Re: [squid-users] Proxing only special file types
On 2/6/19 3:48 AM, alexmaystat wrote: > Is it possible to inspect and add JS code only to files of a specific file > type (for example, only to JS text/javascript). Yes, provided you can trust Content-Type response headers (or equivalent). If you do trust them, then you can configure Squid to adapt only responses that have Content-Type set to, say, text/javascript. The above assumes that by "inspect" you mean inspect by an eCAP adapter. Squid itself would still inspect (i.e., "see" and "parse") every HTTP message it proxies, of course. > Or it is possible to proxy only JS files, and send the rest of the content > and requests outside squid proxy? This is only possible (in some cases) using client-side tools like browser PAC configuration files. If you can write a simple Javascript program that can determine whether the pending request is for a "JS file", and you can configure the browser to use your program (by loading your PAC file), then you can restrict Squid traffic to those "JS file" transactions. As you probably know by now, modifying proxied response content is usually difficult and often illegal. For more details, see https://answers.launchpad.net/ecap/+faq/1793 HTH, Alex. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Bad HTTP header error on non-standard HTTP response code
On 2/6/19 10:39 AM, Ivan Larionov wrote: > is there an option to change squid 4 behavior to match squid 3? It is easy to relax Squid response parser to accept more syntactically invalid HTTP responses, but one would need a good use case to do so officially because of the problems with HTTP/0 responses (that Amos has mentioned) and other message smuggling dangers. A single case of an unusual/rare broken origin server is unlikely to be sufficient for this IMHO. Alex. P.S. If you want to patch your Squid, look for the tok.int64() call in Http::One::ResponseParser::parseResponseStatusAndReason(). ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] ssl-bump does not redirect to block page
On 2/6/19 12:57 PM, Amos Jeffries wrote: > On 7/02/19 3:52 am, leo messi wrote: >> My squid config is something like this: >> acl blk ssl::server_name .google.com >> http_access deny blk >> http_access allow all >> ssl_bump peek step1 >> ssl_bump splice all >> My problem is when i block some pages like google.com,my firefox browser >> show "secure connection failed",but i want it to show block page or >> warning page, how can i do this? > To cause anything at all to display in the browser you require fully > decrypting the traffic. Correct. > aka the 'bump' action. This part is misleading: Modern Squids _automatically_ bump connections to report [access denied] errors -- no explicit bump action is required (or even desirable). I do not know whether * that bumping does not happen for leo (e.g., due to Squid bugs), or * it does happen, but the browser refuses to show the error page anyway (because of certificate pinning and/or because Squid did not have enough information to properly bump the client connection using just step1 knowledge). A packet capture or an ALL,2 cache.log may distinguish those two cases. Alex. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Building Squid 3.5 for Win2k with SSL
