Re: [squid-users] Certificate transparency: problem for ssl-bumping, no effect, or?

[Linda W]

Yuri Voinov wrote:

Hope at this. It is difficult to make long-term plans if the software
has to die soon. :)
  

---

..And if SW doesn't die "soon", but only a little later?  I.e. with
google's AI designing new encryption algorithms today (nothing
said about quality), how long before they can have an AI replacing
most of us?  Even now PC's seem to be "short-timers" as mass-users
are migrated to hand-held, consume-only platforms, and PC's evolve
into tomorrows unaffordable mini-compute-cloud servers.

PC's have always been too dangerous to allow in everyone's home
unless they are locked down and become "content platforms"
to play content similar to how game consoles are now.
It seems it will be hard just to afford an X84-64 compat
CPU with those getting more & more cores (and more expensive) and
consumers being shunted over to the more affordable and
the comparatively, celeron-classed, Atom CPUs.

A year goes by quickly enough these days, to at least get an
advanced "head-up" on such new "standards"...




___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid 4.0.16 still signed by old key

[Amos Jeffries]

On 2/11/2016 8:31 a.m., Garri Djavadyan wrote:
> According to the announce [1], Squid 4.0.16 and later should be signed
> by the new key B06884EDB779C89B044E64E3CD6DBF8EF3B17D3E, but it is still
> signed by the old Squid 3 key EA31CC5E9488E5168D2DCC5EB268E706FF5CF463:
> 
> $ gpg2 --verify squid-4.0.16.tar.xz.asc squid-4.0.16.tar.xz
> gpg: Signature made Sun 30 Oct 2016 07:45:12 PM UZT
> gpg:using RSA key B268E706FF5CF463
> gpg: Good signature from "Amos Jeffries " [ultimate]
> gpg: aka "Amos Jeffries (Squid 3.0 Release Key)
> " [ultimate]
> gpg: aka "Amos Jeffries (Squid 3.1 Release Key)
> " [ultimate]
> gpg: aka "Amos Jeffries " [ultimate]
> 
> 
> [1]
> http://lists.squid-cache.org/pipermail/squid-users/2016-October/013299.html

Darn. I missed one parameter in the script. Sorry.

New .asc files are now uploaded with the correct signatures. They should
be visible in the next few hours.

Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Can Squid communicate http to clients connecting to https sites?

[Amos Jeffries]

On 2/11/2016 12:55 p.m., vze2k3sa wrote:
> Hi,
> 
> I have a question around have Squid which is configured to handle all
> company traffic to and from the web. When connecting to an SSL website, HTTP
> Connect is used. Can Squid be configured so all the inbound SSL traffic is
> SSL decrypted and send back to clients as clear text http traffic?


The CONNECT message *is* clear-text HTTP. So already it is doing what
you asked. But I think what you want is not want you are asking for.

Squid supports receiving requests for https:// URLs from clients on
regular TCP connections and will perform the HTTPS part for them.

Squid also supports clients using TLS to connect to the proxy, then to
pass it requests for https:// URLs. There is a sad lack of clients that
support doing that though.


If the client is performing TLS to the origin server, then no. You
cannot reply with plain-text HTTP to them. Your only choice in that case
is the SSL-Bump feature.

Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Can Squid communicate http to clients connecting to https sites?

[vze2k3sa]

Hi,

 

I have a question around have Squid which is configured to handle all
company traffic to and from the web. When connecting to an SSL website, HTTP
Connect is used. Can Squid be configured so all the inbound SSL traffic is
SSL decrypted and send back to clients as clear text http traffic?

 

Thanks for any input up front. 

 

-Patrick 

 

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Certificate transparency: problem for ssl-bumping, no effect, or?

[Yuri Voinov]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
 


02.11.2016 2:58, Alex Rousskov пишет:
> On 11/01/2016 02:47 PM, Yuri Voinov wrote:
>
>> if the SSL bump will be impossible to do -
>> whether it should be understood that in such a situation you close the
>> project Squid as unnecessary? :) Seriously, why does it then need to be
>> in a world without HTTP?
>
> Believe it or not, there are still many Squid use cases where bumping is
"Wow, Plop-Plop, what a terrible story" ;)
>
> unnecessary. This includes, but is not limited to, HTTPS proxying cases
> with peek/splice/terminate rules and environments where Squid possesses
Sure, I know. I meet this every day exactly. This is no problem still
remains relatively low percent.
>
> the certificate issued by CAs trusted by clients. There are also IETF
> attempts to standardize transmission of encrypted but proxy-cachable
> content.
Hope they not completely headless.
>
>
> I agree that Squid user base will shrink if nobody can bump 3rd party
> traffic, but that reduction alone will not kill Squid.
Hope at this. It is difficult to make long-term plans if the software
has to die soon. :)
>
>
> Alex.

