Re: [squid-users] Logs to confirm packets dropped/not forwarded by squid

On Monday 06 Feb 2017 at 17:26, Anonymous cross wrote: > Is there any way to find the connections dropped/not forwarded by Squid? I > could see HTTP GET is forwarded to squid but it's not initiating a > connection with webserver Have you looked in access.log for that connection? Antony. --

Re: [squid-users] Logs to confirm packets dropped/not forwarded by squid

On Monday 06 Feb 2017 at 17:34, Anonymous cross wrote: > I don't find any entry in access.log for that connection. Okay, maybe you should explain a little more about what you mean by "I could see HTTP GET is forwarded to Squid" - does "forwarded" mean you're using intercept mode, and if it

Re: [squid-users] Two dns record fqdn pointing to different squid servers

On Wednesday 01 February 2017 at 20:06:22, erdosain9 wrote: > Hi. > I have running two squid servers. > One with ip access and another with users. Sorry, what do you mean by "IP access"? I assume both Squid servers have IP addresses. Do you mean that only one of them has connectivity to the

Re: [squid-users] Native FTP relay: connection closes (?) after 'cannot assign requested address' error

On Thursday 26 January 2017 at 17:41:21, Alexander wrote: > It seems that I have solved the issue by using nf_conntrack_ftp and > redirecting "NEW,RELATED" traffic to squid: Excellent news. > ftp_port 2121 intercept > > modprobe nf_conntrack_ftp ports=2121 > > iptables -t nat -A PREROUTING -p

Re: [squid-users] squid on it's own server

On Friday 27 January 2017 at 05:17:28, John Pearson wrote: > hi all, my current setup: laptop(10.0.1.10) and squid-box(10.0.1.11) and > debian router(10.0.1.1). > > I am doing wget on laptop > > wget squid-cache.org > > I am redirecting packets on the router to squid-box by changing the >

Re: [squid-users] Not all html objects are being cached

On Friday 27 January 2017 at 12:58:52, Yuri wrote: > Again. What is the difference? I open it from different workstations, > from different browsers - I see the same thing. The code is identical. I > can is to cache? Yes or no? You're entitled to do whatever you want to, following standards and

Re: [squid-users] Not all html objects are being cached

On Friday 27 January 2017 at 13:15:21, Yuri wrote: > 27.01.2017 18:05, Antony Stone пишет: > > > You're entitled to do whatever you want to, following standards and > > recommendations or not - just don't complain when choosing not to follow > > those standards and

Re: [squid-users] Strange behavior - reload service failed, but not start....

On Friday 27 January 2017 at 14:13:55, erdosain9 wrote: > Ok, thanks. > But something more its wrong look up this: > > [root@squid ips]# squid -k restart > squid: ERROR: Could not send signal 21 to process 8083: (3) No such process > > [root@squid ips]# squid -k shutdown > squid: ERROR:

Re: [squid-users] Strange behavior - reload service failed, but not start.... (solved)

On Friday 27 January 2017 at 14:36:01, erdosain9 wrote: > Hi, again. > Now, i do this > > [root@squid ips]# ps aux | grep squid > root 2228 0.0 0.0 130900 344 ?Ss ene24 0:00 > /usr/sbin/squid -sYC ... snip ... > [root@squid ips]# systemctl stop squid > [root@squid ips]#

Re: [squid-users] Proxyfy spice protocol behind nat

On Sunday 19 February 2017 at 19:05:57, Oscar Segarra wrote: > Hi, > > In my environment I have deployed two KVM hypervisors. I'd like to deploy > in my DMZ a squid proxy host in order to hide hypervisor IPs and Ports from > the clients. Why? What's the problem with the clients knowing the

Re: [squid-users] Customize squid to make it understand malformed requests

On Monday 16 January 2017 at 09:03:52, Oğuz İsmail Uysal wrote: > For a private reason, I want to customize squid version 3.5.12 the way I > stated above. For example I have customized it already to make it > understand \r\n /\r\n instead of \r\n\r\n as request's end > now I want it to remove

Re: [squid-users] SSL Bump

On Friday 20 January 2017 at 17:12:04, Mustafa Mohammad wrote: > What are the steps to setup SSL Bump? Don't. Use peek and splice instead. See http://wiki.squid-cache.org/Features/SslBump for info, then http://wiki.squid-cache.org/Features/SslPeekAndSplice for guidance. Antony. -- If at

Re: [squid-users] DENIED and ALLOWED at once?

