On 30/09/2016 6:58 p.m., Darren wrote:
> Thank you Amos
>
> The resources I save not running multiple Squidguards will make more
> ram available as you say and having a simpler setup is never a bad
> thing either.
>
> Just to clarify, so when squid fires up, it caches the ACL file into
> ram in
Here is the snippet of debug logs
I dont get to see anything missing out there . It does a GET call to the
docker registry on behalf of the requesting client The registry listens on
443 so squid mimicks client TLS connections post which does a GET call to
the docker registry on the requested blobs
On 30/09/2016 7:38 p.m., Eugene M. Zheganin wrote:
> On 29.09.2016 23:17, Alex Rousskov wrote:
>>
>> In summary, your browser is probably stuck because Squid could not
>> accept a connection. Why did that accept call fail with ECONNABORTED? I
>> cannot say for sure -- the packet trace is rather dir
On 30/09/2016 8:10 p.m., Michael Varun wrote:
> Here is the snippet of debug logs
> I dont get to see anything missing out there . It does a GET call to the
> docker registry on behalf of the requesting client The registry listens on
> 443 so squid mimicks client TLS connections post which does a
Greetings everyone,
@yuri Sorry for being so late, we had some issues compiling this version :(
For those wishing to have Squid 3.5.19 recompiled with HTTPS filtering support
see
https://github.com/diladele/squid-ubuntu#how-to-use-the-repository-at-ubuntu16diladelecom-for-ubuntu-16.
Good morning Eliezer,
It took some time for me to construct a drawing who would be
understandable enough how our setup is, as the diagrams you provided
didn't fully fit the case. But, I think I managed to make a
understandable drawing of it :-)
[ Link to PNG image ]
https://drive.google.com/file
On 29.09.16 16:39, Henry Paulissen wrote:
In the company I work for we are currently using squid v2 proxies in
transparent mode to intercept traffic from servers to the outside
(access control).
The technical solution for this is roughly as follows:
[server] -> [gateway] -> [firewall]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Amos, I'm afraid that this is not a solution. Block lists have become so
huge that only their compression and / or placement in an external
database (as Marcus) can save the situation.
30.09.2016 12:59, Amos Jeffries пишет:
> On 30/09/2016 6:58 p
Hi Matus,
On 30-09-16 12:36, Matus UHLAR - fantomas wrote:
> On 29.09.16 16:39, Henry Paulissen wrote:
>> In the company I work for we are currently using squid v2 proxies in
>> transparent mode to intercept traffic from servers to the outside
>> (access control).
>>
>> The technical solution for
Hi,
- Original Message -
> From: Amos Jeffries
>
> Squid mimics the client details when contacting the server. So you would
> get the same problem (though maybe different description) if going
> directly without the proxy.
If I try connecting to https://www.google.com with this client
Maybe my previous post was too long. Simply put, why doesn't Squid negotiate
the DES-CBC3-SHA cipher instead of RC4-MD5?
Vieri
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
30.09.2016 17:36, Vieri пишет:
> Hi,
>
> - Original Message -
>> From: Amos Jeffries
>>
>> Squid mimics the client details when contacting the server. So you would
>
>> get the same problem (though maybe different description) if going
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Yup, Raf, sure. Thank you!
30.09.2016 13:37, Rafael Akchurin пишет:
>
> Greetings everyone,
>
>
>
> @yuri Sorry for being so late, we had some issues compiling this
version :(
>
>
>
>
>
> For those wishing to have Squid 3.5.19 recompiled w
I have Squid 3.4.8 using AD authentication, but now I need to upgrade my domain
controller from Win Server 2008 to Win Server 2012.
Is there something to do with Squid to prevent broken auths? Do I need to
rejoin my Squid box?
For testing purposes, I tried to use my Squid (working with AD auths
Hi Verónica,
Wich manual do you used to do authenticacion?
I'm trying to do so, but can't find it to do right.
Regards,
De: squid-users en nombre de
Verónica Ovando
Enviado: viernes, 30 de septiembre de 2016 12:43
Para: squid-users@lists.squid-cache.org
A
On Sep 30, 2016, at 1:38 AM, Eugene M. Zheganin wrote:
>
> Hi.