- -- 
Cats - delicious. You just do not know how to cook them.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBCAAGBQJYGQMgAAoJENNXIZxhPexGocQIAMU0g7zH7B7gMwgatt2PdA27
Jx+Frqnh+V8fYDEtLYwWRwSO5EmtCIG2Zx90LYiljN6mxvKd7hCBseJczf7nTsh4
bLumPaX6VWOLrPBGDRuWvqXfn6xFDX3uBLqyTWQUnNX6GuiuqkGQ2JvXctbNQA1A
NV0VYM5Dg/p/JZDKqQdB41ip7IEm+mWp7xcd7S377or0vNkiVS4oZWj0goYZGER5
yuWg9K2TA5HbLhjBou+G6VXPCLx5LDTCAl9gxTLm/qc/v/6cO1Wi6LxhAI7YOBuR
c/r5Rqj+bsbWqxD3ma9Pdg2m+WR8Z15mSTRm+jFYlsjae9b8ApggDXaabLWuL4I=
=kuNU
-END PGP SIGNATURE-



0x613DEC46.asc
Description: application/pgp-keys
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Certificate transparency: problem for ssl-bumping, no effect, or?

[Alex Rousskov]

On 11/01/2016 02:47 PM, Yuri Voinov wrote:

> if the SSL bump will be impossible to do -
> whether it should be understood that in such a situation you close the
> project Squid as unnecessary? :) Seriously, why does it then need to be
> in a world without HTTP?

Believe it or not, there are still many Squid use cases where bumping is
unnecessary. This includes, but is not limited to, HTTPS proxying cases
with peek/splice/terminate rules and environments where Squid possesses
the certificate issued by CAs trusted by clients. There are also IETF
attempts to standardize transmission of encrypted but proxy-cachable
content.

I agree that Squid user base will shrink if nobody can bump 3rd party
traffic, but that reduction alone will not kill Squid.

Alex.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Certificate transparency: problem for ssl-bumping, no effect, or?

[Yuri Voinov]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
 


02.11.2016 2:03, Alex Rousskov пишет:
> On 10/31/2016 04:13 PM, L. A. Walsh wrote:
>> Google is pushing this for all websites by October 2017
>
> Just Extended Validation (EV) sites, to be exact AFAICT. All other sites
> will be forced into the new scheme sometime later. Naturally, this may
> result in requests to downgrade mimicked server certificates to remove
> the EV extension (assuming we mimic it today).
>
>
>>https://www.certificate-transparency.org/what-is-ct
>>
>> Seems to indicate that site-local generated and imported
>> certs may also be detected as invalid and be disallowed for
>> SSL connection approvals.  That would be a major pain
>
> The question is whether the affected browsers will have knobs to disable
> CT checks or perhaps to configure custom Certificate Log addresses. If
> everything is hard-coded, then bumping is doomed. Otherwise, expect more

Alex, you can at this point a little more? Since all Internet smoothly
passes under HTTPS, and if  the SSL bump will be impossible to do -
whether it should be understood that in such a situation you close the
project Squid as unnecessary? :) Seriously, why does it then need to be
in a world without HTTP?

>
> sysadmin pains. You can probably answer that question now by studying
System administrators should always suffer. :) You'd think they now have
a little pain with the installation of the proxy certificates to mobile
devices. :) By the way, these crutches in HTTPS have no sense if they
can be in some way disabled. It is my deep personal conviction. :)
>
> Chrome configuration.
>
> Alex.
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

- -- 
Cats - delicious. You just do not know how to cook them.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBCAAGBQJYGP9sAAoJENNXIZxhPexGPtgH/im0L/lHtPDcV3vXp8a+OSYn
dQYtfz/gcEBZR4IcWLq7DWg6feJ62ksZwq+ukqnYS9toOMTHzm20ihztqmyCqVa8
qvLPN+9Y/TO9bapt/ed9dqlO1O/N0gMSH8tsJQ/JSjncIfIORPeKQZ7XUYP7wPfA
pdGYZKAPNfyGidQblfWTFvDeOhcuoHj8YdUQ8cjtD6wj+A7p5zpuCydasY+VFJhk
lFjsxpRYUfu2IbQIaSj2uUgShVVaff7oDG1xIUEpfK0JLTlNBoC4hWl62saTNiqM
7AwGL8OXgP8FeOaY3raDTV9zG7G5BnINTdxoMLFsKoopbPA58GdZVpq3sBeKGAI=
=v2JO
-END PGP SIGNATURE-



0x613DEC46.asc
Description: application/pgp-keys
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Certificate transparency: problem for ssl-bumping, no effect, or?

