[squid-users] ?????? ssl-bump peek and select pinned destination failed

Thank you for your detailed answer. As you said, Squid does not support rewrite-url after ssl-bumped. but I don't understand why it is designed this way. If I want to modify the ssl-bumped returned content, not through 302,307 http redirect url? can I use ecap or other methods to achieve it?

Re: [squid-users] ssl-bump peek and select pinned destination failed

On 2023-09-20 04:17, linfengfeiye wrote: Hi, what does "PeerSelector186 found pinned, destination" that appears in the Squid log mean? Please note that Squid debugging logs (cache.log at level 3 and above) are for developer use. This mailing list is not. In triage, I recommend focusing on

[squid-users] ssl-bump peek and select pinned destination failed

Hi, what does "PeerSelector186 found pinned, destination" that appears in the Squid log mean? The log is as follows?? 2023/09/20 15:49:57.086 kid1| 28,3| Checklist.cc(62) markFinished: 0x30798c8 answer ALLOWED for match 2023/09/20 15:49:57.086 kid1| 28,3|

Re: [squid-users] ssl-bump strange behaviour with incomplete config

On 2023-09-13 12:47, sq...@iotti.biz wrote: I'm only peeking as long as possible, and then splice at step3. I got the regular Squid access denied screen (and this is right, since the CONNECT is not allowed) but in access.log I find: 2023-09-13T17:12:52.855+0200 12 192.168.1.179

[squid-users] ssl-bump strange behaviour with incomplete config

Hi all I was trying to configure the ssl-bump feature. I forgot to allow the initial CONNECT (or the fake CONNECT, in case of intercepting proxy). This led me to some strange results which I'd like to point out. I am using CentOS 8 with squid 6.13 recompiled from the Fedora RPM. First case,

Re: [squid-users] ssl-bump connect issues

Hey, thank you for your response. >> The logs show that clients did issue a CONNECT, however the connections are >> stuck (and eventually timeout) and netstat is showing exactly 10 connections >> in SYN_SENT state towards npm registry. I am kinda puzzled, where this >> number comes from. > >

Re: [squid-users] ssl-bump connect issues

On 23/05/22 17:41, Jernej Porenta wrote: The logs show that clients did issue a CONNECT, however the connections are stuck (and eventually timeout) and netstat is showing exactly 10 connections in SYN_SENT state towards npm registry. I am kinda puzzled, where this number comes from. This

[squid-users] ssl-bump connect issues

Hey, I am trying to establish a caching squid proxy - 5.5 openssl - ( to be used with our CI/CD system and cache npm modules (we configure http_proxy in our npm configuration). I've created a configuration with ssl bump-ing and aggressive npm module caching. When a client starts fetching the

Re: [squid-users] SSL BUMP

On 2021-05-10 22:26, Stephane Simon wrote: Hello, I try to configure https with ssl bump. I use redhat 8. i follow https://blog.microlinux.fr/squid-https-centos-7/ when i restart squid, he doesn't cooperate and say: "FATAL: The usr/lib64/squid/security_file_certgen -s /var/lib/squid/ssl_db

[squid-users] SSL BUMP

Hello, I try to configure https  with ssl bump.I use redhat 8. i follow https://blog.microlinux.fr/squid-https-centos-7/when i restart squid, he doesn't cooperate and say: "FATAL: The usr/lib64/squid/security_file_certgen -s /var/lib/squid/ssl_db -M 64MB helpers are crashing too rapidly, need

[squid-users] ssl bump Cannot create /var/lib/squid/ssl_db

Hello, I'm trying to configure Intercept HTTPS CONNECT messages with SSL-Bump in redhat 8 with help of: https://blog.microlinux.fr/squid-https-centos-7/ https://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit#Intercept_HTTPS_CONNECT_messages_with_SSL-Bump

Re: [squid-users] SSL-BUMP 5.0.4 not working as expected

On 1/2/21 3:08 PM, ngtech1...@gmail.com wrote: > I am trying to configure 5.0.4 with sslbump to bump only a set of domains. > * Should I bump all connections with exceptions? > * Should I bump non else then the exceptions? > * Based on server_name regex and/or server_name domains

Re: [squid-users] SSL-BUMP 5.0.4 not working as expected

Comments bellow -Original Message- From: squid-users On Behalf Of Amos Jeffries Sent: Sunday, January 3, 2021 9:12 AM To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] SSL-BUMP 5.0.4 not working as expected On 3/01/21 9:08 am, ngtech1ltd wrote: > I am trying to config

