Re: [squid-users] Upgrade to Squid 5.7

2022-11-14 Thread Amos Jeffries 
FYI: please use squid-users mailing list for help requests the noc@ list 
is for Squid Software Foundation web/mail/repository administrators.



On 14/11/2022 11:33 pm, Vandita Reddy wrote:

Dear Team,

I am currently using Squid 4.10 for proxy but due to some requirements 
I want to upgrade the same to Squid 5.7.


I have browsed the internet for a while for some leads but there is no 
guidance provided.




Requirements depend on what Vendor(s) you are using already for OS and 
to get Squid. If they provide an upgraded version it is "just" a matter 
of installing that.


If that Vendor requires a full OS upgrade to get the new Squid and you 
want to avoid that, then building your own Squid is usually available as 
an alternative.


If you could mention the Vendor/OS you are using, we could probably 
provide some better help that the above.



Kindly help me upgrade the service. Also, please tell me if there is 
vulnerability if I do not set passwords for all user accounts.




In terms of security username with no password is the same as username 
with a trivial well-known password. Not secure at all.


HTH
Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] SNMP OID for username

2022-11-14 Thread Amos Jeffries 

On 15/11/2022 5:42 am, andre.bolinhas wrote:


Hi

I have SNMP configured for Squid and I would like to know if there is 
any OID to get the information of the username.




No sorry. Credentials are sensitive metrics (even just the username). 
Client info in SNMP is limited to performance metrics by IP address.


The full list of OIDs for Squid can be found at 




Cheers
Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid web isolation

2022-11-14 Thread Grant Taylor 

On 11/14/22 10:08 AM, Alex Rousskov wrote:
AFAICT, "Web Isolation" requires rewriting HTTP responses. Yes, Squid 
can use an ICAP/eCAP content adaptation service to rewrite HTTP 
responses.


I feel like just saying Web Isolation rewrites HTTP responses is about 
like saying you're going to experience moisture when standing in front 
of a tidal wave.  Is it true?  Yes.  Does it convey scope?  Not even 
remotely.


Aside:  I think the fact that Web Isolation uses JavaScript is ironic.

However, you would need to find or create a service that implements 
the guts of what Symantec calls "Web Isolation". I doubt you will 
find similar open source services.


Ya  It seems as if Web Isolation does a full render of the requested 
page in a sandbox / custom web browser hostsed on the Web Isolation 
infrastructure  and sends a responsive representation thereof to clients 
for use / interaction with.  This is all done in the context of an HTTP 
reqeust (over HTTP and / or HTTPS?) in a seemingly very transparent way.


This infrastructure to do the rendering and recomposition to generate 
and send the inew faximily to the client is WAY beyond what Squid is 
designed to do.


I agree that this probably could be done through content adaptation. 
But this seems like it is an entire product / industry unto itself.




--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid web isolation

2022-11-14 Thread Alex Rousskov 

On 11/14/22 11:45, andre.bolin...@articatech.com wrote:


It’s possible with Squid + Icap do something like Symantec Web Isolation?
Symantec Web Isolation Product Brief (broadcom.com) 

(744) Symantec Web Isolation - YouTube 



AFAICT, "Web Isolation" requires rewriting HTTP responses. Yes, Squid 
can use an ICAP/eCAP content adaptation service to rewrite HTTP 
responses. However, you would need to find or create a service that 
implements the guts of what Symantec calls "Web Isolation". I doubt you 
will find similar open source services.



HTH,

Alex.

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Squid web isolation

2022-11-14 Thread andre.bolinhas 
Hi

It's possible with Squid + Icap do something like Symantec Web Isolation?
  Symantec Web Isolation
Product Brief (broadcom.com)
 
 (744) Symantec Web Isolation - YouTube

 

Best regards

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] SNMP OID for username

2022-11-14 Thread andre.bolinhas 
Hi

I have SNMP configured for Squid and I would like to know if there is any
OID to get the information of the username.

Best regards

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid 5.7: can't access https://www.ilo.org/global/lang--en/index.htm with enabled sslbump, without sslbump it works

2022-11-14 Thread Alex Rousskov 

On 11/14/22 07:12, Dieter Bloms wrote:


I've increased the debuglevel, but can't find any reason, why squid
reponds with ERR_INVALID_RESP.




HTTP/1.1 200 OK
Server: Oracle-Application-Server-11g
Transfer-Encoding: chunked
Via: 1.1 www.ilo.org
Transfer-Encoding: chunked


The above (abridged) response is malformed because it has two 
Transfer-Encoding headers signalling "chunked, chunked" transfer 
encoding. The proxy and/or the origin server your Squid is talking to is 
broken.


Modern Squids reject such messages because they are known to be used for 
cache poisoning and other security breaches. There is no official 
workaround (yet).



HTH,

Alex.

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid 5.7: can't access https://www.ilo.org/global/lang--en/index.htm with enabled sslbump, without sslbump it works

2022-11-14 Thread Dieter Bloms 
Hello Amos,

On Sat, Nov 12, Amos Jeffries wrote:

> On 12/11/2022 2:49 am, Dieter Bloms wrote:
> > Hello,
> > 
> > I'm using squid 5.7 with enabled sslbump and can't reach the website 
> > https://www.ilo.org/global/lang--en/index.htm
> > I get an error of type ERR_INVALID_RESP, but when I disable sslbump the
> > webcontent is shown in the browser.
> > 
> > Can anybody confirm this and can tell me what causes this problem ?
> 
> TLS is complicated. SSL-Bump even more so. It is unlikely everyone else has
> exactly the same things occuring, even if they have the same squid.conf
> settings.
> 
> You need to look at what the ERR_INVALID_RESP actually says in wrong with
> the server response.
> The check Squid cache.log. You may need to set "debug_options 11,2" to get a
> trace of the HTTP messages and see what is going on.

Thank you for your reply!
I've increased the debuglevel, but can't find any reason, why squid
reponds with ERR_INVALID_RESP.

Maybe someone with more knowledge can find the reason in the cache.log.
It can be found here: https://bloms.de/download/cache.log.gz


-- 
Gruß

  Dieter

--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Upgrade to Squid 5.7

2022-11-14 Thread Vandita Reddy 
Dear Team,

I am currently using Squid 4.10 for proxy but due to some requirements I
want to upgrade the same to Squid 5.7.

I have browsed the internet for a while for some leads but there is no
guidance provided.

Kindly help me upgrade the service. Also, please tell me if there is
vulnerability if I do not set passwords for all user accounts.

Awaiting your reply



Thanks & Regards,
Vandita Reddy
+91 7045281817
Project Assistant
( IT Operations & Maintenance )
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users