Re: [squid-users] Help to understand tcp_denied in access.log

2023-04-14 Thread andre.bolinhas 
Hi Alex,
The mechanism is http_access, the size of error page is around 500kb.
The squid version is 5.8 and I'm not doing ssl bump for this domain.
When you ask to " collect a packet trace" is put squid in debug mode? Squid
-k debug?
Best regards

-Mensagem original-
De: squid-users  Em Nome De Alex
Rousskov
Enviada: 14 de abril de 2023 04:01
Para: squid-users@lists.squid-cache.org
Assunto: Re: [squid-users] Help to understand tcp_denied in access.log

On 4/13/23 21:23, andre.bolin...@articatech.com wrote:

> I'm seeing to many requests to website mainnet.infura.io, by analyzing 
> the access.log seams that the website is blocked

Which directive/mechanism blocks them (e.g., http_access,
reply_body_max_size, ICAP/eCAP, etc.)?


> Each TCP_DENIED request is consuming 40+ bytes 

Assuming you do not use huge custom TCP_DENIED error pages, I agree that 
these entries look suspicious, as if Squid denied access but continued 
to tunnel the traffic. The response times are fairly small, but probably 
large enough to transmit those amounts of data from a fast server.

Since most requests (for the affected domain) are problematic, can you 
collect a packet trace and see if you can confirm that these 
transactions transmit a lot of data from Squid to the client? If IPs are 
not enough, logging client TCP port (%>p) may help you match specific 
access.log entries with TCP connections in the packet trace...


What Squid version are you using for this? Does SslBump affect the 
problematic transactions?


Thank you,

Alex.



> but I also notice that the
> request is consuming bandwidth, here a example
> Squid access.log format.
> %ts.%03tu %6tr %>a %Ss/%03>Hs % %note ua="%{User-Agent}>h" exterr="%err_code|%err_detail"
> 
> Access.log request.
> 1681099742.517 35 10.81.216.114 TCP_DENIED_ABORTED/407 41154 CONNECT
> mainnet.infura.io:443 - HIER_NONE/-:- text/html mac="00:00:00:00:00:00"
>
category:%20143%0D%0Acategory-name:%20Trackers%0D%0Aclog:%20cinfo:143-Tracke
> rs;%0D%0A ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)
> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
> exterr="ERR_CACHE_ACCESS_DENIED|-"
> 
> 1681099742.575 41 10.81.216.114 TCP_DENIED/407 511819 CONNECT
> mainnet.infura.io:443 - HIER_NONE/-:- text/html mac="00:00:00:00:00:00"
>
category:%20143%0D%0Acategory-name:%20Trackers%0D%0Aclog:%20cinfo:143-Tracke
> rs;%0D%0A ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)
> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
> exterr="ERR_CACHE_ACCESS_DENIED|-"
> 
> 1681099742.664 73 10.81.216.114 NONE/200 0 CONNECT
mainnet.infura.io:443
> HLBHO/tsyafiq HIER_NONE/-:- - mac="00:00:00:00:00:00"
>
category:%20143%0D%0Acategory-name:%20Trackers%0D%0Aclog:%20cinfo:143-Tracke
> rs;%0D%0Auser:%20HLBHO/tsyafiq%0D%0A ua="Mozilla/5.0 (Macintosh; Intel Mac
> OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0
> Safari/537.36" exterr="-|-"
> 
> 1681099742.685 20 10.81.216.114 TCP_DENIED_ABORTED/403 450655 CONNECT
> mainnet.infura.io:443 HLBHO/tsyafiq HIER_NONE/-:- text/html
> mac="00:00:00:00:00:00"
>
category:%20143%0D%0Acategory-name:%20Trackers%0D%0Aclog:%20cinfo:143-Tracke
> rs;%0D%0Auser:%20HLBHO/tsyafiq%0D%0A ua="-" exterr="ERR_ACCESS_DENIED|-"
> 
> Each TCP_DENIED request is consuming 40+ bytes so at the end of the
day
> sometimes I have a total of 56k request to mainnet.infura.io consuming
> around 15GB of bandwidth.
> 
> My question is, assuming that % TCP_DENIED is taking a lot of bandwidth to block a website?
> 
> Best regards
> 
> 
> 
> 
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Help to understand tcp_denied in access.log

2023-04-13 Thread andre.bolinhas 
Hi
I'm seeing to many requests to website mainnet.infura.io, by analyzing the
access.log seams that the website is blocked but I also notice that the
request is consuming bandwidth, here a example
Squid access.log format.
%ts.%03tu %6tr %>a %Ss/%03>Hs %http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] idnsSendQuery: Can't send query, no DNS socket!

2023-04-12 Thread andre.bolinhas 
Thank you for your reply, yes the same happens with squid 5.8
on dmesg sometimes I also get this kernel panic
https://drive.google.com/file/d/1M3bzCASNGITuiTOKykIFhvGS6TvnHoKM/view?usp=s
haring

Best regards


-Mensagem original-
De: squid-users  Em Nome De
Alex Rousskov
Enviada: 11 de abril de 2023 01:22
Para: squid-users@lists.squid-cache.org
Assunto: Re: [squid-users] idnsSendQuery: Can't send query, no DNS socket!

