Re: [squid-users] New Member - Just testing mail list

Good afternoon! On 5/24/2017 2:53 PM, Rogerio Coelho wrote: Hi Squid Users ! Just testing mail list. Rogério Ceni Coelho Engenheiro de Infraestrutura - Infrastructure Engineer Diretoria de TI e Telecom - Grupo RBS Fone: +55 (51) 3218-6983 Celular: +55 (51) 8186-2933 Claro Celular: +55 (51) 80

Re: [squid-users] External ACL

Hi Amos, The issue is that it still fails to authenticate. That's why I thought those messages indicate an error. Same thing happens both when I use my script or when I use ext_sql_session_acl. I missed a line in from the output: 2017/05/24 20:28:57.084 kid1| 82,2| external_acl.cc(1338) externalA

Re: [squid-users] SSL bump, SSL intercept, explicit, secure proxy, what is it called?

On 25/05/17 09:01, j m wrote: Some more info: I tried this on Firefox 53 and got more feedback, but still doesn't work. Per the recommendation on bugzilla (bug 378637), I put https://myaddress:myport into firefox and it gives me a "Your connection is not secure".

Re: [squid-users] SSL bump, SSL intercept, explicit, secure proxy, what is it called?

On 05/24/2017 01:45 PM, Amos Jeffries wrote: > On 25/05/17 02:17, Alex Rousskov wrote: >> On 05/24/2017 06:56 AM, Amos Jeffries wrote: >>> On 24/05/17 13:44, j m wrote: So firstly, what is the actual name for what I want (encrypting proxy to browser)? >>> Some people seem to be calling i

Re: [squid-users] RES: New Squid Server 3.5.20 on Centos 7 - Trying to redirect local web access to Port 80 on Linux Servers with iptables to Squid Server with http_port intercept

On 25/05/17 08:16, Rogerio Coelho wrote: Using intercept mode with 3129 port : [root@prd-rbs-squid01-poa squid]# cat /etc/squid/squid.conf | egrep -v "^#|^$" acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network ac

Re: [squid-users] RES: New Squid Server 3.5.20 on Centos 7 - Trying to redirect local web access to Port 80 on Linux Servers with iptables to Squid Server with http_port intercept

Please, take a look : [root@prd-rbs-squid01-poa squid]# cat /etc/squid/squid.conf | egrep -v "^#|^$" acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal

[squid-users] RES: New Squid Server 3.5.20 on Centos 7 - Trying to redirect local web access to Port 80 on Linux Servers with iptables to Squid Server with http_port intercept

Hi, Sorry about my inexpirience ( and bad English ). Rogério Ceni Coelho Engenheiro de Infraestrutura – Infrastructure Engineer Diretoria de TI e Telecom - Grupo RBS Fone: +55 (51) 3218-6983 Celular: +55 (51) 8186-2933 Claro Celular: +55 (51) 8050-4225 Vivo rogerio.coe...@gruporbs.com.br http://

[squid-users] RES: RES: New Squid Server 3.5.20 on Centos 7 - Trying to redirect local web access to Port 80 on Linux Servers with iptables to Squid Server with http_port intercept

Hi Amos, I do not know if i send with success the third email with this info. I will try again. Using intercept mode with 3129 port : [root@prd-rbs-squid01-poa squid]# cat /etc/squid/squid.conf | egrep -v "^#|^$" acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet s

Re: [squid-users] New Squid Server 3.5.20 on Centos 7 - Trying to redirect local web access to Port 80 on Linux Servers with iptables to Squid Server with http_port intercept

On 25/05/17 08:02, Rogerio Coelho wrote: Hi Squid Jedi´s, I am just a little stuck tryng to replace an old Squid 3.1.23 Server on Centos 6 that i use to redirect local web access to port 80 on linux servers to Squid Server. On my Squid 3.1.23 Server on Centos 6 i use http_port 3128 transparen

Re: [squid-users] RES: New Squid Server 3.5.20 on Centos 7 - Trying to redirect local web access to Port 80 on Linux Servers with iptables to Squid Server with http_port intercept

On 25/05/17 08:12, Rogerio Coelho wrote: On my new Squid Server running 3.5.20 on Centos 7 a try to use in many different ways. When i use wget or firefox using http_proxy conf web access go ok. But when i try to access web using iptables redirect from Linux Server i got bad request / Invalid

Re: [squid-users] SSL bump, SSL intercept, explicit, secure proxy, what is it called?

