By the help of God.
Hi all,
I'm using squid with ssl-bump I want to remove br encoding for request
header Accept-Encoding
currently I'm doing it using the following configuration:
request_header_access Accept-Encoding deny all
request_header_add Accept-Encoding gzip,deflate
Is there a more gentle
Ratio in squid mgr:info report lines up with the
> increased efficiency.
>
> Cheers,
> Amos
>
>
> Original message
> From: Ben Goz
> Date: Mon, 25 Dec 2023, 04:11
>
> Hi,
> This is basically the network topology that I'm using:
> adsl &l
By the help of God.
Hi,
This is basically the network topology that I'm using:
adsl <--> vrf <--> [squid/icap machine] <--> vrf <-->
When traffic goes via squid I see that eth1 (The one closes to adsl users)
is very high this is from sar output:
Average:IFACE rxpck/s txpck/sr
this setup works fine.
> So currently I don't have any idea how to work it out.
>
> If more information about my setup is needed please let me know.
>
> Thanks,
> Ben
>
>
>
> בתאריך יום ו׳, 20 באוק׳ 2023 ב-6:27 מאת Amos Jeffries <
> squ...@treenet.co.nz&g
ing here is that for many other
URLs this setup works fine.
So currently I don't have any idea how to work it out.
If more information about my setup is needed please let me know.
Thanks,
Ben
בתאריך יום ו׳, 20 באוק׳ 2023 ב-6:27 מאת Amos Jeffries <
squ...@treenet.co.nz>:
>
By the help of God.
Hi,
I saw in my access log a traces that shows that spliced URLs tunneling is
very slowly:
18/Oct/2023:15:18:50 +0300 240841 192.168.3.98 TCP_TUNNEL/200 6225 CONNECT
beacons2.gvt2.com:443 - HIER_DIRECT/172.217.0.67 - beacons2.gvt2.com -
splice -
18/Oct/2023:15:18:50 +03006
Spam detection software, running on the system "master.squid-cache.org",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for detail
ב"ה
I managed to get the ssl splice configurations to work but when I'm
splicing for example: play.google.com
I see in cache log the following:
2023/08/29 22:54:53.688 kid1| 33,2| client_side.cc(3214)
fakeAConnectRequest: fake a CONNECT request to force connState to tunnel
for ssl-bump
2023/08/2
ב"ה
I'm using squid version:
nativ@arachimprodsrv3:/usr/local/squid/etc$ /usr/local/squid/sbin/squid -v
Squid Cache: Version 6.1-VCS
Service Name: squid
This binary uses OpenSSL 3.0.2 15 Mar 2022. configure options:
'--with-large-files' '--with-openssl' '--enable-ssl' '--enable-ssl-crtd'
'--enab
By the help of God.
Amos,
This is how I'm splicing the ACL from above.
ssl_bump splice bypass
acl DiscoverSNIHost at_step SslBump1
ssl_bump peek DiscoverSNIHost
בתאריך יום ה׳, 13 ביולי 2023 ב-12:44 מאת Amos Jeffries <
squ...@treenet.co.nz>:
> On 13/07/23 20:29, Ben Goz
By the help of God.
I'm trying to bypass chat.google.com domain from my squid (with sslbump),
But still no success.
I tried build acl using:
acl bypass url_regex -i chat.google.com
and
acl bypass ssl::server_name_regex -i chat.google.com
And still I can see in the logs that chat.google.com i
By the help of God.
My squid machine is configured using tproxy and c-icap content filtering
server.
the http and https traffic redirected with iptables rules to squid ports.
What additional configurations (on squid or iptables rule) should be done
to support QUIC protocol so I can redirect the w
uss...@measurement-factory.com>:
> On 6/15/23 07:31, Ben Goz wrote:
>
> > the tproxy configuration works perfectly using http without ssl,
> > But using ssl I'm getting in browser ssl error "ERR_SSL_PROTOCOL_ERROR"
>
>
> > http_port 0.0.0.0:3130 t
By the help of God
Update the squid.conf:
http_port 0.0.0.0:3128
http_port 0.0.0.0:3129 tproxy
http_port 0.0.0.0:3130 tproxy ssl-bump \
cert=/usr/local/squid/etc/ssl_cert/myCA.pem \
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
# For squid 4.x
sslcrtd_program /usr/local/squid/
By the help of God.
Hi,
I'm using squid with tproxy including https interception configuration.
The squid version is:
$ /usr/local/squid/sbin/squid -v
Squid Cache: Version 7.0.0-VCS
Service Name: squid
This binary uses OpenSSL 3.0.2 15 Mar 2022. configure options:
'--with-openssl' '--enable-ssl
On 11/05/2023 15:58, Alex Rousskov wrote:
On 5/11/23 06:26, Ben Goz wrote:
I have a machine with N (while N is always bigger than 1) different
ip addresses and for each ip address I have a different squid
instance. And I also have N icap servers. What is the best
configuration that each
By the help of God.