On 4/10/23 17:14, andre.bolin...@articatech.com wrote:

> We have experienced some issue on our squid servers, time to times the 
> listen port fails and users are unable to connected to the proxy.
> We already try use squid 4.17 and squid 5.8 but had the same issue on 
> both version, you can find I GDrive the extract of the cache.log on 
> the time of the failure.


> 2023/04/10 16:25:54 kid2| Starting Squid Cache version 4.17 for
x86_64-pc-linux-gnu...
> 2023/04/10 16:26:00 kid2| Shutting down...
> 2023/04/10 16:26:00 kid2| Squid Cache (Version 4.17): Exiting normally.
> 2023/04/10 16:26:03 kid2| Starting Squid Cache version 4.17 for
x86_64-pc-linux-gnu...
> 2023/04/10 16:26:15 kid2| Shutting down...
> 2023/04/10 16:26:15 kid2| Squid Cache (Version 4.17): Exiting normally.
> 2023/04/10 16:26:18 kid2| Starting Squid Cache version 4.17 for
x86_64-pc-linux-gnu...

Are you starting and shutting down your Squids at a very high frequency? 
FWIW, older Squids, possibly including Squid v4, are not very good at
handling this kind of exercise.


> 2023/04/10 16:23:19 kid2| Preparing for shutdown after 221344 requests
> 2023/04/10 16:23:19 kid2| Preparing for shutdown after 221344 requests
> 2023/04/10 16:23:19 kid2| Preparing for shutdown after 221344 requests
> 2023/04/10 16:23:19 kid2| Preparing for shutdown after 221344 requests
> 2023/04/10 16:23:19 kid2| Preparing for shutdown after 221344 requests

This Squid appears to be seriously confused, stuck in some kind of a 
shutdown loop. Do you see similar repeated same-kid same-request-count 
"Preparing for shutdown" messages with Squid v5+?


> On the cache log I see to many
> idnsSendQuery: Can't send query, no DNS socket!

IIRC, at a certain shutdown stage, Squid closes DNS sockets. That 
prevents Squid from sending DNS queries. I do not know if that shutdown 
aspect has improved since v4. However, I would be a lot more worried 
about frequent restarts and shutdown loops(?) at this point. Something 
unusual and probably bad is going on...


HTH,

Alex.



> And
> 2023/04/10 16:25:59 kid4| Waiting 10 seconds for active connections to
> finish
> 2023/04/10 16:25:59 kid4| Preparing for shutdown after 763 requests
> 
> This is the dns configuration squid/dns.conf
> # Return DNS used by the system (means resolv.conf)
> client_dst_passthru off
> host_verify_strict off
> ignore_unknown_nameservers off
> dns_retransmit_interval 3 seconds
> dns_v4_first on
> ipcache_size 16384
> ipcache_low 90
> ipcache_high 95
> fqdncache_size 1024
> positive_dns_ttl 6 hours
> negative_dns_ttl 300 seconds
> 
> Resolv.conf
> domain xyz.my
> search xyz.my
> options attempts:2 timeout:2
> nameserver 127.0.0.1
> nameserver 8.8.8.8
> nameserver 1.1.1.1
> 
> 127.0.0.1 is the unbound internal DNS.
> 
> 
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] idnsSendQuery: Can't send query, no DNS socket!

2023-04-10 Thread andre.bolinhas 
Hi all

We have experienced some issue on our squid servers, time to times the
listen port fails and users are unable to connected to the proxy.
We already try use squid 4.17 and squid 5.8 but had the same issue on both
version, you can find I GDrive the extract of the cache.log on the time of
the failure.

https://drive.google.com/file/d/1gZ-ITgH4PUOr7FuKaEr3qKRn-_4duspK/view?usp=s
haring

On the cache log I see to many
idnsSendQuery: Can't send query, no DNS socket!
And
2023/04/10 16:25:59 kid4| Waiting 10 seconds for active connections to
finish
2023/04/10 16:25:59 kid4| Preparing for shutdown after 763 requests

This is the dns configuration squid/dns.conf
# Return DNS used by the system (means resolv.conf)
client_dst_passthru off
host_verify_strict off
ignore_unknown_nameservers off
dns_retransmit_interval 3 seconds
dns_v4_first on
ipcache_size 16384
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
positive_dns_ttl 6 hours
negative_dns_ttl 300 seconds

Resolv.conf
domain xyz.my
search xyz.my
options attempts:2 timeout:2
nameserver 127.0.0.1
nameserver 8.8.8.8
nameserver 1.1.1.1

127.0.0.1 is the unbound internal DNS.


