when i use
https_access deny blocklist
to block sites using https ..it shows some error
unrecognized https_access deny gm
whats that error
-
Anil Saini
M.E. - Software Systems
B.E. - Electronics and Communication
Project Assistant
CISCO LAB
Information Processing Center Unit
BITS-PILANI
how can we tunnel proxy server and access restricted sites
-
Anil Saini
M.E. - Software Systems
B.E. - Electronics and Communication
Project Assistant
CISCO LAB
Information Processing Center Unit
BITS-PILANI
--
View this message in context:
On Fri, 2008-04-11 at 09:11 +0200, Davide Meloni wrote:
On Thu, Apr 10, 2008 at 9:47 PM, Alex Rousskov
[EMAIL PROTECTED] wrote:
The above ICAP and HTTP headers are from a non-Squid proxy, right? What
confuses me is that earlier you said that Squid was sending:
i observed accessing thru these addresses on port 443
when i open these address nothing opens...i think they are some anonymous
addresses using tunnelling..
1207766913.219 695575 172.16.4.80 TCP_MISS/200 267712 CONNECT
82.94.251.204:443 - DIRECT/82.94.251.204 -
1207768700.577
On Thu, Apr 10, 2008 at 9:47 PM, Alex Rousskov
[EMAIL PROTECTED] wrote:
The above ICAP and HTTP headers are from a non-Squid proxy, right? What
confuses me is that earlier you said that Squid was sending:
X-Authenticated-User: test\r\n
yet I cannot find that header in Squid3
i observed accessing thru these addresses on port 443
when i open these address nothing opens...i think they are some anonymous
addresses using tunnelling..
1207766913.219 695575 172.16.4.80 TCP_MISS/200 267712 CONNECT
82.94.251.204:443 - DIRECT/82.94.251.204 -
1207768700.577
Anil Saini wrote:
when i use
https_access deny blocklist
to block sites using https ..it shows some error
unrecognized https_access deny gm
whats that error
Aha, configuration option not available in your version of squid.
Try:
acl sslStuff port 443
http_access deny sslStuff gm
Amos
Hello guys,
I know that great squid is protected by GPL v2.
In hypothetic situation, if I distribute the squid binary as appliance
server to customer to get earn some profits, will I be supposed to hand in
the source code.
Regards,
SEIJI KOBAYASHI
Jon Drukman wrote:
On Thu, Apr 10, 2008 at 6:36 AM, Amos Jeffries [EMAIL PROTECTED]
wrote:
Here you go:
# Listen on port 80,
http_port 80 accel defaultsite=mysite.com vhost
# actual data source is 1.2.3.4
# (IP or domain MUST NOT resolve to squid IP)
cache_peer 1.2.3.4
Tarak Ranjan wrote:
Hi List;
It's really surprising for me that my proxy has been
bypassed by on of the user using the proxybuilder
proxy. what it's doing is that that particular php
based proxy rewrite the mimetype. and that request
going through my actual proxy server, but as that
script is
On Fri, Apr 11, 2008 at 9:29 AM, Alex Rousskov
[EMAIL PROTECTED] wrote:
You tricked me! :-) I understand what is going on now. It looks like we
just need to find somebody who can finish that patch you found so that
whole LDAP dn can be included in the client username header. I assume
you
On Fri, Apr 11, 2008 at 10:30 AM, S.KOBAYASHI [EMAIL PROTECTED] wrote:
Hello guys,
I know that great squid is protected by GPL v2.
In hypothetic situation, if I distribute the squid binary as appliance
server to customer to get earn some profits, will I be supposed to hand in
the source
On Fri, Apr 11, 2008 at 4:25 PM, Amos Jeffries [EMAIL PROTECTED] wrote:
Jon Drukman wrote:
On Thu, Apr 10, 2008 at 6:36 AM, Amos Jeffries [EMAIL PROTECTED]
wrote:
Here you go:
# Listen on port 80,
http_port 80 accel defaultsite=mysite.com vhost
# actual data source
Anil Saini wrote:
i observed accessing thru these addresses on port 443
when i open these address nothing opens...i think they are some anonymous
addresses using tunnelling..
