Re: [squid-users] Unable to open youtube.com

Em 16/10/2018 02:46, Timur Lagutenko escreveu: Hello friends, recently I've updated my freebsd gateway. from 11.1 to 11.2. also I've updated squid form 3.5 to 4.1 i have no transparency, no ssl-bump/splice etc.. simple installation. browser is configured to use proxy. squid configuration is def

Re: [squid-users] Multiple SSL certificates on same IP

Em 19/12/2018 16:29, Patrick Chemla escreveu: - Having more than one IP on the server, create SSL certificates from LetsEncrypt including each a list of some domains and sub-domains - Create a very bing certificate to have squid using it (not the best choice because domains are of different

Re: [squid-users] Multiple SSL certificates on same IP

Em 19/12/2018 20:09, Amos Jeffries escreveu: OpenSSL definitely can use only one certificate per http(s)_port. Either the _last_ loaded if several PEM files are loaded (each call to the OpenSSL API *replaces* the certs loaded), or if one tries to work around that by merging everything into a sing

Re: [squid-users] Sslbump with multiple users and multiple ACLs for each

Em 03/01/2019 12:37, stressedtux escreveu: Hi guys! i need a hand to understand if it is possible to configure the proxy a particular way. Im needing to configure the proxy to allow at the same time: - a whitelist of sites that anyone that uses the proxy could use without login - and in additi

Re: [squid-users] ssl bump, CA certificate renewal, how to?

Em 15/01/2019 15:01, Dmitry Melekhov escreveu: 5 years, really, not very long period of time, if I'll be sure to not work here in 5 years then I'll use this ;-) , unfortunately I'm not :-( I don't need to replace certificate every year or so, but I need to have minimal service interruption f

Re: [squid-users] How to definitively disable IPv6

Em 25/01/2019 08:29, Troiano Alessio escreveu: What can I do? My ISP is IPv4 only. I'm not completely sure but it looks more like a DNS issue than the IP binding on Squid server. But check if your 'ifcfg-ethX' has IPV6INIT=no. Also, is Squid listening on all local IPs? If yes, then try bindin

Re: [squid-users] The issue NTLM_AUTH with --require-membership-of

Em 21/02/2019 06:17, Amos Jeffries escreveu: NP: This helper is provided by Samba, it is not part of Squid. So questions about its abilities and encodings supported are a question for their help channels. Someone here _might_ know, but do not count on that. Maybe this is not the most adequate sol

[squid-users] Skype makes Squid with ssl_bump crash

Hi list. I'm experiencing some crashes on Squid workers and eventually on the parent process while using a mixed authenticated/intercepted ssl_bump + Skype (7.21.0.100). After searching for some clues, I've found this: Changes to squid-3.5.9 (17 Sep 2015): ... - Bug 4309: crash during

Re: [squid-users] Skype makes Squid with ssl_bump crash

Em 09/06/2016 19:36, Amos Jeffries escreveu: On 10/06/2016 7:20 a.m., Bruno de Paula Larini wrote: Hi list. I'm experiencing some crashes on Squid workers and eventually on the parent process while using a mixed authenticated/intercepted ssl_bump + Skype (7.21.0.100). After searching for

Re: [squid-users] Skype makes Squid with ssl_bump crash

itoru Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il -Original Message- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of Bruno de Paula Larini Sent: Saturday, June 11, 2016 12:34 AM To: squid-users@lists.squid-cache.org Su

Re: [squid-users] URL access based on AD group membership

Em 15/06/2016 10:50, nilesh.gav...@tcs.com escreveu: Hi Team; I have setup as below- * Squid Kerberos authentication with windows AD 2012r2. - works fine. * Now need to restrict access based on AD Group membership. Below configuration done but no luck. when try to access with user who is

Re: [squid-users] Configuring squid to work as an HTTPS proxy

Em 20/06/2016 11:02, Jobin George escreveu: Hi, I am trying to setup squid3 as an HTTPS proxy using the tutorial given [here][1]. I have properly setup the proxy settings in my browser and when I try to hit **HTTP** web sites, I am able to connect successfully. However, I keep getting a "Con

Re: [squid-users] Squid in Air Planes WiFi system, how should it be used?

Em 23/06/2016 10:22, Eliezer Croitoru escreveu: Since Internet is starting to flow into the "Flying ships" industry I started to wonder what are the limits? In the air the network connections are very low quality despite to the fact that they can transfer lots of data. So the OS will probably han

Re: [squid-users] Strange NTLM problem.

