You're right, Matus. That was the issue.
I replace as you suggested:
acl ads dstdom_regex "/etc/squid/ad_block.txt"
by
acl ads dstdomain "/etc/squid/ad_block.txt"
and now it works.
Thank you very much, Matus !
Have a nice day.
Nicolas.
Le 03/12/2022 à 15:02, Matus UHLA
file :
grep -i "linux" /etc/squid/ad_block.txt
banner.linux.se
Do you know why I got those 403 errors? I gave one example only
(www.linuxhint.com) but a LOT of websites are not accessible anymore as soon as
I add that line in the squid.conf file :
http_access deny
Le 25/03/2019 à 20:15, Heiler Bemerguy a écrit :
> We've seen some high upload bandwidth usage on our router graphs and
> we'd like to know what was happening at that time...
>
> Any tools or tricks to know that? I bet most of you have had this
> "curiosity" already too lol
Here's what I use to
Hi,
I've been running the Squid + SquidGuard combination for quite some time
in our local school. I'm also filtering HTTPS connections using the
Squid SSL Bump functionality.
I'd like to test ufdbguard, since SquidGuard doesn't seem to be
maintained anymore, and it's also quite RAM-consuming.
Le 25/03/2018 à 13:08, Yuri a écrit :
> The problem is not install proxy CA. The problem is identify client
> has no proxy CA and redirect, and do it only one time.
That is exactly the problem. And I have yet to find a solution for that.
Current method is instruct everyone - with a printed paper
Le 16/03/2018 à 13:43, Yuri a écrit :
> I guess better way to do this is create special ACL to catch exactly
> certificate error and then redirect by 302 using deny_info to proxy
> page with explanation and certificate.
This sounds like the way to go.
I just removed the root certificate from
Hi,
I have Squid + SquidGuard + SquidAnalyzer running on my LAN server as a
transparent cache + filtering proxy, and it's working real nicely.
When a client in my company wants to connect to the wifi, all he or she
has to do is this:
1. Connect to http://nestor.microlinux.lan
2. Download the
Le 14/03/2018 à 15:02, Yuri a écrit :
> I can confirm - ufdbguard is up-to-date and very good customizable
> replacement for SquidGuard. Using ufdbguard last three years gives
> perfect results and bring functionality which is absent in
> SquidGuard.
>
> ufdbguard has good support of https
Le 14/03/2018 à 14:46, Marcus Kool a écrit :
> ufdbGuard is the tool that you need.
> It is an old fork of ufdbGuard with many new features, very good
> performance and it has regular maintenance.
> If you have a question, you can ask the support desk at
> www.urlfilterdb.com.
> You will get an
Le 14/03/2018 à 14:06, Amos Jeffries a écrit :
> Then the first thing you and your readers need to be clear on is that
> SquidGuard was end-of-life'd many years ago. It is long overdue for
> removal or replacement. This has impact such as the one you saw on HTTPS
> traffic support which was only
Le 14/03/2018 à 13:39, Nicolas Kovacs a écrit :
> Yes, I do. Because this is part of a step-by-step course about
> SquidGuard, which worked perfectly under Slackware Linux. And my
> filtering rules are becoming increasingly complex.
FYI, this is the course. It's a HOWTO in simple te
Le 14/03/2018 à 13:33, Amos Jeffries a écrit :
> You do not need SG or any fancy redirector helpers at all for that.
Yes, I do. Because this is part of a step-by-step course about
SquidGuard, which worked perfectly under Slackware Linux. And my
filtering rules are becoming increasingly complex.
Hi,
I've been working with Squid + SquidGuard for a few years, though only
on Slackware. I'm currently transferring my proxy expertise to CentOS 7,
and right now I'm having a little problem with that.
Squid works perfectly so far as a transparent HTTP + HTTPS cache proxy.
The next step is to
Hi,
I have a few prospective clients who want/need to log and monitor all
their web traffic and asked me to find a viable solution for this.
After a couple of weeks of fiddling, I decided to opt for the
Squid+SquidAnalyzer setup, which works quite well. I have a sandbox
installation here in my
Le 11/03/2018 à 19:44, Yuri a écrit :
> It's trivial to implement. Here is my config snippet:
>
> # SSL bump rules
> acl DiscoverSNIHost at_step SslBump1
> acl NoSSLIntercept ssl::server_name_regex
> "/usr/local/squid/etc/acl.url.nobump"
> ssl_bump peek DiscoverSNIHost
> ssl_bump splice
Le 11/03/2018 à 16:48, Alex Crow a écrit :
>
> It would be a lot easier to just create exceptions on the squid device
> for sites where bumping doesn't work which cause then to be tunnelled or
> spliced rather then bumped. You can then at least use dstdomain or
> ssl:servername rules. dstdomain
Le 11/03/2018 à 12:31, Amos Jeffries a écrit :
> The whois system can provide info on the IP ranges owned by the
> companies like Google which own their own ranges.