On 11/02/19 1:02 am, Reinhard Zumpf Dipl.-Ing. wrote: > Dear Gentlemen, > > was anyone successful in building Squid 3.5 for Win2k with SSL (> > OpenSSL 1.0.1 / TLS 1.2) so far? > The oldest Windows I have had Squid-3.x building was Win7. But my work was on the native builds with MinGW-w64. The Cygwin environment is a different beast entirely - much more POSIX and Linux. > If not, I will not be able to do it without an tremendous amount of > support, which is a great pity, if Squid can only be used on x64 while > the field of application spans over mitigating TLS compatibility > problems for older x86 servers (eg. php4 with cURL w/o TLS1.2, which > is needed for several APIs), too. > Squid can be run on any machine and still do that job. You do not have to limit yourself to old hardware or Win2k OS to achieve. Just have routing and NAT systems enforcing clients traffic goes through the proxy if you are the ISP for them. Or advertise the proxy IP address instead of the old server address if you are running the service. Or both if you have a mixed environment. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Building Squid 3.5 for Win2k with SSL
Dear Gentlemen, was anyone successful in building Squid 3.5 for Win2k with SSL (> OpenSSL 1.0.1 / TLS 1.2) so far? If not, I will not be able to do it without an tremendous amount of support, which is a great pity, if Squid can only be used on x64 while the field of application spans over mitigating TLS compatibility problems for older x86 servers (eg. php4 with cURL w/o TLS1.2, which is needed for several APIs), too. Best Regards Reinhard Am So., 10. Feb. 2019 um 11:53 Uhr schrieb Rafael Akchurin : > > Hello Amos, Reinhard, > > Interestingly enough this error does not popup when building Squid on 64-bit > Cygwin. > Might be some 32-bit installation glitch? > > Best regards, > Rafael Akchurin > Diladele B.V. > > > > -Original Message- > From: squid-users On Behalf Of > Amos Jeffries > Sent: Sunday, 10 February 2019 11:30 > To: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] Building Squid 3.5 for Win2k with SSL > > On 10/02/19 9:56 pm, Reinhard Zumpf Dipl.-Ing. wrote: > > Hi, > > > > thanks so much for helping out. I managed to get configure run through > > now as described from Diladele. > > > > But, make terminates like that: > > > > ... > > mv -f $depbase.Tpo $depbase.Po > > depbase=`echo SBuf.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`;\ > > g++ -DHAVE_CONFIG_H -DDEFAULT_CONFIG_FILE=\"/etc/squid/squid.conf\" > > -DDEFAULT_SQUID_DATA_DIR=\"/usr/share/squid\" > > -DDEFAULT_SQUID_CONFIG_DIR=\"/etc/squid\" -I.. -I../include -I../lib > > -I../src -I../include-I../src -I/usr/include/libxml2 > > -I/usr/include/libxml2 -Wall -Wpointer-arith -Wwrite-strings > > -Wcomments -Wshadow -Woverloaded-virtual -pipe -D_REENTRANT -g -O2 > > -march=native -MT SBuf.o -MD -MP -MF $depbase.Tpo -c -o SBuf.o SBuf.cc > > &&\ mv -f $depbase.Tpo $depbase.Po > > SBuf.cc: In Elementfunktion »SBuf::size_type SBuf::rfind(char, > > SBuf::size_type) const«: > > SBuf.cc:760:21: Fehler: »memrchr« wurde in diesem Gültigkeitsbereich > > nicht definiert > > const void *i = memrchr(buf(), (int)c, (size_type)endPos); > > ^~~ > > SBuf.cc:760:21: Anmerkung: empfohlene Alternative: »memchr« > > const void *i = memrchr(buf(), (int)c, (size_type)endPos); > > ^~~ > > memchr > > make[3]: *** [Makefile:7173: SBuf.o] Fehler 1 > > make[3]: Verzeichnis „/home/synrzu/squid-3.5.28/src“ wird verlassen > > make[2]: *** [Makefile:7296: all-recursive] Fehler 1 > > make[2]: Verzeichnis „/home/synrzu/squid-3.5.28/src“ wird verlassen > > make[1]: *** [Makefile:6157: all] Fehler 2 > > make[1]: Verzeichnis „/home/synrzu/squid-3.5.28/src“ wird verlassen > > make: *** [Makefile:581: all-recursive] Fehler 1 > > > > It is the latest x86 cygwin with all packages mentioned by Diladele > > and Squid 3.5.28 sources. > > > > What can I do? > > > > I'm not familiar enough with Cygwin to be specific, sorry. You will need to > track down where the memrchr is defined and make sure that file gets included > properly by the compiler. > > Rafael has not mentioned this failing with 3.5 before so I assume it is > something missing from the ./configure options, or perhapse some extension to > cygwin that needs installing. > > You could try and ask Rafael / Diladele directly since it is their document > you are following here. > > Amos > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Building Squid 3.5 for Win2k with SSL