Em 28/06/2016 03:14, drcimino drcimino escreveu: Dear all, i have a strange problem with my squid 3.5.19 and authentication NTLM. On my configuration i have 2 auth method: NTLM negotiated with ntlm_auth from samba 3 auth_param ntlm program /usr/local/samba/bin/ntlm_auth --helper-protocol=squid-2

[squid-users] Squid Intercept - From inside LAN with DNAT on router and docker on host

Just a basic question: is there an ACL allowing your hosts in squid.conf? Squid will promptly answer with a 403 error otherwise. Em 20/07/2016 16:42, Guilherme Scaglia escreveu: Hi. I've being trying to setup a local squid server on my home LAN to cache HTTP (not HTTPS) pages. I want to avoi

Re: [squid-users] Squid Intercept - From inside LAN with DNAT on router and docker on host

Em 20/07/2016 17:10, Antony Stone escreveu: My router is a Mikrotik router board, so it's trivial to setup a DNAT rule >to redirect all TCP requests to the squid server. That won't work. You*must* perform the DNAT on the machine running Squid, which means that the packets from your clients mus

Re: [squid-users] Squid Intercept - From inside LAN with DNAT on router and docker on host

Em 21/07/2016 08:55, Guilherme Scaglia escreveu: Amos, > There is a different config example for REDIRECT Ty, I'm going to try it using REDIRECT. I was unwilling to follow the DNAT guide because of having to enable ip-forwa

Re: [squid-users] The Squid “Persona”- Squid 3.5.21+4.0.14 Release

Em 28/09/2016 08:39, Eliezer Croitoru escreveu: Take a look at the page source to get the full article: http://www1.ngtech.co.il/wpe/?p=345 Who Is The Squid Girl Persona? [Squid Persona|http://www1.ngtech.co.il/wpe/wp-content/uploads/2016/09/squid_girl__shinryaku__ika_musume__minimalism_by_gre

Re: [squid-users] How to catch a big spender ?

Em 25/03/2019 16:15, Heiler Bemerguy escreveu: Hail, We've seen some high upload bandwidth usage on our router graphs and we'd like to know what was happening at that time... Any tools or tricks to know that? I bet most of you have had this "curiosity" already too lol Search for "sqstat"

Re: [squid-users] Wildcard for url domain

Em 02/02/2021 14:42, robert k Wild escreveu: Hi all, I know the .(dot) is a wild card for url domains ie .onmicrosoft.com But how would I do this .autodiscover.*.onmicrosoft.com Would it be .autodiscover.onmicrosoft.com

[squid-users] Squid also checking for IP on ACL

Spam detection software, running on the system "master.squid-cache.org", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for detail

[squid-users] Squid checking for both dstdomain and IP

Hi list. I have a pretty simple configuration for website filtering (intercepted) and ssl_bump, which follows below. However, for some reason, it seems Squid resolves the website domain address, then uses the IP to compare with the ACLs. As the IP is not included in the ACL, the access to the

Re: [squid-users] Squid checking for both dstdomain and IP

d anything wrong, please correct me. Cheers. Em 28/06/2022 10:52, Alex Rousskov escreveu: On 6/28/22 08:08, Bruno de Paula Larini wrote: I have a pretty simple configuration for website filtering (intercepted) and ssl_bump, which follows below. However, for some reason, it seems Squid resolves the

Re: [squid-users] Squid checking for both dstdomain and IP

(/cgi-bin/|\?) 0 0%  0 refresh_pattern .       0   20% 4320 Em 28/06/2022 17:05, Alex Rousskov escreveu: On 6/28/22 14:32, Bruno de Paula Larini wrote: http_access allow allowed_sites http_access allow SSL_ports The above rules allow abuse of sites matching allowed_si

Re: [squid-users] Squid checking for both dstdomain and IP

uggest using similar configurations. Your explanation really helped me have a better understanding on how it works though. Thanks a lot. Em 29/06/2022 12:57, Alex Rousskov escreveu: On 6/29/22 11:22, Bruno de Paula Larini wrote: The above rules allow abuse of sites matching allowed_sites (

Re: [squid-users] Update from Squid 4 to Squid 5 :

Spam detection software, running on the system "master.squid-cache.org", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for detail