Some more info:  I tried this on Firefox 53 and got more feedback, but still doesn't work.  Per the recommendation on bugzilla (bug 378637), I put https://myaddress:myport into firefox and it gives me a "Your connection is not secure".  So I add the exception, and it then displays the squid mess

Re: [squid-users] External ACL

On 25/05/17 08:16, avi_h wrote: So I managed to create the SQL table after reviewing the script. When testing the script outside of squid I get an OK reply. When I tested with squid I got the same error message as before (queue overload). After some more investigating I managed to resolve that. W

Re: [squid-users] External ACL

So I managed to create the SQL table after reviewing the script. When testing the script outside of squid I get an OK reply. When I tested with squid I got the same error message as before (queue overload). After some more investigating I managed to resolve that. What solved it was adding ipv4 to t

[squid-users] RES: New Squid Server 3.5.20 on Centos 7 - Trying to redirect local web access to Port 80 on Linux Servers with iptables to Squid Server with http_port intercept

Using intercept mode with 3129 port : [root@prd-rbs-squid01-poa squid]# cat /etc/squid/squid.conf | egrep -v "^#|^$" acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 pos

[squid-users] RES: New Squid Server 3.5.20 on Centos 7 - Trying to redirect local web access to Port 80 on Linux Servers with iptables to Squid Server with http_port intercept

On my new Squid Server running 3.5.20 on Centos 7 a try to use in many different ways. When i use wget or firefox using http_proxy conf web access go ok. But when i try to access web using iptables redirect from Linux Server i got bad request / Invalid URL. When i use http_port 3329 intercept

[squid-users] New Squid Server 3.5.20 on Centos 7 - Trying to redirect local web access to Port 80 on Linux Servers with iptables to Squid Server with http_port intercept

Hi Squid Jedi´s, I am just a little stuck tryng to replace an old Squid 3.1.23 Server on Centos 6 that i use to redirect local web access to port 80 on linux servers to Squid Server. On my Squid 3.1.23 Server on Centos 6 i use http_port 3128 transparent mode and on my Linux servers clients i u

Re: [squid-users] Wrong timestamp??

Or a more accurate comparison: date ; date --utc ; squidclient mgr:info | grep Date Thu May 25 07:54:05 NZST 2017 Wed May 24 19:54:05 UTC 2017 Date: Wed, 24 May 2017 19:54:05 GMT Amos ___ squid-users mailing list squid-users@lists.squid-cache.org

[squid-users] New Member - Just testing mail list

Hi Squid Users ! Just testing mail list. Rogério Ceni Coelho Engenheiro de Infraestrutura - Infrastructure Engineer Diretoria de TI e Telecom - Grupo RBS Fone: +55 (51) 3218-6983 Celular: +55 (51) 8186-2933 Claro Celular: +55 (51) 8050-4225 Vivo rogerio.coe...@gruporbs.com.br http://www.gruporbs.

Re: [squid-users] SSL bump, SSL intercept, explicit, secure proxy, what is it called?

On 25/05/17 02:17, Alex Rousskov wrote: On 05/24/2017 06:56 AM, Amos Jeffries wrote: On 24/05/17 13:44, j m wrote: So firstly, what is the actual name for what I want (encrypting proxy to browser)? Some people seem to be calling it "HTTPS", but that is not correct and thankfully makes it diffi

Re: [squid-users] Wrong timestamp??

Just in case, I explain - Squid takes the system time in the client by UTC. Since the client profile does not explicitly specify a local time zone (which in, in my case, is GMT+6). So, you can easy calculate difference. This is OS-specific behaviour. Unrelated to squid. AFAIK. 25.05.2017 1:13, Y

Re: [squid-users] Wrong timestamp??