Hello Amos, Reinhard, Interestingly enough this error does not popup when building Squid on 64-bit Cygwin. Might be some 32-bit installation glitch? Best regards, Rafael Akchurin Diladele B.V. -Original Message- From: squid-users On Behalf Of Amos Jeffries Sent: Sunday, 10 February 2019 11:30 To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] Building Squid 3.5 for Win2k with SSL On 10/02/19 9:56 pm, Reinhard Zumpf Dipl.-Ing. wrote: > Hi, > > thanks so much for helping out. I managed to get configure run through > now as described from Diladele. > > But, make terminates like that: > > ... > mv -f $depbase.Tpo $depbase.Po > depbase=`echo SBuf.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`;\ > g++ -DHAVE_CONFIG_H -DDEFAULT_CONFIG_FILE=\"/etc/squid/squid.conf\" > -DDEFAULT_SQUID_DATA_DIR=\"/usr/share/squid\" > -DDEFAULT_SQUID_CONFIG_DIR=\"/etc/squid\" -I.. -I../include -I../lib > -I../src -I../include-I../src -I/usr/include/libxml2 > -I/usr/include/libxml2 -Wall -Wpointer-arith -Wwrite-strings > -Wcomments -Wshadow -Woverloaded-virtual -pipe -D_REENTRANT -g -O2 > -march=native -MT SBuf.o -MD -MP -MF $depbase.Tpo -c -o SBuf.o SBuf.cc > &&\ mv -f $depbase.Tpo $depbase.Po > SBuf.cc: In Elementfunktion »SBuf::size_type SBuf::rfind(char, > SBuf::size_type) const«: > SBuf.cc:760:21: Fehler: »memrchr« wurde in diesem Gültigkeitsbereich > nicht definiert > const void *i = memrchr(buf(), (int)c, (size_type)endPos); > ^~~ > SBuf.cc:760:21: Anmerkung: empfohlene Alternative: »memchr« > const void *i = memrchr(buf(), (int)c, (size_type)endPos); > ^~~ > memchr > make[3]: *** [Makefile:7173: SBuf.o] Fehler 1 > make[3]: Verzeichnis „/home/synrzu/squid-3.5.28/src“ wird verlassen > make[2]: *** [Makefile:7296: all-recursive] Fehler 1 > make[2]: Verzeichnis „/home/synrzu/squid-3.5.28/src“ wird verlassen > make[1]: *** [Makefile:6157: all] Fehler 2 > make[1]: Verzeichnis „/home/synrzu/squid-3.5.28/src“ wird verlassen > make: *** [Makefile:581: all-recursive] Fehler 1 > > It is the latest x86 cygwin with all packages mentioned by Diladele > and Squid 3.5.28 sources. > > What can I do? > I'm not familiar enough with Cygwin to be specific, sorry. You will need to track down where the memrchr is defined and make sure that file gets included properly by the compiler. Rafael has not mentioned this failing with 3.5 before so I assume it is something missing from the ./configure options, or perhapse some extension to cygwin that needs installing. You could try and ask Rafael / Diladele directly since it is their document you are following here. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Building Squid 3.5 for Win2k with SSL
On 10/02/19 9:56 pm, Reinhard Zumpf Dipl.-Ing. wrote: > Hi, > > thanks so much for helping out. I managed to get configure run through > now as described from Diladele. > > But, make terminates like that: > > ... > mv -f $depbase.Tpo $depbase.Po > depbase=`echo SBuf.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`;\ > g++ -DHAVE_CONFIG_H -DDEFAULT_CONFIG_FILE=\"/etc/squid/squid.conf\" > -DDEFAULT_SQUID_DATA_DIR=\"/usr/share/squid\" > -DDEFAULT_SQUID_CONFIG_DIR=\"/etc/squid\" -I.. -I../include -I../lib > -I../src -I../include-I../src -I/usr/include/libxml2 > -I/usr/include/libxml2 -Wall -Wpointer-arith -Wwrite-strings > -Wcomments -Wshadow -Woverloaded-virtual -pipe -D_REENTRANT -g -O2 > -march=native -MT SBuf.o -MD -MP -MF $depbase.Tpo -c -o SBuf.o SBuf.cc > &&\ > mv -f $depbase.Tpo $depbase.Po > SBuf.cc: In Elementfunktion »SBuf::size_type SBuf::rfind(char, > SBuf::size_type) const«: > SBuf.cc:760:21: Fehler: »memrchr« wurde in diesem Gültigkeitsbereich > nicht definiert > const void *i = memrchr(buf(), (int)c, (size_type)endPos); > ^~~ > SBuf.cc:760:21: Anmerkung: