Good day!
I have a problem with squid proxy in intercept ssl_bump mode.
If I want to attach big file (>25MB) to my e-mail message on https://mail.ru
web site, I have error "Can not upload file".
Into access.log I have errors: TCP_MISS_ABORTED/000
My squid configuration, access.log, cache.log in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dmitry,
you need to pass mail.ru attachments servers as dst no bump ACL's to work.
In my configuration I use following workaround:
squid.conf:
# Only ip-based dst acl!
acl dst_nobump dst "/usr/local/squid/etc/dst.nobump"
# SSL bump rules
sslproxy_
Thank you for your help, but your solution doesn't work on my server.
I have same error, but other ip addresses of uploadXXX.mail.ru servers.
Now I use:
acl mail_ru dstdomain .mail.ru
ssl_bump none mail_ru
Good day!
On 13 February 2015 at 21:37, Yuri Voinov wrote:
> -BEGIN PGP SIGNED MESSA
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
You have no bump whole .mail.ru domain, which is contains minimum 40%
and over overall traffic.. Not good solution.
I think, be better to no bump only attachments servers.
14.02.15 1:28, Dima Ermakov пишет:
> Thank you for your help, but your sol
I think, that it's not good solution too, but uploadXXX.files.mail.ru has
about 100 servers.
Now i write small script on python, that creates a file with ip addresses
of uploadXXX.files.mail.ru.
Script and list of ip addresses in attachment.
On 13 February 2015 at 22:32, Yuri Voinov wrote:
> -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I.e, you want to say you cannot upload file above 25 megabytes?
14.02.15 12:55, Dima Ermakov пишет:
> I think, that it's not good solution too, but
> uploadXXX.files.mail.ru has about 100 servers.
>
> Now i write small script on python, that creates
Now i can upload, after adding ip addresses from my previous message to
ssl_bump none acl.
Thank you.
On Feb 14, 2015 1:15 PM, "Yuri Voinov" wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> I.e, you want to say you cannot upload file above 25 megabytes?
>
> 14.02.15 12:55, Dima Ermako
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
No problem. ;)
100 ip's is no problem. If they in one subnet, you can pass only this
sublet with one row in acl. Overall *.mail.ru is much more networks,
so 100 ip's no matter. ;) But bumping remains can give your better hit
rate.
14.02.15 16:20, Di
Yes! No problem;) Thank you!!!
On Feb 14, 2015 1:22 PM, "Yuri Voinov" wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> No problem. ;)
>
> 100 ip's is no problem. If they in one subnet, you can pass only this
> sublet with one row in acl. Overall *.mail.ru is much more networks,
> so 1
But this is just a hack around a problem isn't it? ie why can't squid
successfully intercept 20M+ transfers from this website? I guess it's
working for 1byte-10M transactions, so why not 20M?
Jason
On 14/02/15 23:22, Yuri Voinov wrote:
> No problem. ;)
>
> 100 ip's is no problem. If they in one
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yep. This is dirty hack.:)
But I guess this is site-specific limitations. Besides the fact that
the bump does not work with attachments to many Webmail services and
clouds.
I think, this is because mail.ru uses cloud as backend of mail
attachments. W
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 15/02/2015 9:26 a.m., Jason Haar wrote:
> But this is just a hack around a problem isn't it?
Yes.
> ie why can't squid successfully intercept 20M+ transfers from this
> website?
Well, Squid *is* intercepting them. Its what happens after that is
g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I can to reproduce this with trace at Monday. My users uses that.
15.02.15 3:46, Amos Jeffries пишет:
> On 15/02/2015 9:26 a.m., Jason Haar wrote:
>> But this is just a hack around a problem isn't it?
>
> Yes.
>
>> ie why can't squid successfully i
13 matches
Mail list logo