On 29/11/2016 10:33 a.m., kevin2345 wrote:
Hello, new to squid here. I'm trying to setup a transparent proxy with squid
for my internal hosts to reach outbound destinations. We are hosted in AWS
with a VPC setup and multiple subnets. The squid host is in a "public"
subnet that has outbound ac
On 29/11/2016 7:49 a.m., Walter H. wrote:
Hey,
On 28.11.2016 14:51, Eliezer Croitoru wrote:
Now to me the picture is much clear technically.
As Amos suggested fix the first proxy(and I am adding choose how to
approach) and then move on to the next ones.
why fix the first proxy, I wouldn't need
OK.
So much clear now to a solution.
If you don’t know what Policy Based Routing and you have a bunch of VM's and
you are configuring the proxy in the browser manually you just need to install
on the first proxy 3.5.22 that allows you to tunnel CONNECT requests to a
parent proxy based on the req
Hello, new to squid here. I'm trying to setup a transparent proxy with squid
for my internal hosts to reach outbound destinations. We are hosted in AWS
with a VPC setup and multiple subnets. The squid host is in a "public"
subnet that has outbound access, while the other subnets are "private" wi
Hey,
On 28.11.2016 14:51, Eliezer Croitoru wrote:
Now to me the picture is much clear technically.
As Amos suggested fix the first proxy(and I am adding choose how to approach)
and then move on to the next ones.
why fix the first proxy, I wouldn't need it, if ssl-bump plus parent
proxy (the re
On 2016-11-28 17:39, Garri Djavadyan wrote:
On Sat, 2016-11-19 at 01:12 +0500, Garri Djavadyan wrote:
Hello,
I noticed that Squid logs TCP_MISS/200 when it serves previously
cached
object in return to non-matched conditional request with If-None-
Match.
For example:
1. Non-conditional reques
Hey Walter,
Now to me the picture is much clear technically.
As Amos suggested fix the first proxy(and I am adding choose how to approach)
and then move on to the next ones.
There are couple subjects in your one single question which are conflicting
your desire(or at least how they are written)
On 29/11/2016 2:02 a.m., Walter H. wrote:
> Hello,
>
> I think we aren't understanding each other ...
>
> let me show what my system is now:
>
Rather than describing the whole complex tangled web of devices and
interactions I think you should break it down and consider each proxy in
isolation;
> The SMB_LM helper performs a downgrade attack on the NTLM protocol
> and
> decrypts the resulting username and password. Then logs into AD using
> Basic auth.
> This requires that the client supports the extremely insecure LM
> auth.
> Any sane client will not.
>
> Alternatively, the 'fake'
Hello,
I think we aren't understanding each other ...
let me show what my system is now:
a few clients - not all¹ - have configured a proxy,
let's say with IP 172.16.0.10
this proxy is a CentOS 6.8 with squid 3.1.23
this proxy only decides which parent to use ...
¹ some clients must be able to
On Sat, 2016-11-19 at 01:12 +0500, Garri Djavadyan wrote:
> Hello,
>
> I noticed that Squid logs TCP_MISS/200 when it serves previously
> cached
> object in return to non-matched conditional request with If-None-
> Match.
> For example:
>
> 1. Non-conditional request to the previously cached ob
On 29/11/2016 12:26 a.m., FredB wrote:
> Hello
>
> I wonder if I can use NTLM auth without any integration in AD ?
No, proper NTLM requires a DC allocated token be presented by the
client. This token is unique per TCP connection attempt. There is no
username/password available to Squid in NTLM.
Hello
I wonder if I can use NTLM auth without any integration in AD ?
Just interrogate the AD for user/password, I can do that ?
Regards
Fred
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-use
Hey Walter,
I am not sure you understand the direction of things or what I am aiming for.
First if the client has CentOS 6.8 There are RPM's for newer versions which I
am building manually for the public use.
Second: You can simplify the picture from Intercepting traffic using the local
squid in
For your dynamic ip problem, you could easily write a small bash script to do a
scheduled nslookup on a dynamic dns hostname using dyn or no-ip. Write it so
that it dumps the output into your firewall rules to keep the ip updated in
your firewall rules.
Benjamin E. Nicholshttp://www.squidblack
On Mon, November 28, 2016 06:56, Eliezer Croitoru wrote:
> OK so the next step is:
> Routing over tunnel to the other proxy and on it(which has ssl-bump)
> intercept.
by now only the 3.5.20 squid on the local VM does SSL-bump
> If you have a public on the remote proxies which can use ssl-bump the
16 matches
Mail list logo
