Re: [squid-users] SQUID 3.1 + sslBump https interception and decryption
> From: Franz Angeli [mailto:franz.ang...@gmail.com] >> I configured one debian box with squid 3.1 (compiling it with ssl >> support) enabling sslBump feature with a self signed certificate, >> obviously browser and >> applications warn about the certificate but all seems to work. >> >> Is there a way to use trusted certificate for removing that warning >> (sorry for this dumb question but some applications doesn't permit >> certificate exception list like firefox for example)? > > If you have the signed certificate for the URL you're developing for, > then yes, you can use the certificate. For example, if your app is going > to app.squid-cache.org and you have the signed certificate for > app.squid-cache.org or *.squid-cache.org, then everything will be happy. > But, if you're trying to intercept the traffic for a third-party domain, > no, you can't. The best you can do, is to create your own CA and add the > public certificate to the browser/application, if it even allows you to. > Thank you for the informations And what about ICAP configuration? Some suggestion?
[squid-users] SQUID 3.1 + sslBump https interception and decryption
Hi,
I need for testing purpose (i have to test and debug several mobile
phone java application some of that using https/ssl) to intercept and
decrypt https traffic;
I configured one debian box with squid 3.1 (compiling it with ssl
support) enabling sslBump feature with a self signed certificate,
obviously browser and
applications warn about the certificate but all seems to work.
Is there a way to use trusted certificate for removing that warning
(sorry for this dumb question but some applications doesn't permit
certificate exception list like firefox for example)?
Another question is about ICAP, i read on Squid-cache wiki that is
possible to use ICAP server to inspect traffic ("While decrypted, the
traffic can be inspected using ICAP"), is there some hints regarding
which ICAP server use (C-ICAP? or other ICAP server) and some
configuration example about it? I didn't find many informations about.
Thanks for your patience
Best Regards
Franz
[squid-users] squid OWA attachment problem
Hi i have some strange error when some user try to attach file bigger than about 160kb on outlook webmail, in cache.log i have: 2009/08/12 09:35:55| sslWriteServer: FD 64: write failure: (104) Connection reset by peer. 2009/08/12 09:45:25| sslWriteServer: FD 76: write failure: (104) Connection reset by peer. 2009/08/12 10:12:55| sslWriteServer: FD 54: write failure: (104) Connection reset by peer. 2009/08/12 10:20:10| sslWriteServer: FD 35: write failure: (104) Connection reset by peer. i tried with direct connection (without proxy) and i don't have any problem. some suggestion? thanks in advance Franz
Re: [squid-users] Squid and OWA strange problem
Hi with "balance_on_multiple_ip off" all works fine, thanks for the support! 2008/4/26 Franz Angeli <[EMAIL PROTECTED]>: > I think you'are right! In my squid test environment Telecom OWA works > with balance_on_multiple_ip off, > > On monday i can test on production environment. > > Thank you Guido! > > > 2008/4/25 Guido Serassio <[EMAIL PROTECTED]>: > > > > Hi, > > > > > > At 10:04 25/04/2008, Franz Angeli wrote: > > > > > My squid server is only a cache proxy, reverse proxy on remote > > > exchange OWA server is some Microsoft ISA stuff. > > > > > > > I think there is something very wrong in this OWA server setup: > > > > C:\>nslookup mail.telecomitalia.it > > Server: titano.acmeconsulting.loc > > Address: 172.30.128.1 > > > > Non-authoritative answer: > > Name:mail.telecomitalia.it > > Addresses: 156.54.233.103, 156.54.233.102 > > > > Adding "balance_on_multiple_ip off" to your squid.conf should fix your > > problem. > > > > A round robin configuration for a OWA front-end is really a stupid > solution > > because OWA is a session based web application. > > > > I love the incompetency of Telecom Italia peoples . > > > > > > > > Regards > > > > Guido > > > > > > > > - > > > > Guido Serassio > > Acme Consulting S.r.l. - Microsoft Certified Partner > > Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY > > Tel. : +39.011.9530135 Fax. : +39.011.9781115 > > Email: [EMAIL PROTECTED] > > WWW: http://www.acmeconsulting.it/ > > > > >