[squid-users] SSL-BUMP 5.0.4 not working as expected

Re: [squid-users] SSL-BUMP 5.0.4 not working as expected On 3/01/21 9:08 am, ngtech1ltd wrote: > I am trying to configure 5.0.4 with sslbump to bump only a set of domains. > > I am unsure about the right way it should be done. > > The basic constrains are POLICY vs a set of rules. &

Re: [squid-users] SSL-BUMP 5.0.4 not working as expected

On 3/01/21 9:08 am, ngtech1ltd wrote: I am trying to configure 5.0.4 with sslbump to bump only a set of domains. I am unsure about the right way it should be done. The basic constrains are POLICY vs a set of rules. * Should I bump all connections with exceptions? * Should I bump non else

[squid-users] SSL-BUMP 5.0.4 not working as expected

I am trying to configure 5.0.4 with sslbump to bump only a set of domains. I am unsure about the right way it should be done. The basic constrains are POLICY vs a set of rules. * Should I bump all connections with exceptions? * Should I bump non else then the exceptions? *

Re: [squid-users] SSL Bump: I have weekly more sites to whitelist due to HTTP Error 403 on opening site content

On 28/08/20 8:12 pm, i...@schroeffu.ch wrote: > > Hi Squid Community, > > the last weeks it felt that more and more websites are going to be > "incompatible" with Squid SSL bump. "feelings" aside, that is exactly the situation. SSL-Bump is literally a security attack on clients traffic. Exactly

[squid-users] SSL Bump: I have weekly more sites to whitelist due to HTTP Error 403 on opening site content

Hi Squid Community, the last weeks it felt that more and more websites are going to be "incompatible" with Squid SSL bump. Some Websites are not displayed at all and a "403 Forbidden" from their proxy is displayed, others are displayed very ugly because some CSS is missing due to HTTP Error

Re: [squid-users] ssl bump and url_rewrite_program (like squidguard)

Hi, Sorry for the noise. In fact, it works. It's just squid couldn't connect to the local cgi page (while it could for squidclamav), and then did its best that was rather strange. I confirm "url_rewrite_access deny CONNECT" works like a charm to avoid redirection during connection

Re: [squid-users] ssl bump and url_rewrite_program (like squidguard)

Hi all, I know it's an old subject but I come back on it as I moved my old proxy server to Debian Buster. I now have a 4.10 version from git. Here are my last tests regarding this subject :  * Using c-icap for virus detection works well. I mean if I download a virus from an HTTPS server

Re: [squid-users] ssl bump intermediate certificate

All of the "CA" entries in that purposes list say "No". So this is not a CA certificate, it is an origin server certificate. It can only be used to receive explicit TLS proxy or HTTPS origin server traffic. Amos Sent from my alcatel U5 ___

Re: [squid-users] ssl bump intermediate certificate

All of the "CA" entries in that purposes list say "No". So this is not a CA certificate, it is an origin server certificate. It can only be used to receive explicit TLS proxy or HTTPS origin server traffic. Amos Sent from my alcatel U5 ___

Re: [squid-users] ssl bump intermediate certificate

Hello, I already tried adding root ca to the pem file int the cert= option. But it had no effect. the squid -k parse seems good point. I got: Ignoring non-issuer CA from /etc/squid/bump-CA/bump-ca.crt If I add the root ca, that one is reported to be added, but still ignoring the bump ca. Why

Re: [squid-users] ssl bump intermediate certificate

On 31/10/19 9:49 am, Marek Greško wrote: > Hello, > > Matus, I also found the document. It should be sending the chain, but > is not. When I specify cafile option it responds I shoud use > tls-cafile. But in either case it is not sending. > > Walter, if squid has such requirement, then it is

Re: [squid-users] ssl bump intermediate certificate

Hello, Matus, I also found the document. It should be sending the chain, but is not. When I specify cafile option it responds I shoud use tls-cafile. But in either case it is not sending. Walter, if squid has such requirement, then it is unfinished. Every other proxy is able to run its CA as an

Re: [squid-users] ssl bump intermediate certificate

On 30.10.2019 05:59, Marek Greško wrote: I am trying to configure ssl bumping on squid 4.8 but my browser is not able to validate the certificate due to intermediate certificate missing. How could I convince squid to send it? On 30.10.19 10:11, Walter H. wrote: the ssl-bum certificate is