I have a machine with N (while N is always bigger than 1) different ip
addresses and for each ip address I have a different squid instance. And I
also have N icap servers. What is the best configuration that each squid
will be attached to a different icap service?
Thanks,
Ben
On 21/01/2023 14:59, Amos Jeffries wrote:
On 20/01/2023 9:16 am, Marcus Kool wrote:
The squid log file contains the IP address of clients and could be a
good field to use for counting users. But a NAT shows 1 IP for all
users behind the NAT...
Marcus
On 19/01/2023 15:48, Ben Goz wrote
By the help of God.
Hello,
I have a certain task to count the number of unique devices connected
(Could be also transparently) to squid proxy server. While the users can be
on different networks and behind NAT.
Is it possible?
What is the best approach of implement it?
Thanks.
Ben
___
needs.
>
> Eliezer
>
>
> Eliezer Croitoru
> NgTech, Tech Support
> Mobile: +972-5-28704261
> Email: mailto:ngtech1...@gmail.com
> Web: https://ngtech.co.il/
> My-Tube: https://tube.ngtech.co.il/
>
> From: squid-users On Behalf
> Of Ben Goz
> Sent:
By the help of God.
I'm using the latest squid version built from github sources and the squid
server configured with ssl-bump. The problem starts when the same URL
serves as regular web page and also for certain web socket communication.
If I bypass this URL it bypasses the whole web site, Is it
By the help of God.
On 14/07/2022 12:10, Amos Jeffries wrote:
On 5/07/22 02:12, Ben Goz wrote:
By the help of God.
Hi,
I want to use squid access list to implement white list of group of
urls.
If I want to while list domain example.com <http://example.com> and
this website invoke
By the help of God.
Hi,
I want to use squid access list to implement white list of group of urls.
If I want to while list domain example.com and this website invokes http
requests to
domain example-a.com which is not included in my white list so squid denied
this request,
which could break to page
8/18/http2-connection-coalescing/
>
> And a similar problem report here:
> https://bugs.chromium.org/p/chromium/issues/detail?id=1176673
>
> Regards,
> Christos
>
>
> On 14/2/22 3:49 μ.μ., Ben Goz wrote:
> > By the help of God.
> >
> > Hi,
&g
By the help of God.
Any insights?
Thanks,
Ben
בתאריך יום ב׳, 14 בפבר׳ 2022 ב-15:49 מאת Ben Goz <ben.go...@gmail.com
>:
> By the help of God.
>
> Hi,
> Ny squid version is 4.15, using it on tproxy configuration.
>
> I'm using ssl bump to intercept https connection, but I want to splice
>
By the help of God.
Hi,
Ny squid version is 4.15, using it on tproxy configuration.
I'm using ssl bump to intercept https connection, but I want to splice
several domains.
I have a problem that when I'm splicing some google domains eg. youtube.com
then
gmail.com domain also spliced.
I know that
n
בתאריך יום ה׳, 2 בספט׳ 2021 ב-16:25 מאת Amos Jeffries
<squ...@treenet.co.nz>:
>
> On 2/09/21 10:43 pm, Ben Goz wrote:
> > By the help of God.
> >
> > I configured squid to be transparent proxy with ssl bump
> > I saw that when the users trying to access
By the help of God.
I configured squid to be transparent proxy with ssl bump
I saw that when the users trying to access next.co.il or pinterest.com
They observed squid errors sometimes it's connection refused sometimes
connection timed out
But when I bypass squid proxy it's working fine.
I saw t
By the help of God.
I Managed to configure squid to work transparently using TPROXY configuration.
But randomly I'm observing on cache.log the following errors:
security_file_certgen helper database '/var/lib/ssl_db' failed: Failed
to open file /var/lib/ssl_db/index.txt
security_file_certgen hel
bles which each can contain different
routing/forwarding table.
If you want to understand a bit more you might be able to try and lookup for
FIB.
( take a peek at: http://linux-ip.net/html/routing-tables.html)
Eliezer
-Original Message-----
From: Ben Goz
Sent: Wednesday, July 7, 2021 3:36
able-ltdl-convenience
10. the output of 'uname -a'
uname -a
Linux xxx 5.4.0-77-generic #86-Ubuntu SMP Thu Jun 17 02:35:03 UTC 2021
x86_64 x86_64 x86_64 GNU/Linux
Once we will have all the above details (reducing/modifying any private
details) we can try to maybe help you.
Eliezer
---
By the help of God.
Someone have an idea what's wrong with my configuration?
