On 05/26/2017 05:22 PM, Vieri wrote:
> If I have this:
>
> ssl_bump peek all
> ssl_bump splice AllowTroublesome
> ssl_bump bump all
... then you have a configuration that does not make sense because one
cannot bump after peeking at step2. Your configuration is equivalent to
* if the current s
Yes, I sort of pieced together what I found online, which is probably
dangerous. I really need to become familiar with how exactly this works for
security's sake if nothing else.
From: Amos Jeffries
To: j m ; "squid-users@lists.squid-cache.org"
Sent: Friday, May 26, 2017 2:53 PM
Su
I forgot to put the emphasis on one thing. I did not change my squid.conf or my
ACLs. The only difference is in the ssl_bump configuration directives.
If I have this:
acl AllowTroublesome ssl::server_name .google.com .gmail.com
acl DenyTroublesome ssl::server_name mail.google.com
http_access den
On 27/05/17 07:52, Amos Jeffries wrote:
This is why best practice is to use a "deny" line like so:
http_access deny !auth_users
... which makes it clear what is happening for every non-authenticated
thing, both situation (1) and (2) traffic.
Sorry "both situation (1) and (3) traffic".
Amos
Ah, your problem seems to be a misunderstanding of how authentication works.
What Squid receives on messages can have three forms:
1) no credentials at all
2) correct credentials
3) invalid credentials
Your definition of the auth_users ACL using "REQUIRED" takes care of the
(1) situation. S
Here's my squid.conf. For what it's worth, shellinabox can be made to use only
HTTP if that's the issue.
auth_param digest program /usr/lib/squid/digest_file_auth -c /etc/squid/passwd
auth_param digest realm myrealm auth_param digest children 2 acl auth_users
proxy_auth REQUIRED acl SSL_ports
On 05/26/2017 10:55 AM, Amos Jeffries wrote:
> On 27/05/17 03:27, Junior Cunha wrote:
>> "assertion failed: Read.cc:73: "fd_table[conn->fd].halfClosedReader !=
>> NULL" can be seen in the cache.log file.
> I recommend for you to try the 4.0
FWIW, I second Amos recommendation -- at least conside
On 27/05/17 04:17, j m wrote:
I have a webserver and squid 3.5 running on the same Linux machine. > The webserver is actually part of shellinabox, so it's only for me
to > access. Shellinabox simply presents a terminal and login in a web
> browser. I want it to be accessible only through sq
On 27/05/17 03:44, Vieri wrote:
Hi,
I'd like to block access to Google Mail but allow it to Google Drive. I also
need to intercept Google Drive traffic (https) and scan its content via c-icap
modules for threats (with clamav and other tools which would block potentially
harmful files).
I've
On 05/26/2017 09:27 AM, Junior Cunha wrote:
> We are facing a strange problem with a squid 3.5.25 installation in
> one of our customers. Every minute an assertion like this "assertion
> failed: Read.cc:73: "fd_table[conn->fd].halfClosedReader != NULL" can
> be seen in the cache.log file.
Could b
On 27/05/17 03:27, Junior Cunha wrote:
Hi all,
We are facing a strange problem with a squid 3.5.25 installation in one of our customers.
Every minute an assertion like this "assertion failed: Read.cc:73:
"fd_table[conn->fd].halfClosedReader != NULL" can be seen in the cache.log file.
Belo
On 05/26/2017 09:44 AM, Vieri wrote:
> I know that in TLS traffic there are only IP addresses
This is a gross exaggeration. The reality is much more nuanced.
> I added mail.google.com to a custom file named "denied.domains" and loaded as
> denied_domains ACL in Squid.
> [...]
> acl denied_do
I have a webserver and squid 3.5 running on the same Linux machine. The
webserver is actually part of shellinabox, so it's only for me to access.
Shellinabox simply presents a terminal and login in a web browser. I want it
to be accessible only through squid for more security.
shellinabox wor
Here is a list of google domains that may help you,
http://www.squidblacklist.org/downloads/whitelists/google.domains
On 5/26/2017 10:44 AM, Vieri wrote:
Hi,
I'd like to block access to Google Mail but allow it to Google Drive. I also
need to intercept Google Drive traffic (https) and scan i
On 26/05/17 07:51, Mike wrote:
Walter, what I've found is when compiling to squid 3.5.x and higher,
the compile options change. Also remember that many of the options
that were available with 3.1.x are depreciated and likely will not
work with 3.4.x and higher.
The other issue is that squid i
Hi,
I'd like to block access to Google Mail but allow it to Google Drive. I also
need to intercept Google Drive traffic (https) and scan its content via c-icap
modules for threats (with clamav and other tools which would block potentially
harmful files).
I've failed so far.
I added mail.googl
Hi all,
We are facing a strange problem with a squid 3.5.25 installation in one of
our customers. Every minute an assertion like this "assertion failed:
Read.cc:73: "fd_table[conn->fd].halfClosedReader != NULL" can be seen in the
cache.log file. Below some information related to our current
On 05/26/2017 12:00 AM, Masha Lifshin wrote:
> I have added an https_port directive
> to squid.conf, but it must be misconfigured.
> http_port 172.30.0.67:443 ...
> https_port 172.30.0.67:443 ...
You are right -- your Squid is misconfigured. You cannot use the same
address for two ports. Unfortun
With defrosting! Welcome from the cryocamera outside :-D
http://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube/Discussion
26.05.2017 19:09, Eduardo Carneiro пишет:
I have the same issue. And not just Youtube, but any dynamic content cache.
If you need to rewrite doesn't work.
--
I have the same issue. And not just Youtube, but any dynamic content cache.
If you need to rewrite doesn't work.
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Youtube-not-TCP-HIT-Squid3-5-21-25-tp4682582p4682584.html
Sent from the Squid - Users mailing list
20 matches
Mail list logo
