[squid-users] squid 3.2.0.17 + transparent + sslbump
Hi I know this question has been asked before but I didn't quite comprehend the answer. I have got squid working as an explicit SSL proxy using SSLbump with Dynamic SSL certs. I have also managed to get it working as a transparent proxy. When I try the combination of the above 2 it doesn't seem to work. It seems to be rewriting my https requests to http. Also dynamic ssl certs doesn't seem to be working. However squid definitely intercepts the request so it seems like the NAT bit is fine. When I browse a website that's listening on 443 only I get "Zero Sized Reply" and when I browse a website that's listening on both 80/443 it works sometimes but the certificate is wrong. This person seems to have it working http://dvas0004.wordpress.com/2011/03/22/squid-transparent-ssl-interception/ and I am pretty much copying his config. Here is my relevant config --- http_port 3128 transparent https_port 3129 transparent ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl/proxy.pem http_port 8080 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl/proxy.pem always_direct allow all ssl_bump allow all # the following two options are unsafe and not always necessary: sslproxy_cert_error allow all sslproxy_flags DONT_VERIFY_PEER -- Thanks Daniel
RE: [squid-users] squid 3.2.0.17 + transparent + sslbump
Thanks Ahmed, That worked, well sort of anyway. Squid is now successfully transparently intercepting SSL but as stated on the wiki, certificate rewrite doesn't work. So I guess the only real solution is explicit proxy. I tried to play around with WPAD + PAC but that is only useful when PCs are on a corporate network with centrally managed DNS/DHCP. My clients are home users with their own broadband routers which manage their own DHCP. So any ideas what I can do if I want to set up a proxy service for SSL with minimum effort required from users and no control of DHCP? Thanks Daniel -Original Message- From: Ahmed Talha Khan [mailto:aun...@gmail.com] Sent: 17 April 2012 10:21 To: Daniel Niasoff Cc: squid-users@squid-cache.org Subject: Re: [squid-users] squid 3.2.0.17 + transparent + sslbump > Hi > > I know this question has been asked before but I didn't quite comprehend the > answer. > > I have got squid working as an explicit SSL proxy using SSLbump with Dynamic > SSL certs. > > I have also managed to get it working as a transparent proxy. > > When I try the combination of the above 2 it doesn't seem to work. > > It seems to be rewriting my https requests to http. Also dynamic ssl certs > doesn't seem to be working. However squid definitely intercepts the request > so it seems like the NAT bit is fine. I am not sure about the code in 3.2 but i faced a similar issue in 3.1.19 and i think the problem is still lurking in 3.2 as well. You might want to look at http://bugs.squid-cache.org/show_bug.cgi?id=2976. There is a hard-coded value that causes all requests to be forcibly written to "http" even "https". You can reverse it via this patch http://bugs.squid-cache.org/attachment.cgi?id=2375 > > When I browse a website that's listening on 443 only I get "Zero Sized Reply" > and when I browse a website that's listening on both 80/443 it works > sometimes but the certificate is wrong. > > This person seems to have it working > > http://dvas0004.wordpress.com/2011/03/22/squid-transparent-ssl-interce > ption/ > > and I am pretty much copying his config. > > Here is my relevant config > > --- > http_port 3128 transparent > https_port 3129 transparent ssl-bump generate-host-certificates=on > dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl/proxy.pem > http_port 8080 ssl-bump generate-host-certificates=on > dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl/proxy.pem > > always_direct allow all > ssl_bump allow all > # the following two options are unsafe and not always necessary: > sslproxy_cert_error allow all > sslproxy_flags DONT_VERIFY_PEER > -- > > Thanks > > Daniel > > -- Regards, -Ahmed Talha Khan