empfohlene Alternative: »memchr« > const void *i = memrchr(buf(), (int)c, (size_type)endPos); > ^~~ > memchr > make[3]: *** [Makefile:7173: SBuf.o] Fehler 1 > make[3]: Verzeichnis „/home/synrzu/squid-3.5.28/src“ wird verlassen > make[2]: *** [Makefile:7296: all-recursive] Fehler 1 > make[2]: Verzeichnis „/home/synrzu/squid-3.5.28/src“ wird verlassen > make[1]: *** [Makefile:6157: all] Fehler 2 > make[1]: Verzeichnis „/home/synrzu/squid-3.5.28/src“ wird verlassen > make: *** [Makefile:581: all-recursive] Fehler 1 > > It is the latest x86 cygwin with all packages mentioned by Diladele > and Squid 3.5.28 sources. > > What can I do? > I'm not familiar enough with Cygwin to be specific, sorry. You will need to track down where the memrchr is defined and make sure that file gets included properly by the compiler. Rafael has not mentioned this failing with 3.5 before so I assume it is something missing from the ./configure options, or perhapse some extension to cygwin that needs installing. You could try and ask Rafael / Diladele directly since it is their document you are following here. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Building Squid 3.5 for Win2k with SSL
Hi, thanks so much for helping out. I managed to get configure run through now as described from Diladele. But, make terminates like that: ... mv -f $depbase.Tpo $depbase.Po depbase=`echo SBuf.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`;\ g++ -DHAVE_CONFIG_H -DDEFAULT_CONFIG_FILE=\"/etc/squid/squid.conf\" -DDEFAULT_SQUID_DATA_DIR=\"/usr/share/squid\" -DDEFAULT_SQUID_CONFIG_DIR=\"/etc/squid\" -I.. -I../include -I../lib -I../src -I../include-I../src -I/usr/include/libxml2 -I/usr/include/libxml2 -Wall -Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Woverloaded-virtual -pipe -D_REENTRANT -g -O2 -march=native -MT SBuf.o -MD -MP -MF $depbase.Tpo -c -o SBuf.o SBuf.cc &&\ mv -f $depbase.Tpo $depbase.Po SBuf.cc: In Elementfunktion »SBuf::size_type SBuf::rfind(char, SBuf::size_type) const«: SBuf.cc:760:21: Fehler: »memrchr« wurde in diesem Gültigkeitsbereich nicht definiert const void *i = memrchr(buf(), (int)c, (size_type)endPos); ^~~ SBuf.cc:760:21: Anmerkung: empfohlene Alternative: »memchr« const void *i = memrchr(buf(), (int)c, (size_type)endPos); ^~~ memchr make[3]: *** [Makefile:7173: SBuf.o] Fehler 1 make[3]: Verzeichnis „/home/synrzu/squid-3.5.28/src“ wird verlassen make[2]: *** [Makefile:7296: all-recursive] Fehler 1 make[2]: Verzeichnis „/home/synrzu/squid-3.5.28/src“ wird verlassen make[1]: *** [Makefile:6157: all] Fehler 2 make[1]: Verzeichnis „/home/synrzu/squid-3.5.28/src“ wird verlassen make: *** [Makefile:581: all-recursive] Fehler 1 It is the latest x86 cygwin with all packages mentioned by Diladele and Squid 3.5.28 sources. What can I do? Regards, Reinhard Am Sa., 9. Feb. 2019 um 18:00 Uhr schrieb Amos Jeffries : > > On 9/02/19 10:37 pm, Reinhard Zumpf Dipl.-Ing. wrote: > > Hi, > > > > I am having trouble Bulding Squid 3.5 for Win2k with SSL according to: > > https://docs.diladele.com/howtos/build_squid_windows/index.html > > > > Do you know why configure terminates like this? > > > Looks like you copy-paste'd a command without accounting for line wrapping. > > Notice the comment "(written as ONE line!)" directly above where you > copied the command from. > > > I had to switch within > > Cygwin frome home dir to usr/src dir as described in section Using > > Cygwin > > https://www.physionet.org/physiotools/cygwin/ > > to comply with the guide from Diladele initially. I wonder why enable > > ssl is done in this guide without including any openssl for build? > > > > Not sure what you are talking about there. OpenSSL module is mentioned > earlier in the Diladele document, and the configure option(s) to use it > are present. > > > Amos > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