Re: [squid-users] ssl bump intermediate certificate

On 30.10.2019 05:59, Marek Greško wrote: Hello, I am trying to configure ssl bumping on squid 4.8 but my browser is not able to validate the certificate due to intermediate certificate missing. How could I convince squid to send it? Thanks Marek the ssl-bum certificate is either a root

[squid-users] ssl bump intermediate certificate

Hello, I am trying to configure ssl bumping on squid 4.8 but my browser is not able to validate the certificate due to intermediate certificate missing. How could I convince squid to send it? Thanks Marek ___ squid-users mailing list

Re: [squid-users] SSL Bump with HTTP Cache Peer Parent

Alex, >The feature has already been rejected from the official v4 inclusion >because the underlying changes are too big/risky for that branch. I see. I understood that the v4 won't be able to support it. Anyway, when will you release v5 officially ? Regards, -- Mikio Kishi On Mon, Jul 15, 2019

Re: [squid-users] SSL Bump with HTTP Cache Peer Parent

On 7/14/19 10:51 AM, mikio.ki...@gmail.com wrote: >>In addition to what Amos has said, you may be interested in the v4 patch >>described at https://bugs.squid-cache.org/show_bug.cgi?id=4968#c1 > Do you have plan to support above officially ? The feature has already been rejected from the

Re: [squid-users] SSL Bump with HTTP Cache Peer Parent

On 7/14/19 3:35 AM, Amos Jeffries wrote: > On 14/07/19 5:33 pm, mikio.kishi wrote: >> Hi all, >> >>  https://www.spinics.net/lists/squid/msg90523.html >> >> As mentioned in the above URL, I would like to use "SSL Bump with HTTP >> Cache Peer Parent" as well. >> However, still seems not be

Re: [squid-users] SSL Bump with HTTP Cache Peer Parent

On 14/07/19 5:33 pm, mikio.kishi wrote: > Hi all, > >  https://www.spinics.net/lists/squid/msg90523.html > > As mentioned in the above URL, I would like to use "SSL Bump with HTTP > Cache Peer Parent" as well. > However, still seems not be supported like the following. > ... > > Do you have

[squid-users] SSL Bump with HTTP Cache Peer Parent

Hi all, https://www.spinics.net/lists/squid/msg90523.html As mentioned in the above URL, I would like to use "SSL Bump with HTTP Cache Peer Parent" as well. However, still seems not be supported like the following. - FwdState.cc (in squid-4.8 which is currect stable version) 825

[squid-users] ssl bump

--- Hi againtax for your reply Amos.My problem is when i disable generate-host-certificates sslcrtd_program I cant redirect HTTPS requests to block err page!!I don't really understand what this configuration do!What does actually this configurations "generate-host-certificates and

Re: [squid-users] ssl bump

On 28/02/19 2:31 am, leomessi983 wrote: > Hi all > Can i use this conf only for blocking purpose?! You could. I suggest you keep the default security Safe_ports and SSL_ports ACL and http_access rules though. They exist to protect your proxy against malicious attacks and Dos situations. Your

[squid-users] ssl-bump

- - - - - Hi all Can i use this conf only for blocking purpose?!Is set dynamic_cert_mem_cache_size=0MB wrong?I have more than 1000 clients and i only want to block http and https pages and show err page for both of those. My configurations is like this:

[squid-users] ssl bump

Hi allCan i use this conf only for blocking purpose?!Is set dynamic_cert_mem_cache_size=0MB wrong?I have more than 1000 clients and i only want to block http and https pages. My configurations is like this:-https_port 3130 tproxy ssl-bump \    

Re: [squid-users] ssl-bump does not redirect to block page

On 2/12/19 11:22 PM, leomessi...@yahoo.com wrote: > Actually i don't understand if it could be done or not!! And I do not know what you mean by "it" here. * Can Squid send a blocking error page to an HTTPS client? Yes. * Will the browser show that error page to the user without any additional

Re: [squid-users] ssl-bump does not redirect to block page

On 14/02/19 1:10 am, leomessi983 wrote: > I use this configuration to solve my problem. > Whit this configuration at first step I use bump action for sites that i > want to block and show ACCESS_DENIED page then splice all other requests!! > My problem in this config is when my clients want to see