RE: [squid-users] squid 3.2.0.17 + transparent + sslbump
I suppose so. Was hoping for a more "magical" solution that would just work. -Original Message- From: Amos Jeffries [mailto:squ...@treenet.co.nz] Sent: 17 April 2012 11:21 To: squid-users@squid-cache.org Subject: Re: [squid-users] squid 3.2.0.17 + transparent + sslbump On 17/04/2012 10:16 p.m., Daniel Niasoff wrote: > Thanks Ahmed, > > That worked, well sort of anyway. > > Squid is now successfully transparently intercepting SSL but as stated on the > wiki, certificate rewrite doesn't work. > > So I guess the only real solution is explicit proxy. > > I tried to play around with WPAD + PAC but that is only useful when PCs are > on a corporate network with centrally managed DNS/DHCP. > > My clients are home users with their own broadband routers which manage their > own DHCP. > > So any ideas what I can do if I want to set up a proxy service for SSL with > minimum effort required from users and no control of DHCP? You can publish the details of your proxy and PAC file, encouraging them to make use of it for faster Internet. Amos
[squid-users] Transparent interception MTU issues
Hi, I am accessing squid through a PPTP tunnel and have a lower MTU as a result. I am able to use squid ok as an explicit proxy however when trying transparent interception many pages timeout and don't open. I guess this is because of MTU issues. I have tried "http_port 3129 intercept disable-pmtu-discovery=always" but to no avail. I am using 3.2.0.17. Any ideas? Thanks Daniel
RE: [squid-users] Transparent interception MTU issues
Hi Amos, Seems like I was mistaken. It looked and felt like MTU issues but disappeared when I compiled squid 3.2 from the latest sources. I am wondering if it's related to this bug http://bugs.squid-cache.org/show_bug.cgi?id=3528 Thanks Daniel -Original Message- From: Amos Jeffries [mailto:squ...@treenet.co.nz] Sent: 16 May 2012 03:36 To: squid-users@squid-cache.org Subject: Re: [squid-users] Transparent interception MTU issues On 16.05.2012 09:53, Daniel Niasoff wrote: > Hi, > > I am accessing squid through a PPTP tunnel and have a lower MTU as a > result. > > I am able to use squid ok as an explicit proxy however when trying > transparent interception many pages timeout and don't open. > > I guess this is because of MTU issues. Likely. But Please check your guesses before looking for a fix to them. ping -s 1499 ... PMTU response or lost packet? > > I have tried "http_port 3129 intercept disable-pmtu-discovery=always" > but to no avail. > > I am using 3.2.0.17. > > Any ideas? If it actually is MTU issues, fix them. * Enable ICMP control messages to cross the network. * set MTU and/or MSS on the tunnel entrance to an appropriate low value. Amos
RE: [squid-users] Linux + TPROXY + Remote Squid
Hi All, I'm jumping in the middle here but I have tproxy working with a separate router as follows; Here are the rules from my router. # Don.t mark webcache traffic $IPTABLES -t mangle -A PREROUTING -j ACCEPT -p tcp --dport 80 -s $SQUID # Internal subnets to exclude $IPTABLES -t mangle -A PREROUTING -j ACCEPT -p tcp --dport 80 -d 192.168.0.0/16 #Don.t cache internal $IPTABLES -t mangle -A PREROUTING -j ACCEPT -p tcp --dport 80 -s 192.168.0.0/16 #Don.t cache internal # Now mark our traffic $IPTABLES -t mangle -A PREROUTING -j MARK --set-mark 5 -p tcp --dport 80 ip rule add fwmark 5 table 5 ip route add default via $SQUID dev bond0.8 table 5 On my squid box I have the following Iptables rules *mangle :PREROUTING ACCEPT [47356:2123379] :INPUT ACCEPT [44233:3551720] :FORWARD ACCEPT [14057:711976] :OUTPUT ACCEPT [27932:3507208] :POSTROUTING ACCEPT [42005:4222687] :DIVERT - [0:0] -A PREROUTING -p tcp -m socket -j DIVERT -A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY --on-port 3129 --on-ip 0.0.0.0 --tproxy-mark 0x1/0x1 -A DIVERT -j MARK --set-xmark 