[squid-users] option to auto-recreate the ssl db ?

Hi there.. Could we have an option to auto re-create the ssl database? For some reason, out of nowhere, I start getting these in the cache.log: security_file_certgen helper database '/var/lib/ssl_db' failed: Failed to open file /var/lib/ssl_db/index.txt security_file_certgen helper database

Re: [squid-users] Squid Proxy with simple iptable rule ...

Dear Antony Stone, In fact I recently converted Squid 3.1 and less idea of iptable rules used there, it was also working as router for internet so i confused with normal proxy. > -A INPUT -j LOG Do you really want to log every packet hitting your machine? What use is that information? *@---

Re: [squid-users] Squid generated certificate for IP rather than domain when using ssl_bump

Hi Alex, Thank you and Sorry for not including the access log earlier. 1492449506.087 16 172.27.3.236 TCP_DENIED/200 0 CONNECT 192.30.255.113:443 - HIER_NONE/- - 1492449521.807  5 172.27.3.236 TCP_DENIED/200 0 CONNECT 192.30.255.112:443 - HIER_NONE/- - 1492449528.794 41 172.27.3.236

Re: [squid-users] Squid generated certificate for IP rather than domain when using ssl_bump

On 04/17/2017 10:55 AM, Shanmugam Sundaram wrote: > The goal is to splice only whitelist (github.com) and terminate all > other domains. FYI: I do not know what you mean by "terminate", but if you mean "close the client-to-Squid connection _without_ serving a Squid-generated error response to

Re: [squid-users] Squid generated certificate for IP rather than domain when using ssl_bump

Hi Alex, Thank you. Yes, there are http_access rules I have included the entire configuration file (Sorry, I'm new to Squid)The goal is to splice only whitelist (github.com) and terminate all other domains. http_port 3128 http_port 3129 intercept https_port 3130 intercept ssl-bump

[squid-users] Squid generated certificate for IP rather than domain when using ssl_bump

Hi, I'm new to Squid, and having trouble getting SSL filtering work. I have a blanket block setup with Squid as Transparent proxy where access it allowed only to github.com. But, squid generates certificates for IP address instead of domain name and SSL validation fails.Squid version:

Re: [squid-users] Squid Proxy with simple iptable rule ...

On Monday 17 April 2017 at 14:45:55, Arsalan Hussain wrote: > Dear Sir Amos :) > I had reconfigured Squid 3.5 and it works fine. but i want to protect WAN > interface through IPTABLES > > 1- can you help me chain rule of simple iptable which drop all trafic from > WAN eth0 to secure

Re: [squid-users] Squid Proxy with simple iptable rule ...

Dear Sir Amos I had reconfigured Squid 3.5 and it works fine. but i want to protect WAN interface through IPTABLES 1- can you help me chain rule of simple iptable which drop all trafic from WAN eth0 to secure and allow squid user request from LAN eth1 only. (my WAN send flood by public and it

Re: [squid-users] Squid SSL-bump - Not working - No errors

The first problem is that you are using a broken config from Squid-3.1 in a version 3.5 proxy. Please reset your squid.conf and set it up as described by Amos ___ squid-users

Re: [squid-users] Multiple http_access logic at the same time

On Monday 17 April 2017 at 08:35:28, Serhat Koroglu wrote: > Hello, > I'm trying to manage squid users to access the proxy if they logged in and > the site url is allowed in my url list. They are running one by one. If > logged in accesses but not check the url and vice versa. So, are you saying

[squid-users] Multiple http_access logic at the same time

Hello, I'm trying to manage squid users to access the proxy if they logged in and the site url is allowed in my url list. They are running one by one. If logged in accesses but not check the url and vice versa. But I want both of them. Here is my config part. auth_param basic program