On 24/10/2015 5:41 p.m., Alex Samad wrote:
> On 24 October 2015 at 15:01, Amos Jeffries wrote:
>> Set the cache_peer sslcafile= option with the PEM file containing the CA
>> that was used to sign the office.abc.com server certificate.
>
> Do i need to do that if the signing CA is part of the OS ro
On 24 October 2015 at 15:01, Amos Jeffries wrote:
> Set the cache_peer sslcafile= option with the PEM file containing the CA
> that was used to sign the office.abc.com server certificate.
Do i need to do that if the signing CA is part of the OS root bundle ?
__
On 24/10/2015 2:22 p.m., Alex Samad wrote:
> Let me re ask, as I have miss understood what sslcert is used for.
>
>
> if cache_peer points to 127.0.0.1 433 and the cert coming back says
> office.abc.com with no subj alt for 127.0.0.1 will squid complain ? if
> so how can I get around without usin
On 24/10/2015 1:29 p.m., David Touzeau wrote:
>
> Hi all.
>
> I'm testing squid 4.x with Active Directory connection.
>
> When there are spaces in logged accounts eg : "Jhon Rambo" squid use
> only the last string in logon user "Rambo".
>
> This corrupted account is used in all ACLS and events
On 24/10/2015 9:02 a.m., James White wrote:
> I'm literally stumped at this point. The fact TPROXY is working for
> IPv4 indicates that I have the necessary setup in place for TPROXY to
> at least work, but IPv6 not working is a mystery. Like I said the
> Squid box is fully IPv6 capable and clients
Let me re ask, as I have miss understood what sslcert is used for.
if cache_peer points to 127.0.0.1 433 and the cert coming back says
office.abc.com with no subj alt for 127.0.0.1 will squid complain ? if
so how can I get around without using the DONT_VERIFY option
On 24 October 2015 at 11:51,
Hi
I have squid on centos 6. the version that comes with it unfortunately.
I have configured it to be a reverse proxy to our exchange box.
so it answers on office.abc.com
now I have 2 cache peers setup
10.1.1.1. the exchange box << all the predefined URIs go here
127.0.0.1 443 the rest go here.
Hi all.
I'm testing squid 4.x with Active Directory connection.
When there are spaces in logged accounts eg : "Jhon Rambo" squid use
only the last string in logon user "Rambo".
This corrupted account is used in all ACLS and events too and all acls
matches Rambo and not "Jhon Rambo"
This b
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I'm literally stumped at this point. The fact TPROXY is working for
IPv4 indicates that I have the necessary setup in place for TPROXY to
at least work, but IPv6 not working is a mystery. Like I said the
Squid box is fully IPv6 capable and clients co
On 10/22/2015 05:59 PM, Leon wrote:
> In regard to the document, I suggest to change the description of
> peek action to "Receive SNI in Client Hello message (step1), or
> server certificate (step2) ...".
I see what you mean now. Done.
Thank you,
Alex.
> -Original Message-
> From: Al
I changed around the DNS servers and still no luck. This also popped up in the
log
Acl.cc(70) AuthenticateAcl: returning 2 sending credentials to helper.
2015/10/23 05:41:35.259 kid1| 28,3| Acl.cc(158) matches: checked:
AuthorizedUsers = -1 async
2015/10/23 05:41:35.259 kid1| 28,3| Acl.cc(158)
I reran the test and checked the tokens and I can see the type 1 and type 2
tokens but no type 3 tokens. I ran a packet capture and I think I may have
found the issue. Our Windows servers are specifically configured to not
resolve external DNS names. To get around that I configured specific D
On 23/10/2015 8:41 p.m., Job wrote:
>>> That looks like the side effects of a forwarding loop DoS. Look for the
>>> following line in your squid.conf and remove it:
>
>>> via off
>
> Hello Amos!
>
> I do not have via off in my squid.conf, so i think it is set to on, default
> value.
>
> Other
On 23/10/15 07:47, SaRaVanAn wrote:
There is always a ~2 second delay between the request coming to our
system and going out of Squid. Suppose if a page has lot of embedded
URL's it's taking more time with squid in place.Suppose If I disable
squid the page loads very fast in client browser.
On
Em 22/10/15 06:08, Amos Jeffries escreveu:
On 22/10/2015 7:13 a.m., Leonardo Rodrigues wrote:
It sounds to me that you are not so much wanting to cache only big
things, you are wanting to cache only certain sites which contain mostly
big things.
The best way to confgure that is with the cache d
>>That looks like the side effects of a forwarding loop DoS. Look for the
>>following line in your squid.conf and remove it:
>> via off
Hello Amos!
I do not have via off in my squid.conf, so i think it is set to on, default
value.
Otherwise, i redirect outbount http/80 to the internal 8080 on
Hello Eliezer,
i use Linux CentOS; i think i will study fail2ban.
It seems very very interesting, thank you for the suggestion!
Francesco
Da: squid-users [squid-users-boun...@lists.squid-cache.org] per conto di
Eliezer Croitoru [elie...@ngtech.co.il]
Inv
17 matches
Mail list logo
