Re: [squid-users] NOTICE: Authentication not applicable on intercepted requests.

On 06/30/2016 01:19 PM, Eugene M. Zheganin wrote: > On 30.06.2016 17:04, Amos Jeffries wrote: >> Use a myportname ACL to prevent Squid attempting impossible things like >> authentication on intercepted traffic. > Sorry, but I still didn't get the idea. I have one port that squid is > configured t

Re: [squid-users] Force DNS queries over TCP?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Just fantasy required :) :) :) And Google-fu :) 01.07.2016 2:52, Yuri Voinov пишет: > > IDK when user is only one :) There is no Cisco required :) > > > 01.07.2016 2:05, reinerotto пишет: > > There is no need for cisco stuff. > > dnscrypt-proxy+dn

Re: [squid-users] Force DNS queries over TCP?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 IDK when user is only one :) There is no Cisco required :) 01.07.2016 2:05, reinerotto пишет: > There is no need for cisco stuff. > dnscrypt-proxy+dnsmasq, for example, to be used + one of the many open > dnscrypt servers form this list: > https:

Re: [squid-users] Force DNS queries over TCP?

There is no need for cisco stuff. dnscrypt-proxy+dnsmasq, for example, to be used + one of the many open dnscrypt servers form this list: https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv In principle, run dnsmasq on your squid box, and use dnscrypt-proxy to connect dn

Re: [squid-users] Force DNS queries over TCP?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I'm wrong. 11,50$ http://www.ebay.com/itm/Cisco-1800-Series-1841-Router-With-64MB-Flash-Card-w-Power-Cord-/142035497145 01.07.2016 1:35, Yuri Voinov пишет: > > PS. Initial level Cisco router cost at eBay is less than 40$. It's a garbage. > > > 01.

Re: [squid-users] Force DNS queries over TCP?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 PS. Initial level Cisco router cost at eBay is less than 40$. It's a garbage. 01.07.2016 1:33, Chris Horry пишет: > > > On 06/30/2016 15:30, Yuri Voinov wrote: >> >> I've google-fu for you: >> >> ! >> http://serverfault.com/questions/295819/cisco

Re: [squid-users] Force DNS queries over TCP?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 DNScrypt is not required any crypto. it encrypted itself. Just Google-fu it. :) 01.07.2016 1:33, Chris Horry пишет: > > > On 06/30/2016 15:30, Yuri Voinov wrote: >> >> I've google-fu for you: >> >> ! >> http://serverfault.com/questions/295819/cis

Re: [squid-users] Force DNS queries over TCP?

On 06/30/2016 15:30, Yuri Voinov wrote: > > I've google-fu for you: > > ! > http://serverfault.com/questions/295819/cisco-router-redirect-any-dns-request-to-my-own-dns-server > > ip access-list extended transparent_dns > permit udp any any eq 53 > > route-map redirect_dns permit 10 > match ip

Re: [squid-users] Force DNS queries over TCP?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I've google-fu for you: ! http://serverfault.com/questions/295819/cisco-router-redirect-any-dns-request-to-my-own-dns-server ip access-list extended transparent_dns permit udp any any eq 53 route-map redirect_dns permit 10 match ip address trans

Re: [squid-users] Force DNS queries over TCP?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Just no forward queries to roots, what's the problem with Unbound? 01.07.2016 1:26, Jorgeley Junior пишет: > I'm not sure, but, if your ISP is intercepting your DNS queries, maybe you > could use the mangle netfilter table to change your DNS quer

Re: [squid-users] Force DNS queries over TCP?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 This is no f*cking problem. Intercept DNS queries first, resolve it by DNSCrypt, output for your users. Viola, profit! 01.07.2016 1:26, Jorgeley Junior пишет: > I'm not sure, but, if your ISP is intercepting your DNS queries, maybe you > could us

Re: [squid-users] Force DNS queries over TCP?