>
>>> 13:31:25.060 kid1| accept failure: (53) Software caused connection abort
>>> 13:31:25.865 kid1| accept failure: (53) Software caused connection abort
>>> 13:31:25.904 kid2| accept failure: (53) Software caused connection abort
Hello Alex,
I would humbly propose our manual -
https://docs.diladele.com/administrator_guide_4_6/active_directory/index.html
But please take a look at Squid wiki too -
http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory
Best regards,
Rafael Akchurin
Diladele B.V.
Fr
On 09/30/2016 12:38 AM, Eugene M. Zheganin wrote:
> And the
> main sign indicating there's something wrong with this initial
> transaction was the fact that 407 answer took 42 seconds to appear in
> both tcpdump captures.
To avoid misunderstanding: There are many red flags in your logs,
including
Hello, I've found that NativeFtpRelay appeared in squid 3.5 . Is it
possible to apply http-access acl for FTP proto concerning filtering of FTP
methods(commands) by analogy of HTTP methods ?
For example, I need to deny FTP CD command:
acl m method CD
acl p proto FTP
http-access deny m p
http-acce
Thanks!
On Thu, Sep 29, 2016 at 11:12 PM, Amos Jeffries
wrote:
> On 30/09/2016 12:55 p.m., Alex Rousskov wrote:
> > On 09/29/2016 05:44 PM, Michael Pelletier wrote:
> >> In the squid.conf.documented, it looks like I can log the server
> >> certificate as well as the client certificate
> >>
>
On 1/10/2016 12:27 a.m., Henry Paulissen wrote:
> Hi Matus,
>
>
> On 30-09-16 12:36, Matus UHLAR - fantomas wrote:
>> On 29.09.16 16:39, Henry Paulissen wrote:
>>> In the company I work for we are currently using squid v2 proxies in
>>> transparent mode to intercept traffic from servers to the ou
I currently use a web filter product that does not feature ICAP server
capability. (It can act as an ICAP client and send requests to other ICAP
servers, but it cannot function as an ICAP server itself). Therefore, I'm
unable to use Squid's ICAP functionality to query my web filter product.
Is
On 09/30/2016 03:12 PM, Evan Blackstone wrote:
> Is there any safe way of using SSL-Bump on Squid to decrypt client
> traffic, redirect (via standard HTTP or some other means) to another
> network location, then receive and re-encrypt it before sending it out
> to its ultimate destination?
You h
Hi
My main issue with squid guard is that when I try and block say
www.facebook.com and the user goes to https://www.facebook.com, squidguard only
sees the initial CONNECT as the target IP so doesn't match against the domain
entry.
If squidguard did a reverse DNS lookup, I could keep using tha
On 09/30/2016 10:42 AM, oleg gv wrote:
> Hello, I've found that NativeFtpRelay appeared in squid 3.5 . Is it
> possible to apply http-access acl for FTP proto concerning filtering of
> FTP methods(commands)
Yes, it should be possible.
> by analogy of HTTP methods ?
Not quite. IIRC, when the H
One further question
If I have to reload the ACL lists do I restart squid or is there a way to
update without impacting the users to much?
In some of the scenarios, some acl lists may change frequently
thanks again.
Sent from Mailbird
[http://www.getmailbird.com/?utm_source=Mailbird&utm_med
I would recommend you stop squid and start it, simply doing a -k
reconfigure is a bad idea, because sometimes squid will not reload the
new blacklists, I have no idea why it is unpredictable in this manner or
if they have fixed this problem, I didnt write the software, but what I
do know, in my
Also if you are going to use Squid Native ACL blacklists and reload
while you are updating, its a good idea to have a parent proxy
configured, so that your traffic/users wont be interrupted, squid will
default to the next available proxy while its unavailable/reloading the
blacklists and forwar
Darren,
Have you also considered writing your own redirector/rewriter in a
language like python? There seems to be a nice starting example in the
"Squid Book", which I was able to get working along with extending it.
Good luck,
Bob
On 09/29/2016 05:44 AM, Darren wrote:
Hi All
I have bee
29 matches
Mail list logo
