We did an upgrade from 5.7 to 5.9 and after the upgrade the whitelists we had
were gone. We had to recreate them and set them up under the access control
section.
Anyone seen this? I have another one in queue for upgrade, and will get more
info once we run the upgrade, but wanted to ask if this
On 2024-07-11 10:23, Alan Long wrote:
We did an upgrade from 5.7 to 5.9 and after the upgrade the whitelists
we had were gone. We had to recreate them and set them up under the
access control section.
Anyone seen this? I have another one in queue for upgrade, and will get
more info once we ru
Our whitelists are separate files. The files were still in the /etc/squid
directory, but the configs were gone.
We actually go old school and use webmin to manage the squid server and it
showed an upgrade.
I am thinking the squid.conf got overwritten, which caused our issue.
Alan Long | Senior N
Hi folks,
We’re looking to leverage squid-cache as an accelerator, but for large content.
For example, a local cache of macOS installers so that the internet line isn’t
swamped when updating Photoshop etc across devices.
Below is an example of the conf I’ve been using (and have been going backw
On 2024-07-11 11:24, Alan Long wrote:
We actually go old school and use webmin to manage the squid server
and it showed an upgrade.
It sounds like this is a webmin issue rather than a Squid issue. I do
not know much about webmin. I hope somebody else here can help you with
webmin integration
On 2024-07-10 16:57, Fiehe, Christoph wrote:
I am just trying to find something that helps to narrow down the
problem. What I want to achieve is, that a client can use HTTP in the
LAN, so that Squid can cache distribution packages without making use
of SSL intercepting when repos are only access
On 11/07/24 06:08, Alex Rousskov wrote:
On 2024-07-10 12:55, Jonathan Lee wrote:
Embedding a password in a cache manager command requires providing a
username with -U
squidclient -w /squid-internal-mgr/info -u admin
squidclient -w /squid-internal-mgr/info@redacted -u admin
squidclient -w
h
Thanks what about the password is it set with@ or -p where would I place that?
Sent from my iPhone
> On Jul 11, 2024, at 10:17, Amos Jeffries wrote:
>
>
>> On 11/07/24 06:08, Alex Rousskov wrote:
>> On 2024-07-10 12:55, Jonathan Lee wrote:
Embedding a password in a cache manager command r
My proxy (the child proxy) already uses the OpenSSL library:
$ squid --version
Squid Cache: Version 6.10
Service Name: squid
This binary uses OpenSSL 3.3.1 4 Jun 2024. configure options: '--build=x86_64'
'--host=x86_64' '--prefix=/usr' '--datadir=/usr/share/squid'
'--sysconfdir=/etc/squid' '--
Shell Output - squidclient -v -U admin -W REDACTED mgr:info
Request:
GET http://localhost:3128/squid-internal-mgr/info HTTP/1.0
Host: localhost:3128
User-Agent: squidclient/6.6
Accept: */*
Authorization: Basic YWRtaW46R09Qc3lzdGVtYWRtaW4xIQ==
Connection: close
.
HTTP/1.1 403 Forbidden
Server: squ
also
Shell Output - squidclient -h 127.0.0.1 -v -U admin -W redacted mgr:info
Request:
GET http://127.0.0.1:3128/squid-internal-mgr/info HTTP/1.0
Host: 127.0.0.1:3128
User-Agent: squidclient/6.6
Accept: */*
Authorization: Basic YWRtaW46R09Qc3lzdGVtYWRtaW4xIQ==
Connection: close
.
HTTP/1.1 403 F
I use http access acl set as followed
acl getmethod method GET
acl to_ipv6 dst ipv6
acl from_ipv6 src ipv6
acl HttpAccess dstdomain "/usr/local/pkg/http.access”
/usr/local/pkg/http.access
contains:
office.com
data.microsoft.com
windowsupdate.com
dc1-st.ksn.kaspersky-labs.com
dc1-file.ksn.kasper
cachemgr_passwd disable offline_toggle reconfigure shutdown
cachemgr_passwd PASSWORDREDCATED all
eui_lookup on
acl no_miss url_regex -i gateway\.facebook\.com\/ws\/realtime\?
acl no_miss url_regex -i web-chat-e2ee\.facebook\.com\/ws\/chat
acl CONNECT method CONNECT
acl wuCONNECT dstdomain www.updat
Could this cause the issue?
acl https_login url_regex -i ^https.*(login|Login).*
cache deny https_login
> On Jul 11, 2024, at 11:12, Jonathan Lee wrote:
>
> cachemgr_passwd disable offline_toggle reconfigure shutdown
> cachemgr_passwd PASSWORDREDCATED all
> eui_lookup on
> acl no_miss url_rege
On 2024-07-11 13:37, Fiehe, Christoph wrote:
My proxy (the child proxy) already uses the OpenSSL library:
Good.