I'm not sure, but, if your ISP is intercepting your DNS queries, maybe you could use the mangle netfilter table to change your DNS queries and so deceive your ISP, but I'm almost sure that the root servers will not recognize. It was just an idea. 2016-06-30 16:16 GMT-03:00 Yuri Voinov : > > -

Re: [squid-users] NOTICE: Authentication not applicable on intercepted requests.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 01.07.2016 1:19, Eugene M. Zheganin пишет: Interceprion proxy don't support auth. By default. End of discussion. -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXdXErAAoJENNXIZxhPexGHuwIAIlMz0C0PIyIQ1iL3eS71M0d 85SHy+iET55da6R

Re: [squid-users] NOTICE: Authentication not applicable on intercepted requests.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 01.07.2016 1:19, Eugene M. Zheganin пишет: > Hi. > > On 30.06.2016 17:04, Amos Jeffries wrote: >> On 30/06/2016 9:21 p.m., Eugene M. Zheganin wrote: >>> Hi, >>> >>> Could this message be moved on loglevel 2 instead of 1 ? >>> I think that this me

Re: [squid-users] NOTICE: Authentication not applicable on intercepted requests.

Hi. On 30.06.2016 17:04, Amos Jeffries wrote: On 30/06/2016 9:21 p.m., Eugene M. Zheganin wrote: Hi, Could this message be moved on loglevel 2 instead of 1 ? I think that this message does 95% of the logs of the intercept-enabled caches with authentication. At least some switch would be nice,

Re: [squid-users] Force DNS queries over TCP?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Consider TCP/UDP/53 Cisco interception + Unbound + dnscrypt. And 127.0.0.1:53 as your squid's DNS resolver finally. 01.07.2016 1:07, Chris Horry пишет: > > > On 06/30/2016 14:55, Alex Crow wrote: >> >> >> On 30/06/16 19:40, brendan kearney wrote:

Re: [squid-users] Force DNS queries over TCP?

On 06/30/2016 14:55, Alex Crow wrote: > > > On 30/06/16 19:40, brendan kearney wrote: >> >> Nscd or name server caching daemon may be of help. I believe you can >> run your own bind instqnce and point it at the roots, instead of using >> your isp's broken implementation >> >> On Jun 30, 2016 2

Re: [squid-users] Force DNS queries over TCP?

On 30/06/16 19:40, brendan kearney wrote: > > Nscd or name server caching daemon may be of help. I believe you can > run your own bind instqnce and point it at the roots, instead of using > your isp's broken implementation > > On Jun 30, 2016 2:21 PM, "Chris Horry" > wr

Re: [squid-users] Force DNS queries over TCP?

Packt Publishing has a book about FreeSWAN (don't use that) which is almost all applicable to LibreSWAN (do use this, it's a newer fork). Easiest is to set up a tunnel with PSKs, more secure is with RSA keys or X509 certs. Alex On 30/06/16 19:20, Chris Horry wrote: > > On 06/30/2016 13:34, Alex

Re: [squid-users] Force DNS queries over TCP?

Nscd or name server caching daemon may be of help. I believe you can run your own bind instqnce and point it at the roots, instead of using your isp's broken implementation On Jun 30, 2016 2:21 PM, "Chris Horry" wrote: > > > On 06/30/2016 13:34, Alex Crow wrote: > > I'd suggest changing IP as th

Re: [squid-users] Force DNS queries over TCP?

On 06/30/2016 13:34, Alex Crow wrote: > I'd suggest changing IP as this practice is > > a) a violation of trust, forcing you to use a potentially compromised > resource you have no control over > b) a clear violation of net-neutrality > c) a violation of standards (as it's probably one of those

Re: [squid-users] Force DNS queries over TCP?

I'd suggest changing IP as this practice is a) a violation of trust, forcing you to use a potentially compromised resource you have no control over b) a clear violation of net-neutrality c) a violation of standards (as it's probably one of those that instead of returning NXDOMAIN as required sends

[squid-users] Force DNS queries over TCP?

Hello, My ISP have started forcing DNS queries to pass through their own DNS server, which appears to have many issues (can't resolve twitter.com for one). I won't bore the list with my conversations with them over that part. They are not actively blocking TCP DNS queries so I have a workaround.

Re: [squid-users] static caching for specific website for specific time

On Thursday 30 June 2016 at 17:38:32, Henry7 wrote: > Sometimes a WiFi Blocker Jammer > is > all you need. People are so obnoxious these days. They do whatever they > want without caring about what others feels and that's not

Re: [squid-users] static caching for specific website for specific time

Sometimes a WiFi Blocker Jammer is all you need. People are so obnoxious these days. They do whatever they want without caring about what others feels and that's not good at all. A jammer can help you to solve the problem and y

Re: [squid-users] Yet another new cipher?

