Re: [squid-users] 2.7 upstream parent (cache_peer) connection reset. Child how to handle?
Hi Amos, the PoC is for a project involving malware inspection, a personal project. I tried to chain 2 Squids as part of solution. The AV perform the check on the wire before actually allowing Parent Squid to get hold of it. I.e. Client -- ... ... - Parent Squid -- AV (inspects HTTP, it it is 'infected', do a TCP Disconnect as seen on Sysinternals Procmon) -- Website *There was no TCP Disconnect for 'clean' pages. From what I observe when the client is directly connected to the Parent Squid, I got the following message in Parent. I am OK with this message in Parent, but how can I let the Child also know that and display similar message when Parent got it instead of hung? --- ERROR The requested URL could not be retrieved While trying to retrieve the URL: http://www.eicar.org/download/eicar.com.txt The following error was encountered: * Read Error The system returned: (10054) WSAECONNRESET, Connection reset by peer. An error condition occurred while reading data from the network. Please retry your request. Your cache administrator is webmaster. Generated Fri, 21 May 2010 15:29:41 GMT by test-caf801f8d2 (squid/2.7.STABLE8) --- thanks, James Tan
[squid-users] 2.7 upstream parent (cache_peer) connection reset. Child how to handle?
Hi, I have a PoC of 2 Squids. One act as Parent and the other as Child. I tested a website that Parent will cause browser (directly configured to use Parent as proxy) to received connection reset. Other web pages are passed and viewed normally. When I tried to chain Child to Parent, and the browser (configured to use Child), the browser hung on the 'reset' page until The requested URL could not be retrieved. Other normal pages are retrieved and viewed fine. Browser -- Child -- Parent -- 'reset' Site (http://www.eicar.org/download/eicar_com.zip) = hung-then-failed. Browser -- Parent -- 'reset' Site (http://www.eicar.org/download/eicar_com.zip) = immediate received conn reset view. How can I configure the Child to see what the Parent see? By the way, I am using a malware/AV scan engine on the Parent OS, thus the conn reset when chanced bad sites/pages e.g. EICAR test. thanks, James Tan
[squid-users] Re: SQUID 3.1 + sslBump https interception and decryption
Here is the link - http://jez4christ.com/view/archives/127 Left that out in my earlier response to you. thanks, James Tan
[squid-users] Re: SQUID 3.1 + sslBump https interception and decryption
Hi Franz Angeli, take a look at my recent attempt to decrypt SSL (terminate) using Squid and ICAP, might be useful to you. Chanced upon your message when digging for more information relating to Squid and ICAP solutions for a personal project. thanks, James Tan
[squid-users] Re: SQUID 3.1 + sslBump https interception and decryption
Franz Angeli franz.angeli at gmail.com writes: And what about ICAP configuration? Some suggestion? Hi Franz Angeli, here's the link - http://jez4christ.com/view/archives/127 to my recent attempt to decrypt SSL and having ICAP with SQUID. Am new to GMANE so did not get my earlier response to you. I chanced upon your post when digging SQUID and ICAP related postings for a personal project. thanks, James Tan