Re: [squid-users] ssl-bump does not redirect to block page

6. Re: ssl-bump does not redirect to block page       (leomessi...@yahoo.com) -- Message: 1 Date: Tue, 12 Feb 2019 14:21:34 + (UTC) From: "leomessi...@yahoo.com" To: squid-users@lists.squid-cache.org Subject: [squid-use

Re: [squid-users] ssl-bump does not redirect to block page

>> aka the 'bump' action. > This part is misleading: Modern Squids _automatically_ bump connections > to report [access denied] errors -- no explicit bump action is required > (or even desirable). I do not know whether> * that bumping does not happen > for leo (e.g., due to Squid bugs), or > *

Re: [squid-users] ssl-bump does not redirect to block page

On 2/12/19 7:21 AM, leomessi...@yahoo.com wrote: > Do i have to use CA and Certificate configuration if i want to block > only HTTPS requests with splice action?! IIRC, you currently need a CA certificate if you want to use SslBump, regardless of the SslBump actions in use. In some ways, this is

[squid-users] ssl-bump does not redirect to block page

Hi againDo i have to use CA and Certificate configuration if i want to block only  HTTPS requests with splice action?! https_port 3130 tproxy ssl-bump \   cert=/etc/squid/ssl_cert/myCA.pem \   generate-host-certificates=on dynamic_cert_mem_cache_size=4MB sslcrtd_program

Re: [squid-users] ssl-bump does not redirect to block page

On 2/6/19 12:57 PM, Amos Jeffries wrote: > On 7/02/19 3:52 am, leo messi wrote: >> My squid config is something like this: >> acl blk ssl::server_name .google.com >> http_access deny blk >> http_access allow all >> ssl_bump peek step1 >> ssl_bump splice all >> My problem is when i block some

Re: [squid-users] ssl-bump does not redirect to block page

On 7/02/19 3:52 am, leo messi wrote: > Hi > My squid config is something like this: > acl blk ssl::server_name .google.com > http_access deny blk > http_access allow all > ... > > acl step1 at_step SslBump1 > ssl_bump peek step1 > ssl_bump splice all > > > My problem is when i block some pages

[squid-users] ssl-bump does not redirect to block page

HiMy squid config is something like this:acl blk ssl::server_name .google.com http_access deny blk http_access allow all http_port 0.0.0.0:3128 http_port 0.0.0.0:3129 tproxy https_port 3130 tproxy ssl-bump \   cert=/etc/squid/ssl_cert/myCA.pem \   generate-host-certificates=on

[squid-users] ssl-bump does not redirect to block page

HiMy squid config is something like this:acl blk ssl::server_name .google.com http_access deny blk http_access allow all http_port 0.0.0.0:3128 http_port 0.0.0.0:3129 tproxy https_port 3130 tproxy ssl-bump \   cert=/etc/squid/ssl_cert/myCA.pem \   generate-host-certificates=on

Re: [squid-users] ssl bump, CA certificate renewal, how to?

-users On Behalf Of Bruno de Paula Larini Sent: Tuesday, January 15, 2019 19:33 To: squid-us...@squid-cache.org Subject: Re: [squid-users] ssl bump, CA certificate renewal, how to? Em 15/01/2019 15:01, Dmitry Melekhov escreveu: > > 5 years, really, not very long period of time, if I'll b

Re: [squid-users] ssl bump, CA certificate renewal, how to?

Em 15/01/2019 15:01, Dmitry Melekhov escreveu: 5 years, really, not very long period of time, if I'll be sure to not work here in 5 years then I'll use this ;-) , unfortunately I'm not :-( I don't need to replace certificate every year or so, but I need to have minimal service interruption

Re: [squid-users] ssl bump, CA certificate renewal, how to?

Sorry wrong topic Le 15/01/2019 à 18:08, FredB a écrit : Now squid can get directly the intermediate CA as a browser does, it's a very interesting feature to me Maybe I'm missing something, but I can see the request from squid now (with squid 4) it's a good point, my sslbump config is very

Re: [squid-users] ssl bump, CA certificate renewal, how to?

Now squid can get directly the intermediate CA as a browser does, it's a very interesting feature to me Maybe I'm missing something, but I can see the request from squid now (with squid 4) it's a good point, my sslbump config is very basic, perhaps to basic cl step at_step SslBump1 ssl_bump

Re: [squid-users] ssl bump, CA certificate renewal, how to?

ech.co.il> cid:image001.png@01D2675E.DCF360D0 *From:*squid-users *On Behalf Of *Dmitry Melekhov *Sent:* Tuesday, January 15, 2019 07:02 *To:* squid-us...@squid-cache.org *Subject:* [squid-users] ssl bump, CA certificate renewal, how to? Hello! According  to https://wiki.squid-cache.

