[squid-users] Can I block facebook videos globally?

2016-10-27 Thread Indunil Jayasooriya
Hi list, Can I block facebook videos globally? I wrote below acls acl deny_rep_mime_flashvideo rep_mime_type video/x-flv http_reply_access deny deny_rep_mime_flashvideo acl facebook_videos dstdomain fbcdn-video-*.akamaihd.net video-*.fbcdn.net fbcdn-creative-*.akamaihd.net http_access deny fac

Re: [squid-users] Transparent and non Transparent at the same time

2016-10-27 Thread Eliezer Croitoru
This would be a starter point: http://wiki.mikrotik.com/wiki/Policy_Routing_in_RouterOS_2.9.x Logically it should be similar to this: http://blog.butchevans.com/2008/09/mikrotik-policy-routing-implementation-example/ but the proxy should have two interfaces, in and out. It can be done on one inte

Re: [squid-users] Squid Logs local and remote

2016-10-27 Thread Eliezer Croitoru
Depends on the squid version you can send it to a custom tcp daemon. Eliezer Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Beh

Re: [squid-users] Custom User Agent Per ACL

2016-10-27 Thread Amos Jeffries
On 28/10/2016 6:48 a.m., jarrett+squid-users wrote: > Is it possible to have a custom "request_header_replace User-Agent" assigned > to mapped acl/listening port/tcp_outgoing_address? > > Examples: > acl ipv4-1 myportname 3128 src xxx.xxx.xxx.xxx/24http_access allow ipv4-1 -> > request_header_re

Re: [squid-users] Squid Logs local and remote

2016-10-27 Thread Jose Torres-Berrocal
My system is a pfsense. It does not hace rsyslog. Pfsense is based on Freebsd. Lets say it can be installed. Will the logs be compatible with lightsquid and sarg? On Oct 27, 2016 3:41 PM, "Ambrose LI" wrote: > 2016-10-27 15:35 GMT-04:00 Jose Torres-Berrocal < > jetsystemservi...@gmail.com>: > >

Re: [squid-users] Squid Logs local and remote

2016-10-27 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 or on writable NFS-mount from remote server. :) 28.10.2016 1:40, Ambrose LI пишет: > 2016-10-27 15:35 GMT-04:00 Jose Torres-Berrocal : >> Is there a way that I can have the squid logs locally and remotely? >> >> I need them locally for l

Re: [squid-users] Squid Logs local and remote

2016-10-27 Thread Ambrose LI
2016-10-27 15:35 GMT-04:00 Jose Torres-Berrocal : > Is there a way that I can have the squid logs locally and remotely? > > I need them locally for lightsquid and remotelly for sarg in other server. > > Lightsquid does not show the tcp_denied sites only the successful > connections (at least I did

[squid-users] Squid Logs local and remote

2016-10-27 Thread Jose Torres-Berrocal
Is there a way that I can have the squid logs locally and remotely? I need them locally for lightsquid and remotelly for sarg in other server. Lightsquid does not show the tcp_denied sites only the successful connections (at least I did not see how), Sarg does show both type of connections. I ca

Re: [squid-users] Transparent and non Transparent at the same time

2016-10-27 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Good. We are came to an agreement :) Peace :) Let's support to op :) 28.10.2016 1:14, Antony Stone пишет: > On Thursday 27 October 2016 at 21:09:44, Yuri Voinov wrote: > >> OP originally wrote - "I have no IPtables and so on." >> He needs speci

Re: [squid-users] Transparent and non Transparent at the same time

2016-10-27 Thread Antony Stone
On Thursday 27 October 2016 at 21:09:44, Yuri Voinov wrote: > OP originally wrote - "I have no IPtables and so on." > He needs specific guidance, not word games. Agreed. Antony. -- There's no such thing as bad weather - only the wrong clothes. - Billy Connolly

Re: [squid-users] Transparent and non Transparent at the same time

2016-10-27 Thread Antony Stone
On Thursday 27 October 2016 at 21:04:18, Yuri Voinov wrote: > (facepalm) > > rdr(REDIRECT) is NAT functionality? Yes or no? Apologies - I could have answered this better: Yes, REDIRECT is one NAT functionality. There are several others. On Thursday 27 October 2016 at 19:46:53, Eliezer Croitor

Re: [squid-users] Transparent and non Transparent at the same time

2016-10-27 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Well, http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat If I'm not stupid completely, this examples both uses NAT functionality. Yes or no? The question - what do w

Re: [squid-users] Transparent and non Transparent at the same time

2016-10-27 Thread Antony Stone
On Thursday 27 October 2016 at 21:04:18, Yuri Voinov wrote: > (facepalm) > > rdr(REDIRECT) is NAT functionality? Yes or no? Yes, DNAT is one NAT functionality. There are several others. On Thursday 27 October 2016 at 19:46:53, Eliezer Croitoru wrote: > You need routing policy not DNAT. DNAT