[Alex Rousskov]

On 10/31/2016 04:13 PM, L. A. Walsh wrote:
> Google is pushing this for all websites by October 2017

Just Extended Validation (EV) sites, to be exact AFAICT. All other sites
will be forced into the new scheme sometime later. Naturally, this may
result in requests to downgrade mimicked server certificates to remove
the EV extension (assuming we mimic it today).


>https://www.certificate-transparency.org/what-is-ct
> 
> Seems to indicate that site-local generated and imported
> certs may also be detected as invalid and be disallowed for
> SSL connection approvals.  That would be a major pain

The question is whether the affected browsers will have knobs to disable
CT checks or perhaps to configure custom Certificate Log addresses. If
everything is hard-coded, then bumping is doomed. Otherwise, expect more
sysadmin pains. You can probably answer that question now by studying
Chrome configuration.

Alex.

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Squid 3.5.22-1 is available for Ubuntu 16.04 LTS (online repo ubuntu16.diladele.com)

[Rafael Akchurin]

Greetings everyone,



The Squid 3.5.22-1 package for Ubuntu 16.04 LTS is now available. This version 
is recompiled using Squid DEB source from Debian Testing with some changes 
required to support SSL bump / libecap3 on Ubuntu 16.04 LTS. Note - It took so 
long because we just rebuild a package from Debian Testing.



* Original release notes are at 
http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.22-RELEASENOTES.html

* The online repo is at http://ubuntu16.diladele.com/

* Tutorial showing how we rebuilt Squid 3.5.22 on Ubuntu 16.04 LTS 
http://docs.diladele.com/tutorials/build_squid_ubuntu16/index.html

* Scripts we used to build it are at https://github.com/diladele/squid-ubuntu



If you have installed previous version from this repo then please run "sudo 
apt-get update && sudo apt-get upgrade".  Please also check that your current 
squid.conf file from previous version is not overwritten.

If you are installing this version for the first time run the following 
commands:



# add diladele apt key

wget -qO - http://packages.diladele.com/diladele_pub.asc | apt-key add -



# add repo

echo "deb http://ubuntu16.diladele.com/ubuntu/ xenial main" > 
/etc/apt/sources.list.d/ubuntu16.diladele.com.list



# update the apt cache

apt-get update



# install

apt-get install libecap3

apt-get install squid-common

apt-get install squid

apt-get install squidclient



All questions/comments and suggestions are welcome at 
supp...@diladele.com or here in the mailing list.



Best regards,

Rafael Akchurin

Diladele B.V.

https://www.diladele.com/



--

Please take a look at Web Safety - our ICAP based web filter server for Squid 
proxy at https://www.diladele.com/.





___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Squid 4.0.16 still signed by old key

[Garri Djavadyan]

According to the announce [1], Squid 4.0.16 and later should be signed 
by the new key B06884EDB779C89B044E64E3CD6DBF8EF3B17D3E, but it is still 
signed by the old Squid 3 key EA31CC5E9488E5168D2DCC5EB268E706FF5CF463:


$ gpg2 --verify squid-4.0.16.tar.xz.asc squid-4.0.16.tar.xz
gpg: Signature made Sun 30 Oct 2016 07:45:12 PM UZT
gpg:using RSA key B268E706FF5CF463
gpg: Good signature from "Amos Jeffries " [ultimate]
gpg: aka "Amos Jeffries (Squid 3.0 Release Key) 
" [ultimate]
gpg: aka "Amos Jeffries (Squid 3.1 Release Key) 
" [ultimate]
gpg: aka "Amos Jeffries " 
[ultimate]



