Hi all,
I am using ssl bump and it's work fine a lot of SSL sites, but some of those
are misconfigured and squid won't succeed to get the correct certificate, and
give me the following error :
SEC_ERROR_UNKNOWN_ISSUER
Looking on the internet I understand that this is a SSL server
misconfigurat
Hi everybody
I'm having some problems trying to best tune efficient web caching with
Squid.
After several configurations I realized that in my case SMP-Workers + AUFS
is more efficiente than SMP-Workers + Rock Cache.
I tried to use the same parameters and options in both cases, just to make
sure
Hello. I have squid proxy server.
Configured SSL inspection and add your JS code.
Is it possible to inspect and add JS code only to files of a specific file
type (for example, only to JS text/javascript).
Or it is possible to proxy only JS files, and send the rest of the content
and requests outs
On Wednesday 06 February 2019 at 10:48:19, alexmaystat wrote:
> Hello. I have squid proxy server.
Version? Operating system?
> Configured SSL inspection
How? Give us some details.
> and add your JS code.
What?
> Is it possible to inspect and add JS code only to files of a specific file
> t
Hello,
On Wed, Feb 06, Yann Girardin wrote:
> I am using ssl bump and it's work fine a lot of SSL sites, but some of
> those are misconfigured and squid won't succeed to get the correct
> certificate, and give me the following error :
> SEC_ERROR_UNKNOWN_ISSUER
>
> Looking on the internet I unde
Squid version - 3.5
Operation system - CentOS
SSL inspection - use SSL_Bump + ECAP for content modification.
I mean add my own JS code.
I need user ECAP with modification to parse what file type and after that,
if javascript file - inject my additional code, yes?
--
Sent from:
http://squid-web
On Wednesday 06 February 2019 at 11:21:57, alexmaystat wrote:
> Squid version - 3.5
> Operation system - CentOS
> SSL inspection - use SSL_Bump + ECAP for content modification.
> I mean add my own JS code.
>
> I need user ECAP with modification to parse what file type and after that,
> if javascr
On 6/02/19 10:10 pm, Yann Girardin wrote:
>
> Is there a way to activate this AIA fetching in squid or do i have to
Fetching missing intermediate CA certificates is implemented in Squid-4.
All you need do is check that your access controls permit those requests
to happen.
If you have Squid-3.5 t
On 6/02/19 11:14 pm, Lucolo wrote:
> Hi everybody
>
> I'm having some problems trying to best tune efficient web caching with
> Squid.
>
> After several configurations I realized that in my case SMP-Workers + AUFS
> is more efficiente than SMP-Workers + Rock Cache.
Do you understand why that is?
Do you think this is possible, right?
--
Sent from:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Thanks, I appreciate your detailed answer.
> > I'm struggling a lot to configure Squid. To improve the security of my app
> > in my AWS private subnet,
>
> If it is indeed *your* app; then please alter it not to require the
> interception we see below. Ability to connect to a TLS explicit p
HiMy squid config is something like this:acl blk ssl::server_name .google.com
http_access deny blk
http_access allow all
http_port 0.0.0.0:3128
http_port 0.0.0.0:3129 tproxy
https_port 3130 tproxy ssl-bump \
cert=/etc/squid/ssl_cert/myCA.pem \
generate-host-certificates=on dynamic_cert_mem_ca
HiMy squid config is something like this:acl blk ssl::server_name .google.com
http_access deny blk
http_access allow all
http_port 0.0.0.0:3128
http_port 0.0.0.0:3129 tproxy
https_port 3130 tproxy ssl-bump \
cert=/etc/squid/ssl_cert/myCA.pem \
generate-host-certificates=on dynamic_cert_mem_ca
Hello.
We've recently noticed a difference in behavior between squid v3 and v4.
On HTTP response with non-standard 4-digits HTTP code, for example
something like this:
HTTP/1.1 5009 Update Error
Connection: Closed
{"code":500911,"message":"update record error"}
squid 3 just passes this respons
On Wed, 6 Feb 2019 at 05:53, Amos Jeffries wrote:
>
> It depends on what your policies are as to which is the better approach
> to take. It is looking a bit like (2) is probably the way to go. With
> the switch from dstdomain to server_name type for the ssl_bump
> processing this issue may just d
No need to compile and build it for AWS:
I already built it for both AWS 1 and 2:
http://ngtech.co.il/repo/amzn/
Can be downloaded and is tested to work very well on both OS.
Eliezer
* let me know if the package is good enough.
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-287
On 7/02/19 3:39 am, alexmaystat wrote:
> Do you think this is possible, right?
>
Which of the multiple questions and ideas stated earlier do you mean by
"this" ?
Content Adaptation is possible.
Causing a process which finished previously (ie send to the proxy) to
not happen based on things only
On 7/02/19 3:52 am, leo messi wrote:
> Hi
> My squid config is something like this:
> acl blk ssl::server_name .google.com
> http_access deny blk
> http_access allow all
>
...
>
> acl step1 at_step SslBump1
> ssl_bump peek step1
> ssl_bump splice all
>
>
> My problem is when i block some pages
On 7/02/19 6:39 am, Ivan Larionov wrote:
> Hello.
>
> We've recently noticed a difference in behavior between squid v3 and v4.
>
> On HTTP response with non-standard 4-digits HTTP code, for example
> something like this:
>
> HTTP/1.1 5009 Update Error
> Connection: Closed
>
> {"code":500911,"me
I have created a JAVA Based StoreID helper example that utilizes threads for
concurrency.
The code is at:
http://gogs.ngtech.co.il/NgTech-LTD/StoreID-JAVA-helper
It's an eclipse project but also has the files:
http://gogs.ngtech.co.il/NgTech-LTD/StoreID-JAVA-helper/src/master/StoreID-J
AVA.jar
ht
On 7/02/19 3:52 am, Paul Doignon wrote:
> Thanks, I appreciate your detailed answer.
>
> > > I'm struggling a lot to configure Squid. To improve the security of my
> app in my AWS private subnet,
> >
> > If it is indeed *your* app; then please alter it not to require the
> > interception we
On 7/02/19 8:03 am, Walid A. Shaari wrote:
>
> On Wed, 6 Feb 2019 at 05:53, Amos Jeffries wrote:
>
> > ssl_bump peek step1
> >
> > ssl_bump splice azure_sites azure_sites2 #Avoid bumping
> Microsoft/Azure
> > related sites
> >
>
> The way ACLs work in Squid items on
Got it. Thank you Amos
On Thu, 7 Feb 2019, 03:47 Amos Jeffries On 7/02/19 8:03 am, Walid A. Shaari wrote:
> >
> > On Wed, 6 Feb 2019 at 05:53, Amos Jeffries wrote:
> >
> > > ssl_bump peek step1
> > >
> > > ssl_bump splice azure_sites azure_sites2 #Avoid bumping
> > Microsoft/Azur
I mean:
Do you think that it is possible to implement the ECAP module with the
injecting code into content adaptation, after check and verify in ECAP that
content-type is js code (text/javascript)?
--
Sent from:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
__
24 matches
Mail list logo