0x1/0x -A DIVERT -j ACCEPT COMMIT #This makes sure that the traffic comes back to this squid box. *nat :PREROUTING ACCEPT [627:29853] :POSTROUTING ACCEPT [46:2562] :OUTPUT ACCEPT [93:5582] -A POSTROUTING -s 10.0.0.0/8 -o eth0 -p tcp -m tcp --dport 80 -j SNAT --to-source #SQUIDIP COMMIT ip -f inet rule add fwmark 1 lookup 100 ip -f inet route add local default dev eth0 table 100 This system works well for me and I have multiple squid proxies is a transparent load balanced config (using Linux virtual server) I've had 10 or 15 users testing it and with no complaints so far but I had to use the latest source code (not build 3.2.0.17) Hatzlacha Daniel -Original Message- From: Eliezer Croitoru [mailto:elie...@ngtech.co.il] Sent: 31 May 2012 21:17 To: Thomas York Cc: squid-users@squid-cache.org Subject: Re: [squid-users] Linux + TPROXY + Remote Squid the marking is not all the thing. you should also use routing tables based on the marking so in the prerouting mangle you mark and then the routing tables are compatible with the routing table. i will think of something. but it's out of the scope of squid and moving to routing. Eliezer On 31/05/2012 19:26, Thomas York wrote: > A TPROXY isn't useless just because I'm using NAT. The whole point of > using TPROXY is that it will also work with IPv6 (since iptables lacks > NAT capability with IPv6, which is fine). I'm marking and diverting > connections from eth2, because that's the interface that has clients > connected to it. > > I had a separate table and marking for return port 80 data on the > router (eth0), but it didn't make any difference. I had the same issue > that I have now. As of this point, the only working solution I've seen > is to consolidate the proxy and the router. I REALLY hate to do this, > but at this point it looks like my only working solution. > > -- Thomas York > -Original Message- > From: Eliezer Croitoru [mailto:elie...@ngtech.co.il] > Sent: Thursday, May 31, 2012 12:03 PM > To: Thomas York > Cc: squid-users@squid-cache.org > Subject: Re: [squid-users] Linux + TPROXY + Remote Squid > > well as i was suspecting you made the scenario from a movie. > in the real world you will design it a little different. > here a picture on the net: > http://cloud.ngtech.co.il/public.php?service=files&token=d88ff9e412a47 > a2842c b8ac7137c6227f196d8f2&path=/squid-net.png > > > in yout specific case you are natting the internet access anyway so a > tproxy is useless. > i'm still trying to understand why you are marking and diverting the > connections from eth2. > > you have one problem in this specific case. > you are trying to do some marking that will direct the clients into > this router in a loop from the clients to router and then from router > to squid and from squid to box using the same source ip of the client > in this part you will get a big loop. > > what you should do is a marking of packets coming from each interface > differently and by this mark define 2 routing tables: > one that marked for squidbox because it came from the eth1 1 another > mark is for packets that are comming on interface eth5 and are to port > 80 will be marked 2 and will be routed\nated to the gw on eth0 another > mark is on the > eth0 interface when packets are coming from the http server it should > be routed to squidbox. > > if you do ask me i would have put squidbox in the eth0 net and do the > nat on squidbox instead of on the router. > > > Eliezer > > > text summary: > win7 eth0 10.1.1.253/24 > gw 10.1.1.254 > > FW > eth0 10.1.17.158/24 > gw 10.1.17.254 > > eth1 10.1.1.254/24 > eth5 10.0.1.254/24 > > iptables: > *nat > -A POSTROUTING -o eth0 -j MASQUERADE > COMMIT > > *mangle > :PREROUTING ACCEPT [126:15633] > :INPUT ACCEPT [126:15633] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [67:8420] > :POSTROUTING ACCEPT [67:8420] > :DIVERT - [0:0] > -A PREROUTI
RE: [squid-users] RE: Unable to access a website through Suse/Squid.