On 2016-06-30 07:18, James Lay wrote: On Fri, 2016-07-01 at 01:04 +1200, Amos Jeffries wrote: On 1/07/2016 12:43 a.m., James Lay wrote: On Wed, 2016-06-29 at 19:33 -0600, James Lay wrote: Yugh...starting around 10:00 facebook no longer works via peek/splice. pcap contents show: 1QTV01...CHLO...

Re: [squid-users] Skype Issues

On 06/30/2016 09:10 AM, Amos Jeffries wrote: ... The on_unsupported_protocol directive is about what its name says *any* unsupported protocol. Not ICQ specific. I think the issue here is that Skype looks at the binary level like TLS. TLS being a supported protocol if it looks close enough th

Re: [squid-users] Yet another new cipher?

On Fri, 2016-07-01 at 01:04 +1200, Amos Jeffries wrote: > On 1/07/2016 12:43 a.m., James Lay wrote: > > > > On Wed, 2016-06-29 at 19:33 -0600, James Lay wrote: > > > > > > Yugh...starting around 10:00 facebook no longer works via > > > peek/splice.  pcap contents show: > > > > > > 1QTV01...CHLO.

Re: [squid-users] Yet another new cipher?

On 1/07/2016 12:43 a.m., James Lay wrote: > On Wed, 2016-06-29 at 19:33 -0600, James Lay wrote: >> Yugh...starting around 10:00 facebook no longer works via >> peek/splice. pcap contents show: >> >> 1QTV01...CHLOSNI.VERSscontent.xx.fbcdn.netQTV1 >> >> after the threeway handshake and a

Re: [squid-users] Yet another new cipher?

On Wed, 2016-06-29 at 19:33 -0600, James Lay wrote: > Yugh...starting around 10:00 facebook no longer works via > peek/splice.  pcap contents show: > > 1QTV01...CHLOSNI.VERSscontent.xx.fbcdn.netQTV1 > > after the threeway handshake and an instant reset.  Anyone know what > this is?  C

Re: [squid-users] large downloads got interrupted

On 30/06/2016 2:24 a.m., Eugene M. Zheganin wrote: > Hi. > > On 29.06.16 05:26, Amos Jeffries wrote: >> On 28/06/2016 8:46 p.m., Eugene M. Zheganin wrote: >>> Hi, >>> >>> recently I started to get the problem when large downloads via squid are >>> often interrupted. I tried to investigate it, but,

Re: [squid-users] Skype Issues

On 30/06/2016 5:19 a.m., Yuri Voinov wrote: > > No, the problem in another place. > > This option about ICQ, not about Skype. > > 29.06.2016 22:58, Renato Jop пишет: >> I've installed squid4 and the problems still persists. I've added the >> following acl: >> # define what Squid errors indicate

Re: [squid-users] NOTICE: Authentication not applicable on intercepted requests.

On 30/06/2016 9:21 p.m., Eugene M. Zheganin wrote: > Hi, > > Could this message be moved on loglevel 2 instead of 1 ? > I think that this message does 95% of the logs of the intercept-enabled > caches with authentication. > > At least some switch would be nice, to switch this off instead of > swi

Re: [squid-users] url_write_program: redirecting fails when intercepting https

On 30/06/2016 12:16 p.m., Moataz Elmasry wrote: > Hi all, > > I'm writing a small bash program script to redirect any request to say > www.google.com. This script is able to redirect any http script to > google.com, but not https requests. > I read the documentation > http://wiki.squid-cache.org/F

[squid-users] NOTICE: Authentication not applicable on intercepted requests.

Hi, Could this message be moved on loglevel 2 instead of 1 ? I think that this message does 95% of the logs of the intercept-enabled caches with authentication. At least some switch would be nice, to switch this off instead of switching the while facility to 0. Thanks. Eugene. __

Re: [squid-users] Squid Proxy SSL Bump Certificates

On Thursday 30 June 2016 at 10:53:57, i...@comunicacionesman.com wrote: > What I'm trying to do now is to use an external certificate from a > trusted certificate authority (in this case I'm using a free SSL > certificate from comodo), but I can't see my certificate in the > certificates list when

[squid-users] Squid Proxy SSL Bump Certificates

Hi. I've configured a firewall in our company with pfSense using Squid as proxy server. I made it work combined with Diladele to show graphs, filter logs, configure blocked sites, etc. What I'm trying to do now is to use an external certificate from a trusted certificate authority (in this c