[1] 
http://lists.squid-cache.org/pipermail/squid-users/2016-October/013299.html

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] iOS 10.x, https and squid

[Yuri Voinov]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
 


02.11.2016 0:47, Eugene M. Zheganin пишет:
> Hi.
>
> Does anyone have issues with iOS 10.x devices connecting through proxy
(3.5.x) to the https-enabled sites ? Because I do. Non-https sites work
just fine, but https ones just stuck on loading. First I thought that
this is a problem with sslBump and disabled it, but this didn't help. I
got in access log this:
>
> 1478024222.324 48 192.168.243.10 TCP_DENIED/407 4388 CONNECT
www.cisco.com:443 - HIER_NONE/- text/html
> 1478024222.373  0 192.168.243.10 TCP_DENIED/407 4649 CONNECT
www.cisco.com:443 - HIER_NONE/- text/html
> 1478024222.468 53 192.168.243.10 TCP_TUNNEL/200 0 CONNECT
www.cisco.com:443 emz HIER_DIRECT/2a02:26f0:18:185::90 -
>
> and when requesting http version:
>
> 1478024355.685 69 192.168.243.10 TCP_MISS/200 14297 GET
http://www.cisco.com/ emz HIER_DIRECT/2a02:26f0:18:19e::90 text/html
> 1478024355.885 47 192.168.243.10 TCP_MISS/304 335 GET
http://www.cisco.com/etc/designs/cdc/clientlibs/responsive/css/cisco-sans.min.css
emz HIER_DIRECT/2a02:26f0:18:19e::90 text/css
> 1478024355.910 45 192.168.243.10 TCP_REFRESH_UNMODIFIED/304 341
GET
http://players.brightcove.net/1384193102001/NJgI8K0ie_default/index.min.js
emz HIER_DIRECT/2.22.40.126 application/javascript
> 1478024355.942  0 192.168.243.10 TCP_DENIED/407 6611 GET
http://www.cisco.com/etc/designs/catalog/ps/clientlib-all/custom-fonts/cisco-sans.min.css
- HIER_NONE/- text/html
> 1478024355.969 60 192.168.243.10 TCP_MISS/304 335 GET
http://www.cisco.com/etc/designs/catalog/ps/clientlib-all/css/cisco-sans.min.css
emz HIER_DIRECT/2a02:26f0:18:19e::90 text/css
>
> [...lots of other access stuff...]
>
> Some may think "dude, you just misconfigured your squid". But the
thing is, other browsers just work (and I don't have MacBook to test if
laptops will), I have a couple of iPhones, they don't work. Funny thing:
with disabled authentication (when my iphone IP is allowed) the browser
on iOS loads https sites just fine.
Use interception proxy, Luke :) For iPhones :)
>
> Thanks.
>
> Eugene.
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

- -- 
Cats - delicious. You just do not know how to cook them.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBCAAGBQJYGOkcAAoJENNXIZxhPexGmOUH/1zTdrYouHq0Ca+34IWSz07k
gP3bPhOWSnjIDmdI0emWmexzYyPeazLnLau7PwZ4EBwgAKgfZAADYCBtQt+B9ZKz
4zr1ETnV3QSYmd3RVt++BF1FyPiyexYDlvWuxkLrMOFm0E3V4gr786eaP872rhuN
RehPQMcGLahI440/KyCR+pxHd030qo6zWOHf+V1E2W+bkCOrQQAUjAe5rySbZHD1
x71kr3OeIptmt89Q9F9GuXLwtiUS+okbcIzVv6xT48RNAz1h7WEA6gqMYyJRxeqZ
2BSOlQ7ehj411KPNM1ipzP0CrCrfC+M5Qr0bpKZ4gsZOlKHxgOBLR5tC4aVyqlQ=
=hT2y
-END PGP SIGNATURE-



0x613DEC46.asc
Description: application/pgp-keys
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] iOS 10.x, https and squid