___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] SSLBUMP for specific domains

2023-01-12 Thread andre.bolinhas 
So is a bug for 500 or a bad configuration?
I have also tried this setup and seams to "fix" the tcp_tunnel/500

# Squid 5.x branch
# SSL used for port ID 1, :3128 on
# Patch 2020 - 08 - 03 SquidMikrotikEnabled = 0
# SSL Proxy options  Proxy version:5.7 [146]
sslcrtd_program /lib/squid3/security_file_certgen -s 
/media/squidtmpfs/ssl/ssl_db -M 64MB
sslcrtd_children 32 startup=5 idle=1 queue-size=64
acl AnnotateSSLGBW2 annotate_transaction whitelistssl=yes
#The AppStore application in IOS (iPhone, iPad, MacOS) uses SSL Certificate 
Pinning,
#it means the application knows what certificate to expect when accessing 
AppStore.
#When you enable SSL Bump of HTTPS connections Squid replaces the default 
certificate with a ‘mimicked’ one;
#the application detects that and refuses to function.
#
acl FakeCert ssl::server_name .apple.com
acl FakeCert ssl::server_name .icloud.com
acl FakeCert ssl::server_name .mzstatic.com
acl FakeCert ssl::server_name .dropbox.com
acl FakeCert ssl::server_name .bnpparisbas
acl SSLInternalNets dst 10.0.0.0/8
acl SSLInternalNets dst 172.16.0.0/12
acl SSLInternalNets dst 192.168.0.0/16
acl ssl_step1 at_step SslBump1
acl ssl_step2 at_step SslBump2
acl ssl_step3 at_step SslBump3
include /etc/squid3/ssl_whitelist.conf
acl NotPeek any-of Group26
ssl_bump peek !NotPeek
acl GlobalWhitelistDSTNet dst "/etc/squid3/acls_whitelist.dst.conf"
ssl_bump splice GlobalWhitelistDSTNet AnnotateSSLGBW2
ssl_bump splice ByPassRBL AnnotateSSLGBW2
ssl_bump splice SSLInternalNets AnnotateSSLGBW2
ssl_bump splice FakeCert AnnotateSSLGBW2

# Rules (spliced) added by admins
# 5 rules...
# -- Personal rules -

# id:5
# decrypt_cnn order:0
acl AnnotateSSLW5 annotate_transaction bumprule=5
ssl_bump bump Group26 AnnotateSSLW5
ssl_bump splice all

tls_outgoing_options options=NO_SSLv3,NO_TICKET 
cipher=ALL:!SSLv2:!SSLv3:!ADH:!DSS:!MD5:!EXP:!DES:!PSK:!SRP:!RC4:!IDEA:!SEED:!aNULL:!eNULL
 flags=DONT_VERIFY_PEER
sslproxy_cert_error allow all
on_unsupported_protocol tunnel all


Basically the changes that I made is on peek step changing from
ssl_bump peek ssl_step1
To
acl NotPeek any-of Group26
ssl_bump peek !NotPeek

This is a good idea?


-Mensagem original-
De: squid-users  Em Nome De Amos 
Jeffries
Enviada: 12 de janeiro de 2023 21:22
Para: squid-users@lists.squid-cache.org
Assunto: Re: [squid-users] SSLBUMP for specific domains

On 13/01/2023 10:04 am, andre.bolinhas wrote:
> Forgot to attach the config file
>
> root@proxy01:~# cat /etc/squid3/ssl.conf # Squid 5.x branch # SSL used 
> for port ID 1, :3128 on # Patch 2020 - 08 - 03 SquidMikrotikEnabled = 
> 0 # SSL Proxy options  Proxy version:5.7 [146] sslcrtd_program 
> /lib/squid3/security_file_certgen -s /media/squidtmpfs/ssl/ssl_db -M 
> 64MB sslcrtd_children 32 startup=5 idle=1 queue-size=64 acl 
> AnnotateSSLGBW2 annotate_transaction whitelistssl=yes #The AppStore 
> application in IOS (iPhone, iPad, MacOS) uses SSL Certificate Pinning, 
> #it means the application knows what certificate to expect when accessing 
> AppStore.
> #When you enable SSL Bump of HTTPS connections Squid replaces the 
> default certificate with a ‘mimicked’ one; #the application detects that and 
> refuses to function.
> #
> acl FakeCert ssl::server_name .apple.com acl FakeCert ssl::server_name 
> .icloud.com acl FakeCert ssl::server_name .mzstatic.com acl FakeCert 
> ssl::server_name .dropbox.com acl FakeCert ssl::server_name 
> .bnpparisbas acl SSLInternalNets dst 10.0.0.0/8 acl SSLInternalNets 
> dst 172.16.0.0/12 acl SSLInternalNets dst 192.168.0.0/16 acl ssl_step1 
> at_step SslBump1 acl ssl_step2 at_step SslBump2 acl ssl_step3 at_step 
> SslBump3 include /etc/squid3/ssl_whitelist.conf ssl_bump peek 
> ssl_step1 acl GlobalWhitelistDSTNet dst 
> "/etc/squid3/acls_whitelist.dst.conf"
> ssl_bump splice GlobalWhitelistDSTNet AnnotateSSLGBW2 ssl_bump splice 
> ByPassRBL AnnotateSSLGBW2 ssl_bump splice SSLInternalNets 
> AnnotateSSLGBW2 ssl_bump splice FakeCert AnnotateSSLGBW2 # 
> IMPRIM_RULE:5 ssl_bump splice ByPassRBL AnnotateSSLGBW2 ssl_bump 
> splice GlobalWhitelistDSTNet AnnotateSSLGBW2

FYI, Those two lines are duplicates of the first ssl_bump rules. They do 
nothing here except waste CPU cycles.