Hi Omid, I had exactly the same issue and it bothered me for ages. Tried all the steps that you took but to no avail. Finally I tried upgrading to the latest source code and the problem disappeared. I'm not very technical but I'm guessing it's related to this bug http://bugs.squid-cache.org/show_bug.cgi?id=3528 Daniel -Original Message- From: Omid Kosari [mailto:omidkos...@yahoo.com] Sent: 07 June 2012 18:14 To: squid-users@squid-cache.org Subject: [squid-users] RE: Unable to access a website through Suse/Squid. i have checked everything in this thread . also i have done every tips from http://squidproxy.wordpress.com/2007/06/05/thinsg-to-look-at-if-websites-are-hanging/ http://squidproxy.wordpress.com/2007/06/05/thinsg-to-look-at-if-websites-are-hanging/ but unfortunately some websites does not open through squid. note1: web sites will open if i manually set proxy settings in my browser ( port 3128 ) but when route the traffic to squid ( port 3129 tproxy ) they don't open . note2: squid server can open those websites simply with lynx . note3: i tested with changing mss even below 500 , changing mtu of router interface and squid interface below 1200 , disabling ECN and WSS etc . no success nothing special in log files even with debug level more than 3 . ubuntu 12.04 server LTS 64bit . squid Version 3.1.19 most of websites work fine but few of them have problem -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Unable-to-access-a-website-through-Suse-Squid-tp1019434p4655294.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] SSL Interception Error
Hi I have been using SSLBUMP for quite a while and it has been working really nicely. One new user has started testing it (from a Windows 7 client) and they are unable to open SSL sites. Other users in the same location on Windows PCs are able to open these sites without a problem but this user cannot. As it's a windows PC the first thing we tried was a reboot but to no avail. The issue that the user is getting is the certificate is being generated for http instead of http://www.google.co.uk for example. Even if they override the certificate warning I don't think the page opens up. Any ideas? Thanks Daniel
RE: [squid-users] SSL Interception Error
Hi Amos, Sorry what I means was that in the issued to of the certificate it should say "Issued to: www.google.co.uk" but instead it says "Issued to: http" Thanks Daniel >-Original Message- >From: Amos Jeffries [mailto:squ...@treenet.co.nz] >Sent: 08 June 2012 09:41 >To: squid-users@squid-cache.org >Subject: Re: [squid-users] SSL Interception Error >On 8/06/2012 10:02 a.m., Daniel Niasoff wrote: >> Hi >> >> I have been using SSLBUMP for quite a while and it has been working really >> nicely. >Implication: it is probably not an ssl-bump issue. > >One new user has started testing it (from a Windows 7 client) and they are > >unable to open SSL sites. Other users in the same location on Windows PCs > >are able to open these sites without a problem but this user cannot. As it's > >a windows PC the first thing we tried was a reboot but to no avail. >> >> The issue that the user is getting is the certificate is being generated for >> http instead of http://www.google.co.uk for example. >So where does the http:// protocol scheme come from? certs only list the >domain name. >Amos
[squid-users] SSL Bump "Zero Sized Reply"
: SSL Bump "Zero Sized Reply" Hi, I am using SSL Bump in 3.3.0.2. Here is my config. always_direct allow all ssl_bump server-first all cache deny ssl cache allow all 99% of the time it works ok but when I try to login to certain sites or make payments on shopping sites I quite often get "zero sized reply" on submitting my details. This occurs whether I use squid as a transparent or explicit proxy. Paypal is a good example where this occurs. Any ideas? Thanks Daniel
[squid-users] FW: SSL Bump "Zero Sized Reply"