On 30/06/2021 15:55, Ben Goz wrote:
On 30/06/2021 15:25, Antony Stone wrote:
On Wednesday 30 June 2021 at 14:16:09, Ben Goz wrote:
I'm trying to configure squid as a transparent proxy using TPROXY.
The m
On 30/06/2021 15:25, Antony Stone wrote:
On Wednesday 30 June 2021 at 14:16:09, Ben Goz wrote:
I'm trying to configure squid as a transparent proxy using TPROXY.
The machine I'm using has 2 NICs, one for input and the other one for
output traffic.
The TPROXY iptables rules are con
By the help of God.
Hi All,
I'm trying to configure squid as a transparent proxy using TPROXY.
The machine I'm using has 2 NICs, one for input and the other one for
output traffic.
The TPROXY iptables rules are configured on the input NIC.
It looks like iptables TPROXY redirect works but squid pr
By the help of God.
I have an eCap module code that should block traffic on certain cases
and passthru traffic on other cases.
What is the most easy and efficient way to test that module's code is
working as expected?
Thanks,
Ben
___
squid-users mailing l
?
Thanks,
Ben
On 15/03/2021 15:27, Amos Jeffries wrote:
On 15/03/21 2:26 am, Ben Goz wrote:
Can I configure squid authentication TTL per only source IP and
ignores other parameters so authentication will be requested only
once in TTL for all the sessions?
Not with just authentication. You
On 12/03/2021 7:13, Amos Jeffries wrote:
On 12/03/21 3:56 am, Ben Goz wrote:
On 11/03/2021 16:44, Amos Jeffries wrote:
On 12/03/21 3:37 am, Ben Goz wrote:
On 11/03/2021 15:50, Antony Stone wrote:
On Thursday 11 March 2021 at 14:41:11, Ben Goz wrote:
Tell about your network setup and what
On 11/03/2021 16:44, Amos Jeffries wrote:
On 12/03/21 3:37 am, Ben Goz wrote:
On 11/03/2021 15:50, Antony Stone wrote:
On Thursday 11 March 2021 at 14:41:11, Ben Goz wrote:
Tell about your network setup and what you are trying to achieve -
we might be
able to suggest solutions.
End
On 11/03/2021 15:50, Antony Stone wrote:
On Thursday 11 March 2021 at 14:41:11, Ben Goz wrote:
I tried to open squid with some special port other than the default 3128
port.
Obscurity is not equivalent to security.
But after a while I saw that my squid was being abused by unknown IP
By the help of God.
Hi,
I tried to open squid with some special port other than the default 3128
port.
But after a while I saw that my squid was being abused by unknown IP
addresses so I decided to password protect my squid so that only authorized
users could use it.
But it's pretty annoying for t
and what squid configuration should I need to
consider in order to fix it?
בתאריך יום ב׳, 26 באוק׳ 2020 ב-18:08 מאת Matus UHLAR - fantomas <
uh...@fantomas.sk>:
> On 26.10.20 17:43, Ben Goz wrote:
> >Thanks for your quick answer, the example with squidclient is not a good
> >exam
B.H
Hi Alex,
Thanks for your quick answer, the example with squidclient is not a good
example.
The real issue is that I get TCP_MISSED_ABORTED/000 and the browsers gets
timed out when connecting to
https://dicountbank.co.il.
How can i further investigate this issue and reconfig squid so it'll work
B.H
Hi,
I saw that this question was asked several times, but I didn't get an
answer that solves the problem.
This is the squidclient prompet I get:
x@x:~$ squidclient -v https://discountbank.co.il
Request:
GET https://discountbank.co.il HTTP/1.0
Host: discountbank.co.il
User-Agent: squidclient/3.
B.H
Sorry I tried this and it doesn't work.
Any other suggestions please?
בתאריך יום ב׳, 25 במאי 2020 ב-13:40 מאת Amos Jeffries <
squ...@treenet.co.nz>:
> On 25/05/20 10:09 pm, Ben Goz wrote:
> > B.H
> >>Tunneling it elsewhere,
> > Where can I tu
suddenly divert packets to other software mid-stream.
בתאריך יום ב׳, 25 במאי 2020 ב-9:56 מאת Amos Jeffries <
squ...@treenet.co.nz>:
> On 21/05/20 3:49 am, Ben Goz wrote:
> > B.H.
> >
> > I'm using squid with c-icap module for specific content filtering.
B.H.
I'm using squid with c-icap module for specific content filtering. I
configured squid with ssl bump so website with WSS won't work on it as
mentioned on squid documentation. So for such URLs (with WSS) I need
bypassing squid. I read in some posts that squid doesn't fully supports
bypassing UR
46 matches
Mail list logo