On Friday 19 August 2016 at 20:41:11, Jok Thuau wrote: > On Fri, Aug 19, 2016 at 9:33 AM, Sergio Belkin wrote: > > /var/log/squid/access.log > > 192.168.50.41 - - [19/Aug/2016:12:19:45 -0300] "CONNECT > > beap-bc.yahoo.com:443 HTTP/1.1" 407 4634 "-" "Mozilla/5.0 (Windows NT > >

Re: [squid-users] Https_port with "official" certificate

On Wednesday 24 August 2016 at 13:09:52, Samuraiii wrote: > Hello, > I am trying to setup squid as SSL protected proxy for few users without > any intention to use ssl-bumping or any other MITM technique. > I just want to have SSL secured connection between browser and proxy. > Proxy will not be

Re: [squid-users] Https_port with "official" certificate

On Wednesday 24 August 2016 at 13:42:16, Samuraiii wrote: > On 24.8.2016 13:18, Antony Stone wrote: > > > > See "Encrypted browser-Squid connection" at the bottom of > > http://wiki.squid-cache.org/Features/HTTPS > > I have seen that, it is the cause of my s

Re: [squid-users] squid and files cache between multiple pc

On Tuesday 06 September 2016 at 14:58:40, Marco Calegari wrote: > hi all > I've a strange problem with squid v3.1.20 That is over four years old. You should upgrade. > Using squid also to cache "big" files (for big I mean >20Mb), happens that > if a pc download a file, first time file has

Re: [squid-users] subnet forward

On Wednesday 07 September 2016 at 15:05:25, Pol Hallen wrote: > I've a small lan: > > dsl<-WAN_NIC0_192.168.5.0/30->lan1_192.168.10.0/24 (NIC1)<-->switch+AP >lan2_192.168.1.0/24 (NIC2)<--->switch+AP > > I've squid server v.3.1.20 on 192.168.1.20 > > from

Re: [squid-users] Transparent Proxy

y routing. Regards, Antony. > -Original Message- > From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On > Behalf Of Antony Stone Sent: 08 September 2016 09:36 > To: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] Transparent Proxy > >

Re: [squid-users] Transparent Proxy

On Thursday 08 September 2016 at 10:12:48, John Sayce wrote: > For testing purposes I've reduced it to the following: > > http_port 3128 intercept > #dns_v4_first on > dns_nameservers 10.8.2.3 194.168.4.100 10.8.2.2 8.8.8.8 > acl wifi src 10.8.14.0/24 > acl all src all > http_access allow all >

Re: [squid-users] TProxy and client_dst_passthru

On Thursday 08 September 2016 at 12:27:42, Omid Kosari wrote: > Hi Fred, > > Same problem here . Do you found any solution or workaround ? Please clarify which message you are reply / referring to. Thanks, Antony. -- Archaeologists have found a previously-unknown dinosaur which seems to

Re: [squid-users] ssl bump certificate question

On Wednesday 07 September 2016 at 22:55:06, Yuri Voinov wrote: > 08.09.2016 2:25, erdosain9 пишет: > > Hi. > > A query. Sslbump is possible without installing the certificate, > > machine by machine ??? > > Bump impossible. Splice - possible. > > > Is there any way that this certificate Squid

Re: [squid-users] ssl bump certificate question

On Thursday 08 September 2016 at 00:06:02, Marcus Kool wrote: > slightly off topic: what is the easiest way to install a cert on a > smartphone? I looked for an app but did not find one. On my Android 4.2.2 device: Settings -> Security -> Trusted credentials: "Display trusted CA certificates"

Re: [squid-users] Transparent Proxy

On Wednesday 07 September 2016 at 10:51:49, John Sayce wrote: > I believe so. The specific command I used was: > > iptables -t nat -A PREROUTING -i ens33 -p tcp --dport 80 -j REDIRECT > --to-port 3128 > > (For some reason my adapter is ens33, I have no idea why it's not eth0. > Squid is set

Re: [squid-users] Problem with Squid3 Caches

On Tuesday 04 October 2016 at 19:43:21, KR wrote: > > On Oct 4, 2016, at 11:45 AM, Antony Stone wrote: > > > > On Tuesday 04 October 2016 at 17:00:24, KR wrote: > >> Hello Anthony, Yuri, > >> > >> It seems every line is commented out in the config

Re: [squid-users] Squid - AD kerberos auth and Linux Server proxy access not working