Just tried latest source from trunk and problem still occurs. Zero Sized Reply Squid did not receive any data for this request. -Original Message- From: Daniel Niasoff Sent: 26 December 2012 02:42 To: 'squid-users@squid-cache.org' Subject: SSL Bump "Zero Sized Reply" :SSL Bump "Zero Sized Reply" Hi, I am using SSL Bump in 3.3.0.2. Here is my config. always_direct allow all ssl_bump server-first all cache deny ssl cache allow all 99% of the time it works ok but when I try to login to certain sites or make payments on shopping sites I quite often get "zero sized reply" on submitting my details. This occurs whether I use squid as a transparent or explicit proxy. Paypal is a good example where this occurs. Any ideas? Thanks Daniel
[squid-users] Squid Hangs
Hi, I regularly get squid hangs (around once a month or so). When I say hang, I mean browsing through Squid runs very slowly and CPU utilisation is 100%. I just restart squid to clear the hang. I ran squid -k debug during the hang and I will past the output below. Any ideas? Thanks Daniel 2013/08/04 01:45:47.867 kid1| AsyncCallQueue.cc(53) fireNext: leaving comm_close_complete(FD 688) 2013/08/04 01:45:47.867 kid1| AsyncCallQueue.cc(51) fireNext: entering ConnStateData::clientReadRequest(local=108.160.163.45:80 remote=10.11.187.65 flags=17, errno=11, flag=-10, data=0x7f99ef0c3dc8, size=0, buf=0x7f99eca46750) 2013/08/04 01:45:47.867 kid1| AsyncCall.cc(30) make: make call ConnStateData::clientReadRequest [call1052636] 2013/08/04 01:45:47.867 kid1| AsyncJob.cc(117) callStart: ConnStateData status in: [ job15215] 2013/08/04 01:45:47.867 kid1| client_side.cc(2924) clientReadRequest: local=108.160.163.45:80 remote=10.11.187.65 flags=17 size 0 2013/08/04 01:45:47.867 kid1| client_side.cc(2931) clientReadRequest: local=108.160.163.45:80 remote=10.11.187.65 flags=17 closing Bailout. 2013/08/04 01:45:47.867 kid1| AsyncJob.cc(146) callEnd: ConnStateData status out: [ job15215] 2013/08/04 01:45:47.867 kid1| AsyncCallQueue.cc(53) fireNext: leaving ConnStateData::clientReadRequest(local=108.160.163.45:80 remote=10.11.187.65 flags=17, errno=11, flag=-10, data=0x7f99ef0c3dc8, size=0, buf=0x7f99eca46750) 2013/08/04 01:45:47.867 kid1| AsyncCallQueue.cc(51) fireNext: entering ConnStateData::connStateClosed(FD -1, data=0x7f99ef0c3dc8) 2013/08/04 01:45:47.867 kid1| AsyncCall.cc(30) make: make call ConnStateData::connStateClosed [call1051337] 2013/08/04 01:45:47.867 kid1| AsyncJob.cc(117) callStart: ConnStateData status in: [ job15215] 2013/08/04 01:45:47.867 kid1| AsyncJob.cc(49) deleteThis: ConnStateData will NOT delete in-call job, reason: ConnStateData::connStateClosed 2013/08/04 01:45:47.867 kid1| AsyncJob.cc(131) callEnd: ConnStateData::connStateClosed(FD -1, data=0x7f99ef0c3dc8) ends job [Stopped, reason:ConnStateData::connStateClosed job15215] 2013/08/04 01:45:47.867 kid1| client_side.cc(777) swanSong: local=108.160.163.45:80 remote=10.11.187.65 flags=17 2013/08/04 01:45:47.867 kid1| clientStream.cc(225) clientStreamDetach: clientStreamDetach: Detaching node 0x7f99edba3af8 2013/08/04 01:45:47.867 kid1| clientStream.cc(310) clientStreamFree: Freeing clientStreamNode 0x7f99edba3af8 2013/08/04 01:45:47.867 kid1| clientStream.cc(246) clientStreamDetach: clientStreamDetach: Calling 1 with cbdata 0x7f99ece97490 2013/08/04 01:45:47.867 kid1| clientStream.cc(225) clientStreamDetach: clientStreamDetach: Detaching node 0x7f99eae3a568 2013/08/04 01:45:47.867 kid1| clientStream.cc(310) clientStreamFree: Freeing clientStreamNode 0x7f99eae3a568 2013/08/04 01:45:47.867 kid1| store_client.cc(693) storeUnregister: storeUnregister: called for '6E498BCF45BBB7AC0519E3E7A1136DB6' 2013/08/04 01:45:47.867 kid1| store_swapout.cc(375) mayStartSwapOut: already rejected 2013/08/04 01:45:47.867 kid1| MemObject.cc(272) expectedReplySize: object_sz: 3283 2013/08/04 01:45:47.867 kid1| store_dir.cc(824) maybeTrimMemory: keepInLocalMemory: 1 2013/08/04 01:45:47.867 kid1| store_client.cc(782) storePendingNClients: storePendingNClients: returning 0 2013/08/04 01:45:47.867 kid1| store.cc(570) unlock: StoreEntry::unlock: key '6E498BCF45BBB7AC0519E3E7A1136DB6' count=1 2013/08/04 01:45:47.867 kid1| client_side_request.cc(291) ~ClientHttpRequest: httpRequestFree: http://notify1.dropbox.com/subscribe?host_int=339437646&ns_map=164883234_35437940042530&user_id=101470670&nid=0&ts=1375577316 