Re: [squid-users] TPROXY with IPv6
W dniu 2012-12-20 10:48, Steve Hill pisze: Squid's TPROXY sockets only seem to bind to the IPv4 stack - Some Googling suggests it can be made to work with IPv6, but I've not found anything explaining how. What am I missing? Thanks. Search the list archives. I posted working config for ipv6 few months ago. Regards; Pawel Mojski
Re: [squid-users] Squid3 extremely slow for some website cnn.com
W dniu 2012-12-12 11:53, Muhammed Shehata pisze: Dears, Is there any on can help [...] Hi; Could you please tell me what is your deployment scenario? Regards; Pawel Mojski
Re: [squid-users] Squid 3.2.0.8 and SMP workers problem.
W dniu 2012-01-03 23:41, Amos Jeffries pisze: [...] config? tried 3.2.0.14? All works fine now. I made a mistake, squid had no rights to write var/run/squid/*.ipc files. Thanks for your help Amos. Regards; Pawel Mojski
[squid-users] Squid 3.2.0.8 and SMP workers problem.
Hi; I'm trying to use squid 3.2.0.8 in SMP environment. I want to run 4 workers. In normal configuration squid works fine, but when I add workers 4 parameter into config file squid runs (4 separately squid workers and 1 cord). But, none of them bind into :3128 port. In cache.log file I found: 2012/01/03 15:11:05 kid1| commBind: Cannot bind socket FD 12 to [::]: (13) Permission denied repeated for all instances. What I made wrong? Thanks in advance; Regards -- Paweł Mojski
[squid-users] SSLBump and intermedia CA Certificate.
Hi all. Finally I successful implemented ssl-bump with dynamic certificate generation feature. But, I don't know how to configure squid to use intermediate ca certificate. I generated Root CA, then using Root CA i signed Intermediate CA certificate and now, I want squid to use this Intermediate CA Certificate while generating certs for https connections. Then I want to import Root CA certificate into Windows PKI to solve Unknown CA error while surfing https pages. How can I do that? I'm looking around cafile, capath of ssl-bump options but nothing works for me. Regards; -- Paweł Mojski
[squid-users] How to download specified squid version.
Hi Guys; Regarding my problem with squid and ssl compilations I'd like to check the version specified by author of the patch, I mean: Squid v3.1 (r9820) this one. How can I download it? I couldn't find any way for it, no cvs (auth required) or svn. Regards; -- Paweł Mojski
[squid-users] Dynamic SSL certificate generation in intercept (transparent) mode.
Hi. I'm using squid ssl interception in transparent proxy mode. But, of course I have problem with invalid common name in any ssl transaction. I found this: ...We believe it is technically possible to implement dynamic certificate generation for transparent connections. Doing so requires turning Squid transaction handling steps upside down, so that the secure connection with the server is established /before/ the secure connection with the client. The implementation will be difficult, but it will allow Squid to get the server name from the server certificate and use that to generate a fake server certificate to give to the client. Quality patches or sponsorships welcomed. ... on squid wiki. So, maybe there is a related point on a road-map right now? Or maybe wome work-around usign 3rd-party application? I have to admit, i would be very welcome feature for me. Regards; -- Pawel Mojski
Re: [squid-users] Transparent proxy
Hi Guys; I'm new one on the list so at the beginning I'd like to say hello to all regular readers :) I'm using squid (3.1.1 at this moment) in huge service and I'm wondering about one think. c) Can squid proxy SSL requests transparently ? Yes. But only for one definition of transparent: the HTTP RFC definition. /pedant It will not handle NAT intercepted SSL. I have something like this in my squid.conf file: pl-waw1 ~ # grep transparent /etc/squid/squid.conf http_port 10.1.1.1:8080 transparent https_port 10.1.1.1:8443 transparent sslBump cert=/etc/squid/cert.pem And it works very fine with DNAT redirection. Also, please anyone explain me what is the difference in deprecated sslBump and new one ssl-bump. I tried to upgrade squid, but to new sslbumping format was not working fine. How should I use it? Regards; -- Paweł Mojski