> # Rules (spliced) added by admins
> # 5 rules...
> # -- Personal rules -
>
> # id:5
> # decrypt_cnn order:0
> acl AnnotateSSLW5 annotate_transaction bumprule=5
> ssl_bump bump Group26 AnnotateSSLW5
> ssl_bump splice all
>
> tls_outgoing_options options=NO_SSLv3,NO_TICKET 
> cipher=ALL:!SSLv2:!SSLv3:!ADH:!DSS:!MD5:!EXP:!DES:!PSK:!SRP:!RC4:!IDEA:!SEED:!aNULL:!eNULL
>  flags=DONT_VERIFY_PEER
> sslproxy_cert_error allow all
> on_unsupported_protocol tunnel all
>
> -Mensagem original-
> De: squid-users Em Nome De andre.bolinhas
> Env

Re: [squid-users] SSLBUMP for specific domains

2023-01-12 Thread andre.bolinhas 
Forgot to attach the config file

root@proxy01:~# cat /etc/squid3/ssl.conf
# Squid 5.x branch
# SSL used for port ID 1, :3128 on
# Patch 2020 - 08 - 03 SquidMikrotikEnabled = 0
# SSL Proxy options  Proxy version:5.7 [146]
sslcrtd_program /lib/squid3/security_file_certgen -s 
/media/squidtmpfs/ssl/ssl_db -M 64MB
sslcrtd_children 32 startup=5 idle=1 queue-size=64
acl AnnotateSSLGBW2 annotate_transaction whitelistssl=yes
#The AppStore application in IOS (iPhone, iPad, MacOS) uses SSL Certificate 
Pinning,
#it means the application knows what certificate to expect when accessing 
AppStore.
#When you enable SSL Bump of HTTPS connections Squid replaces the default 
certificate with a ‘mimicked’ one;
#the application detects that and refuses to function.
#
acl FakeCert ssl::server_name .apple.com
acl FakeCert ssl::server_name .icloud.com
acl FakeCert ssl::server_name .mzstatic.com
acl FakeCert ssl::server_name .dropbox.com
acl FakeCert ssl::server_name .bnpparisbas
acl SSLInternalNets dst 10.0.0.0/8
acl SSLInternalNets dst 172.16.0.0/12
acl SSLInternalNets dst 192.168.0.0/16
acl ssl_step1 at_step SslBump1
acl ssl_step2 at_step SslBump2
acl ssl_step3 at_step SslBump3
include /etc/squid3/ssl_whitelist.conf
ssl_bump peek ssl_step1
acl GlobalWhitelistDSTNet dst "/etc/squid3/acls_whitelist.dst.conf"
ssl_bump splice GlobalWhitelistDSTNet AnnotateSSLGBW2
ssl_bump splice ByPassRBL AnnotateSSLGBW2
ssl_bump splice SSLInternalNets AnnotateSSLGBW2
ssl_bump splice FakeCert AnnotateSSLGBW2
# IMPRIM_RULE:5
ssl_bump splice ByPassRBL AnnotateSSLGBW2
ssl_bump splice GlobalWhitelistDSTNet AnnotateSSLGBW2

# Rules (spliced) added by admins
# 5 rules...
# -- Personal rules -

# id:5
# decrypt_cnn order:0
acl AnnotateSSLW5 annotate_transaction bumprule=5
ssl_bump bump Group26 AnnotateSSLW5
ssl_bump splice all

tls_outgoing_options options=NO_SSLv3,NO_TICKET 
cipher=ALL:!SSLv2:!SSLv3:!ADH:!DSS:!MD5:!EXP:!DES:!PSK:!SRP:!RC4:!IDEA:!SEED:!aNULL:!eNULL
 flags=DONT_VERIFY_PEER
sslproxy_cert_error allow all
on_unsupported_protocol tunnel all

-Mensagem original-
De: squid-users  Em Nome De 
andre.bolin...@articatech.com
Enviada: 12 de janeiro de 2023 21:03
Para: 'Amos Jeffries' ; squid-users@lists.squid-cache.org
Assunto: Re: [squid-users] SSLBUMP for specific domains

Hi Amos
Thansk for your quick reply, I have done it as example but now, even the 
internet surf is ok for all website I get to many TCP_TUNNEL/500  on access.log 
for all  websites that we are not decrypting