Re: [squid-users] ssl bump, CA certificate renewal, how to?

Mobile: +972-5-28704261 Email: <mailto:elie...@ngtech.co.il> elie...@ngtech.co.il From: squid-users On Behalf Of Dmitry Melekhov Sent: Tuesday, January 15, 2019 07:02 To: squid-us...@squid-cache.org Subject: [squid-users] ssl bump, CA certificate renewal, how to? Hello! Accordin

[squid-users] ssl bump, CA certificate renewal, how to?

Hello! According  to https://wiki.squid-cache.org/Features/DynamicSslCert recommended way to create certificate openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -extensions v3_ca -keyout myCA.pem -out myCA.pem we can create certificate for longer time. But sooner or later

Re: [squid-users] SSL Bump with HTTP Cache Peer Parent

On 13/12/18 2:12 pm, Amos Jeffries wrote: [ please keep the traffic on-list. If you want private assistance I do consult for a small fee. ] On 13/12/18 2:51 pm, Sam Handley wrote: On 13/12/18 12:00 pm, Amos Jeffries wrote: Thank you for your reply, it seems adding in an extra step could

Re: [squid-users] SSL Bump with HTTP Cache Peer Parent

[ please keep the traffic on-list. If you want private assistance I do consult for a small fee. ] On 13/12/18 2:51 pm, Sam Handley wrote: > On 13/12/18 12:00 pm, Amos Jeffries wrote: > > Thank you for your reply, it seems adding in an extra step could solve it, > even if not ideal. > Just a

Re: [squid-users] SSL Bump with HTTP Cache Peer Parent

On 13/12/18 12:15 pm, sam.handley wrote: > I am not 100% confident what I am asking is possible but I'd love it to be > confirmed. > > Here is what our setup would look like, I’ve explained a bit below: > > DEVICE ---> PRX3 (HTTPS CACHE) ---> PRX2 ---> PRX1 ---> INTERNET > > Our current

[squid-users] SSL Bump with HTTP Cache Peer Parent

I am not 100% confident what I am asking is possible but I'd love it to be confirmed. Here is what our setup would look like, I’ve explained a bit below: DEVICE ---> PRX3 (HTTPS CACHE) ---> PRX2 ---> PRX1 ---> INTERNET Our current environment is a bit behind the times and inflexible. We have a

Re: [squid-users] SSL Bump for regex URL comparison

On 16.11.17 08:21, Joe Foster wrote: The problem is the connections are not getting through. It just acts like there is no WiFi connection. what exactly is the error? Does squid receive those connections? does squid reject them? -- Matus UHLAR - fantomas, uh...@fantomas.sk ;

Re: [squid-users] SSL Bump for regex URL comparison

Hello Amos, The problem is the connections are not getting through. It just acts like there is no WiFi connection. Adding the cert db every start up isn’t an issue. I was thinking of having a small cert cache locally instead thinking about it since. The connections just aren’t being made. No

Re: [squid-users] SSL Bump for regex URL comparison

On 16/11/17 02:32, Joe Foster wrote: Good afternoon, I have a small router onto which I have installed Squid. I am trying to filter HTTPS urls for bad words on a blocked list. It will require the client on the safe side of the router to install the certificate, this isn't an issue as it's an

[squid-users] SSL Bump for regex URL comparison

Good afternoon, I have a small router onto which I have installed Squid. I am trying to filter HTTPS urls for bad words on a blocked list. It will require the client on the safe side of the router to install the certificate, this isn't an issue as it's an open process and not an illigal MITM

Re: [squid-users] SSL Bump Failures with Google and Wikipedia

On 06/10/17 18:24, Rafael Akchurin wrote: Hello Eliezer, From desktop ff/chrome goto youtube. It will be br encoded. Best regards, Rafael Akchurin Also, from the discussions in the IETF I get the impression that; * the Firefox support is still only in their experimental version(s) maybe

Re: [squid-users] SSL Bump Failures with Google and Wikipedia

Mobile: +972-5-28704261 > Email: elie...@ngtech.co.il > > > -Original Message- > From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On > Behalf Of Yuri > Sent: Sunday, October 1, 2017 04:08 > To: squid-users@lists.squid-cache.org > Subject: Re: [squid-users]

