Re: [squid-users] Squid 3.5.19 how to find banking server name for no bump

On 29/06/2016 11:47 a.m., Stanford Prescott wrote: > When I enter .wellsfargo.com in > > *acl tls_s1_connect at_step SslBump1* > *acl tls_s2_client_hello at_step SslBump2* > *acl tls_s3_server_hello at_step SslBump3* > > *acl tls_server_name_is_ip ssl::server_name_regex >

Re: [squid-users] Subject: Bandwidth Ceiling

On 29/06/2016 1:04 p.m., squid-cache wrote: > My squid server has 1Gbps connectivity to the internet and it > routinely gets 600 Mbps up/down to speedtest.net. > > When a client computer on the same network has a direct connection to > the internet it, too, gets 600 Mbps up/down. > > However,

Re: [squid-users] Config changes between 2.7 and 3.5

On 29/06/2016 9:19 a.m., Bidwell, Christopher wrote: > Hi all, > > I'm trying to find what's used to replace these: > > squid 2.7 squid 3.5 > -- > zero_buffers ??? An experiment in 2.7. It ceased to

Re: [squid-users] Problems with ACL's using squid as intercept proxy

On 29/06/2016 2:18 a.m., C. L. Martinez wrote: > I have configured new PF rules in this new FreeBSD host: > > rdr pass on $vpnif proto tcp from $int_network to any port http tag > intlans-to-inet -> lo0 port 5144 > > .. And the result is: > > 1467122773.928 0 127.0.0.1 TCP_MISS/403 4357

[squid-users] Subject: Bandwidth Ceiling

My squid server has 1Gbps connectivity to the internet and it routinely gets 600 Mbps up/down to speedtest.net. When a client computer on the same network has a direct connection to the internet it, too, gets 600 Mbps up/down. However, when that client computer connects through the squid

Re: [squid-users] Running squid on a machine with only one network interface.

On 29/06/2016 1:49 a.m., Ataro wrote: > Hi and thanks for your help. > > as for your request, here's the content of my IPFW rules and my squid > configuration: > > IPFW rules: > > ipfw -f flush > ipfw add 50 pass all from any to any via lo0 > ipfw add 100 pass all from any to any proto udp >

Re: [squid-users] large downloads got interrupted

On 28/06/2016 8:46 p.m., Eugene M. Zheganin wrote: > Hi, > > recently I started to get the problem when large downloads via squid are > often interrupted. I tried to investigate it, but, to be honest, got > nowhere. However, I took two tcpdump captures, and it seems to me that > for some reason

Re: [squid-users] Squid 3.5.19 how to find banking server name for no bump

I forgot to mention, I am using squid 3.5.19 On Tue, Jun 28, 2016 at 6:47 PM, Stanford Prescott wrote: > When I enter .wellsfargo.com in > > *acl tls_s1_connect at_step SslBump1* > *acl tls_s2_client_hello at_step SslBump2* > *acl tls_s3_server_hello at_step SslBump3* >

Re: [squid-users] Squid 3.5.19 how to find banking server name for no bump

When I enter .wellsfargo.com in *acl tls_s1_connect at_step SslBump1* *acl tls_s2_client_hello at_step SslBump2* *acl tls_s3_server_hello at_step SslBump3* *acl tls_server_name_is_ip ssl::server_name_regex ^[0-9]+.[0-9]+.[0-9]+.[0-9]+n* *acl tls_allowed_hsts ssl::server_name .akamaihd.net

Re: [squid-users] Websocket content adaptation

On Tue, Jun 28, 2016 at 4:48 PM, Alex Rousskov < rouss...@measurement-factory.com> wrote: > On 06/28/2016 06:43 AM, Ozgur Batur wrote: > > On Mon, Jun 27, 2016 at 7:57 PM, Alex Rousskov wrote: > > FWIW, several things are needed to move forward, including: > > > > 1. Adequate development

Re: [squid-users] Websocket content adaptation

Thank you very much for explanation Amos. On Tue, Jun 28, 2016 at 4:52 PM, Amos Jeffries wrote: > On 29/06/2016 12:43 a.m., Ozgur Batur wrote: > > On Mon, Jun 27, 2016 at 7:57 PM, Alex Rousskov wrote: > > > >> 2. A specific proposal on how to map raw/tunnel data to HTTP

Re: [squid-users] Squid 3.5.19 how to find banking server name for no bump

On 29/06/2016 2:02 a.m., Stanford Prescott wrote: > I have the proper peek and splice and bump configuration of acls setup in > my squid.conf file for no-bump of some web sites. I need help how to enter > the banking hosts and or server names in a way that the peek and splice > configuration will

Re: [squid-users] Conditional IPv6 usage

On 28/06/2016 11:32 p.m., Stefan Hölzle wrote: > Hello, > > I inserted an iptables rule which rejects outgoing tcp packets from the > default IPv4 address to the ip of somedomain.asdf. > This causes Squid to fall back to IPv6. > > I'd like to change Squid's behavior in this case to immediately

[squid-users] Problems with ACL's using squid as intercept proxy

Hi all, I am trying to configure a second squid proxy as an intercept proxy but this time under FreeBSD instead of OpenBSD. Doing my first tests I have a problem with acl's that I don't understand. To isolate the problem, I have started with a simple squid.conf file: # # Recommended minimum

Re: [squid-users] Websocket content adaptation

On 29/06/2016 12:43 a.m., Ozgur Batur wrote: > On Mon, Jun 27, 2016 at 7:57 PM, Alex Rousskov wrote: > >> 2. A specific proposal on how to map raw/tunnel data to HTTP messages >>that eCAP and ICAP interfaces expect. The biggest difficulty here >>may be mapping server-speaks-first

Re: [squid-users] Running squid on a machine with only one network interface.

