-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 14/11/2014 8:02 p.m., John Killimangalam Jacob wrote:
> Hi All,
>
> For my configuration to use the ssl bump, I am setting the number
> of sslcrtd_children to 50. But in the documentation it is written
> that "The maximum this may be safely set to
Hi All,
For my configuration to use the ssl bump, I am setting the number of
sslcrtd_children to 50. But in the documentation it is written that "The
maximum this may be safely set to is 32" . When I set it to 32, I am getting
warning that all 32/32 helpers are busy, consider increasing the n
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 14/11/2014 6:22 p.m., Hector Chan wrote:
> Hi Amos,
>
>> those lines you specify above go in (C). *if* they are needed at
>> all.
>
> But I don't have control over (C). It's off limits.
Then you have to trust that the admin in charge of it set i
Hi Amos,
> those lines you specify above go in (C). *if* they are needed at all.
But I don't have control over (C). It's off limits.
> In (B) goes:
>
> cache_peer forward-proxy.example.com parent 3128 0 name=C
>
> acl sendToC dstdomain origin-x.example.com origin-y.example.com
origin-z.example
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 14/11/2014 4:03 p.m., Hector Chan wrote:
> Ah, I think I have a typo in my question. Originally, I mentioned
> the following:
>
>> the logic of figuring out where to go to lies in (C).
>
> What I actually meant is "the logic that figuring out whe
Ah, I think I have a typo in my question. Originally, I mentioned the
following:
> the logic of figuring out where to go to lies in (C).
What I actually meant is "the logic that figuring out where to go lies in
(B)" (not C).
On Thu, Nov 13, 2014 at 5:14 PM, Hector Chan wrote:
> Hi Amos,
>
> T
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 13/11/2014 10:10 p.m., Lorenzo Gollinelli wrote:
> Thank you very much Amos,
>
> why then do we have the problem only if file is > 55kB? The bug
> your are referring (#4067) to is not listed in version 3.4 known
> bugs
I thinnks the size weirdness
Hi Amos,
Thanks for your reply. Let's say I have the following cache_peer lines in
(B), and the address for (C) is "forward-proxy.example.com:3128".
cache_peerorigin-x.example.comparent 443 0 no-query originserver ssl
cache_peerorigin-y.example.comparent 443 0 no-query originserv
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 14/11/2014 11:16 a.m., Job wrote:
> Hello Amos, thank you!
>
> I solved with this configuration:
>
> http_port 3128 http_port 192.168.10.254:3129 intercept https_port
> 192.168.10.254:3130 intercept ssl-bump connection-auth=off
> generate-host-cer
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 14/11/2014 10:36 a.m., Hector Chan wrote:
> Basically, what I am looking for is whether it's possible to set up
> the following:
>
> Client (A) --> Squid as Reverse Proxy (B) --> Squid as Forward
> Proxy (C) --> Origin Servers Depending on Client R
Hello Amos, thank you!
I solved with this configuration:
http_port 3128
http_port 192.168.10.254:3129 intercept
https_port 192.168.10.254:3130 intercept ssl-bump connection-auth=off
generate-host-certificates=on dynamic_cert_mem_cache_size=16MB
cert=/etc/squid/ssl/squid.pem key=/etc/squid/ssl/s
Basically, what I am looking for is whether it's possible to set up the
following:
Client (A) --> Squid as Reverse Proxy (B) --> Squid as Forward Proxy (C)
--> Origin Servers Depending on Client Request URI (D)
Depending on the client request from (A), (B) could route the request to
different ori
"rotate 2" means rotate 2 logs and delete anything older, so this is
equivalent to 2 days.
With my job, most of our servers, we use rotate 7 or rotate 14 for 1 or
2 weeks worth. Without drive scrubbing software, there is no easy way to
get those files back.
Also it may help to put the prerot
On Thursday 13 November 2014 at 19:50:36 (EU time), Hector Chan wrote:
> Hi,
>
> Does anyone have any idea how to setup squid (reverse proxy) behind a
> forward proxy ?
1. Set up Squid as a forward proxy on machine A for the clients.
2. Set up Squid as a reverse proxy on machine B for the serve
Hi,
Does anyone have any idea how to setup squid (reverse proxy) behind a
forward proxy ?
Thanks,
Hector
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Hello Team ,
I have a doubt with squid log file rotation ,my squid log file rotation is
configured this way in /etc/logrotate.d/squid3
/var/log/squid3/*.log {
daily
compress
delaycompress
rotate 2
missingok
nocreate
sharedscripts
pr
?I do not pay a cent, I do it myself :)
From: Sergey Tsabolov ( aka linuxman )
Sent: Thursday, November 13, 2014 2:50 PM
To: Rafael Akchurin; Garth Lancaster; squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Icap Squid Https/Http
Hello,
Nice way to f
Hello,
Nice way to filtering, I read them.
Only problem is supported by 64bit not 32bit, ok this is not big problem
we can change the hardware.
But I need ask, what Pricing Plans you choose for this, on Our None
Profit organization is not big problem but if you know the way without
pricing info
Hello Garth,
We are happily doing ICAP HTTPS filtering, see sample instructions at
http://docs.diladele.com/tutorials/transparently_filtering_https_centos/index.html.
It is even more simple if you do not need "intercept" style proxying.
Best regards,
Rafael Akchurin
Diladele B.V.
Thanks for your reply.
I used a PAC file with the following, it appears to be "HTTPS" instead of
"PROXY" to use:
function FindProxyForURL(url, host)
{
return "HTTPS https://mysquid.com:443/";;
}
But now when I navigate to any website (http or https), I receive a "This
connexion is not secured" m
Hi There
Is anyone able to confirm that https requests to squid proxy will be sent on to
the icap service? I am able to get normal http requests into icap which
displays a banner on the page.
I have tried the whole transparent ssl-bump route as well.
Thanks
Garth
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 13/11/2014 9:39 p.m., jcourtois wrote:
> Hi everyone,
>
> I've been trying to create a simple encrypted connexion in between
> a browser (that support https proxy connexion, I use Firefox 33 to
> do my test because it's supose to support it:
> htt
Thank you very much Amos,
why then do we have the problem only if file is > 55kB? The bug your are
referring (#4067) to is not listed in version 3.4 known bugs
Here are the headers for a working transaction (< 55kB):
HTTP/1.1 100 Continue
Connection: keep-alive
HTTP/1.1 200 OK
Server: gunicorn/
Hi everyone,
I've been trying to create a simple encrypted connexion in between a browser
(that support https proxy connexion, I use Firefox 33 to do my test because
it's supose to support it:
https://bugzilla.mozilla.org/show_bug.cgi?id=378637) and my squid located
ona remote server.
I don't wan
24 matches
Mail list logo
