Same here—I've been meaning to ask the list about this too. I’m still on 3.5.9,
by the way.
> On 6 Oct 2015, at 10:55 PM, Roel van Meer wrote:
>
> Hi everyone,
>
> I have a Squid setup on a linux box with transparent interception of both
> http and https traffic. Everything worked fine with S
On 8/10/2015 8:18 a.m., nando mendonca wrote:
> Hi,
>
> I have squid 3.1 installed using ldap authentication. When i access a
> browser i enter my ldap credentials and it works fine. I’m able to browse
> all sites without any issues.
>
>
> Is there a way to use ldap groups to allow certain group
On 8/10/2015 11:44 a.m., Tory M Blue wrote:
> X-Cnection: close
>
> X-Cnection ??
>
> Can someone explain that one to me, don't recall seeing it in previous
> releases
>
Some HTTP agents mangle the "Connection:" header name as a way to
disable it rather than removing like they should.
Unless y
Hello to everyone. As you can read in the subject, this message is off topic,
but if you forgive me I want to invite you to participate in the 6th FOSS
International Workshop that will be held in Havana, Cuba, from March 14th to
18th, 2016 organized by the Free Software Center from the Universi
X-Cnection: close
X-Cnection ??
Can someone explain that one to me, don't recall seeing it in previous
releases
Thanks
Tory
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Dear
1. Its Legal i think
2. Which OS i should choose to run squid on it fulfill my requirements
3. please give any good tatorial example for ssl bump to work with that.
4. and alos explian about store ID...
i need to get it done as my bandwidth is being choked due to facebook,
playstore, wind
Hi,
I have squid 3.1 installed using ldap authentication. When i access a
browser i enter my ldap credentials and it works fine. I’m able to browse
all sites without any issues.
Is there a way to use ldap groups to allow certain groups access to a few
sites on the internet and then pretty much b
On 07.10.2015 16:48, Amos Jeffries wrote:
or
sslcrtvalidator_program cache=8192 ttl=240 /usr/lib64/squid/cert_valid.pl
sslcrtvalidator_children 12 startup=5 idle=1 concurrency=1
can I have a working sample of valid_cert.pl that results
in an "access denied" or any other error page of squid?
An
On 8/10/2015 3:17 a.m., Walter H. wrote:
> On 07.10.2015 11:05, Amos Jeffries wrote:
>> On 7/10/2015 4:27 a.m., Alex Rousskov wrote:
>>> On 10/06/2015 01:27 AM, Jason Haar wrote:
Good catch - I don't think squid does CRL/OCSP checks
But this is a bug in squid - this means untrustworthy ce
On Thu, 24 Sep 2015 23:02:35 +1200
Amos Jeffries wrote:
> On 24/09/2015 7:30 p.m., Marko Cupać wrote:
> > On Sun, 20 Sep 2015 21:43:26 +1200
> > Amos Jeffries wrote:
> >
> >> On 17/09/2015 7:24 p.m., Marko Cupać wrote:
> >>> On Thu, 17 Sep 2015 03:00:56 +1200
> >>> Amos Jeffries wrote:
> >>>
>
On 07.10.2015 11:05, Amos Jeffries wrote:
On 7/10/2015 4:27 a.m., Alex Rousskov wrote:
On 10/06/2015 01:27 AM, Jason Haar wrote:
Good catch - I don't think squid does CRL/OCSP checks
But this is a bug in squid - this means untrustworthy certs become
trusted again - not a good look
IIRC, Squid
> Hi Fred,
>
> Good news! Can you say what are the numbers behind "significantly
> reduced" ?
>
> Thanks
> Marcus
Hi Marcus,
Load average reduced, at least, by two ( 5 -> 2) CPU usage -+ 20% reduced, no
memory difference
Caution, no difference at all with a low load, perhaps with less than
Hi Amos!
Resolved: in squid.conf i have to write ip:port instead of :port.
As example, 192.168.10.254:3129 works with interception.
Only with :3129 it does not works!
Francesco
Da: squid-users [squid-users-boun...@lists.squid-cache.org] per conto di Job
Hello,
i can intercept SSL Bumped connection actually.
But in squid logs i have this error, and clients disolay a squid error page.
These are the logs:
fwdNegotiateSSL: Error negotiating SSL connection on FD 20:
error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest
al
On Wednesday 07 October 2015 at 14:04:18, Cristiano Nunes wrote:
> I thought that there were something broken is the workstation like old
> Java or missing flash... A part of been tested in more than one
> workstation, I NATed one of the workstation, by passing Squid, and it
> worked flawless,
On 10/07/2015 09:00 AM, FredB wrote:
Just FI
With high load system (and exactly the same configuration of course) the load
average is significantly reduced by the use of the latest release in comparison
with the previous 3.5.x versions
diskd, digest auth, basic auth, delay pools, some acls,
This is security theatre.