Re: [squid-users] Squid and OWA strange problem
I think you'are right! In my squid test environment Telecom OWA works with balance_on_multiple_ip off, On monday i can test on production environment. Thank you Guido! 2008/4/25 Guido Serassio <[EMAIL PROTECTED]>: > Hi, > > > At 10:04 25/04/2008, Franz Angeli wrote: > > > My squid server is only a cache proxy, reverse proxy on remote > > exchange OWA server is some Microsoft ISA stuff. > > > > I think there is something very wrong in this OWA server setup: > > C:\>nslookup mail.telecomitalia.it > Server: titano.acmeconsulting.loc > Address: 172.30.128.1 > > Non-authoritative answer: > Name:mail.telecomitalia.it > Addresses: 156.54.233.103, 156.54.233.102 > > Adding "balance_on_multiple_ip off" to your squid.conf should fix your > problem. > > A round robin configuration for a OWA front-end is really a stupid solution > because OWA is a session based web application. > > I love the incompetency of Telecom Italia peoples . > > > > Regards > > Guido > > > > - > > Guido Serassio > Acme Consulting S.r.l. - Microsoft Certified Partner > Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY > Tel. : +39.011.9530135 Fax. : +39.011.9781115 > Email: [EMAIL PROTECTED] > WWW: http://www.acmeconsulting.it/ > >
Re: [squid-users] Squid and OWA strange problem
My squid server is only a cache proxy, reverse proxy on remote exchange OWA server is some Microsoft ISA stuff. 2008/4/25, Guido Serassio <[EMAIL PROTECTED]>: > Hi, > > > At 08:02 25/04/2008, Henrik Nordstrom wrote: > > > tor 2008-04-24 klockan 09:34 +0200 skrev Franz Angeli: > > > > > i use Squid Version 2.6.STABLE5 on Debian stable, i have strange > > > problem with this owa site: > > > > > > https://mail.telecomitalia.it > > > > > > If i try to login (with real or fake credentials) with squid login > > > page return to itself without any error!??! > > > > > > If i connect directly all works fine? > > > > First of all try upgrading. There has been some bugfixes to the > > connection pinning / forwarding of Microsoft "looks like HTTP but isn't" > > authentication. > > > > Just looked to the site: it's a Exchange 2007 OWA running form based > authentication over HTTPS. I'm using Squid 2.6 as a reverse proxy for my > Exchange 2003 OWA running the same configuration without problems. > > So, it shouldn't be an authentication problem on Squid, but I still don't > have verified if there are any so called "new features" in OWA 2007 ... > > Regards > > Guido > > > > - > > Guido Serassio > Acme Consulting S.r.l. - Microsoft Certified Partner > Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY > Tel. : +39.011.9530135 Fax. : +39.011.9781115 > Email: [EMAIL PROTECTED] > WWW: http://www.acmeconsulting.it/ > >
Re: [squid-users] Squid and OWA strange problem
Hi thanks for the information but yesterday i tried with a development server with squid 3 stable 2 and with squid 2.6 stable 18 but it's the same Franz 2008/4/25, Henrik Nordstrom <[EMAIL PROTECTED]>: > tor 2008-04-24 klockan 09:34 +0200 skrev Franz Angeli: > > > > i use Squid Version 2.6.STABLE5 on Debian stable, i have strange > > problem with this owa site: > > > > https://mail.telecomitalia.it > > > > If i try to login (with real or fake credentials) with squid login > > page return to itself without any error!??! > > > > If i connect directly all works fine? > > > First of all try upgrading. There has been some bugfixes to the > connection pinning / forwarding of Microsoft "looks like HTTP but isn't" > authentication. > > Regards > > Henrik > >
[squid-users] Squid and OWA strange problem
Hi i use Squid Version 2.6.STABLE5 on Debian stable, i have strange problem with this owa site: https://mail.telecomitalia.it If i try to login (with real or fake credentials) with squid login page return to itself without any error!??! If i connect directly all works fine? Someone have my same problem? Thanks in advance. Franz
