Amos:
Your logic to me is very sound and frankly I had no idea that Squid did not
handle the tunneling aspect of the network stack and furthermore it makes sense
that a router or firewall would be the right appliance to implement such a
protocol as the appliance requiring me to have some
Hi Eliezer,
We are running a couple of Squid proxies (the real servers) in front of a
pair of LVS servers with keepalived and it works flawlessly.
The 2 x Squid proxies are active / active and the LVS servers are active /
passive.
If a Squid proxy dies the remaining proxy takes all the traffic.
Le jeudi 27 août 2020 à 01:43 +, Jonas Steinberg a écrit :
> I mean…if anyone has any ideas of how I can get something to work
> without buying anything expensive I’d certainly be grateful!
Hi
i haven't play with it but man ip-link or
I have posted in the past a URL:
https://onedrive.live.com/?authkey=%21AFs60Exv3C4B%2DNI=6AB28772521B8B88%214385=6AB28772521B8B88
And I am still looking for some sponsorship so it would pay for something.
From time to time you can expect:
http://www.ngtech.co.il/repo/
to be up.
Cern have been
Hey Jonas,
What would you expect from Squid to be able to support GENEVE?
Squid works with any tunnel the OS support:
* GRE
* IPIP/IP6IP
* VXLAN
* Others(
https://developers.redhat.com/blog/2019/05/17/an-introduction-to-linux-virtual-interfaces-tunnels/)
>From
Hey All,
I am reading about LB and tried to find an up-to-date example or tutorial
specific to squid with no luck.
I have seen:
http://kb.linuxvirtualserver.org/wiki/Building_Web_Cache_Cluster_using_LVS
Which makes sense and also is similar or kind of identical to WCCP with gre.
Thanks Alex
From: Alex Rousskov
Sent: Wednesday, August 26, 2020 11:54 PM
To: Mathew Brown ; squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Strange Squid SSL Interception Behavior
On 8/26/20 9:13 AM, Amos Jeffries wrote:
> On 26/08/20 11:03 pm,
Hai,
Just something i noticed..
> auth_param basic program
> /usr/local/libexec/squid/basic_ldap_auth -P -R
> -b dc=lab,dc=local -D cn=squid,cn=users,dc=lab,dc=local -w squid -f
> "(&(objectClass=person)(sAMAccountName=%s))" -v 3 192.168.0.7:389
Change that to:
auth_param basic program
On 8/26/20 9:13 AM, Amos Jeffries wrote:
> On 26/08/20 11:03 pm, Mathew Brown wrote:
>> Thank you Alex + Amos :) You've really helped clarify things. I had a
>> final question regarding this setup. Does this configuration only look
>> at the client side part of the SNI request or also the server
On 26/08/20 11:03 pm, Mathew Brown wrote:
> Thank you Alex + Amos :) You've really helped clarify things. I had a
> final question regarding this setup. Does this configuration only look
> at the client side part of the SNI request or also the server
> certificate. If it only looks at the
Hey Kitamura,
Technically speaking Openstack admin can create a flavor which has 1 vCPU and
16GB RAM however,
it’s recommended to have 1 vCPU per 4 GB of RAM.
Openstack default vCPU ratio is 16 vCPUs per 1 physical Core.
So for a proxy which use SSL-Bump it’s recommended to have more then 1
Hi,
I use squid 4.12 with LDAP (Active Directory).
All works great except sometimes I have the following errors in my
access.log file :
1598438527.315 0 192.168.0.50 NONE/000 0 NONE
error:transaction-end-before-headers - HIER_NONE/- -
How can i correct that ? Any suggestions ?
Below
Thank you Alex + Amos :) You've really helped clarify things. I had a final
question regarding this setup. Does this configuration only look at the client
side part of the SNI request or also the server certificate. If it only looks
at the client-side, how would I tell it to look at the server
First, thank you very much for your help, you re awesome !
I can in fact browse HTTP pages, but not HTTPS.
Can i ask you a bit more help :) ?
I applied some changes :
Regarding the certificate, i read the man page
http://man.openbsd.org/ssl
cd /etc/squid
openssl genrsa -out squid.key 4096
14 matches
Mail list logo