Amos Jeffries wrote
> Huh? what is "only if site persist in ACL" meaning?
Ill try to explain by example. I have 2 ACL - blockvideo and blockvpn, they
contain urls for video hostings and vpn services. This ACLs appyed to domain
groups blockvideo and blockvpn. I have 2 users - adm1 and user1. User1
Seems that intercept is easier than tproxy.
I have now this config:
acl wifi_net src xxx.xxx.0.0/24
acl our_proxy localip xxx.xxx.0.1/32
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports por
OK - I cannot figure out the whole requirement right now.
In case it will not not work like this: with a) you mean "intercept" and
with b) "tproxy"?
Which of these scenarios would you recommend in case http_port will not do
for us?
--
Sent from:
http://squid-web-proxy-cache.1019090.n4.nabble
On 4/09/19 1:13 am, jmperrote wrote:
> Hello Amos, yes but how can I identified that is on the first request ??
>
It will be first? but what does first actually mean?
first this year? first today? first this second?
HTTP is stateless. There is no concept of "second request" etc. outside
of fea
On 4/09/19 1:21 am, fansari wrote:
> I have tested this and it is working.
>
> This is what I said: when I use this http_port directive then it works.
>
> So what is still unclear to me is: what is this https_port directive for? I
> understood from one of you answers I found to someone else that
On 9/3/19 7:47 AM, KOTOXJle6 wrote:
> I have this errors in /var/log/squid/cache.log
>
> /ERROR: negotiating TLS on FD 46: error:1425F175:SSL
> routines:ssl_choose_client_version:inappropriate fallback (1/-1/0)/
According to the discussion linked below, these errors may be "normal":
https://secu
On 3/09/19 11:47 pm, KOTOXJle6 wrote:
> Im trying to setup Squid 4.8 on Ubuntu 18.04 LTS with HTTPS redirecting to
> squid error page for sites in ACL's. Yesterday i faced major problem HTTPS
> sites doesnt open normally in IE11/EDGE and show blank page only + squid
> replace certificate. If i tap
Hello Amos, yes but how can I identified that is on the first request ??
Else squid request to autentificate and later when invoque the helper
again request to autentificate.
I handle recover the user from squid cache (cachmanager) on the helper,
for asking if the user previous exist, but squ
I have tested this and it is working.
This is what I said: when I use this http_port directive then it works.
So what is still unclear to me is: what is this https_port directive for? I
understood from one of you answers I found to someone else that this will
lead to something like double stacked
On 4/09/19 12:29 am, fansari wrote:
> Thank you for your reply.
>
> If I drop the keyword "intercept" I get this error message when starting
> squid:
>
> FATAL: ssl-bump on https_port requires tproxy/intercept which is missing.
>
> Using "tproxy" does not help me either - I also end up with 403.
On 3/09/19 10:35 pm, jmperrote wrote:
> Hello we have a helper to validate users on squid reverse proxy, and
> have a problem on the first validation time !!
>
> On a normal day the first validation, when a user open the client
> browser squid invoque the pop/up and users insert user/password corr
On 3/09/19 10:33 pm, --Ahmad-- wrote:
> Hello Team , thank you for replies .
>
>
> http_port 10.61.8.189:1 name=1
> acl 1 myportname 1
> never_direct allow 1
> cache_peer 192.247.37.193 parent 12847 0 no-query round-robin no-digest
> no
Thank you for your reply.
If I drop the keyword "intercept" I get this error message when starting
squid:
FATAL: ssl-bump on https_port requires tproxy/intercept which is missing.
Using "tproxy" does not help me either - I also end up with 403.
What I want to achieve with my scenario is just ca
On 3/09/19 8:46 pm, fansari wrote:
> I have to setup a TLS proxy connection between client and squid. My config is
> working with http_port (without TLS) but as soon as I try https_port it does
> not work (squid 3.5.23 compiled with --enable-ssl' '--enable-ssl-crtd'
> '--with-openssl').
>
> What I
Im trying to setup Squid 4.8 on Ubuntu 18.04 LTS with HTTPS redirecting to
squid error page for sites in ACL's. Yesterday i faced major problem HTTPS
sites doesnt open normally in IE11/EDGE and show blank page only + squid
replace certificate. If i tap F5, sometimes site opens like it should and
ce
Hello we have a helper to validate users on squid reverse proxy, and
have a problem on the first validation time !!
On a normal day the first validation, when a user open the client
browser squid invoque the pop/up and users insert user/password correct
to validate, and later squid
apparentl
Hello Team , thank you for replies .
http_port 10.61.8.189:1 name=1
acl 1 myportname 1
never_direct allow 1
cache_peer 192.247.37.193 parent 12847 0 no-query round-robin no-digest
no-tproxy proxy-only name=peer1
cache_peer_access p
I have to setup a TLS proxy connection between client and squid. My config is
working with http_port (without TLS) but as soon as I try https_port it does
not work (squid 3.5.23 compiled with --enable-ssl' '--enable-ssl-crtd'
'--with-openssl').
What I am trying to achieve is a proxy for https cont
On 03/09/2019 09:23, Amos Jeffries wrote:
On 3/09/19 4:45 pm, --Ahmad-- wrote:
Hello Team ,
just wondering .
using cache peer to FWD request to upstream squid .
the problem is sometimes the Upstream go to destination over ipv6 .
is there an option can be used to force the peer to use ipv4 d
On 3/09/19 4:45 pm, --Ahmad-- wrote:
> Hello Team ,
>
> just wondering .
>
> using cache peer to FWD request to upstream squid .
>
> the problem is sometimes the Upstream go to destination over ipv6 .
>
> is there an option can be used to force the peer to use ipv4 dns ?
>
Put the IPv4 addres
20 matches
Mail list logo
