Re: [squid-users] HTTPS site filtering

On 21/01/2017 7:30 a.m., roadrage27 wrote: >> I see no 'localnet' ACL use. If this proxy is supposed to be servicing >> LAN clients, that will be needed and the keepgoing and artwork ACLs >> probably not needed. > > I am connecting on a LAN to it now with no issues and multiple testers on > the

Re: [squid-users] HTTPS site filtering

On 21/01/2017 6:59 a.m., roadrage27 wrote: > When I add the final deny all then no traffic traverses squid. When I > removed it then squid started passing traffic > That is odd. Because Squid ACL logics implicitly use the inverse of the last line as the default action. So your "allow

Re: [squid-users] HTTPS site filtering

>I see no 'localnet' ACL use. If this proxy is supposed to be servicing >LAN clients, that will be needed and the keepgoing and artwork ACLs >probably not needed. I am connecting on a LAN to it now with no issues and multiple testers on the same subnet can also use it. why would i add a

Re: [squid-users] HTTPS site filtering

When I add the final deny all then no traffic traverses squid. When I removed it then squid started passing traffic On Fri, Jan 20, 2017, 11:46 AM Amos Jeffries [via Squid Web Proxy Cache] < ml-node+s1019090n4681226...@n4.nabble.com> wrote: > On 21/01/2017 5:52 a.m., roadrage27 wrote: > > > I

Re: [squid-users] HTTPS site filtering

On 21/01/2017 5:52 a.m., roadrage27 wrote: > I was able to resolve my issue partially. I burned down the server and > rebuilt it clean so all previous changes that were made attempting to make > SSL work were gone. Once i reloaded squid and the config files i was able > to allow SSL traffic

Re: [squid-users] Dst and dstdomain ACLs

On 21/01/2017 3:19 a.m., cred...@eml.cc wrote: > On Fri, Jan 20, 2017, at 01:42 AM, Amos Jeffries wrote: >> On 20/01/2017 3:01 p.m., creditu wrote: >>> Had a question about dst and dstdomain acls. Given the sample below: >>> >>> http_port 192.168.100.1:80 accel defaultsite=www.example.com vhost

Re: [squid-users] HTTPS site filtering

I was able to resolve my issue partially. I burned down the server and rebuilt it clean so all previous changes that were made attempting to make SSL work were gone. Once i reloaded squid and the config files i was able to allow SSL traffic using the dstdomain acl type. I currently have a few

Re: [squid-users] SSL Bump

On Friday 20 January 2017 at 17:12:04, Mustafa Mohammad wrote: > What are the steps to setup SSL Bump? Don't. Use peek and splice instead. See http://wiki.squid-cache.org/Features/SslBump for info, then http://wiki.squid-cache.org/Features/SslPeekAndSplice for guidance. Antony. -- If at

Re: [squid-users] SSL Bump

On 20/01/17 16:12, Mustafa Mohammad wrote: What are the steps to setup SSL Bump? http://lmgtfy.com/?iie=1=What+are+the+steps+to+setup+SSL+Bump%3F -- Regards, Giles Coochey +44 (0) 7584 634 135 +44 (0) 1803 529 451 gi...@coochey.net smime.p7s Description: S/MIME Cryptographic Signature

[squid-users] SSL Bump

What are the steps to setup SSL Bump? Thanks, Mustafa Mohammad ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid reverse proxy (accelerator) for MS Exchange OWA

On 01/20/2017 02:13 AM, Amos Jeffries wrote: > The key part is the "Error negotiating SSL on FD 16: > error::lib(0):func(0):reason(0) (5/0/0)" > > Which is OpenSSL's very obtuse way of telling Squid "an error > rhappened". With no helpful details about what error it was. Actually, this

Re: [squid-users] HTTPS site filtering

>That tells me either you have screwed up the CONNECT ACL definition. Or >the SSL_ports one. Very possible as im pretty green on squid, my current conf file is below. with that conf the SSL sites just sit and spin until the eventually time out. acl site_squid_art url_regex