Re: [squid-users] SSL Bump Failures with Google and Wikipedia

: +972-5-28704261 Email: elie...@ngtech.co.il -Original Message- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of Yuri Sent: Sunday, October 1, 2017 04:08 To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] SSL Bump Failures with Google

Re: [squid-users] SSL Bump Failures with Google and Wikipedia [SOLVED]

On 10/4/17, Alex Rousskov wrote: > On 09/30/2017 11:14 PM, Jeffrey Merkey wrote: >>> After reviewing this problem and all of the great technical >>> information folks provided, I have it working and I figured out the >>> best way to deal with this transparently

Re: [squid-users] SSL Bump Failures with Google and Wikipedia [SOLVED]

Opera, AFAIK, now abandoned and can contain obsolete CA bundle (not sure it uses system CA storage). So, it seems this is quite different issue. 02.10.2017 5:46, L A Walsh пишет: > Jeffrey Merkey wrote: >> >> One caveat about this I discovered that there are quite a few websites >> which

Re: [squid-users] SSL Bump Failures with Google and Wikipedia [SOLVED]

ithub.com/andybalholm/redwood/search?utf8=%E2%9C%93=gzip= >>>> >>>> Let me know if you need help finding out the issue. >>>> >>>> All The Bests, >>>> Eliezer >>>> >>>> >>>> Eliezer Croitoru >>&

Re: [squid-users] SSL Bump Failures with Google and Wikipedia [SOLVED]

>> Eliezer Croitoru >>> Linux System Administrator >>> Mobile: +972-5-28704261 >>> Email: elie...@ngtech.co.il >>> >>> >>> >>> -Original Message- >>> From: squid-users [mailto:squid-users-boun...@lists.squid-cache.o

Re: [squid-users] SSL Bump Failures with Google and Wikipedia

t;>> https://github.com/andybalholm/redwood/ >>> https://github.com/andybalholm/redwood/search?utf8=%E2%9C%93=gzip >>> ype= >>> >>> Let me know if you need help finding out the issue. >>> >>> All The Bests, >>> Eliezer >>

Re: [squid-users] SSL Bump Failures with Google and Wikipedia

, October 1, 2017 01:16 To: Jeffrey Merkey <jeffmer...@gmail.com> Cc: Eliezer Croitoru <elie...@ngtech.co.il>; squid-users <squid-users@lists.squid-cache.org> Subject: Re: [squid-users] SSL Bump Failures with Google and Wikipedia Hello Jeff, Do not forget Google and YouTube are now usi

Re: [squid-users] SSL Bump Failures with Google and Wikipedia

>> Eliezer Croitoru >>> Linux System Administrator >>> Mobile: +972-5-28704261 >>> Email: elie...@ngtech.co.il >>> >>> >>> >>> -Original Message- >>> From: squid-users [mailto:squid-users-boun...@lists.squid-cache.o

Re: [squid-users] SSL Bump Failures with Google and Wikipedia

>> >> Eliezer Croitoru >> Linux System Administrator >> Mobile: +972-5-28704261 >> Email: elie...@ngtech.co.il >> >> >> >> -Original Message- >> From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On >>

Re: [squid-users] SSL Bump Failures with Google and Wikipedia

t;> >> Let me know if you need help finding out the issue. >> >> All The Bests, >> Eliezer >> >> >> Eliezer Croitoru >> Linux System Administrator >> Mobile: +972-5-28704261 >> Email: elie...@ngtech.co.il >> >> >> &g

Re: [squid-users] SSL Bump Failures with Google and Wikipedia

8704261 > Email: elie...@ngtech.co.il > > > > -Original Message- > From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On > Behalf Of Jeffrey Merkey > Sent: Saturday, September 30, 2017 23:28 > To: squid-users <squid-users@lists.squid-cache.o

Re: [squid-users] SSL Bump Failures with Google and Wikipedia

quid-users <squid-users@lists.squid-cache.org> Subject: [squid-users] SSL Bump Failures with Google and Wikipedia Hello All, I have been working with the squid server and icap and I have been running into problems with content cached from google and wikipedia. Some sites using https, such as

[squid-users] SSL Bump Failures with Google and Wikipedia

Hello All, I have been working with the squid server and icap and I have been running into problems with content cached from google and wikipedia. Some sites using https, such as Centos.org work perfectly with ssl bumping and I get the decrypted content as html and it's readable. Other sites,

[squid-users] SSL-BUMP blackhole instance configuration

Hey All, I have been working on couple tools which are using my drbl-peer library. - external acl helper - dns blacklist server - and couple others.. I took a dns proxy server named grimd and upgraded it since the developer didn't responded fast enough. This dns proxy has a nice feature that

Re: [squid-users] SSL bump, SSL intercept, explicit, secure proxy, what is it called?