On Tuesday 04 October 2016 at 12:08:27, Nilesh Gavali wrote: > All; > > we have Squid proxy configured with Windows SSO with Kerberos which work > fine for WIndows AD users. > we have new requirement where one Linux application server need to access > Internet via squid proxy, we allowed Linux

Re: [squid-users] problem in configuring squid

On Tuesday 04 October 2016 at 14:51:13, Mehdi Yeganeh wrote: > Thanks for quick replay, > I need to use my server, i configure my ip address in some software like > antivirus and ... ... and what? I do not understand what antivirus software has to do with our discussion. Please give details,

Re: [squid-users] Squid - AD kerberos auth and Linux Server proxy access not working

On Tuesday 04 October 2016 at 12:28:44, Nilesh Gavali wrote: > Hello Antony; > I have double checked the current working configuration of my squid.conf > and it has same settings which I posted earlier. somehow it is working for > us. I'm not saying the whole thing won't work; I'm saying there

Re: [squid-users] Problem with Squid3 Caches

On Tuesday 04 October 2016 at 17:00:24, KR wrote: > Hello Anthony, Yuri, > > It seems every line is commented out in the config? Impossible - otherwise it couldn't generate the error message "FATAL: Bungled /etc/squid/squid.conf line 3467: cache_dir rock /ssd3 ..." Thta is telling you that

Re: [squid-users] Parameter to define quantity of clients in Proxy Reverse

On Wednesday 21 Sep 2016 at 17:03, Roberto Carna wrote: > Dear, just a brief question: > > I have Squid 3.4.8 on Debian running in reverse proxy mode, and I need > to know if there is any parameter in squid.conf that I have to adjust > in order to define the quantity of clients I will accept.

Re: [squid-users] Question about the url rewrite before proxy out

On Thursday 22 Sep 2016 at 06:04, squid-us...@filter.luko.org wrote: > > i am looking for a proxy which can "bounce" the request, which is not a > > classic proxy. > > > > I want it works in this way. > > > > e.g. a proxy is running a 192.168.1.1 > > and when i want to open

Re: [squid-users] Squid cpu usage 100% from few days ago !!

On Wednesday 17 August 2016 at 11:01:40, Eliezer Croitoru wrote: > Hey Omid, > > Just to understand, are you intercepting traffic? From the original report: "Squid is in tproxy mode with routing" Antony. > -Original Message- > From: squid-users

Re: [squid-users] best way to have randomized outgoing per each new connection

On Monday 22 August 2016 at 20:01:14, --Ahmad-- wrote: > I’m wondering here … what is the best method so that i give randomized tcp > outgoing address per new session. How do you define a "session" (in terms that mean something to Squid)? > say that i have 100 ips on squid . > > i want each

Re: [squid-users] Https_port with "official" certificate

On Wednesday 24 August 2016 at 14:26:48, Yuri Voinov wrote: > 24.08.2016 18:23, Antony Stone пишет: > > On Wednesday 24 August 2016 at 14:18:46, Yuri Voinov wrote: > >> No one CA do not issue signing CA for subject, which is not CA itself. > >> > >> So, op

Re: [squid-users] Https_port with "official" certificate

On Wednesday 24 August 2016 at 14:02:43, Samuraiii wrote: > Squid fails to start for me with: > FATAL: No valid signing SSL certificate configured for HTTPS_port [::]:8443 > > I have found that this is related to missing self signed certificate, > and since I do not want to use self signed

Re: [squid-users] Https_port with "official" certificate

On Wednesday 24 August 2016 at 14:22:18, Samuraiii wrote: > On 24.8.2016 14:18, Yuri Voinov wrote: > > No one CA do not issue signing CA for subject, which is not CA itself. > > > > So, op wants impossible thing. > > I have tried to drop clientca option, to add generate-host-certificates=off >

Re: [squid-users] Https_port with "official" certificate

ne merely needs a valid signED certificate, same as you would put on a web server to set up secure connections to it? OP is not intercepting secure traffic, nor making HTTP sites look to the browser like HTTPS ones. Antony. > 24.08.2016 18:15, Antony Stone пишет: > > On Wednesday 24 Au

Re: [squid-users] Https_port with "official" certificate

On Wednesday 24 August 2016 at 14:35:03, Yuri Voinov wrote: > >> Then I do not understand what he wants op. > > http://wiki.squid-cache.org/Features/HTTPS#Encrypted_browser-Squid_connecti > on > > > Secure connection to squid proxy without need for anything else (on > > client side) than