1207766913.219 695575 172.16.4.80 TCP_MISS/200 267712 CONNECT
82.94.251.204:443 - DIRECT/82.94.251.204 -
Chris Robertson wrote:
B. Cook wrote:
Hello All,
I'm sure this will work if I can get it to.. (until I run into the
next snag).
Here at the school we get free Road Runner cable access (about 2mb
down). What I wanted to do is put an ipcop machine with something
called updatexlrator.
howard chen wrote:
Hi,
On Thu, Apr 10, 2008 at 2:24 AM, Adrian Chadd [EMAIL PROTECTED] wrote:
Not without modifying Squid itself, no.
Then I might need to use my program to handle it...but are there any
method to do this:
1. Cache nothing at the beginning
2. If my PHP tell squid to cache,
On Apr 10, 2008, at 11:51 PM, ekul taylor wrote:
In my squid installation I use an IPtables based firewall to stop all
traffic from the end user subnets from flowing to the internet.
Servers are able to communicate to update things like NTP and DNS but
clients get their NTP and DNS for
Hi!
I tried to configure secondary proxy to use ssl for communications
with parent proxy, but can not succed.
there are cnf lines od secondary server:
cache_peer IP_addr parent PORT 3130 proxy-only ssl \
sslcert=/etc/ssl/host.cert \
sslkey=/etc/ssl/host.key \
sslflags=DONT_VERIFY_PEER
(I
Quoting Amos Jeffries [EMAIL PROTECTED]:
Tarak Ranjan wrote:
Hi List;
It's really surprising for me that my proxy has been
bypassed by on of the user using the proxybuilder
proxy. what it's doing is that that particular php
based proxy rewrite the mimetype. and that request
going through my
First off, thanks all for the help and advice.
It seems it is two problems. The difficulties with Yahoo mail and
wiki.squid-cache.org are two separate things. I've yet to delve into
the Yahoo one fully again but I've studied the wiki.squid-cache.org
packet dumps carefully and this is what's
ons 2008-04-09 klockan 09:21 +0200 skrev Mathieu Kretchner:
- the result of squidclient -r -p 80 http://squidserver/foo; give an
error message : actually the squid server forward the foo url to the
second back end server.
So you've right if I try to access directly to the second backend
ons 2008-04-09 klockan 16:34 +1200 skrev Jason Haar:
Seems to work well - but there's no indication of how long an IP would
end up blacklisted if it occurred.
Well, they would earn back 1k/s when idle, until their pool is full
again.
But you probably should is a somewhat bigger refill
On Fri, Apr 11, 2008, S.KOBAYASHI wrote:
Hello guys,
I know that great squid is protected by GPL v2.
In hypothetic situation, if I distribute the squid binary as appliance
server to customer to get earn some profits, will I be supposed to hand in
the source code.
Yes.
Adrian
--
-
OK, I think I have success now.
A cautionary lesson for those jumping to blame Squid: just because you
can avoid the problem when you cut out Squid, it doesn't mean Squid is
necessarily to blame.
I finally noticed that all the sites which were giving problems had an
IP address starting with '77'
Hi,
We have a farm of squid servers (2.6STABLE18) sitting behind a load
balancer, all with identical configurations but obviously their own
cache disks. We're noticing that some servers are honoring Accept-
Encoding: gzip on particular objects, but not others. The effect is,
some servers
tor 2008-04-10 klockan 17:19 +0800 skrev J. Peng:
from what I know, in squid-2.5 it can't forward a cache miss to its
sibling cache.
It can only forward the request which is cache hit on the sibling.
Siblings share their cache with you. You only request from siblings what
they have cached but
tor 2008-04-10 klockan 15:47 +0200 skrev Davide Meloni:
I've configured LDAP authentication in squid.conf and it works fine.
