Hi Squid Community,
the last weeks it felt that more and more websites are going to be
"incompatible" with Squid SSL bump.
Some Websites are not displayed at all and a "403 Forbidden" from their proxy
is displayed, others are displayed very ugly because some CSS is missing due to
HTTP Error 403
Hi Squid Community,
how can I configure Squid to create SSL Bump Certifications with only 3-12
months date of expiry?
Currently, Squid SSL bumped Certifications are valid 20 years in my case, way
too long, as Apple & Google & Mozilla will trust only <1 Year SSL
certifications in the future.
T
Hi av,
have had the same issue due to authenticate any user before passing the proxy.
Squid couldn't fetch the intermediate certificates.
I added the following in squid.conf before the line "acl Authenticated_Users
proxy_auth REQUIRED":
###
#Allow fetch intermediate certs before required authen
> The configuration is as follows:
>
> ```shell
> # Squid normally listens to port 3128
> always_direct allow all
> ssl_bump bump all
> sslproxy_cert_error allow all
> http_port 3128 ssl-bump cert=/etc/squid/squid.pem key=/etc/squid/squid.pem
> generate-host-certificates=on options=NO_SSLv2
> #htt
Hi Stan,
when you are using NTLM according the latest sentence in
https://wiki.squid-cache.org/ConfigExamples/Authenticate/Ntlm (very bottom):
"Note that when using NTLM authentication, you will see two "TCP_DENIED/407"
entries in access.log for every request. This is due to the challenge-resp
For my understanding, with (NTLM) authentication every request needs to be
authenticated. Therefore you will see TCP_DENIED/407 anytime before TCP_***/200
because the request needs to be authenticated anytime again.
Anybody else correct me if I am wrong ;-)
Schroeffu
4. Dezember 2019 15:09,
thentification == True
tags: nsswitch
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"
Hi Lukas
for my understanding you have to decrypt the SSL connection with SSL bump,
otherwise Squid is unable to read what mime type is going through the ssl
tunneled connection.
lot regards
schroeffu
7. Mai 2019 22:41, "Lukas Yčas" mailto:lukasy...@gmail.com?to=%22Lukas%20Y%C4%8Das%22%20)>
s
Hi Squid Users,
with Squid 4.6 I cannot open these 2 domains when SSL bump is enabled:
https://www.hays.de
https://www.plantronics.com
Both are showing me a different type of error, details below.
I could not find any HPKP site or subdomain there, so I guess Squid has another
problem with this
Hey Squid Users, I have Squid 4.6 running and Chrome cannot display ftp://
links.
Chrome is downloading the directory listing as a file with HTML code inside,
instead of displaying it.
Example URL: ftp://ftp.adobe.com/pub/connect/updaters/meeting/10_1
(ftp://ftp.adobe.com/pub/connect/updaters/m
Hi Alex (& hi Amos)
it depends on the ICAP Service. The one I am trying to use is F-Secure FSICAPD
which is not working as expected.
So i compared with ClamAV C-ICAP: With ClamAV C-ICAP there is defined
"MaxStreamSize 25M" as default, so after 25MB scanned by ICAP I can see with
tcpdump on por
Hi all,
i am trying to solve the problem, that SQUID is caching all the big files (for
example 1GB) before sending them to the client, but the connected ICAP virus
scanner is configured with max_file_size 2MB and scan_timeout 5 seconds. So all
bigger files, or longer scanning times, should resu
Hi all,
I am getting the following error while opening https://www.hawesko.de with
Squid 4.4 and sslbump.
Deactivate bumping makes the error disappear.
Error:
--
The following error was encountered while trying to retrieve the URL:
https://www.hawesko.de
ESI Processing failed.
The ESI
> Hi,
>
> Works “well” on my squid v 4.4 (patched) “ debian 9.
>
> Although the site does not load well, squid does not die:
>
> (…)
>
> TCP_MISS/502 1609 GET
> https://cache.drcleaner.com/extend/home/js/jquery-2.0.0.min.js -
> ORIGINAL_DST/99.84.27.102 text/html
>
> TCP_MISS/403 684 GET
> ht
Hi all,
my Squid 4.4 with SSL bump is crashing while trying to open this website:
https://www.drcleaner.com/de/dr-cleaner/
(https://www.drcleaner.com/de/dr-cleaner/)
So, after trying open this site with SSL bump enabled, no Squid process is
running anymore. Just. Dead.
What can I do for debug
Changing the error_directory to non-english like german or italian, the ssl
bump error messages like "expired certificate" or "self signed certificated"
are not showing anymore. Browser is just displaying an ugly error 503. But,
other error messages like "access denied" are displayed properly, a
> FYI: By placing that "all" ACL (or any other non-authentication ACL) at
> the end of your access line you are currently making Squid *not* fetch
> credentials from users.
>
> If the UA/Browser is so insecurely configured that it broadcasts user
> credentials out to the network without being aske
Hello and thanks for your explanation.
What kind of ACL would then match "all squid internal requests" to allow
without authentification?
> For most modern Squids, this http_access policy is, IMO, incorrect
> because it blocks internally-generated requests, such as requests for
> missing intermed
Hi.
I've configured a firewall in our company with pfSense using Squid as
proxy server. I made it work combined with Diladele to show graphs,
filter logs, configure blocked sites, etc.
What I'm trying to do now is to use an external certificate from a
trusted certificate authority (in this c
19 matches
Mail list logo