[Yuri Voinov]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
 


02.11.2016 0:47, Eugene M. Zheganin пишет:
> Hi.
>
> Does anyone have issues with iOS 10.x devices connecting through proxy
(3.5.x) to the https-enabled sites ? Because I do. Non-https sites work
just fine, but https ones just stuck on loading. First I thought that
this is a problem with sslBump and disabled it, but this didn't help. I
got in access log this:
>
> 1478024222.324 48 192.168.243.10 TCP_DENIED/407 4388 CONNECT
www.cisco.com:443 - HIER_NONE/- text/html
> 1478024222.373  0 192.168.243.10 TCP_DENIED/407 4649 CONNECT
www.cisco.com:443 - HIER_NONE/- text/html
> 1478024222.468 53 192.168.243.10 TCP_TUNNEL/200 0 CONNECT
www.cisco.com:443 emz HIER_DIRECT/2a02:26f0:18:185::90 -
>
> and when requesting http version:
>
> 1478024355.685 69 192.168.243.10 TCP_MISS/200 14297 GET
http://www.cisco.com/ emz HIER_DIRECT/2a02:26f0:18:19e::90 text/html
> 1478024355.885 47 192.168.243.10 TCP_MISS/304 335 GET
http://www.cisco.com/etc/designs/cdc/clientlibs/responsive/css/cisco-sans.min.css
emz HIER_DIRECT/2a02:26f0:18:19e::90 text/css
> 1478024355.910 45 192.168.243.10 TCP_REFRESH_UNMODIFIED/304 341
GET
http://players.brightcove.net/1384193102001/NJgI8K0ie_default/index.min.js
emz HIER_DIRECT/2.22.40.126 application/javascript
> 1478024355.942  0 192.168.243.10 TCP_DENIED/407 6611 GET
http://www.cisco.com/etc/designs/catalog/ps/clientlib-all/custom-fonts/cisco-sans.min.css
- HIER_NONE/- text/html
> 1478024355.969 60 192.168.243.10 TCP_MISS/304 335 GET
http://www.cisco.com/etc/designs/catalog/ps/clientlib-all/css/cisco-sans.min.css
emz HIER_DIRECT/2a02:26f0:18:19e::90 text/css
>
> [...lots of other access stuff...]
>
> Some may think "dude, you just misconfigured your squid". But the
thing is, other browsers just work (and I don't have MacBook to test if
laptops will), I have a couple of
We also do not have iPhones and :)
> iPhones, they don't work. Funny thing: with disabled authentication (when my 
> iphone IP is allowed) the
browser on iOS loads https sites just fine.
>
> Thanks.
>
> Eugene.
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

- -- 
Cats - delicious. You just do not know how to cook them.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBCAAGBQJYGOi/AAoJENNXIZxhPexGUTIH/07rehBiBwbNEhI29vLgyYYq
06SMhJawgucwxnjtXZ9MO+wSDFoghEVmp9Kl6JoyBfZym6sGPvm/ARUNAtxLOQzc
bonDAKyM5w95/QymBPe3M2P/xOTMyq69HZxfrS3JFduYWNqnbO5IZz6ssnt5bp4t
7eQ1qRZJCdtzWRGh2wPu00NwNhdlweZrN/IeG9pFcr3j0ib1BGngCEiaKqoBGGLw
la1Ne+FT38eGMmvYH19znxg/as1QgLzh9V8CDYN15+HQS3vtfWyVvs0p3Fvs/V95
PU1HUv5WQmjKNq7EDM6UpG6rnizbrug1iyoQGLsnOJ/F0MW74Za3CJp0eiUVgP0=
=fN0v
-END PGP SIGNATURE-



0x613DEC46.asc
Description: application/pgp-keys
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] iOS 10.x, https and squid

[Eugene M. Zheganin]

Hi.

Does anyone have issues with iOS 10.x devices connecting through proxy 
(3.5.x) to the https-enabled sites ? Because I do. Non-https sites work 
just fine, but https ones just stuck on loading. First I thought that 
this is a problem with sslBump and disabled it, but this didn't help. I 
got in access log this:


1478024222.324 48 192.168.243.10 TCP_DENIED/407 4388 CONNECT 
www.cisco.com:443 - HIER_NONE/- text/html
1478024222.373  0 192.168.243.10 TCP_DENIED/407 4649 CONNECT 
www.cisco.com:443 - HIER_NONE/- text/html
1478024222.468 53 192.168.243.10 TCP_TUNNEL/200 0 CONNECT 
www.cisco.com:443 emz HIER_DIRECT/2a02:26f0:18:185::90 -


and when requesting http version:

1478024355.685 69 192.168.243.10 TCP_MISS/200 14297 GET 
http://www.cisco.com/ emz HIER_DIRECT/2a02:26f0:18:19e::90 text/html
1478024355.885 47 192.168.243.10 TCP_MISS/304 335 GET 
http://www.cisco.com/etc/designs/cdc/clientlibs/responsive/css/cisco-sans.min.css 
emz HIER_DIRECT/2a02:26f0:18:19e::90 text/css
1478024355.910 45 192.168.243.10 TCP_REFRESH_UNMODIFIED/304 341 GET 
http://players.brightcove.net/1384193102001/NJgI8K0ie_default/index.min.js 
emz HIER_DIRECT/2.22.40.126 application/javascript
1478024355.942  0 192.168.243.10 TCP_DENIED/407 6611 GET 
http://www.cisco.com/etc/designs/catalog/ps/clientlib-all/custom-fonts/cisco-sans.min.css 
- HIER_NONE/- text/html
1478024355.969 60 192.168.243.10 TCP_MISS/304 335 GET 
http://www.cisco.com/etc/designs/catalog/ps/clientlib-all/css/cisco-sans.min.css 
emz HIER_DIRECT/2a02:26f0:18:19e::90 text/css


[...lots of other access stuff...]

