Re: [squid-users] Secure Web Proxy Stress Testing

Thank you , Bariamis Panagiotis On Tue, Apr 10, 2018 at 10:14 PM, Panagiotis Bariamis wrote: > Thank you for the clarification. > > On Tue, Apr 10, 2018, 21:11 Alex Rousskov com> wrote: > >> >> >> >Polygraph supports HTTPS proxies and HTTPS

Re: [squid-users] SSL intercept in explicit mode

On Saturday 14 April 2018 at 13:22:32, MK2018 wrote: > I had used squid effectively and perfectly for more than a year before I > could understand (on my own) how to craft an 'allow' or 'deny' line that > contains all of: source acl, dst acl, connection method, HTTP command, TCP > port, excluded

Re: [squid-users] SSL intercept in explicit mode

Amos Jeffries wrote > Which parts (if any in the current text) are you getting confused or > lost by? It is not about confusion as much as it is about syntax. Since I'm always bumping to fight unwanted user traffic / analyze traffic consumption, I would need to use 'stare' verb. But, I had only

Re: [squid-users] SSL intercept in explicit mode

On 14/04/18 20:51, MK2018 wrote: > Amos Jeffries wrote >> FYI this is "server-first all". peek and splice before "bump all" is >> similar but also different in ways that allow it to handle more problems >> in better ways. > > I never really got to understand how to implement peek and splice

[squid-users] squidclient and PROXY procotol enabled http_port

Greetings to everyone, I have the following deployment: - Several Squid nodes configured with "http_port 3128 require-proxy-header" - One haproxy what relays TCP connections to nodes - squidclient that is run on each node manually Browsers pointing to haproxy are

Re: [squid-users] Squid is very slow after moving to production environment

On 13/04/18 05:55, Roberto Carna wrote: > People, I can't test de new proxy in the production environment > because I affect the users. I think is a good idea to add 10/15 users > to my new proxy, and test it with users from my IT area. Maybe the > problem is DansguardianI don't know. > > I'm

Re: [squid-users] SSL intercept in explicit mode

On 14/04/18 10:05, MK2018 wrote: > Aaron Turner wrote >> Thanks Yuri. That helps. As for the "sslproxy_flags >> DONT_VERIFY_PEER", yes I understand the risks. In my specific case, >> where my "users" are actually a bunch of automated web clients doing >> some web crawling it's the right thing

Re: [squid-users] Certificate transparency: problem for ssl-bumping, no effect, or?

On 14/04/18 10:03, Alex Crow wrote: > >> Unless the protocol design changes to expose full URLs and/or MIME types, >> nothing will replace Squid Bumping. >> >> That being said, we are headed to the vortex by 2018.05.01. Let's drown >> together, while we yell and curse at Google! >> >> MK >> >> >>

Re: [squid-users] IP auth, simple username/pass authentication, if ip not authorized?

Yes that should do it. But to let Squid do its job against DoS and such security attacks ... On 14/04/18 17:36, xpro6000 wrote: > This should do it > Move all these custom rules between here ... > acl Allowed_IPs src "/etc/squid/Allowed_IPs.txt" > http_access allow Allowed_IPs > > auth_param