1673531433.924  31315 192.168.60.30 TCP_TUNNEL/500 4096 CONNECT sapo.pt:443 - 
HIER_DIRECT/213.13.146.142:443 - mac="d6:8b:66:2a:9b:92" 
accessrule:%20ntlm_white_dstdomain%0D%0Awebfilter:%20pass%0D%0Acategory:%203%0D%0Acategory-name:%20Society%0D%0Aclog:%20cinfo:3-Society;%0D%0A
 exterr="-|- splice"
1673531433.933  31324 192.168.60.30 TCP_TUNNEL/500 4695 CONNECT sapo.pt:443 - 
HIER_DIRECT/213.13.146.142:443 - mac="d6:8b:66:2a:9b:92" 
accessrule:%20ntlm_white_dstdomain%0D%0Awebfilter:%20pass%0D%0Acategory:%203%0D%0Acategory-name:%20Society%0D%0Aclog:%20cinfo:3-Society;%0D%0A
 exterr="-|- splice"
1673531437.798  35024 192.168.60.30 TCP_TUNNEL/500 76572 CONNECT 
www.sapo.pt:443 - HIER_DIRECT/213.13.146.142:443 - mac="d6:8b:66:2a:9b:92" 
accessrule:%20ntlm_white_dstdomain%0D%0Awebfilter:%20pass%0D%0Acategory:%203%0D%0Acategory-name:%20Society%0D%0Aclog:%20cinfo:3-Society;%0D%0A
 exterr="-|- splice"


-Mensagem original-
De: squid-users  Em Nome De Amos 
Jeffries
Enviada: 12 de janeiro de 2023 19:13
Para: squid-users@lists.squid-cache.org
Assunto: Re: [squid-users] SSLBUMP for specific domains

On 13/01/2023 6:37 am, andre.bolinhas wrote:
>
> Hi
>
> It’s possible configure squid to intercept ssl traffic just for a 
> group of domain and leave the all of rest out of ssl interceptation?
>

Yes, with one caveat: that Squid is able to identify the domain/server to make 
the decision.

> If so, can you send me an example of config?
>
> I have try search for this on Google and in forums but I just find 
> config to intercept all.
>

You will find a simple example here:
<https://wiki.squid-cache.org/Features/SslPeekAndSplice#peek-at-sni-and-bump>


Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] SSLBUMP for specific domains

2023-01-12 Thread andre.bolinhas 
Hi Amos
Thansk for your quick reply, I have done it as example but now, even the 
internet surf is ok for all website I get to many TCP_TUNNEL/500  on access.log 
for all  websites that we are not decrypting

1673531433.924  31315 192.168.60.30 TCP_TUNNEL/500 4096 CONNECT sapo.pt:443 - 
HIER_DIRECT/213.13.146.142:443 - mac="d6:8b:66:2a:9b:92" 
accessrule:%20ntlm_white_dstdomain%0D%0Awebfilter:%20pass%0D%0Acategory:%203%0D%0Acategory-name:%20Society%0D%0Aclog:%20cinfo:3-Society;%0D%0A
 exterr="-|- splice"
1673531433.933  31324 192.168.60.30 TCP_TUNNEL/500 4695 CONNECT sapo.pt:443 - 
HIER_DIRECT/213.13.146.142:443 - mac="d6:8b:66:2a:9b:92" 
accessrule:%20ntlm_white_dstdomain%0D%0Awebfilter:%20pass%0D%0Acategory:%203%0D%0Acategory-name:%20Society%0D%0Aclog:%20cinfo:3-Society;%0D%0A
 exterr="-|- splice"
1673531437.798  35024 192.168.60.30 TCP_TUNNEL/500 76572 CONNECT 
www.sapo.pt:443 - HIER_DIRECT/213.13.146.142:443 - mac="d6:8b:66:2a:9b:92" 
accessrule:%20ntlm_white_dstdomain%0D%0Awebfilter:%20pass%0D%0Acategory:%203%0D%0Acategory-name:%20Society%0D%0Aclog:%20cinfo:3-Society;%0D%0A
 exterr="-|- splice"


-Mensagem original-
De: squid-users  Em Nome De Amos 
Jeffries
Enviada: 12 de janeiro de 2023 19:13
Para: squid-users@lists.squid-cache.org
Assunto: Re: [squid-users] SSLBUMP for specific domains

On 13/01/2023 6:37 am, andre.bolinhas wrote:
>
> Hi
>
> It’s possible configure squid to intercept ssl traffic just for a 
> group of domain and leave the all of rest out of ssl interceptation?
>

Yes, with one caveat: that Squid is able to identify the domain/server to make 
the decision.

> If so, can you send me an example of config?
>
> I have try search for this on Google and in forums but I just find 
> config to intercept all.
>

You will find a simple example here:
<https://wiki.squid-cache.org/Features/SslPeekAndSplice#peek-at-sni-and-bump>


Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] SSLBUMP for specific domains

2023-01-12 Thread andre.bolinhas 
Hi

It's possible configure squid to intercept ssl traffic just for a group of
domain and leave the all of rest out of ssl interceptation?

If so, can you send me an example of config?

I have try search for this on Google and in forums but I just find config to
intercept all.

