On 07/18/2018 03:03 PM, Vishali Somaskanthan wrote:
> I had a problem after sending too many requests to the same server where
> my persistence stopped working suddenly.
Please note that there are many reasons why a proxy may close a
connection. For pinned to-server connections (like those
Dear Squid users,
There is a connection C1 from the client to squid and that is
bumped at squid which forms a TCP connection with origin server S1. Having
server persistent connection turned on, for subsequent requests, I see that
the same TCP connection is used between the squid and the
root@f12rw0:~ # squid -v
Squid Cache: Version 5.0.0-20180717-r6956579
Service Name: squid
This binary uses OpenSSL 1.0.2o-freebsd 27 Mar 2018. For legal
restrictions on distribution see
https://www.openssl.org/source/license.html
configure options: '--with-default-user=squid'
On 07/18/2018 02:23 PM, Eliezer Croitoru wrote:
> Every certificate have the same properties of the original one except
> the "RSA key" part which it's certifiying.
Assuming you are talking about the generated certificates for the same
real certificate X, then yes, they will all have the same
On 07/18/2018 02:29 PM, Michael Pro wrote:
> In squid.conf
> store_id_extras "%>a/%>A %un %>rm %>h myip=%la myport=%lp
> %{User-Agent}>h %{Referer}>h %{Host}>h %>rP"
>
> Result incoming parameters in store_id_program are:
> 0: https://2ip.ua/images/icon/IP_calculator.png <--- (requested url)
>
In squid.conf
store_id_extras "%>a/%>A %un %>rm %>h myip=%la myport=%lp
%{User-Agent}>h %{Referer}>h %{Host}>h %>rP"
Result incoming parameters in store_id_program are:
0: https://2ip.ua/images/icon/IP_calculator.png <--- (requested url)
1: 127.0.0.119/127.0.0.119 <--- %>a/%>A
2: -
Alex,
Some properties of the certificate are static but...
A certificate is certifying a specific key.
If every certificate would be exactly the same as the other on all its
properties including the key then we would be able to..
Fake any certificate in the world very very fast.
Correct me if
Eliezer i agree with you with all that
there is no such a secure think for client as long as the web bug exist :)
those large link with small size or so
the main reason i think they ar going to have more secure is to kill https
proxy so big company
can sale there Owen prox with very expensive
Just to mention QUIC related wiki links:
-
https://wiki.squid-cache.org/KnowledgeBase/Block%20QUIC%20protocol?highlight=%28QUIC%29
-
https://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv15Wccp2?highlight=%28QUIC%29#QUIC.2FSPDY_protocol_blocking
Eliezer
Eliezer Croitoru
Linux
Hey Joseph,
It's nice to want security and I do think that security is important.
However there are other sides to security as well.
The standard user doesn't know what he can consider secure or not.
Some users think that if there is HTTPS(Let's encrypt) in the url it makes the
connection secure
On 07/18/2018 09:12 AM, joseph wrote:
> Encrypted SNI completely kills SSL Bump and all will follow that new SNI
> Encryption
> is there a hoop that start reworking adding this option to squid
>
> https://appuals.com/apple-cloudflare-fastly-and-mozilla-devise-solution-to-encrypting-sni/
I do
On 19/07/18 03:41, Victor Sudakov wrote:
>
> If there were an option to debug which "http_access" line rejects him
> I could try it.
>
Please try:
debug_options ALL,1 28,5
... and have them login. Your cache.log should then list the ACLs being
tested and what their results are.
Amos
On 18/07/18 18:30, Ahmad, Sarfaraz wrote:
> Thanks for the reply. I haven't completely understood the revert and have a
> few more related questions.
>
> I see these messages,
> Jul 17 19:21:14 proxy2.hyd.deshaw.com squid[5747]: suspending ICAP service
> for too many failures
> Jul 17 19:21:14
Amos Jeffries wrote:
> >>>
> >>> After upgrading to Squid 4.1 (from FreeBSD ports) I started having
> >>> problems
> >>> with Kerberos authentication.
> >>>
> >>> A user complained about being denied access. The strange things are that:
> >>>
> >>> 1. There was only one such user, others seemed
Encrypted SNI completely kills SSL Bump and all will follow that new SNI
Encryption
is there a hoop that start reworking adding this option to squid
https://appuals.com/apple-cloudflare-fastly-and-mozilla-devise-solution-to-encrypting-sni/
-
**
* Crash to the
On 18/07/18 19:16, Victor Sudakov wrote:
> Amos Jeffries wrote:
>> On 17/07/18 14:20, Victor Sudakov wrote:
>>>
>>> After upgrading to Squid 4.1 (from FreeBSD ports) I started having problems
>>> with Kerberos authentication.
>>>
>>> A user complained about being denied access. The strange
I have tried to access squid manage pages using curl and squidclient and got
the next weird results in the access.log.
TCP_MISS_ABORTED/000
The weird thing is that I am receiving 200 as a response:
Commands and logs:
### START
[root@squid4-testing check-systemd-squid]# curl
Thanks for the offer.
I have seen that there are couple users that uses lftp to mirror the
repository.
If someone want’s to add a mirror site it would be nice but it needs to be
registered somewhere…
I think that the wiki should be the main place which sysadmins can have a list
of
Hi there,
I have just tried with the patch and it is still not working. Do you want
any particular log or debug output?
Thanks
Logan
login mogin , 17 Tem 2018 Sal, 12:03 tarihinde şunu
yazdı:
> I'll give it a try today and let you know. Thanks a lot.
>
> Logan
>
> Amos Jeffries , 17 Tem 2018
Amos Jeffries wrote:
> On 17/07/18 14:20, Victor Sudakov wrote:
> >
> > After upgrading to Squid 4.1 (from FreeBSD ports) I started having problems
> > with Kerberos authentication.
> >
> > A user complained about being denied access. The strange things are that:
> >
> > 1. There was only one
Thanks for the reply. I haven't completely understood the revert and have a few
more related questions.
I see these messages,
Jul 17 19:21:14 proxy2.hyd.deshaw.com squid[5747]: suspending ICAP service for
too many failures
Jul 17 19:21:14 proxy2.hyd.deshaw.com squid[5747]: optional ICAP
21 matches
Mail list logo