I've take a look on one of my servers: root @ khorne / # date Thu May 25 01:09:38 ALMT 2017 root @ khorne / # su - squid squid @ khorne $ date Thu May 25 01:10:01 ALMT 2017 Is is ok. Either from root, or from non-privileged user. Well, let's run squidclient: # su - squid squid @ khorne $ cd /u

Re: [squid-users] Wrong timestamp??

You ask us, how do you have time zones on the your server configured? :) 25.05.2017 0:49, erdosain9 пишет: > Hi to all. > This is strange... > if a put "date" i get the actual time. I mean the time it's correct. > More or less in this moment it is > > [root@squid ~]# date > mié may 24 15:59:59 AR

[squid-users] Wrong timestamp??

Hi to all. This is strange... if a put "date" i get the actual time. I mean the time it's correct. More or less in this moment it is [root@squid ~]# date mié may 24 15:59:59 ART 2017 in the same moment (more or less) access.log 24/May/2017:19:00:21 same moment (more or less) [root@squid ~]#

Re: [squid-users] External ACL

Hi Amos, I can tell you I created a helper in python but had the same issue. Do you have some more details about the ext_sql_session_acl ? How should the SQL table be like and if every entry must have both an IP and a username associated with it? Thanks, Avi -- View this message in context:

[squid-users] AD Windows server 2012 - Squid Authenticator slow

Hi to all. Im having too much "avg service time" in the negotiate kerberos helper. Amos tell me that it's a configuration related to the AD. Can somebody give me a hand to tune that? or tell me where find information about? Thanks Negotiate Authenticator Statistics: program: /lib64/squid/negotiat

Re: [squid-users] SSL bump, SSL intercept, explicit, secure proxy, what is it called?

On 05/24/2017 06:56 AM, Amos Jeffries wrote: > On 24/05/17 13:44, j m wrote: >> So firstly, what is the actual name for what I want (encrypting proxy >> to browser)? > Some people seem to be calling it "HTTPS", but that is not correct and > thankfully makes it difficult to find the bad info. What

Re: [squid-users] SSL bump, SSL intercept, explicit, secure proxy, what is it called?

Thanks for the clarification. I went back to the squid.conf I was using successfully (without encryption) and changed http_port to https_port and added the cert and key you mentioned.   Since I'm not all that knowledgeable about SSL certs, I had some trouble with squid not liking the keys I provi

Re: [squid-users] External ACL

On 24/05/17 01:02, avi_h wrote: Hi Amos, Thanks for your reply. What I mean is that so far I only used squid_db_auth and it works great but now I have a need to allow certain IPs on top of allowing users. Since the IPs are not constant, I need a way to handle the allowed IPs dynamically. Ah,

Re: [squid-users] SSL bump, SSL intercept, explicit, secure proxy, what is it called?

On 24/05/17 13:44, j m wrote: I'd like to set up a proxy on a home server so I can use it remotely for web browsing; no filtering, nothing fancy, just a pass-through of sorts to get around web filters. That part I've got working. The part I haven't had luck with is encrypting the browser-to-p

Re: [squid-users] Squid Service crash >>> assertion failed: store_swapout.cc:289: "mem->swapout.sio == self"

On 24/05/17 20:07, Warkentin, Jens wrote: Hi, we’re using SQUID 3.5.25 on Centos 7.3.1611 (Core). Looks like we have a permission or swap-file problem, when SQUID is running as a service. When we enable and start the service (systemctl enable squid, systemctl start squid) then does the ser

[squid-users] Squid Service crash >>> assertion failed: store_swapout.cc:289: "mem->swapout.sio == self"

Hi, we’re using SQUID 3.5.25 on Centos 7.3.1611 (Core). Looks like we have a permission or swap-file problem, when SQUID is running as a service. When we enable and start the service (systemctl enable squid, systemctl start squid) then does the service crash each time a user tries to connect t