 

Best regards

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Squid web isolation

2022-11-14 Thread andre.bolinhas 
Hi

It's possible with Squid + Icap do something like Symantec Web Isolation?
  Symantec Web Isolation
Product Brief (broadcom.com)
 
 (744) Symantec Web Isolation - YouTube

 

Best regards

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] SNMP OID for username

2022-11-14 Thread andre.bolinhas 
Hi

I have SNMP configured for Squid and I would like to know if there is any
OID to get the information of the username.

Best regards

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] There is the problems with instagram images and videos

2022-06-15 Thread andre.bolinhas 
Hummm, so the problem is not in squid.
Try change the DNS in your squid server to a public ones like (1.1.1.1 or 
8.8.8.8) maybe this can solve your issue, otherwise you will need to use a vpn.

Do not hesitate to contact me for any additional information.

Best regards,
André Bolinhas
www: articatech.net
Help Desk: support.artica.systems
Skype: andre.bolinas



-Mensagem original-
De: squid-users  Em Nome De simwin
Enviada: 15 de junho de 2022 17:26
Para: squid-users@lists.squid-cache.org
Assunto: Re: [squid-users] There is the problems with instagram images and 
videos

В Wed, 15 Jun 2022 17:20:09 +0100
:

> Also, without proxy, Instagram & Twitter works?
Can't check it. All instagram's traffic blocked in our country.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] There is the problems with instagram images and videos

2022-06-15 Thread andre.bolinhas 
Also, without proxy, Instagram & Twitter works?

-Mensagem original-
De: squid-users  Em Nome De 
andre.bolin...@articatech.com
Enviada: 15 de junho de 2022 17:19
Para: 'simwin' ; squid-users@lists.squid-cache.org
Assunto: Re: [squid-users] There is the problems with instagram images and 
videos

Hi
We have thousands of clients worldwide using our proxy solutions (based on 
squid), and I can confirm the Instagram, Facebook, twitter works correctly 
under squid.


-Mensagem original-
De: squid-users  Em Nome De simwin
Enviada: 15 de junho de 2022 17:16
Para: squid-users@lists.squid-cache.org
Assunto: Re: [squid-users] There is the problems with instagram images and 
videos


andre.bolin...@articatech.com:

> TCP_TUNNEL/200 means that the proxy is able to establish a correct 
> connection with the destination, do you have any firewall, antivirus, 
> ad-blocker in between that could block the traffic?

No antivirus, no firewall and no ad-blocker - I've checked it!. 

I've made ssh tunnel (ssh -D 0.0.0.0:) and make sock5 proxy to my server - 
it works fine! But with danted sock5 proxy I have the same problem - no 
instagram images, no videos.
 
Also it may be providers issue - all instagram's traffic blocked in our 
country. 

That is why I need to know - does squid works with instagram (and twitter
videos) for anyone from another country with default squid config?

В Wed, 15 Jun 2022 19:01:30 +0300
simwin :

> Plus squid -v:
> 
> configure options:  '--prefix=' '--bindir=/usr/bin' '--sbindir=/usr/sbin'
> '--libexecdir=/usr/libexec/squid' '--libdir=/usr/lib/squid'
> '--mandir=/usr/share/man/man8' '--sysconfdir=/etc/squid'
> '--with-default-user=proxy' '--with-pidfile=/run/squid.pid'
> '--with-logdir=/var/log/squid'
> 
> В Wed, 15 Jun 2022 18:48:00 +0300
> simwin  пишет:
> 
> > With the latest stable squid-5.6-20220607-rfca8b79b5 the result is 
> > the same
> > - no instagram photos and videos :(
> > 
> > The squid configs is default, please see all info below:
> > 
> > $ grep -vE '^$|^#' /etc/squid/squid.conf
> > 
> > acl localnet src 0.0.0.1-0.255.255.255  
> > acl localnet src 10.0.0.0/8 
> > acl localnet src 100.64.0.0/10  
> > acl localnet src 169.254.0.0/16 
> > acl localnet src 172.16.0.0/12  
> > acl localnet src 192.168.0.0/16 
> > acl localnet src fc00::/7   
> > acl localnet src fe80::/10  
> > acl SSL_ports port 443
> > acl Safe_ports port 80  # http
> > acl Safe_ports port 21  # ftp
> > acl Safe_ports port 443 # https
> > acl Safe_ports port 70  # gopher
> > acl Safe_ports port 210 # wais
> > acl Safe_ports port 1025-65535  # unregistered ports
> > acl Safe_ports port 280 # http-mgmt
> > acl Safe_ports port 488 # gss-http
> > acl Safe_ports port 591 # filemaker
> > acl Safe_ports port 777 # multiling http
> > 
> > auth_param basic program /usr/libexec/squid/basic_ncsa_auth
> > /etc/squid/internet_users
> > 
> > acl auth_users proxy_auth REQUIRED
> > http_access allow auth_users
> > auth_param basic casesensitive on
> > http_access deny !Safe_ports
> > http_access deny CONNECT !SSL_ports
> > http_access allow localhost manager
> > http_access deny manager
> > http_access allow localnet
> > http_access allow localhost
> > http_access deny all
> > http_port xxx.xxx.xxx.xxx:
> > coredump_dir /var/cache/squid
> > refresh_pattern ^ftp:   144020% 10080
> > refresh_pattern ^gopher:14400%  1440
> > refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
> > refresh_pattern .   0   20% 4320
> > 
> > Full squid.conf - https://pastebin.mozilla.org/JKSiBuvU/raw
> > Firefox 101 console errors -
> > https://pastebin.mozilla.org/0Osvw45J/raw
> > Squid access.log - https://pastebin.mozilla.org/pOsXtMBW/raw
> > OS Debian 11
> > 
> > 2All: Please answer: does squid works with instagram (and twitter
> > videos) for anyone?!
> > 
> > В Wed, 15 Jun 2022 12:14:22 +0300
> > simwin  пишет:
> >   
> > > В Wed, 15 Jun 2022 02:59:29 +0300
> > > :
> > > 
> > > > I just compiled the newest version of Squid for Debian 11(bullseye) at:
> > > > https://www.ngtech.co.il/repo/debian/11/x86_64/
> > > > However you need to know how to install it and I cannot work on 
> > > > the installer now. It's also doesn't include all of my patches yet.
> > > > From what I have seen at:
> > > > https://packages.debian.org/bullseye/squid
> > > > The current version at bullseye is 4.13 so you'd better try first 5.6
> > > > before any other things.  
> > > 
> > > That is the good idea! 
> > > 
> > > I'm already in trying to compile and install the latest 5.6 squid 
> > > version.
> > > 
> > > I am in GMT+3 time zone. 
> > > 
> > > Let you know about 5.6 results a bit latter. Thank you!
___
squid-users mailing list
squid-users@lists.squid-cache.org

