Re: [squid-users] ACL and http_access

2015-11-14 Thread Magic Link
I 've made a mistake so what i want is users can access Internet, except these two periods where they can access only few sites defined in the file. I'll try next monday and come back here. Thanks ! > To: squid-users@lists.squid-cache.org > From: squ...@treenet.co.nz > Date: Fri, 13 Nov 2015

Re: [squid-users] sslBump adventures in enterprise production environment

2015-11-14 Thread Eugene M. Zheganin
Hi. On 13.11.2015 18:53, Yuri Voinov wrote: > There is no solution for ICQ with Squid now. > > You can only bypass proxying for ICQ clients. > There is: I can disable sslBump, and I did it already. It doesn't look production-ready anyway. Eugene. ___

[squid-users] Fw: new message

2015-11-14 Thread patrick . lanot
Hey! New message, please read patrick.la...@inserm.fr ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Fw: new message

2015-11-14 Thread patrick . lanot
Hey! New message, please read patrick.la...@inserm.fr ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Fw: new message

2015-11-14 Thread patrick . lanot
Hey! New message, please read patrick.la...@inserm.fr ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Fw: new message

2015-11-14 Thread patrick . lanot
Hey! New message, please read patrick.la...@inserm.fr ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Fw: new message

2015-11-14 Thread patrick . lanot
Hey! New message, please read patrick.la...@inserm.fr ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] sslBump adventures in enterprise production environment

2015-11-14 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 This will decrease request hit ratio minimum at 50% 14.11.15 20:11, Eugene M. Zheganin пишет: > Hi. > > On 13.11.2015 18:53, Yuri Voinov wrote: >> There is no solution for ICQ with Squid now. >> >> You can only bypass proxying for ICQ clients. >>

[squid-users] Fw: new message

2015-11-14 Thread patrick . lanot
Hey! New message, please read patrick.la...@inserm.fr ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Fw: new message

2015-11-14 Thread patrick . lanot
Hey! New message, please read patrick.la...@inserm.fr ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Fw: new message

2015-11-14 Thread patrick . lanot
Hey! New message, please read patrick.la...@inserm.fr ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] SSL bumping without faked server certificates

2015-11-14 Thread Alex Rousskov
On 11/14/2015 12:42 PM, Stefan Kutzke wrote: > I have built a RPM package with latest 3.5.11 source based > on http://www1.ngtech.co.il/repo/centos/6/SRPMS/squid-3.5.9-1.el6.src.rpm > Squid is configured with SSL bump similar to the configuration suggested > by Sebastian. ... > 2015/11/10

Re: [squid-users] SSL bumping without faked server certificates

2015-11-14 Thread Stefan Kutzke
Here is more information... Squid's complete cache.log: 2015/11/10 19:22:10 kid1| Set Current Directory to /var/spool/squid 2015/11/10 19:22:10 kid1| Starting Squid Cache version 3.5.11 for x86_64-redhat-linux-gnu... 2015/11/10 19:22:10 kid1| Service Name: squid 2015/11/10 19:22:10 kid1| Process

Re: [squid-users] SSL bumping without faked server certificates

2015-11-14 Thread Stefan Kutzke
Hi Alex, okay, I think I understand a little more. I am trying to get the old server-first method working with new peek and splice but without success. I have built a RPM package with latest 3.5.11 source based on http://www1.ngtech.co.il/repo/centos/6/SRPMS/squid-3.5.9-1.el6.src.rpm Squid is

Re: [squid-users] sslBump adventures in enterprise production environment

2015-11-14 Thread Walter H.
On 13.11.2015 14:53, Yuri Voinov wrote: There is no solution for ICQ with Squid now. You can only bypass proxying for ICQ clients. from where do the ICQ clients get the trusted root certificates? maybe this is the problem, that e.g. the squid CA cert is only installed in FF and nowhere else

Re: [squid-users] SSL bumping without faked server certificates

2015-11-14 Thread Stefan Kutzke
... and more ... I don't know what is going wrong or what is missing in the configuration. Both Squid and client are able to connect to 212.45.105.89:443 with # openssl s_client -connect 212.45.105.89:443 CONNECTED(0003) depth=3 C = ZA, ST = Western Cape, L = Cape Town, O = Thawte

Re: [squid-users] SSL bumping without faked server certificates

2015-11-14 Thread Amos Jeffries
On 15/11/2015 11:52 a.m., Alex Rousskov wrote: > On 11/14/2015 12:42 PM, Stefan Kutzke wrote: > >> I have built a RPM package with latest 3.5.11 source based >> on http://www1.ngtech.co.il/repo/centos/6/SRPMS/squid-3.5.9-1.el6.src.rpm >> Squid is configured with SSL bump similar to the

Re: [squid-users] squid3.4 - MySQL, PHP script - block websites

2015-11-14 Thread Amos Jeffries
On 14/11/2015 2:20 p.m., Jens Kallup wrote: > Hello, > > I have problems to block web sites listet in mysql database. > When i start the script below, it works, but squid3.4 give me log output; > > 2015/11/14 01:27:40 kid1| helperHandleRead: unexpected read from > blockscript #Hlpr0, 3 bytes