>
>
> The alternative for ssl-bump is the splice action. For that you only
> need to know the server names each company uses.
I'd
Le 11/03/2018 à 12:31, Amos Jeffries a écrit :
> The whois system can provide info on the IP ranges owned by the
> companies like Google which own their own ranges.
>
>
> The alternative for ssl-bump is the splice action. For that you only
> need to know the server names each company uses.
OK,
Le 11/03/2018 à 11:17, Amos Jeffries a écrit :
> The process is not getting anywhere close to caching being relevant. The
> error you mentioned earlier is in the TLS handshake part of the process.
I've experimented some more, and I have a partial success. Here, I'm
redirecting all HTTPS traffic
Le 11/03/2018 à 09:24, Amos Jeffries a écrit :
> What you need to start with is switch your thinking from "domains" to
> considering things in terms of connections and individual servers. Since
> "domain" is a URL concept, and URLs are all hidden inside the encrypted
> part of the traffic there is
Le 11/03/2018 à 10:17, Amos Jeffries a écrit :
> In your config you changed your 3128 to receiving port-80 (origin-form)
> syntax with "intercept". So port 3130 was necessary to takeover
> receiving of the normal proxy traffic.
>
> The TLS wrappers on HTTPS need special handling to decrypt so
Le 11/03/2018 à 09:24, Amos Jeffries a écrit :
> What you need to start with is switch your thinking from "domains" to
> considering things in terms of connections and individual servers. Since
> "domain" is a URL concept, and URLs are all hidden inside the encrypted
> part of the traffic there is
Hi,
I have Squid setup as a transparent HTTP+HTTPS proxy in my local
network, using SSL-Bump.
The configuration works quite nicely, according to
/var/log/squid/cache.log and /var/log/squid/access.log.
This being said, I am having trouble with a handful of domains like
Github, or my OwnCloud
Hi,
I'm new to this list, so let me introduce myself. I'm a 50-year old
Austrian living in Montpezat (South France), and I'm the manager of a
small IT company with a focus on Linux and free software.
I've been using Squid for a few years, but only as a transparent HTTP
proxy. Here's my blog
Well, this is really frustrating!
I'm trying with socks5 and it doesn't work...
the behavior is the same as https proxy, it tries to connect to the peer
through udp, not through the proxy.
i can't believe it!
On 10/25/2016 11:44 AM, Eliezer Croitoru wrote:
I am working on these but it
Amos, thanks for the tips!
any idea about my skype problem?
regards
On 10/25/2016 08:13 AM, Amos Jeffries wrote:
On 25/10/2016 5:19 a.m., Nicolas Valera wrote:
Hi Yuri, thanks for the answer!
we don't have the squid in transparent mode in this network.
the squid configuration is very basic
Hi Eliezer, thanks for the answer!
On 10/24/2016 02:03 PM, Eliezer Croitoru wrote:
Just to understand the scenario:
You have let say 1 client on network 192.168.0.0/24
You have a proxy at 192.168.0.200
The client doesn’t have a gateway in the network IE cannot run dns queries
or pings to the
On 10/24/2016 01:21 PM, Yuri Voinov wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
24.10.2016 22:19, Nicolas Valera пишет:
Hi Yuri, thanks for the answer!
we don't have the squid in transparent mode in this network.
So, you route all traffic to proxy box?
Yes, clients do
Hi Yuri, thanks for the answer!
we don't have the squid in transparent mode in this network.
the squid configuration is very basic. here is the conf:
-
http_port 1280 connection-auth=off
forwarded_for delete
lution for transparent proxy with no client-side
(certs or proxy conf) config working actually with https ?
Regards
Nicolas
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Thanks Amos for the quick reply,
I 'm making lot of mistake around ssl with squid, i 'm following your advice
and try to setup with with last squid 3.5 version using tproxy will let you
know .
Have a good day
Nicolas
-Message d'origine-
De : squid-users [mailto:squid-users-boun
/write
failure: (32) Broken pipe
2014/12/04 15:09:13| TunnelStateData::Connection::error: FD 285: read/write
failure: (32) Broken pipe
Anyone has an idea or at least know what it mean ?
Nicolas
___
squid-users mailing list
squid-users@lists.squid
32 matches
Mail list logo
