On 8/05/19 11:03 am, Fabricio Ferreira wrote:
> Hello Lukas,
>
> For sure Schroeffu is right. Without the SSL Interception (a.k.a. MITM –
> Man in the middle) squid can’t filter any HTTPS request as it doesn’t
> know what you have inside the SSL tunnel.
>
>
Also, in case the problem remains
Hello Lukas,
For sure Schroeffu is right. Without the SSL Interception (a.k.a. MITM – Man in
the middle) squid can’t filter any HTTPS request as it doesn’t know what you
have inside the SSL tunnel.
From: squid-users On Behalf Of
i...@schroeffu.ch
Sent: Tuesday, May 7, 2019 7:46
Hi Lukas
for my understanding you have to decrypt the SSL connection with SSL bump,
otherwise Squid is unable to read what mime type is going through the ssl
tunneled connection.
lot regards
schroeffu
7. Mai 2019 22:41, "Lukas Yčas" mailto:lukasy...@gmail.com?to=%22Lukas%20Y%C4%8Das%22%20)>
Hello,
I am currently attempting to block File Upload with squid -
squid.conf:
acl filesblock2 req_mime_type
"/usr/local/squid/etc/blocked_up_extensions.acl"
http_access deny filesblock2
blocked_up_extensions.acl:
application/msword
On 5/7/19 9:37 AM, Marc wrote:
> I think squid relies on the OS to select the ephemeral source port,
Correct.
> Is it possible to disable ephemeral port randomization within squid?
Not yet.
> If it is impossible, can this be considered as a new feature ?
Yes, it is a valid feature request,
Dear all,
We're considering running squid for thousands of users. Squid will use
a single parent proxy IP address. A lot of connections will go from
the Child squid to the Parent proxy. Often, the Parent proxy initiates
closing the TCP connecting by sending the first FIN. This results the