The parent proxy was compiled ... '--with-gnutls'
The GnuTLS exception is thrown at my parent proxy.
Thank you for reminding me of that fact; I did not notice or have
forgott
What is Vary Object loop??
Does that mean clear my cache? Or is that something I am missing has anyone
else seen this?
11.07.2024 11:36:49 clientProcessHit: Vary object loop!
11.07.2024 11:36:49 varyEvaluateMatch: Oops. Not a Vary match on second
attempt,
'https://static.foxnews.com/s
On 12/07/24 05:27, Jonathan Lee wrote:
Thanks what about the password is it set with@ or -p where would I place that?
Neither. It is set with -W .
Amos
Sent from my iPhone
On Jul 11, 2024, at 10:17, Amos Jeffries wrote:
It is very relevant. As Matus already mentioned, both -U and -W.
s
Ok I sent output prior email that shows the right path but says access denied
Sent from my iPhone
> On Jul 11, 2024, at 12:59, Amos Jeffries wrote:
>
> On 12/07/24 05:27, Jonathan Lee wrote:
>> Thanks what about the password is it set with@ or -p where would I place
>> that?
>
> Neither. It
Lets see ...
>>> On Jul 11, 2024, at 11:02, Jonathan Lee wrote:
>>> Shell Output - squidclient -h 127.0.0.1 -v -U admin -W redacted
>>> mgr:info
>>>
>>> Request:
>>> GET http://127.0.0.1:3128/squid-internal-mgr/info HTTP/1.0
>>> Host: 127.0.0.1:3128
>>> User-Agent: squidclient/6.6
>>> A
On 12/07/24 06:43, Jonathan Lee wrote:
What is Vary Object loop??
In HTTP URLs can point at a set or "variants" of a resource.
Squid "Vary Object" is an entry in the cache that is used to represent
these types of resource.
When the URL-only is looked up, the "Vary Object" is found and tells
On 11/07/24 00:49, Alex Rousskov wrote:
On 2024-07-09 18:25, Fiehe, Christoph wrote:
I hope that somebody has an idea, what I am doing wrong.
AFAICT from the debugging log, it is your parent proxy that returns an
ERR_SECURE_CONNECT_FAIL error page in response to a seemingly valid
"HEAD http
Tested same thing..
I noticed it does have the default when I ran squid -k parse see below
I restored lines:
http_access deny !safeports
http_access deny CONNECT !sslports
http_access allow localhost manager
http_access deny manager
cachemgr_passwd disable offline_toggle reconfigure shutdown
cac
On 12/07/24 03:37, Ben Toms wrote:
Hi folks,
We’re looking to leverage squid-cache as an accelerator, but for large
content. For example, a local cache of macOS installers so that the
internet line isn’t swamped when updating Photoshop etc across devices.
Below is an example of the conf I’ve
Oh, I see the problem:
http_port 127.0.0.1:3128 intercept ...
(which also means you lack a firewall rule preventing external
software like squidclient from sending traffic directly to your
intercept port.)
Please **do not** use port 3128 to receive intercepted traffic.
I recommend chan
On 2024-07-11 17:03, Amos Jeffries wrote:
On 11/07/24 00:49, Alex Rousskov wrote:
On 2024-07-09 18:25, Fiehe, Christoph wrote:
I hope that somebody has an idea, what I am doing wrong.
AFAICT from the debugging log, it is your parent proxy that returns an
ERR_SECURE_CONNECT_FAIL error page i
> I recommend changing your main port to this:
>
> http_port 3128 ssl-bump
This is set to this when it processes
http_port 192.168.1.1:3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=20MB cert=/usr/local/etc/squid/serverkey.pem
cafile=/usr/local/share/certs/ca-ro
Here is how it is set
http_port 192.168.1.1:3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=20MB cert=/usr/local/etc/squid/serverkey.pem
cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/
cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+S
Thanks for the reply.
Proxy technology amazes me as I am a computer science student. I feel
generation 2 proxy technology is key to stopping invasive containers within a
cybersecurity perspective. Again to spot them you need to cache them and scan
for fingerprints, thus my fascination with Squi
28 matches
Mail list logo