Re: [squid-users] connections from particular users sometimes get stuck

On Wednesday 28 September 2016 at 17:37:58, Alex Rousskov wrote: > AFAICT, Squid did not receive a request for www.ru: > > $ egrep -c '.ru|217.112.35.75' cache.log.debug > > 0 > > > > $ tshark -V -r squid-stuck-reference-client.pcap | egrep -c > > '.ru|217.112.35.75' 0 Is that a direct

Re: [squid-users] The Squid “Persona”- Squid 3.5.21+4.0.14 Release

On Wednesday 28 September 2016 at 13:39:04, Eliezer Croitoru wrote: > Take a look at the page source to get the full article: > http://www1.ngtech.co.il/wpe/?p=345 If this is to be used as publicity material or a news item associated with the Squid project, I humbly recommend that a native

Re: [squid-users] Kerberos Ne

On Wednesday 28 September 2016 at 16:02:42, erdosain9 wrote: > Hi. > Sorry for my ignorance, but, i have squid authentication with kerberos... > > all is working fine... > > but i have some behavior in cache.log that... i dont know if this is the > expected, or there is some problem > >

Re: [squid-users] problem in configuring squid

On Monday 03 October 2016 at 17:03:13, Shark wrote: > I want to config squid to make "open proxy" for both http & https > I want make anonymous proxy, without decrypting traffic or etc, just change > ip address, like this: > > i find lot of ip port in internet for example: 173.161.0.227 > when i

Re: [squid-users] Problem with Squid3 Caches

On Monday 03 October 2016 at 20:55:07, Jason Alexander wrote: > Greetings - > > I’m trying to install squid on an Ubuntu workstation in a VM. I install > squid but unable to initialize caches. I get the following error: > > FATAL: Bungled /etc/squid/squid.conf line 3467: cache_dir rock /ssd3

Re: [squid-users] Transparent and non Transparent at the same time

On Thursday 27 October 2016 at 20:57:04, Yuri Voinov wrote: > You know method to do this without NAT? ;) I know how to do it without DNAT, which is what Eliezer recommended and you challenged. Antony. -- "The tofu battle I saw last weekend was quite brutal." - Marija Danute Brigita

Re: [squid-users] Transparent and non Transparent at the same time

On Thursday 27 October 2016 at 21:04:18, Yuri Voinov wrote: > (facepalm) > > rdr(REDIRECT) is NAT functionality? Yes or no? Apologies - I could have answered this better: Yes, REDIRECT is one NAT functionality. There are several others. On Thursday 27 October 2016 at 19:46:53, Eliezer

Re: [squid-users] Transparent and non Transparent at the same time

On Thursday 27 October 2016 at 19:51:22, Yuri Voinov wrote: > You absolutely sure, Eliezier? :) Yes - you do not use DNAT. You do use REDIRECT on the machine Squid is running on. Antony. > 27.10.2016 23:46, Eliezer Croitoru пишет: > > You need routing policy not DNAT. > > > > Eliezer > > >

Re: [squid-users] Transparent and non Transparent at the same time

On Thursday 27 October 2016 at 21:04:18, Yuri Voinov wrote: > (facepalm) > > rdr(REDIRECT) is NAT functionality? Yes or no? Yes, DNAT is one NAT functionality. There are several others. On Thursday 27 October 2016 at 19:46:53, Eliezer Croitoru wrote: > You need routing policy not DNAT. DNAT

Re: [squid-users] Transparent and non Transparent at the same time

On Thursday 27 October 2016 at 21:09:44, Yuri Voinov wrote: > OP originally wrote - "I have no IPtables and so on." > He needs specific guidance, not word games. Agreed. Antony. -- There's no such thing as bad weather - only the wrong clothes. - Billy Connolly

Re: [squid-users] Is something wrong with the squid list?