2013/08/04 01:45:47.867 kid1| HttpHeader.cc(713) packInto: packing hdr: (0x7f99ed9989b8) 2013/08/04 01:45:47.867 kid1| HttpHeader.cc(713) packInto: packing hdr: (0x7f99ed9989b8) 2013/08/04 01:45:47.867 kid1| HttpHeader.cc(713) packInto: packing hdr: (0x7f99ef8c41d8) 2013/08/04 01:45:47.867 kid1| History.cc(40) processingTime: current total: 57138 0x7f99eb9e3550 2013/08/04 01:45:47.867 kid1| FilledChecklist.cc(77) ~ACLFilledChecklist: ACLFilledChecklist destroyed 0x7f99ec1bdeb8 2013/08/04 01:45:47.867 kid1| Checklist.cc(334) ~ACLChecklist: ACLChecklist::~ACLChecklist: destroyed 0x7f99ec1bdeb8 2013/08/04 01:45:47.868 kid1| store.cc(570) unlock: StoreEntry::unlock: key '6E498BCF45BBB7AC0519E3E7A1136DB6' count=0 2013/08/04 01:45:47.868 kid1| store_client.cc(782) storePendingNClients: storePendingNClients: returning 0 2013/08/04 01:45:47.868 kid1| store.cc(1261) release: storeRelease: Releasing: '6E498BCF45BBB7AC0519E3E7A1136DB6' 2013/08/04 01:45:47.868 kid1| store.cc(466) destroyStoreEntry: destroyStoreEntry: destroying 0x7f99edc2bdf8 2013/08/04 01:45:47.868 kid1| store.cc(444) destroyMemObject: destroyMemObject 0x7f99eb6832e0 2013/08/04 01:45:47.868 kid1| MemObject.cc(111) ~MemObject: del MemObject 0x7f99eb6832e0 2013/08/04 01:45:47.868 kid1| ctx: enter level 0: 'http://notify1.dropbox.com/subscribe?host_int=33
[squid-users] SslBumped request: It is an encapsulated request do not authenticate
Hi, We are using Squid with SslBump/ Our users are sporadically getting "access denied" errors so I did a bit of debugging and saw this. 2013/08/21 01:24:49.900 kid1| Acl.cc(336) matches: ACLList::matches: checking authenticated 2013/08/21 01:24:49.900 kid1| Acl.cc(319) checklistMatches: ACL::checklistMatches: checking 'authenticated' 2013/08/21 01:24:49.900 kid1| Acl.cc(28) AuthenticateAcl: SslBumped request: It is an encapsulated request do not authenticate 2013/08/21 01:24:49.900 kid1| UserRequest.cc(93) valid: Validated. Auth::UserRequest '0x7f0ce933b8c0'. 2013/08/21 01:24:49.900 kid1| User.cc(38) authenticated: User not authenticated or credentials need rechecking. Does this mean it's impossible to authenticate a SslBumped request. What's strange is the access log is showing the request with a username which indicates the request was authenticated! Also when the user refreshes the problem usually disappears. Currently the authentication helper was set to 6 minutes (for testing) and I have increased it to 60 minutes. Any ideas? Thanks Daniel
[squid-users] Squid 24/7 outsourced technical support
Hi, I guess this should be a good place to post this question. Looking for a company that can provide 24/7 level 3 infrastructure support services for a cloud filtering service based on Squid and many other open source (+commercial) components. Essentially an outsourced NOC service. There are literally 1000s of these companies on the Internet but looking for one with good experience with Squid and proxying ideally. Anyone got any ideas. Thanks Daniel
RE: [squid-users] Squid 24/7 outsourced technical support
Thanks Amos, I should have looked there first :) -Original Message- From: Amos Jeffries [mailto:squ...@treenet.co.nz] Sent: 12 May 2014 16:45 To: squid-users@squid-cache.org Subject: Re: [squid-users] Squid 24/7 outsourced technical support On 13/05/2014 1:54 a.m., Daniel Niasoff wrote: > Hi, > > I guess this should be a good place to post this question. > > Looking for a company that can provide 24/7 level 3 infrastructure support > services for a cloud filtering service based on Squid and many other open > source (+commercial) components. > > Essentially an outsourced NOC service. > > There are literally 1000s of these companies on the Internet but looking for > one with good experience with Squid and proxying ideally. > > Anyone got any ideas. > > Thanks > > Daniel > > Hi Daniel, If you dont get any responses from this post. http://www.squid-cache.org/Support/services.html contains an alphabetical list of companies which have made the effort to register their interest in supporting Squid commercially. Amos