Re: [squid-users] There is the problems with instagram images and videos

2022-06-15 Thread andre.bolinhas 
Hi
We have thousands of clients worldwide using our proxy solutions (based on 
squid), and I can confirm the Instagram, Facebook, twitter works correctly 
under squid.


-Mensagem original-
De: squid-users  Em Nome De simwin
Enviada: 15 de junho de 2022 17:16
Para: squid-users@lists.squid-cache.org
Assunto: Re: [squid-users] There is the problems with instagram images and 
videos


andre.bolin...@articatech.com:

> TCP_TUNNEL/200 means that the proxy is able to establish a correct 
> connection with the destination, do you have any firewall, antivirus, 
> ad-blocker in between that could block the traffic?

No antivirus, no firewall and no ad-blocker - I've checked it!. 

I've made ssh tunnel (ssh -D 0.0.0.0:) and make sock5 proxy to my server - 
it works fine! But with danted sock5 proxy I have the same problem - no 
instagram images, no videos.
 
Also it may be providers issue - all instagram's traffic blocked in our 
country. 

That is why I need to know - does squid works with instagram (and twitter
videos) for anyone from another country with default squid config?

В Wed, 15 Jun 2022 19:01:30 +0300
simwin :

> Plus squid -v:
> 
> configure options:  '--prefix=' '--bindir=/usr/bin' '--sbindir=/usr/sbin'
> '--libexecdir=/usr/libexec/squid' '--libdir=/usr/lib/squid'
> '--mandir=/usr/share/man/man8' '--sysconfdir=/etc/squid'
> '--with-default-user=proxy' '--with-pidfile=/run/squid.pid'
> '--with-logdir=/var/log/squid'
> 
> В Wed, 15 Jun 2022 18:48:00 +0300
> simwin  пишет:
> 
> > With the latest stable squid-5.6-20220607-rfca8b79b5 the result is 
> > the same
> > - no instagram photos and videos :(
> > 
> > The squid configs is default, please see all info below:
> > 
> > $ grep -vE '^$|^#' /etc/squid/squid.conf
> > 
> > acl localnet src 0.0.0.1-0.255.255.255  
> > acl localnet src 10.0.0.0/8 
> > acl localnet src 100.64.0.0/10  
> > acl localnet src 169.254.0.0/16 
> > acl localnet src 172.16.0.0/12  
> > acl localnet src 192.168.0.0/16 
> > acl localnet src fc00::/7   
> > acl localnet src fe80::/10  
> > acl SSL_ports port 443
> > acl Safe_ports port 80  # http
> > acl Safe_ports port 21  # ftp
> > acl Safe_ports port 443 # https
> > acl Safe_ports port 70  # gopher
> > acl Safe_ports port 210 # wais
> > acl Safe_ports port 1025-65535  # unregistered ports
> > acl Safe_ports port 280 # http-mgmt
> > acl Safe_ports port 488 # gss-http
> > acl Safe_ports port 591 # filemaker
> > acl Safe_ports port 777 # multiling http
> > 
> > auth_param basic program /usr/libexec/squid/basic_ncsa_auth
> > /etc/squid/internet_users
> > 
> > acl auth_users proxy_auth REQUIRED
> > http_access allow auth_users
> > auth_param basic casesensitive on
> > http_access deny !Safe_ports
> > http_access deny CONNECT !SSL_ports
> > http_access allow localhost manager
> > http_access deny manager
> > http_access allow localnet
> > http_access allow localhost
> > http_access deny all
> > http_port xxx.xxx.xxx.xxx:
> > coredump_dir /var/cache/squid
> > refresh_pattern ^ftp:   144020% 10080
> > refresh_pattern ^gopher:14400%  1440
> > refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
> > refresh_pattern .   0   20% 4320
> > 
> > Full squid.conf - https://pastebin.mozilla.org/JKSiBuvU/raw
> > Firefox 101 console errors - 
> > https://pastebin.mozilla.org/0Osvw45J/raw
> > Squid access.log - https://pastebin.mozilla.org/pOsXtMBW/raw
> > OS Debian 11
> > 
> > 2All: Please answer: does squid works with instagram (and twitter 
> > videos) for anyone?!
> > 
> > В Wed, 15 Jun 2022 12:14:22 +0300
> > simwin  пишет:
> >   
> > > В Wed, 15 Jun 2022 02:59:29 +0300