On Saturday 05 November 2016 at 16:07:09, Stanford Prescott wrote: > I've received no messages at all on this mail list for several days. Is the > list still "working"? Yes. http://lists.squid-cache.org/pipermail/squid-users/2016-November/date.html Antony. -- Bill Gates has personally

Re: [squid-users] Squid Problem

On Tuesday 08 November 2016 at 13:47:25, Jose Joaquin Ruiz Silva wrote: > Good morning I am Cuban I have mounted squid 2.7 on debian wheezy Why? Debian Wheezy contains version 3.1.20 and Wheezy-backports contains the version 3.4.8 Installing 2.7 in 2016 (that version is 8 years old and has

Re: [squid-users] Squid Problem - Google

On Monday 07 November 2016 at 10:53:14, Bilal Mohamed wrote: > Hi, > > I am getting following error while accessing google. Rest all websites are > ok. There is no ACL to block google.com Is your machine properly configured for IPv6? Try the following: ping www.google.com

Re: [squid-users] Caching Google Chrome googlechromestandaloneenterprise64.msi

Disclaimer: I am not a Squid developer. On Saturday 22 October 2016 at 14:43:55, gar...@comnet.uz wrote: > IMO: > > The only reason I believe [explains] why core developers of Squid tend to > move HTTP violating settings from average users is to prevent possible > abuse/misuse. I believe the

Re: [squid-users] possible to intercept https traffic in TCP_TUNNEL CONNECT method ?

On Saturday 22 October 2016 at 15:42:23, --Ahmad-- wrote: > Hi guys > say that i have squid proxy sever > and i was running capturing traffic on that server . You mean using ICAP or ECAP service? > say that all users were using ip:port —> ((tcp_connect tunnel))) mode of > squid I'm not sure

Re: [squid-users] Slowness in Squid [squid-users Digest, Vol 26, Issue 82]

On Sunday 23 October 2016 at 14:42:02, Krishna Kulkarni wrote: > Hi Antony, > Thanks for the reply. I have made changes in squid.conf as per your > suggestion and have allocated 20 GB of Hard disk space. Have you made any measurements at all (either before making the disk cache bigger, or

Re: [squid-users] Slowness in Squid

On Sunday 23 October 2016 at 05:36:22, Krishna Kulkarni wrote: > I am new to squid.. I have installed squid 3.5 on CentOS 6.7. As a > configuration part, I have kept most of the things default. Please advice > on how to allocate cache memory of 20 GB to squid. Do you mean cache memory, or disk

Re: [squid-users] squid-users Digest, Vol 26, Issue 82

On Sunday 23 October 2016 at 15:26:54, Yuri Voinov wrote: > You can have slow DNS. Consider to use local caching DNS recursor as > source for proxy & users. Why would that result in requests via Squid being slower than direct? @Krishna: You *have* confirmed that Squid requests are slower than

Re: [squid-users] Issue when connecting to apple APN

On Monday 24 October 2016 at 11:27:17, Alaa Hassan Barqawi wrote: > Dears, > I am facing issue in connecting with apple APN gateway.push.apple.com : > 2195 The name cannot be resolved although I am using google DNS servers > and it throws an error Unable to determine IP address from host name >

Re: [squid-users] Issue when connecting to apple APN

On Monday 24 October 2016 at 11:36:34, Antony Stone wrote: > On Monday 24 October 2016 at 11:27:17, Alaa Hassan Barqawi wrote: > > Dears, > > I am facing issue in connecting with apple APN gateway.push.apple.com : > > 2195 The name cannot be resolved although I am usi

Re: [squid-users] TCP Outgoing Address ACL Problem

On Friday 11 November 2016 at 17:51:04, jarrett+squid-us...@jarrettgraham.com wrote: > I'm trying to use ACLs to direct incoming traffic on assigned ports to > assigned outgoing addresses. But, squid uses the first IP address > assigned to the interface not listed in the config instead. See

Re: [squid-users] remove all squid pages & errors pages footprints

On Sunday 20 Nov 2016 at 11:22, --Ahmad-- wrote: > i want to protect squid from being scanned and flagged as open proxy So, make sure it isn't an open proxy - restrict who has access, either by IP address or by authentication. If you *do* have an open proxy on the Internet, it doesn't matter

Re: [squid-users] Squid Problem

to resolve this problem. Antony. > On Wed, Nov 2, 2016 at 2:02 PM, Antony Stone wrote: > > On Wednesday 02 November 2016 at 11:58:31, Bilal Mohamed wrote: > > > How do I clear it? > > > > Erm, delete stuff you don't need, or given that it's an LVM logical > >

Re: [squid-users] Squid Problem

On Wednesday 02 November 2016 at 11:39:22, Bilal Mohamed wrote: > Please find the disk space status. > /dev/mapper/AG--HO--PRXY-root > 12189696 12189695 1 100% / And there's your problem - your root file system is full. Antony. -- I have an excellent memory. I

