Re: [squid-users] Squid and iptables

2020-02-14 Thread Amos Jeffries
On 11/02/20 4:48 am, L.P.H. van Belle wrote: > Hai, > > I'm having a squid 4.10 on Debian 10 running ( with strongswan VPN ) and ufw > firewall (iptables) > Most is running fine but i still see some error and i somehow miss here what > im doing wrong. > You may not be doing anything. INVA

Re: [squid-users] Squid proxy incoming and outcoming connections?

2020-02-14 Thread Matus UHLAR - fantomas
On 13.02.20 16:18, Patrícia Sousa wrote: Enabling debug_options I can see that the wget from the machine computer to the Squid machine does not goes through the proxy. Any idea why? Because you apparently haven't configured anything to use the proxy. Squid is a proxy, not a firewall, and it do

Re: [squid-users] Squid proxy incoming and outcoming connections?

2020-02-14 Thread Matus UHLAR - fantomas
On 13.02.20 12:29, Felipe Arturo Polanco wrote: You only have one port open for Squid http_port 3128 You need two ports, one for HTTP and another for HTTPS. Also, if you are going to block HTTPS based on the domain name, you need to do sslBump to get the SNI of the destination website and then te

[squid-users] How to match website subdomains and all others root domains

2020-02-14 Thread Ahmad Alzaeem
Hello folks , How can I match all subdomains of google and all roots urls of google such as google.com google.co.uk Google.eu google.us With an all ? ___ squid-users mailing list squid-

Re: [squid-users] Squid proxy incoming and outcoming connections?

2020-02-14 Thread Patrícia Sousa
I only configured the machine that has the squid proxy to use it. If I made a wget from this machine to the another, it denies the request, as desired. Only the reverse is not taken. So, it's not possible to configure the http "incoming" connections to my machine to go through the proxy? Matus UH

Re: [squid-users] How to match website subdomains and all others root domains

2020-02-14 Thread Amos Jeffries
On 14/02/20 10:45 pm, Ahmad Alzaeem wrote: > Hello folks , > How can I match all subdomains of google and all roots urls of google > such as  > > google.com > google.co.uk > Google.eu > google.us > > With an all ? > What do you mean "with an all" ? all means all. Not just Google. To match all

Re: [squid-users] Squid proxy incoming and outcoming connections?

2020-02-14 Thread Amos Jeffries
On 14/02/20 11:05 pm, Patrícia Sousa wrote: > I only configured the machine that has the squid proxy to use it. How did you configure an entire machine to use an HTTP-only proxy? I think you mean something else. Details matter, so what *exactly* did you configure? And no squid.conf does not coun

[squid-users] ssl::server_name matches non-TLS Host: header

2020-02-14 Thread Scott
Hi, I just noticed that ssl::server_name matches against the Host: header of non-TLS connections, which is handy, but it's not documented thusly in http://www.squid-cache.org/Doc/config/acl/ Is that behaviour expected? I'm running 4.9 btw. Thanks, Scott

[squid-users] [Feature request] add IP version to logformat format codes

2020-02-14 Thread Scott
Hi, I know it's derivable by other means, but it would be nice to have a logformat format code that provided the client and server IP version numbers. eg: >v for Client IP version (4 or 6) and http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] [Feature request] add IP version to logformat format codes

2020-02-14 Thread Alex Rousskov
On 2/14/20 10:36 AM, Scott wrote: > I know it's derivable by other means, but it would be nice to have a > logformat format code that provided the client and server IP version numbers. > eg: >v for Client IP version (4 or 6) and a Client source IP address >la Local IP address the cl

Re: [squid-users] Squid proxy incoming and outcoming connections?

2020-02-14 Thread Patrícia Sousa
Update: It works now. There was a wrong iptables rule to redirect incoming traffic to the proxy. Amos Jeffries escreveu no dia sexta, 14/02/2020 à(s) 10:35: > On 14/02/20 11:05 pm, Patrícia Sousa wrote: > > I only configured the machine that has the squid proxy to use it. > > How did you config

Re: [squid-users] Squid proxy incoming and outcoming connections?

2020-02-14 Thread Matus UHLAR - fantomas
On 14.02.20 17:40, Patrícia Sousa wrote: It works now. There was a wrong iptables rule to redirect incoming traffic to the proxy. incoming traffic? Do people from the world connect to your proxy? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to rec

[squid-users] Question regarding TPROXY and sslBump

2020-02-14 Thread Felipe Polanco
Hi, Can squid running in TPROXY mode intercept and decrypt HTTPS payload with sslBump? This is for an in-line Layer 2 proxy application. Thanks, ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-

Re: [squid-users] Question regarding TPROXY and sslBump

2020-02-14 Thread Amos Jeffries
On 15/02/20 10:28 am, Felipe Polanco wrote: > Hi, > > Can squid running in TPROXY mode intercept and decrypt HTTPS payload > with sslBump? > Maybe. It can do so about as well as NAT intercept mode can. Wherther TPROXY works depends on what level of access you have to control the TCP packet rout