Some may think "dude, you just misconfigured your squid". But the thing 
is, other browsers just work (and I don't have MacBook to test if 
laptops will), I have a couple of iPhones, they don't work. Funny thing: 
with disabled authentication (when my iphone IP is allowed) the browser 
on iOS loads https sites just fine.


Thanks.

Eugene.

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Getting "browser history" from squid logs

[Yuri Voinov]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
 


01.11.2016 23:01, Andrea Venturoli пишет:
> Hello.
>
> I'd think this question would have appeared so many times, still
searching the web did not help...
>
> I'm familiar with Squid logs and even with some of the several
software that produces reports out of that.
> However I've been asked to provide something close to a browser
history, i.e. get the address of the visited pages (without all the
links to scripts, images, advertisement, css, etc...).
>
> Is that possible at all?
Partially.
> Any software that can achieve that?
grep
>
>  bye & Thanks
> av.
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

- -- 
Cats - delicious. You just do not know how to cook them.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBCAAGBQJYGNE8AAoJENNXIZxhPexGYQwH/30EyjfiEf4NETPT9X5CvRNx
ZHSMvNHuLSYsrs/HI4mJLe90rPbkh/8pSZFWuhgWbCgkHiO4wMJoiJ+HKW3nbuDh
SuEEW+UhCCQNI6eu77lkdbmuJYIJLHGmkIay1wjo5kdDUopb57q/A2nkKZTBwfKz
B4GCvxGTHcjAvs/+Q7vYSyzJ7O5+kp9kveKfF5eUoxrJaLyYFO8+i5PKrta5IvE3
k2uYPrUVMIUFPmnHk1aYMQboo/oVvB43K54iPSDhsdad6pebNh8IGVm/3hvAVnmU
yCJrUjajK7uEx0AJ0yYn5bpR+2TZNAmfMnEQgSZw/sErcr7aelUUAb5RJjpveOg=
=UQKJ
-END PGP SIGNATURE-



0x613DEC46.asc
Description: application/pgp-keys
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Getting "browser history" from squid logs

[Yuri Voinov]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
 
As you certainly know, the history of the browser is not the same as the
proxy access log.

Putting the problem, as a rule should clarify - what you want to
achieve? If the purpose forensic - from this point of view there is no
difference.

01.11.2016 23:01, Andrea Venturoli пишет:
> Hello.
>
> I'd think this question would have appeared so many times, still
searching the web did not help...
>
> I'm familiar with Squid logs and even with some of the several
software that produces reports out of that.
> However I've been asked to provide something close to a browser
history, i.e. get the address of the visited pages (without all the
links to scripts, images, advertisement, css, etc...).
>
> Is that possible at all?
> Any software that can achieve that?
>
>  bye & Thanks
> av.
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

- -- 
Cats - delicious. You just do not know how to cook them.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBCAAGBQJYGNEcAAoJENNXIZxhPexGh3sH+gLzjMZH/J/fQkFKa5+1zbk5
OzpaFz06Gyzkgi4/YWHiWzk6BTGe1XZyLakX6FpJttBRwes33MsZbjH8s6lRByF3
W54Ndnc/vKN+cIjwJELmrZz+LnzphfIpB+o2sUZHoNm+p2apnkNKI09Qdw1B0t/w
dAOHXl3qbQFmpPXHZEG2+ebzCLFwuuwtB1kcaqio0/b13Hb6SRd66oJNMtnMwwcl
nGxYzzmHIvJONDErv03ImLYbyDpWjObnDcieGIlAmNKHuUSvDwM/5MAfSEJoOV8F
uYrgWvtuqVzZwMc3JWKz0TXpiUcnl9SAnN1Z02oPVcPdxUyjKDAa4KYOy64IQmo=
=nA1s
-END PGP SIGNATURE-



0x613DEC46.asc
Description: application/pgp-keys
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users