Re: [squid-users] Squid Problem

che (see also point 1 above) Antony. > On Wed, Nov 2, 2016 at 2:16 PM, Antony Stone wrote: > > On Wednesday 02 November 2016 at 12:10:46, Bilal Mohamed wrote: > > > This is where the files are pointing to... can i delete the files dm-0 > > > and dm-1 ? > > >

Re: [squid-users] ERROR: Cannot connect to 127.0.0.1:3128

On Tuesday 11 October 2016 at 12:31:03, Jorgeley Junior wrote: > I think it could be the sequence of the rules, do this command and post the > results: > grep . /etc/squid-your-version/squid.conf | > grep -v "#" This can be collapsed down to: grep "^[^#]"

Re: [squid-users] Squid 2.7 to Squid 3.5

On Sunday 16 October 2016 at 15:20:39, Johnny Lam wrote: > Dear All, > > I've encountered a issue during upgrade from 2.7 to 3.5, please find my > config below. Seems everything changed in version 3.5. No config to be found :( Please: - post your squid.conf without comments or blank lines

Re: [squid-users] Looking for additional information about securing squid

On Tuesday 13 December 2016 at 23:44:12, Steve Becker wrote: > Hi all, Hi. > My background's in networking, I'm very new to unix/linux and server > administration, I don't know a whole lot about security beyond ACLs and > setting up crypto for VPNs. > > I'm setting up a box at home with CentOS

Re: [squid-users] unknown source IP in access.log

e squid.conf" on your machine. > Dovecot used its default ports: > 110: pop > 143: imap > 995: pop3s > 993: maps > > Postfix SMTP 587 Okay, so nothing to do with Squid, then. I just wondered whether it might have a web interface. Regards, Antony. > On Dec 1

Re: [squid-users] unknown source IP in access.log

On Wednesday 14 December 2016 at 16:16:17, Sameh Onaissi wrote: > Looking at access.log, to find the Skype IPs, I noticed a LOT of unknown > source IPs. All those IPs seem to be originated from China. In my config > file I deny all but local net IPs 10.0.0.0/24. I suggest you show us your

Re: [squid-users] TCP_DENIED/403 on raspberrypi

On Friday 02 December 2016 at 21:30:57, domshyra wrote: > So I have changed the file to a sample conf file. Here is what it looks > like now http_access allow all Looks to me to be your biggest problem. Standard security practice is "allow what you specifically know you want to allow,

Re: [squid-users] Intercept mode failing

On Tuesday 03 January 2017 at 11:13:33, Hoggins! wrote: > Okay, I get that. > > Le 03/01/2017 à 10:33, Antony Stone a écrit : > > No - you must do the NAT (or REDIRECT) rule *on the Squid server*. > > Well, my Squid server is not on the same network as my clients, so I

Re: [squid-users] Intercept mode failing

On Tuesday 03 January 2017 at 10:17:54, Hoggins! wrote: > Hello list, > > I'm trying to do a simple intercept with Squid. Here is my setup : > > I have a LAN with machines on 192.168.22.0/24. Their gateway is > 192.168.22.10. On this machine, I have set the following iptables rule : > >

Re: [squid-users] keep source ip when user connect over squid using ip:port

On Saturday 07 January 2017 at 19:23:47, --Ahmad-- wrote: > hey mate i total understand Tporxy with CISCO /wccp > > but I’m asking here other way like connecting ip:port and keep squid using > my original ip as source So, where do you expect the reply packets from the remote web server to end

Re: [squid-users] squid http speed/ ms

On Tuesday 10 January 2017 at 10:20:04, --Ahmad-- wrote: > hi folks > i want to ask . > when i do ping imp from my squid server itself to website like aaa.com > lets say i have ping over 10ms but when i configured my > server as squid and visit aaa.com from

Re: [squid-users] squidcliente stopped working!

On Monday 19 December 2016 at 17:44:11, Sameh Onaissi wrote: > Hello, > > I was using squid client to get cache stats, however this morning it > completely stopped working. > http://mydomainname.com/squid/access_denied.jpg; > alt="Acceso Denegado" style="width:704px;height:428px;"> > the html

Re: [squid-users] ACL and outgoing IP

On Tuesday 27 December 2016 at 17:03:52, qdmetro wrote: > I have a squid connected behind a firewall. On the firewall, only the Ip of > the squid (192.168.1.1) is allowed to go on Internet. > > Usually, when a user authenticate itself on the proxy, all the requests use > the outgoing IP of the

Re: [squid-users] Bypassed Proxy

On Thursday 22 December 2016 at 22:50:33, Sameh Onaissi wrote: > The user has hotspot shield installed on his PC, which I believe is a > similar extension to the one you mentioned. > He is getting by squid with some sort of VPN, I thought squid can be > configured against such things? It sounds

Re: [squid-users] squidcliente stopped working!