Hi and thanks for your help. as for your request, here's the content of my IPFW rules and my squid configuration: IPFW rules: ipfw -f flush ipfw add 50 pass all from any to any via lo0 ipfw add 100 pass all from any to any proto udp ipfw add 150 pass icmp from any to any ipfw add 200 fwd

Re: [squid-users] Websocket content adaptation

On 06/28/2016 06:43 AM, Ozgur Batur wrote: > On Mon, Jun 27, 2016 at 7:57 PM, Alex Rousskov wrote: > FWIW, several things are needed to move forward, including: > > 1. Adequate development time and skills (or sponsorship to pay for >them). The development of an essentially new

Re: [squid-users] Strange NTLM problem.

On 28/06/2016 6:14 p.m., drcimino drcimino wrote: > Dear all, > > > > > > i have a strange problem with my squid 3.5.19 and authentication NTLM. > > > On my configuration i have 2 auth method: > > > > > > NTLM negotiated with ntlm_auth from samba 3 > > > > > > auth_param ntlm

Re: [squid-users] Strange NTLM problem.

On 29/06/2016 12:45 a.m., Bruno de Paula Larini wrote: > Em 28/06/2016 03:14, drcimino drcimino escreveu: >> Dear all, >> i have a strange problem with my squid 3.5.19 and authentication NTLM. >> On my configuration i have 2 auth method: >> NTLM negotiated with ntlm_auth from samba 3 >> auth_param

Re: [squid-users] Squid's cache management

Thank you very much Antony! You answer was very helpful. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-s-cache-management-tp4678255p4678259.html Sent from the Squid - Users mailing list archive at Nabble.com.

Re: [squid-users] Strange NTLM problem.

Em 28/06/2016 03:14, drcimino drcimino escreveu: Dear all, i have a strange problem with my squid 3.5.19 and authentication NTLM. On my configuration i have 2 auth method: NTLM negotiated with ntlm_auth from samba 3 auth_param ntlm program /usr/local/samba/bin/ntlm_auth

Re: [squid-users] Websocket content adaptation

On Mon, Jun 27, 2016 at 7:57 PM, Alex Rousskov < rouss...@measurement-factory.com> wrote: > On 06/27/2016 10:23 AM, Ozgur Batur wrote: > > > ICAP handles plain HTTP very well but it is not possible to > > filter/change or even log content of websocket communication after > > websocket upgrade

Re: [squid-users] Squid's cache management

On Tuesday 28 June 2016 at 13:58:14, Eduardo Carneiro wrote: > I'm using squid 3.5.19 with dynamic cache content with url rewrite. My > cache directory is 90% full. I noticed that it doesn't exceed the value > set in cache_dir. This is a good thing. > > My doubt is: How squid manages that? What

[squid-users] Squid's cache management

Hello everyone. First of all, sorry my english. It's not very good. I'm using squid 3.5.19 with dynamic cache content with url rewrite. My cache directory is 90% full. I noticed that it doesn't exceed the value set in cache_dir. This is a good thing. My doubt is: How squid manages that? What

Re: [squid-users] flickr.com redirect error

Hey, Can you test if the details at bug 4253: http://bugs.squid-cache.org/show_bug.cgi?id=4253#c13 Helps you to resolve the issue? Eliezer Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il From:

[squid-users] large downloads got interrupted

Hi, recently I started to get the problem when large downloads via squid are often interrupted. I tried to investigate it, but, to be honest, got nowhere. However, I took two tcpdump captures, and it seems to me that for some reason squid sends FIN to it's client and correctly closes the

Re: [squid-users] squid-users Digest, Vol 22, Issue 136

erts /usr/local/squid/etc/intermediate_ca.pem ??? * * ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users -- next part -- An HTML attachment

Re: [squid-users] squid-users Digest, Vol 22, Issue 136

id-users -- next part -- An HTML attachment was scrubbed... URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160628/91929761/attachment.html> -- Subject: Digest Footer __

Re: [squid-users] squid with HTTPS and some APPs not working

28.06.2016 13:39, --Ahmad-- пишет: Hi , i have squid that is working on 3.5 . traffic of t 80 and 443 traffic to Squid via IPTables. Squid then passes traffic to ClamAV via C-ICAP. Squid is configured to intercept all SSL traffic and PKI has been setup and distributed to all clients. we

[squid-users] squid with HTTPS and some APPs not working

Hi , i have squid that is working on 3.5 . traffic of t 80 and 443 traffic to Squid via IPTables. Squid then passes traffic to ClamAV via C-ICAP. Squid is configured to intercept all SSL traffic and PKI has been setup and distributed to all clients. we have a problem in Skype of Business