This doesn't seem to have the SSL option like Foxyproxy does.  From: Marcus Kool <marcus.k...@urlfilterdb.com> To: squid-users@lists.squid-cache.org Sent: Thursday, May 25, 2017 8:18 AM Subject: Re: [squid-users] SSL bump, SSL intercept, explicit, secure proxy, what is it

Re: [squid-users] SSL bump, SSL intercept, explicit, secure proxy, what is it called?

If you use foxyproxy for firefox, you can use switchysharp for Chrome. Marcus On 25/05/17 09:00, j m wrote: Thought I'd try getting this to work in Chrome too. NOTHING I try makes it work in Chrome. Isn't running this from the Windows command line supposed to work? chrome

Re: [squid-users] SSL bump, SSL intercept, explicit, secure proxy, what is it called?

Firefox on the same computer working just fine! From: Amos Jeffries <squ...@treenet.co.nz> To: j m <acctforj...@yahoo.com>; "squid-users@lists.squid-cache.org" <squid-users@lists.squid-cache.org> Sent: Wednesday, May 24, 2017 5:15 PM Subject: Re: [squid-us

Re: [squid-users] SSL bump, SSL intercept, explicit, secure proxy, what is it called?

with? From: Amos Jeffries <squ...@treenet.co.nz> To: j m <acctforj...@yahoo.com>; "squid-users@lists.squid-cache.org" <squid-users@lists.squid-cache.org> Sent: Wednesday, May 24, 2017 5:15 PM Subject: Re: [squid-users] SSL bump, SSL intercept, explicit, secure proxy, what i

Re: [squid-users] SSL bump, SSL intercept, explicit, secure proxy, what is it called?

On 25/05/17 09:01, j m wrote: Some more info: I tried this on Firefox 53 and got more feedback, but still doesn't work. Per the recommendation on bugzilla (bug 378637), I put https://myaddress:myport into firefox and it gives me a "Your connection is not secure".

Re: [squid-users] SSL bump, SSL intercept, explicit, secure proxy, what is it called?

On 05/24/2017 01:45 PM, Amos Jeffries wrote: > On 25/05/17 02:17, Alex Rousskov wrote: >> On 05/24/2017 06:56 AM, Amos Jeffries wrote: >>> On 24/05/17 13:44, j m wrote: So firstly, what is the actual name for what I want (encrypting proxy to browser)? >>> Some people seem to be calling

Re: [squid-users] SSL bump, SSL intercept, explicit, secure proxy, what is it called?

ccess deny CONNECT !SSL_portshttp_access allow auth_usershttp_access allow all#http_port 8092https_port 8092 cert=/etc/squid/squid.pemcache deny allaccess_log nonenetdb_filename none From: Amos Jeffries <squ...@treenet.co.nz> To: squid-users@lists.squid-cache.org Sent: Wednesday, M

Re: [squid-users] SSL bump, SSL intercept, explicit, secure proxy, what is it called?

On 25/05/17 02:17, Alex Rousskov wrote: On 05/24/2017 06:56 AM, Amos Jeffries wrote: On 24/05/17 13:44, j m wrote: So firstly, what is the actual name for what I want (encrypting proxy to browser)? Some people seem to be calling it "HTTPS", but that is not correct and thankfully makes it

Re: [squid-users] SSL bump, SSL intercept, explicit, secure proxy, what is it called?

On 05/24/2017 06:56 AM, Amos Jeffries wrote: > On 24/05/17 13:44, j m wrote: >> So firstly, what is the actual name for what I want (encrypting proxy >> to browser)? > Some people seem to be calling it "HTTPS", but that is not correct and > thankfully makes it difficult to find the bad info.

Re: [squid-users] SSL bump, SSL intercept, explicit, secure proxy, what is it called?

<squ...@treenet.co.nz> To: squid-users@lists.squid-cache.org Sent: Wednesday, May 24, 2017 7:57 AM Subject: Re: [squid-users] SSL bump, SSL intercept, explicit, secure proxy, what is it called? On 24/05/17 13:44, j m wrote: > I'd like to set up a proxy on a home server so I can use it remot

Re: [squid-users] SSL bump, SSL intercept, explicit, secure proxy, what is it called?