On Tuesday 20 December 2016 at 16:59:11, Eliezer Croitoru wrote: > The issue is with acls and probably squidguard. > You should add to the configuration something like: > http_access allow localhost manager Er, that line is already in his squid.conf > and also another line that will deny

Re: [squid-users] How to bypass Squid proxy in intercept mode using acl/always_direct

On Monday 26 December 2016 at 20:07:03, mabi wrote: > Hello, > > I am using Squid 3.5.20 in intercept mode for HTTP and HTTPS traffic with > my OpenBSD 6.0 firewall. For some internal servers located on two > different subdomains I would like to access these directly and as such > bypass the

Re: [squid-users] Squid stopped working after cache.log and access.log rotation

On Wednesday 22 March 2017 at 16:17:32, Chee M Gui wrote: > Hi All > > We recently installed Squid 3.5.12-1ubuntu7.3 on Ubuntu 16.04.2 LTS. It > ran fine at first but stopped working after a while. telnet server 3128 > still works, i.e., opens a blank window, but Squid is just not accepting >

Re: [squid-users] Using client certificate for all connection

On Thursday 30 March 2017 at 18:55:09, Juande wrote: > Hi > > I want to configure squid so every request through the proxy get client > certificate authenticated. > > I need some automatic software audit tools to access to a server that uses > client certificates to access to its contents. Are

Re: [squid-users] Squid Transparent/intercept Issues

On Tuesday 21 March 2017 at 12:00:05, christian brendan wrote: > > Today's Topics: > >1. Re: Squid Transparent/intercept Issues (Antony Stone) > >2. Re: SMP and AUFS (Matus UHLAR - fantomas) > >3. Re: SMP and AUFS (Alex Rousskov) > >4. Re: squid w

Re: [squid-users] Squid Transparent/intercept Issues

On Monday 20 March 2017 at 16:26:40, christian brendan wrote: > Hello Everyone, > > Squid Cache: Version 3.5.20 > OS: CentOS 7 > > I have used squid for quite some times non transparently and it works, > problem kicks in when: http_port 3128 transparent is enabled. > Access denied error page

Re: [squid-users] Squid Transparent/intercept Issues

On Wednesday 22 March 2017 at 11:59:14, christian brendan wrote: > One more thing, > Does this implies using two NICs (Network Interface Cards)? No, this is not necessary. > And the squid server has to be in-between clients and the internet? That is the simpler way of doing it (in which case

Re: [squid-users] squid cache analysis

On Thursday 06 April 2017 at 12:27:54, Punyasloka Arya wrote: > squid version:3.3 > OS:centos Which version of CentOS? How was Squid installed? Precisely which version of 3.3 are you using? > The squid cache is not functioning properly You'll have to be more specific than that - what *is*

Re: [squid-users] Multiple http_access logic at the same time

On Monday 17 April 2017 at 08:35:28, Serhat Koroglu wrote: > Hello, > I'm trying to manage squid users to access the proxy if they logged in and > the site url is allowed in my url list. They are running one by one. If > logged in accesses but not check the url and vice versa. So, are you saying

Re: [squid-users] Squid Proxy with simple iptable rule ...

On Monday 17 April 2017 at 14:45:55, Arsalan Hussain wrote: > Dear Sir Amos :) > I had reconfigured Squid 3.5 and it works fine. but i want to protect WAN > interface through IPTABLES > > 1- can you help me chain rule of simple iptable which drop all trafic from > WAN eth0 to secure

Re: [squid-users] HTTPS woes

On Friday 14 April 2017 at 13:52:08, Olly Lennox wrote: > I've tried building it and it seems to have make install -ed correctly but > I'm getting "command not found" when I try to execute squid3. Well, what command are you trying to run (the one which is "not found")? And what do you from

Re: [squid-users] Data usage reported in log files

On Friday 10 March 2017 at 20:14:36, Yosi Greenfield wrote: > Hello all, > > I'm analyzing my squid logs with sarg, and I see that the number of > bytes reported as used by any particular user are often nowhere > near the bytes reported by netflow and tcpdump. Which is larger? > I'm trying to

Re: [squid-users] Data usage reported in log files

ke? My "not more than 1%" was for the additional traffic to/from the Squid server, other than HTTP/S. Antony. > 11.03.2017 3:19, Yuri Voinov пишет: > > 11.03.2017 2:57, Antony Stone пишет: > >> On Friday 10 March 2017 at 21:50:19, Yuri Voinov wrote: > >>>

Re: [squid-users] Data usage reported in log files

On Friday 10 March 2017 at 22:33:44, Yuri Voinov wrote: > We have not seen the network topology and the full configuration of > network devices - what are we arguing about and guessing about? Nobody is arguing, and we are guessing so that we might be helpful to Yosi who asked the question.