Re: [squid-users] Dst and dstdomain ACLs

On Fri, Jan 20, 2017, at 01:42 AM, Amos Jeffries wrote: > On 20/01/2017 3:01 p.m., creditu wrote: > > Had a question about dst and dstdomain acls. Given the sample below: > > > > http_port 192.168.100.1:80 accel defaultsite=www.example.com vhost > > acl www dstdomain www.example.com

Re: [squid-users] Users inserted incorrectly in access.log

Amos Jeffries wrote > Please start by selecting one of round-robin and sourcehash. They are > very different selection algorithms. > > Given that Kerberos auth requires HTTP/1 multiplexing to be disabled for > the auth to work I suggest that you drop the round-robin. It forces > multiplexing to

Re: [squid-users] squid reverse proxy (accelerator) for MS Exchange OWA

On 20/01/2017 10:44 p.m., Vieri wrote: > > - Original Message - > From: Amos Jeffries > >> Firstly remove the ssloptions=ALL from your config. >> > >> Traffic should be able to go through at that point. > > Thanks for the feedback. > > I tried it again, but this time with a non-OWA

Re: [squid-users] Will squid core dump with worker threads? Investigating squid crash, 3.5.23

On 19/01/2017 10:13 p.m., squid wrote: > >>> >>> assertion failed: MemBuf.cc:216: "0 <= tailSize && tailSize <= cSize" >>> >> >> This is . We have > > > Is there a workaround for this - something that I can put in the config > perhaps? I'm

Re: [squid-users] squid 3.5.23 memory usage

On 20/01/2017 1:23 p.m., Ivan Larionov wrote: > Hello. > > I'm pretty sure this question has been asked multiple times already, but > after reading everything I found I still can't figure out squid memory > usage patterns. > > We're currently trying to upgrade from squid 2.7 to squid 3.5 and

Re: [squid-users] squid reverse proxy (accelerator) for MS Exchange OWA

- Original Message - From: Amos Jeffries > Firstly remove the ssloptions=ALL from your config. > > Traffic should be able to go through at that point. Thanks for the feedback. I tried it again, but this time with a non-OWA IIS HTTPS server. Here's the

Re: [squid-users] Native FTP relay: connection closes (?) after 'cannot assign requested address' error

On 20/01/2017 9:40 p.m., Alexander wrote: > Hello, I have a question regarding a native FTP relay (squid's version is > 3.5.23). Have you tried NAT intercept for the FTP port? TPROXY has some low-level things including socket mapping that might not go so well with how FTP uses multiple

Re: [squid-users] squid reverse proxy (accelerator) for MS Exchange OWA

On 20/01/2017 1:03 p.m., Vieri wrote: > Hi, > > I'm trying to set up Squid as a reverse proxy on a host with IP address > 10.215.144.91 so that web browsers can connect to it on port 443 and request > pages from an OWA server at 10.215.144.21:443. > > I have this in my squid.conf: > >

Re: [squid-users] HTTPS site filtering

On 20/01/2017 9:32 a.m., roadrage27 wrote: > I was able to solve my previous issue of no connections and now have a > working squid along with http site filtering and regex working nicely. > > My current issue is the need to allow only certain sites which do include > some HTTPS sites. If i

Re: [squid-users] Dst and dstdomain ACLs

On 20/01/2017 3:01 p.m., creditu wrote: > Had a question about dst and dstdomain acls. Given the sample below: > > http_port 192.168.100.1:80 accel defaultsite=www.example.com vhost > acl www dstdomain www.example.com dev.example.com > cache_peer 10.10.10.1 parent 80 0 no-query no-digest

[squid-users] Native FTP relay: connection closes (?) after 'cannot assign requested address' error

Hello, I have a question regarding a native FTP relay (squid's version is 3.5.23). I've tried to test this feature like this: [Filezilla Client, 1.1.1.2] <-> [ Router: iptables + squid ] <-> [vsftpd server, 5.5.5.10] The router is CentOS 6.5 machine. Firewall settings are: ip route