> > > :
> > > 
> > > > I just compiled the newest version of Squid for Debian 11(bullseye) at:
> > > > https://www.ngtech.co.il/repo/debian/11/x86_64/
> > > > However you need to know how to install it and I cannot work on 
> > > > the installer now. It's also doesn't include all of my patches yet.
> > > > From what I have seen at:
> > > > https://packages.debian.org/bullseye/squid
> > > > The current version at bullseye is 4.13 so you'd better try first 5.6
> > > > before any other things.  
> > > 
> > > That is the good idea! 
> > > 
> > > I'm already in trying to compile and install the latest 5.6 squid 
> > > version.
> > > 
> > > I am in GMT+3 time zone. 
> > > 
> > > Let you know about 5.6 results a bit latter. Thank you!
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] There is the problems with instagram images and videos

2022-06-15 Thread andre.bolinhas 
TCP_TUNNEL/200 means that the proxy is able to establish a correct connection 
with the destination, do you have any firewall, antivirus, ad-blocker in 
between that could block the traffic?

Do not hesitate to contact me for any additional information.

Best regards,
André Bolinhas
www: articatech.net
Help Desk: support.artica.systems
Skype: andre.bolinas



-Mensagem original-
De: squid-users  Em Nome De simwin
Enviada: 15 de junho de 2022 16:48
Para: squid-users@lists.squid-cache.org
Assunto: Re: [squid-users] There is the problems with instagram images and 
videos

With the latest stable squid-5.6-20220607-rfca8b79b5 the result is the same
- no instagram photos and videos :(

The squid configs is default, please see all info below:

$ grep -vE '^$|^#' /etc/squid/squid.conf

acl localnet src 0.0.0.1-0.255.255.255  
acl localnet src 10.0.0.0/8 
acl localnet src 100.64.0.0/10  
acl localnet src 169.254.0.0/16 
acl localnet src 172.16.0.0/12  
acl localnet src 192.168.0.0/16 
acl localnet src fc00::/7   
acl localnet src fe80::/10  
acl SSL_ports port 443
acl Safe_ports port 80  # http
acl Safe_ports port 21  # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70  # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http

auth_param basic program /usr/libexec/squid/basic_ncsa_auth
/etc/squid/internet_users

acl auth_users proxy_auth REQUIRED
http_access allow auth_users
auth_param basic casesensitive on
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
http_port xxx.xxx.xxx.xxx:
coredump_dir /var/cache/squid
refresh_pattern ^ftp:   144020% 10080
refresh_pattern ^gopher:14400%  1440
refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
refresh_pattern .   0   20% 4320

Full squid.conf - https://pastebin.mozilla.org/JKSiBuvU/raw
Firefox 101 console errors - https://pastebin.mozilla.org/0Osvw45J/raw
Squid access.log - https://pastebin.mozilla.org/pOsXtMBW/raw
OS Debian 11

2All: Please answer: does squid works with instagram (and twitter videos) for 
anyone?!

В Wed, 15 Jun 2022 12:14:22 +0300
simwin  пишет:

> В Wed, 15 Jun 2022 02:59:29 +0300
> :
> 
> > I just compiled the newest version of Squid for Debian 11(bullseye) at:
> > https://www.ngtech.co.il/repo/debian/11/x86_64/
> > However you need to know how to install it and I cannot work on the 
> > installer now. It's also doesn't include all of my patches yet.
> > From what I have seen at:
> > https://packages.debian.org/bullseye/squid
> > The current version at bullseye is 4.13 so you'd better try first 
> > 5.6 before any other things.
> 
> That is the good idea! 
> 
> I'm already in trying to compile and install the latest 5.6 squid version.  
> 
> I am in GMT+3 time zone. 
> 
> Let you know about 5.6 results a bit latter. Thank you!
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users