Re: [squid-users] Data usage reported in log files

what > >> I'm seeing. > >> > >> Any other ideas? > > > > Is there any traffic that is not directed to Squid? > > > > Do you use ssl-bump in bump mode ? > > If not, Squid has no idea how many bytes go through the (HTTPS) tunnels. > > &

Re: [squid-users] squid-users Digest, Vol 31, Issue 61

On Tuesday 21 March 2017 at 17:29:36, christian brendan wrote: > Thanks a lot for the information. > I will try this and give feedback. > Best Regards Please note both of the following for when you post your feedback: 1. The request inserted into the email you replied to by the mailing list

Re: [squid-users] Different cache_dir based on object types

On Thursday 03 August 2017 at 20:25:59, ♥ NiNJA ♂ wrote: > Hi friends > > I have a server with Dual Xeon cpu , 64GB ram , [2] 256GB SSD and [4] 2TB > HDD Er, congratulations. > Is there anyway to config Squid to store objects in different > cache_dir based on object types ? > > For example

Re: [squid-users] How do i implement an ACL for longer duration?

On Friday 04 August 2017 at 11:44:10, purvar wrote: > Hello everyone , > > I have to implement an ACL from 10:00 AM of tuesday to 11:00 AM of > thursday. So, how do i make acl rule for such long duartion. Please do the > needful. You can't do this as a single ACL. You'll need one for Tuesday,

Re: [squid-users] Chaining icap and ecap services - FATAL: Received Segment Violation...dying.

On Wednesday 12 July 2017 at 10:55:36, bugreporter wrote: > Thank you Yuri, > > The least I can say is that the conversation at > http://bugs.squid-cache.org/show_bug.cgi?id=4597 makes me laugh a lot. My > opinion is that if you modify the source code of an open source program > without

Re: [squid-users] Squid box for two networks

On Monday 17 July 2017 at 21:31:50, Pablo Ruben Maldonado wrote: > Hello, I have a squid box 3.5 working without problems for the lan > 192.168.110.0/24 for several months. Now I want setup to another lan > 192.168.115.0/24 but I cannot. Tcpdump inform me that the packages come to > squid box.

Re: [squid-users] This list generates a forward loop ...

On Tuesday 18 July 2017 at 14:42:21, Walter H. wrote: > Hello, > > On every post I get an error mail back What's the difference between the posts which generate an error, and this one which got through? Are you sending all from the same address, through the same mail server? Antony. --

Re: [squid-users] Squid box for two networks

On Tuesday 18 July 2017 at 12:11:58, Matus UHLAR - fantomas wrote: > On 17.07.17 17:31, Pablo Ruben Maldonado wrote: > >Hello, I have a squid box 3.5 working without problems for the lan > >192.168.110.0/24 for several months. Now I want setup to another lan > >192.168.115.0/24 but I cannot.

Re: [squid-users] Packets logged as blocked even Firewall (IPtables) accepts them ...

On Tuesday 18 July 2017 at 13:29:04, Walter H. wrote: > Hello, > > my Router Box runs a CentOS 6, with the EPEL squid34 RPM package > > this the iptables > Does the output of "iptables -L -nvx" match the ruleset you've quoted here? I'm just wondering whether the rules have got loaded

Re: [squid-users] Squid box for two networks

intercepting proxy - that sort of thing does make a difference... Maybe you could also answer my questions: On Monday 17 July 2017 at 22:57:13, Antony Stone wrote: > How is that new subnet connected to the Squid box? > > Is it connected on a second network card in the Squid machine,

Re: [squid-users] Squid box for two networks

On Thursday 20 July 2017 at 14:08:27, Pablo Ruben Maldonado wrote: > Hi, i add information missing in original post. Thanks for assistance: > > The Squid Box has setup for Intercept Mode. Iptables rules here: > > -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 > -A PREROUTING

<    1   2   3   4   5   6   >