Re: [squid-users] Transparent and non Transparent at the same time

2016-10-27 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 (facepalm) rdr(REDIRECT) is NAT functionality? Yes or no? 28.10.2016 0:59, Antony Stone пишет: > On Thursday 27 October 2016 at 20:57:04, Yuri Voinov wrote: > >> You know method to do this without NAT? ;) > > I know how to do it without DNAT, wh

Re: [squid-users] Transparent and non Transparent at the same time

2016-10-27 Thread Antony Stone
On Thursday 27 October 2016 at 20:57:04, Yuri Voinov wrote: > You know method to do this without NAT? ;) I know how to do it without DNAT, which is what Eliezer recommended and you challenged. Antony. -- "The tofu battle I saw last weekend was quite brutal." - Marija Danute Brigita Kuncaiti

Re: [squid-users] Transparent and non Transparent at the same time

2016-10-27 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 You know method to do this without NAT? ;) 28.10.2016 0:54, Antony Stone пишет: > On Thursday 27 October 2016 at 19:51:22, Yuri Voinov wrote: > >> You absolutely sure, Eliezier? :) > > Yes - you do not use DNAT. > > You do use REDIRECT on the mac

Re: [squid-users] Transparent and non Transparent at the same time

2016-10-27 Thread Antony Stone
On Thursday 27 October 2016 at 19:51:22, Yuri Voinov wrote: > You absolutely sure, Eliezier? :) Yes - you do not use DNAT. You do use REDIRECT on the machine Squid is running on. Antony. > 27.10.2016 23:46, Eliezer Croitoru пишет: > > You need routing policy not DNAT. > > > > Eliezer > > >

Re: [squid-users] Transparent and non Transparent at the same time

2016-10-27 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 erdosain9, here is documentation your required. http://wiki.squid-cache.org/ConfigExamples/Intercept Sadly, but interception proxy with modern Squid, in addition to router with PBR/WCCP redirection, also always required NAT, configured on proxy

Re: [squid-users] Transparent and non Transparent at the same time

2016-10-27 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Once more: You are really absolutely sure you talking about Squid's transparent interception proxy? Well, let's open Squid's wiki: http://wiki.squid-cache.org/ConfigExamples/Intercept Please, read to us latest statement on this screenshot: http

Re: [squid-users] Transparent and non Transparent at the same time

2016-10-27 Thread Eliezer Croitoru
Well this is the most efficient and less risker way. I do not know MikroTik enough to the hardware but it has a routing engine so... routing policy. In the past I wrote about it somewhere with details instructions on how to do it in a mikrotik. Eliezer Eliezer Croitoru Linux System Admini

Re: [squid-users] Transparent and non Transparent at the same time

2016-10-27 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 You absolutely sure, Eliezier? :) 27.10.2016 23:46, Eliezer Croitoru пишет: > You need routing policy not DNAT. > > Eliezer > > > Eliezer Croitoru > Linux System Administrator > Mobile: +972-5-28704261 > Email: elie...@ngtech.co.il > > > ---

[squid-users] Custom User Agent Per ACL

2016-10-27 Thread jarrett+squid-users
Is it possible to have a custom "request_header_replace User-Agent" assigned to mapped acl/listening port/tcp_outgoing_address? Examples: acl ipv4-1 myportname 3128 src xxx.xxx.xxx.xxx/24http_access allow ipv4-1 -> request_header_replace User Agent "Firefox x" ipv4-1 -> tcp_outgoing_address

Re: [squid-users] Transparent and non Transparent at the same time

2016-10-27 Thread Eliezer Croitoru
You need routing policy not DNAT. Eliezer Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il -Original Message- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of erdosain9 Sent: Thursday, October 27, 2016

Re: [squid-users] Transparent and non Transparent at the same time

2016-10-27 Thread erdosain9
Ok... but i have this problem ERROR: NAT/TPROXY lookup failed to locate original IPs on local=192.168.1.15:3130 remote=192.168.1.1:52090 FD 14 flags=33 ... I put some dstnat in Mikrotik (192.168.1.1) ip firewall nat add chain=dstnat src-add=192.168.1.121 protocol=tcp dst-port=80 action=dst-na

Re: [squid-users] Using Squid to Create Multiple Proxy IP's

2016-10-27 Thread Matus UHLAR - fantomas
On 26.10.16 21:37, john huggins wrote: My goal: to use these IP's to spoof my public IP. If one gets banned or goes dead, I just go to my network setting on my local machine and change the proxy to an active "spoofed ip" only your public IP will get to world. When you get multiple IPs assigned

Re: [squid-users] external_acl_type problem

2016-10-27 Thread reinerotto
>> It very looks like squids accouting of helpers is disturbed: I see much more >> than max helpers active after a few hours. And lot of helpers stay >> alive, >> when I kill parent process squid. >By 'kill' do you mean something like "kill -9" ? >Or do you mean the proper "kill -SIGHUP" or "squ