDINTERNAL/$2 ? Hey Yuri, Yes indeed you can but it's recommended to use some protocol and if you have an https map it to the right one that will de-duplicate for your needs. For example there are many sites which offers both https and http for the same content while redirecting to the https many times instead of http. In this case you are better to not save the same object for http and https. Hmm. You want to say will better to have HTTP/HTTPS duplicate rules for the same content? This can lead problems with YT, for example. And make storage space bigger... Now I'm trying to produce some best practice with Store-ID for myself. This is why this question occurs. All The Bests, Eliezer ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJVy024AAoJENNXIZxhPexGHnIIAM4Gn2rE81NHPFvfGeBfrZqj H1pEXiaMM/1IXi6rT8nDcG6L8+ElnuodfoUYcFvxH2p3XKmwPUcaI1iyGbwIfKKH DsOGYBIlPYgaa9Ypi1IrBO8BoM3seYYYSZJZQ6HEW3EAiLVMeHR60pWsPMBI3ddV tfq2vyc9/FR2YiQjlARe/BACG7nsmffQzC/s3M77k1bCFkN75+Bb/RGdJ1D87beS PoVFAjjb3K1gDMMagRMhx4KoLgLXwriliHVxBs2VhWqdLR+E1brBNl2v77FvqbAX kYj++JxzDKQRIQgmX23SG6vgZi0i+UJtiPTKgT/m0n2um+H9mUcsdvLcJiGkce4= =16uO -END PGP SIGNATURE- ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Android
Of course you can always use 'acl aclname browser' to identify some specific agents and, using that, try to match android browsers. however, that would be basically impossible to guarantee to work 100% because softwares that calls HTTP requests can always sent different identifications and, thus, your rule will not match. And those rules would allow, also, other browsers/OSs to fake their agent-id and, forcing something that will look like an Android to you, have the access allowed without authentication. You can try, but i would say you can never have a fully 100% working and 100% fake-proof setup on that scenario. Em 12/08/15 14:09, Jorgeley Junior escreveu: Hi guys. Is there a way to work around android under squid authentication??? I could make an ACL to a range of address that my wifi router distribute to my wifi network and deny auth for them, but I'd like to identify the Android clients and specify that just them do not need authentication. Any ideas? Thanks since now -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users