On 24/05/17 13:44, j m wrote: I'd like to set up a proxy on a home server so I can use it remotely for web browsing; no filtering, nothing fancy, just a pass-through of sorts to get around web filters. That part I've got working. The part I haven't had luck with is encrypting the

[squid-users] SSL bump, SSL intercept, explicit, secure proxy, what is it called?

I'd like to set up a proxy on a home server so I can use it remotely for web browsing; no filtering, nothing fancy, just a pass-through of sorts to get around web filters.  That part I've got working.  The part I haven't had luck with is encrypting the browser-to-proxy connection.  I've found

Re: [squid-users] ssl bump and url_rewrite_program (like squidguard)

Hi Edouard, To block GET https://www.example.com/foo.html and to pass CONNECT www,example.com you need a) squid with ssl-bump in peek+bump mode b) ufdbGuard ufdbGuard can skip the CONNECT and waits for the GET request which can be blocked without browser errors. Since ssl-bump is not easy it

Re: [squid-users] ssl bump and url_rewrite_program (like squidguard)

Hi community, Any news about this? I've tried 3.5.25 but still observe this behaviour. I understand it well since I read: https://serverfault.com/questions/727262/how-to-redirect-https-connect-request-with-squid-explicit-proxy But how to let the CONNECT request succeed and later

Re: [squid-users] ssl bump and chrome 58

@lists.squid-cache.org Subject: Re: [squid-users] ssl bump and chrome 58 Mountain brake, Raf :-) Fixed yesterday, already running on productions (on my side) ;-) 03.05.2017 15:05, Rafael Akchurin пишет: Sorry disregard - should practice my google fu better - see http://bugs.squid-cache.org/show_bug

Re: [squid-users] ssl bump and chrome 58

And on 3.5 too? -Original Message- From: Yuri [mailto:yvoi...@gmail.com] Sent: Wednesday, May 3, 2017 12:30 PM To: Rafael Akchurin <rafael.akchu...@diladele.com>; Flashdown <flashd...@data-core.org> Cc: squid-users@lists.squid-cache.org Subject: Re: [squid-users] ssl bump a

Re: [squid-users] ssl bump and chrome 58

[mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of Rafael Akchurin Sent: Wednesday, May 3, 2017 10:48 AM To: Flashdown <flashd...@data-core.org>; Yuri Voinov <yvoi...@gmail.com> Cc: squid-users@lists.squid-cache.org Subject: Re: [squid-users] ssl bump and chrome 58 [This sende

Re: [squid-users] ssl bump and chrome 58

shd...@data-core.org>; Yuri Voinov <yvoi...@gmail.com> Cc: squid-users@lists.squid-cache.org Subject: Re: [squid-users] ssl bump and chrome 58 [This sender failed our fraud detection checks and may not be who they appear to be. Learn about spoofing at http://aka.ms/LearnAboutSpoofing

Re: [squid-users] ssl bump and chrome 58

e.org] On Behalf Of Flashdown Sent: Thursday, April 27, 2017 6:42 PM To: Yuri Voinov <yvoi...@gmail.com> Cc: squid-users@lists.squid-cache.org Subject: Re: [squid-users] ssl bump and chrome 58 I've tested the registry setting and it worked out. You can copy the below lines in a .r

Re: [squid-users] ssl bump and chrome 58

r-first > all" should work. > > William Lima > > - Original Message - > From: "Flashdown" <flashd...@data-core.org> > To: "Yuri Voinov" <yvoi...@gmail.com> > Cc: squid-users@lists.squid-cache.org > Sent: Thursday, April 27, 2017

Re: [squid-users] ssl bump and chrome 58

t; To: "Yuri Voinov" <yvoi...@gmail.com> Cc: squid-users@lists.squid-cache.org Sent: Thursday, April 27, 2017 1:41:48 PM Subject: Re: [squid-users] ssl bump and chrome 58 I've tested the registry setting and it worked out. You can copy the below lines in a .reg file and execute

Re: [squid-users] ssl bump and chrome 58

I've tested the registry setting and it worked out. You can copy the below lines in a .reg file and execute it. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome] "EnableCommonNameFallbackForLocalAnchors"=dword:0001 Best regards, Flashdown Am

  1   2   3   >