07.10.15 18:01, FredB пишет:
For facebook? they are/were pretty good for cacheability before the
HTTPS fanatics got to them.
Amos
HTTPS everywhere is the new mantra
Fred
___
squid-users mailing list
squid-users@lists.squi
I thought that there were something broken is the workstation like old
Java or missing flash... A part of been tested in more than one
workstation, I NATed one of the workstation, by passing Squid, and it
worked flawless, so I ruled out something missing/broken.
I put a log on the firewall
>
> For facebook? they are/were pretty good for cacheability before the
> HTTPS fanatics got to them.
>
> Amos
>
HTTPS everywhere is the new mantra
Fred
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/l
Just FI
With high load system (and exactly the same configuration of course) the load
average is significantly reduced by the use of the latest release in comparison
with the previous 3.5.x versions
diskd, digest auth, basic auth, delay pools, some acls, 800 r/s, Debian wheezy
64Bits
Fred
___
Hey Robert,
If you have an access_denied then something should show up in the
access.log.
It is pretty hard to tell from what it comes if the settings are unknown.
If you have about 900 users and it's static then using using conf files
is fine.
But it it's a dynamic application, you should con
Sure, Eliezer. I've took this as a basis for my partial solution.
07.10.15 17:38, Eliezer Croitoru пишет:
Just wondering if you can contribute to the StoreID DB at:
http://wiki.squid-cache.org/Features/StoreID/#A_CDN_Pattern_Database
Eliezer
On 07/10/2015 12:10, Yuri Voinov wrote:
Sure.
Look
Just wondering if you can contribute to the StoreID DB at:
http://wiki.squid-cache.org/Features/StoreID/#A_CDN_Pattern_Database
Eliezer
On 07/10/2015 12:10, Yuri Voinov wrote:
Sure.
Look at the typical fb URL:
http://i.imgur.com/3xQxD1z.png
It uses Akamai CDN and, without store-id, you will
I have been using squid 3.4 for about 1 year now and everything was going fine
up until a couple days ago when users started seeing access denied errors for
some reason. I currently have around 900 active users all with their own src
authentication IPs. I use a seperate folder for the users file
Sure.
Look at the typical fb URL:
http://i.imgur.com/3xQxD1z.png
It uses Akamai CDN and, without store-id, you will got MUCH duplicates
for the same content.
And only with stire-ID you have a chance to get HIT:
http://i.imgur.com/n0NiVY6.png
07.10.15 15:06, Amos Jeffries пишет:
On 7/10/20
On 7/10/2015 10:00 p.m., Yuri Voinov wrote:
> and fourth. Consider correct usage of Store-ID.
>
For facebook? they are/were pretty good for cacheability before the
HTTPS fanatics got to them.
Amos
___
squid-users mailing list
squid-users@lists.squ
On 7/10/2015 4:27 a.m., Alex Rousskov wrote:
> On 10/06/2015 01:27 AM, Jason Haar wrote:
>> Good catch - I don't think squid does CRL/OCSP checks
>
>> But this is a bug in squid - this means untrustworthy certs become
>> trusted again - not a good look
>
>
> IIRC, Squid relies on OpenSSL to perf
and fourth. Consider correct usage of Store-ID.
07.10.15 14:59, Amos Jeffries пишет:
On 7/10/2015 10:47 a.m., Ishtiaq Iqbal wrote:
Dear All Please guide me how to cache facebook content with squid
First; discover whether man-in-middle decryption is legal for your
situation. This is VERY I
On 7/10/2015 10:47 a.m., Ishtiaq Iqbal wrote:
> Dear All Please guide me how to cache facebook content with squid
>
First; discover whether man-in-middle decryption is legal for your
situation. This is VERY IMPORTANT.
Second; get yourself a Squid with SSL capabilities enabled. This may or
may no
On 7/10/2015 6:41 a.m., Tory M Blue wrote:
> So I was playing with squid-internal-mgr (replacement for cachemgr.cgi it
> seems), but I have no real authentication access , other than my ACL's
>
> acl manager url_regex -i ^cache_object:// +i
> ^https?://[^/]+/squid-internal-mgr/
>
>
> And limited
On 7/10/2015 7:32 a.m., Cristiano Nunes wrote:
> Hi Antony.
>
> The URL is www..yasudamaritima.com.br, but according to the user, you have
> to navigate and authenticate to the portion of the site which is supposed
> to show the window, but the window is blank.
>
> The squid.log captured during t
On 7/10/2015 3:11 a.m., Veiko Kukk wrote:
> Hi everyone,
>
> I have successfully set up reverse proxy and ICP communication between
> siblings. I'd like to encrypt cache sharing between siblings, but cannot
> figure out the optimal solution for this. I have not found from
> documentation, how to d
32 matches
Mail list logo
