Re: [squid-users] squid sslbump and certificates

2017-05-29 Thread Vieri
From: Rafael Akchurin > > This article tries to explain why it happens. > https://docs.diladele.com/faq/squid/fix_unable_to_get_issuer_cert_locally.html#ssl-certificate-test-tool-in-web-safety-5 > > To fix it - better use what Yuri

[squid-users] Any obvious security issues in my squid.conf?

2017-05-29 Thread j m
I will be remotely accessing squid 3.5 for general web usage, using an encrypted browser-to-proxy connection, and username/password authentication.  I believe my config is reasonably secure as it's based off the default config, but I'm unsure of myself due to some confusion.  Are there any

Re: [squid-users] squid block by Content-Type or Content-Disposition

2017-05-29 Thread Vieri
__ From: Amos Jeffries > > 1) http_access is tested only for requests. > > response/reply messages are controlled though http_reply_access. I knew it was going to be a dumb question. Thanks Amos! It works now. I suppose it's preferable to be

Re: [squid-users] squid sslbump and certificates

2017-05-29 Thread Rafael Akchurin
Hello Vieri, This article tries to explain why it happens. https://docs.diladele.com/faq/squid/fix_unable_to_get_issuer_cert_locally.html#ssl-certificate-test-tool-in-web-safety-5 To fix it - better use what Yuri recommended in

[squid-users] squid sslbump and certificates

2017-05-29 Thread Vieri
Hi, When a client browser gets the Squid error page as shown below, what does it mean? Does it mean that Squid doesn't trust the CA mentioned below? If I wanted to allow the connection anyway, what options would I have? The system returned: (71) Protocol error (TLS code:

Re: [squid-users] squid block by Content-Type or Content-Disposition

2017-05-29 Thread Amos Jeffries
On 29/05/17 23:47, Vieri wrote: Hi, I'm unable to block specific file downloads in http/https traffic. For example, I'd like to block .cab files from being downloaded. Here's what I have: # grep cab /usr/local/proxy-settings/denied.filetypes \.cab(\?.*)?$ # grep -v ^# squid.test.conf | grep

[squid-users] squid block by Content-Type or Content-Disposition

2017-05-29 Thread Vieri
Hi, I'm unable to block specific file downloads in http/https traffic. For example, I'd like to block .cab files from being downloaded. Here's what I have: # grep cab /usr/local/proxy-settings/denied.filetypes \.cab(\?.*)?$ # grep -v ^# squid.test.conf | grep -v ^$ http_access allow localhost

Re: [squid-users] enable outgoing address in LOGS

2017-05-29 Thread Amos Jeffries
On 29/05/17 19:44, --Ahmad-- wrote: Hello folks . i have squid working on IPV6 but i want to display the outgoing IPV6 address in logs . as an example if we have tcp_outgoing_Address i want to see in logs when traffic match the acl above . The info you seek is documented at:

Re: [squid-users] 503 service unavailable on connection refused

2017-05-29 Thread Dominic Kim
My bad.. Please find the attached log. It looks squid is retrying many times. And after reach maximum retry limit, it responds with 503 service unavailable. As you know maximum limit is 10 times. It looks that it retries 10 times within just 3 seconds. Are there any way to configure retry