[squid-users] External user cant access web server

2017-10-17 Thread hoje
Hi Mr.Amos, Thank you for helping in my previous post. I have a question. I’ve tried the same squid.conf setup to a new topology, and it works only for all internal users. But, external users that want to access my public web server, will get an access denied error (’The requested URL could not be

[squid-users] Pseudo proxy authentication (mapping of IP address to user name) in intercept mode.

2017-10-17 Thread Rafael Akchurin
Hello everyone, I would like to get your opinions on the subject. Problem: admin needs to manage squid acls (and icap web filter settings) using security groups from Active Directory. For non-technical reasons, setup of explicit proxy settings and thus enforcing proxy authentication on Squid is

[squid-users] Fwd: ftp-relay squestion

2017-10-17 Thread inspirit
Hi, we want to use https://wiki.squid-cache.org/Features/FtpRelay functions. I try to setup this feature but I have some troubles with it. When I connect to ftp with filezilla over proxy, squid says me about 407 error. Need authenticate. How I can authenticate with my proxy user/pass over ftp rela

Re: [squid-users] Pseudo proxy authentication (mapping of IP address to user name) in intercept mode.

2017-10-17 Thread Amos Jeffries
On 17/10/17 22:39, Rafael Akchurin wrote: Hello everyone, I would like to get your opinions on the subject. *Problem*: admin needs to manage squid acls (and icap web filter settings) using security groups from Active Directory. For non-technical reasons, setup of explicit proxy settings and t

Re: [squid-users] Pseudo proxy authentication (mapping of IP address to user name) in intercept mode.

2017-10-17 Thread Rafael Akchurin
Hello Amos, Thanks for your responses. What I do not understand completely - if we have intercept style of deployment, when browsers know nothing about the proxy - how basic (or any other type of authenticator) will work? I always thought browsers will discard proxy-auth responses just because

Re: [squid-users] Unable to get TCP_MEM_HIT (just TCP_HIT) with rock storage

2017-10-17 Thread Alex Rousskov
On 10/16/2017 10:30 PM, duanyao wrote: > When I test squid with rock storage, I have never got a TCP_MEM_HIT > (just TCP_HIT) in access.log. > > Is this normal, or something is mis-configured? Neither :-). You are testing with a Vary-controlled response. The shared memory cache does not support

Re: [squid-users] Pseudo proxy authentication (mapping of IP address to user name) in intercept mode.

2017-10-17 Thread Rafael Akchurin
Ok thanks again Amos. The plan is then: - external acl helper gets the SRC and connects to REST server running on AD DC with IP <-> user mapping database - replies with OK user= - this name get's delivered to access log and ICAP/eCAP - (optional) we are able to match the user to security group

Re: [squid-users] Official Docker Image?

2017-10-17 Thread Eliezer Croitoru
What version of squid should be installed? Also what base Linux distribution should we use? Since it's Docker container it won't be simple to use it as a gateway router and will only be usable as a simple forward proxy with or without ssl-bump. Since I already package squid for many OS I believe y

[squid-users] Have anyone seen this black list?

2017-10-17 Thread Eliezer Croitoru
I don't know exactly how I got a hold of this repository but it looks nice and up-to-date: https://github.com/StevenBlack/hosts/ The hosts file can be converted to a SquidGuard\ufdbguard\other domains blocklists. I have not verified all of their lists but since these are meant to be used for hosts

Re: [squid-users] Squid 3.5.20 and 3.1.23 getting re-started with bogus "FATAL: Bungled" acls

2017-10-17 Thread Eliezer Croitoru
Are you validating your config files before committing them?? If you have about 100 clients this is the first thing to do... Either run a asciii validation script for the whole file(I can write it if you really need it) or maintain two configuration testing node (CentOS 6+7). You don't even need t

Re: [squid-users] Unable to get TCP_MEM_HIT (just TCP_HIT) with rock storage

2017-10-17 Thread duanyao
在 2017/10/18 上午12:23, Alex Rousskov 写道: On 10/16/2017 10:30 PM, duanyao wrote: When I test squid with rock storage, I have never got a TCP_MEM_HIT (just TCP_HIT) in access.log. Is this normal, or something is mis-configured? Neither :-). You are testing with a Vary-controlled response. The sh

Re: [squid-users] Is it safe to resize a rock storage file?

2017-10-17 Thread duanyao
在 2017/10/16 下午10:59, Alex Rousskov 写道: On 10/16/2017 06:26 AM, duanyao wrote: Is it safe to resize a rock storage file as follow (while squid is not running)? 1) Increase a rock storage file by increasing the size specified in the configuration file; I would recommend running truncate after

Re: [squid-users] Unable to get TCP_MEM_HIT (just TCP_HIT) with rock storage

2017-10-17 Thread duanyao
在 2017/10/18 上午12:23, Alex Rousskov 写道: On 10/16/2017 10:30 PM, duanyao wrote: When I test squid with rock storage, I have never got a TCP_MEM_HIT (just TCP_HIT) in access.log. Is this normal, or something is mis-configured? Neither :-). You are testing with a Vary-controlled response. The sh