Re: [squid-users] after changed from 3.4.13 to 3.5.8 sslbump doesn't work for the site https://banking.postbank.de/

Hello Amos, thank you for your hints. On Thu, Sep 17, Amos Jeffries wrote: > > the relevant part ist: > > > > --snip-- > > acl nodecryptdomains dstdomain "/etc/squid/nodecrypt.domains" > > http_port MYIP:8080 ssl-bump cert=/etc/squid/ca.pem key=/etc/squid/ca.key > >

Re: [squid-users] build error with kernel headers 4.2

On Thu, Sep 17, 2015 at 05:24:10AM +, Eray Aslan wrote: > I am getting a bunch of build errors with kernel headers 4.2: Nevermind, found bug #4323. Sorry for the noise. -- Eray ___ squid-users mailing list squid-users@lists.squid-cache.org

Re: [squid-users] help with acl order and deny_info pages

On Thu, 17 Sep 2015 03:00:56 +1200 Amos Jeffries wrote: > On 17/09/2015 12:37 a.m., Marko Cupać wrote: > > Hi, > > > > I'm trying to setup squid in a way that it authenticates users via > > kerberos and grants different levels of web access according to ldap > > query of

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

17.09.15 10:50, Amos Jeffries пишет: On 17/09/2015 4:36 a.m., Yuri Voinov wrote: Hm. If I understand correctly, the right configuration must be: # Privoxy+Tor access rules never_direct allow CONNECT never_direct allow tor_url # Local Privoxy is cache parent cache_peer 127.0.0.1 parent 8118

[squid-users] kinda confused about Peek and Splice

Hello, I'm kinda confused about the "Peek and Splice" technique introduced in Squid 3.5.x. -- My goal is to allow CONNECT-method ONLY to certain web-pages (mainly banks, payment systems). The rest of https-sites should be allways bumped. - And this can

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

If I disable SSL bump for tunneled sites, I've got an error SSL: ssl_error_rx_record_too_long 17.09.15 10:50, Amos Jeffries пишет: On 17/09/2015 4:36 a.m., Yuri Voinov wrote: Hm. If I understand correctly, the right configuration must be: # Privoxy+Tor access rules never_direct allow

Re: [squid-users] Is it possible to send the connection, starting with the CONNECT, to cache-peer?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Squid 3.5.7 the same result: 1442420915.874 207879 127.0.0.1 TAG_NONE/200 0 CONNECT torproject.org:443 - HIER_DIRECT/2001:41b8:202:deb:213:21ff:fe20:1426 - 1442493956.863 168528 127.0.0.1 TAG_NONE/200 0 CONNECT torproject.org:443 -

Re: [squid-users] kinda confused about Peek and Splice

On 09/17/2015 04:00 AM, Marek Serafin wrote: > Hello, I'm kinda confused about the "Peek and Splice" technique > introduced in Squid 3.5.x. > -- > My goal is to allow CONNECT-method ONLY to certain web-pages (mainly > banks, payment systems). The rest of https-sites should be

Re: [squid-users] Custom external acl helpers in PHP

Hi, Amos! I followed your suggestion and rewrote the code using only one helper and a note ACL. It's working perfectly. Thank you! Walter ___ squid-users mailing list squid-users@lists.squid-cache.org

[squid-users] squid 3.5.7 for Windows (from Diladele) and kerberos auth

Hi, I am trying without success to use the "negotiate_kerberos_auth.exe" helper and "basic_smb_auth.exe" on a Windows 2008R2 server on a 2008R2 domain. Previously I have used mswin_negotiate_auth.exe and mswin_auth.exe from the last stable 2.7 build with no issues. Most of the instructions for