[squid-users] HTTPS proxy
Hi, We use Squid and SquidGuard to control webmails access, that work fine, but for those who use HTTPS protocole Squid/SquidGuard doesn't operate. Is it a way to control HTTPS as well HTTP trafic ? Thanks in advance for your reply. Sam. -- Ce message a été vérifié par MailScanner pour des virus ou des polluriels et rien de suspect n'a été trouvé.
RE: [squid-users] HTTPS proxy
Drop squidguard and use ufdbguard. It's the best. Thomas J. Raef -Original Message- From: Sam Przyswa [mailto:[EMAIL PROTECTED] Sent: Sunday, February 17, 2008 11:11 AM To: Squid Users List Subject: [squid-users] HTTPS proxy Hi, We use Squid and SquidGuard to control webmails access, that work fine, but for those who use HTTPS protocole Squid/SquidGuard doesn't operate. Is it a way to control HTTPS as well HTTP trafic ? Thanks in advance for your reply. Sam. -- Ce message a été vérifié par MailScanner pour des virus ou des polluriels et rien de suspect n'a été trouvé. No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.20.7/1284 - Release Date: 2/17/2008 2:39 PM No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.20.7/1284 - Release Date: 2/17/2008 2:39 PM
[squid-users] Squid, ISA and Sharepoint
Hey everyone, The company I am working for is trying to push MS ISA into the dmz... sigh. We currently run ISA on our internal network which all the machines talk to for their proxy which in turn talks to the squid server in the dmz as an upstream proxy. We have done it this way as the company wants to use SurfControl and name resolution seems to work better with ISA. They are installing a Sharepoint server which they will want to give access to people from the internet as well as internal. This brought up the debate on having the ISA server in the DMZ to do the authentication. We currently have squid already doing reverse proxy for some websites and works a treat. I believe they want to authenticate twice but I do not really see the point. They will have to authenticate with the sharepoint no matter what happens. Is it possible to get squid to authenticate a user using Active Directory while reverse proxying? Cheers, Simon
Re: [squid-users] Squid, ISA and Sharepoint
On Mon, Feb 18, 2008, Dwyer, Simon wrote: I believe they want to authenticate twice but I do not really see the point. They will have to authenticate with the sharepoint no matter what happens. Is it possible to get squid to authenticate a user using Active Directory while reverse proxying? I'm not sure if Squid can do NTLM authentication as an origin server. I know it can just pass through the requests and let the sharepoint server do authentication. Henrik? Robert? Kinkie? Adrian -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -
Re: [squid-users] Squid, ISA and Sharepoint
On Feb 18, 2008 7:37 AM, Adrian Chadd [EMAIL PROTECTED] wrote: On Mon, Feb 18, 2008, Dwyer, Simon wrote: I believe they want to authenticate twice but I do not really see the point. They will have to authenticate with the sharepoint no matter what happens. Is it possible to get squid to authenticate a user using Active Directory while reverse proxying? I'm not sure if Squid can do NTLM authentication as an origin server. I know it can just pass through the requests and let the sharepoint server do authentication. Henrik? Robert? Kinkie? It should work just fine, there's nothing in the code that I remember preventing it. The only way to be sure is just trying :) Authenticating in NTLM over the Internet however is, in my opinion, pointless and even dangerous - even Microsoft recommends against it (or at least used to). It allows anyone on the Internet to mount a wide range of DOS attacks against AD - I'm not talking about a performance DOS, what I'm referring to is the possibility to lock one (or all) users out of logging on their PC. -- /kinkie
[squid-users] strange memory use
Hello members, this is the stat info from squidclient's output: Cache information for squid: Request Hit Ratios: 5min: 99.9%, 60min: 99.9% Byte Hit Ratios:5min: 97.1%, 60min: 98.2% Request Memory Hit Ratios: 5min: 22.2%, 60min: 22.0% Request Disk Hit Ratios:5min: 25.9%, 60min: 25.9% Storage Swap size: 225816 KB Storage Mem size: 4404 KB Mean Object Size: 63.97 KB Requests given to unlinkd: 0 it said my storage mem size is 4404 KB, though I have set the cache_mem size to 1.8 GB in squid.conf: cache_mem 1800 MB maximum_object_size 2048 KB maximum_object_size_in_memory 128 KB half_closed_clients off memory_pools_limit 150 MB why request memory hit ratios is so low (about 22%), while squid has used so few memory (only 4M)? Thanks!