Now I need to manage the exceptions related to authentication, in
particular I need to stop the infinite request loop of username and
password by basic_auth scheme to
Considering the design like,
User (IP=x.x.x.x) -- Squid -- Apache (PHP)
By looking at the header from the Apache, e.g. HTTP_X_FORWARD
Is it safe that is must be the remote IP (x.x.x.x) of the user, no
cheating is available (e.g. user might set the X-Forward header by
themself)?
Thanks.
Is it neccesary to clean the cache periodicly to improve performance of Squid?
In what moment I need to do this?
thank you
Jorge Escudero
Buenos Aires
Argentina
The web application works correctly without Squid. It returns the
correct page with the port number. It's only when Squid is used to
intercept that the port is dropped.
On Thu, Apr 10, 2008 at 4:32 PM, Chris Robertson [EMAIL PROTECTED] wrote:
Gary Tai wrote:
Sorry for being vague. You are
Is it neccesary to clean the cache periodicly to improve performance of
Squid?
In what moment I need to do this?
thank you
Jorge Escudero
Buenos Aires
Argentina
--- [EMAIL PROTECTED] wrote:
Quoting Amos Jeffries [EMAIL PROTECTED]:
Tarak Ranjan wrote:
Hi List;
It's really surprising for me that my proxy has
been
bypassed by on of the user using the
proxybuilder
proxy. what it's doing is that that particular
php
based proxy rewrite the
More to the point, would a vendor only be obligated to provide the
source code directly (as opposed to providing a link to, say, squid's
main source repository) if the vendor made modifications to said
source code? Or is the vendor obligated to provide the source code
directly regardless,
On Fri, 2008-04-11 at 12:38 +0200, Kinkie wrote:
On Fri, Apr 11, 2008 at 10:30 AM, S.KOBAYASHI [EMAIL PROTECTED] wrote:
Hello guys,
I know that great squid is protected by GPL v2.
In hypothetic situation, if I distribute the squid binary as appliance
server to customer to get earn
Henrik Nordstrom wrote:
ons 2008-04-09 klockan 16:34 +1200 skrev Jason Haar:
Seems to work well - but there's no indication of how long an IP would
end up blacklisted if it occurred.
Well, they would earn back 1k/s when idle, until their pool is full
again.
But you probably should
Amos Jeffries wrote:
Anil Saini wrote:
i observed accessing thru these addresses on port 443
when i open these address nothing opens...i think they are some
anonymous
addresses using tunnelling..
1207766913.219 695575 172.16.4.80 TCP_MISS/200 267712 CONNECT
82.94.251.204:443
Janis wrote:
Hi!
I tried to configure secondary proxy to use ssl for communications
with parent proxy, but can not succed.
there are cnf lines od secondary server:
cache_peer IP_addr parent PORT 3130 proxy-only ssl \
sslcert=/etc/ssl/host.cert \
sslkey=/etc/ssl/host.key \
fre 2008-04-11 klockan 12:43 -0400 skrev Chris Woodfield:
Further poking suggests that this is due to how the object is
delivered when it is first loaded into the cache. For example, when I
purge the object from the server that is not delivering the object
gzip'ed, then request it, the
OK, understood...it appears that the issue is the origin server
sending the same ETag for both plaintext and gzip'ed content. The
origin server is lighttpd 1.4.18. So now I need to determine if this
is due to inherent brokenness in lighttpd or if it's just a
misconfiguration. Anyone have
Dwayne,
If you do not redirect+filter HTTPS you can never block
HTTPS-based proxies. To be able to filter HTTPS the
browsers must be configured to use Squid for HTTP and HTTPS.
Once Squid also proxies the HTTPS traffic, you may use
ufdbGuard.
ufdbGuard is a free redirector which can block
Hi Squid forum,
I have been troubleshooting an issue whereby our HTTPS traffic going =
through the Squid proxy (squid/2.5.STABLE14) finishes each conversation =
with a RST after the FIN.
I was pretty sure the RST was coming from my remote destination but when =
I recently debugged my firewall, I
lör 2008-04-12 klockan 01:58 +0800 skrev howard chen:
Is it safe that is must be the remote IP (x.x.x.x) of the user, no
cheating is available (e.g. user might set the X-Forward header by
themself)?
Squid adds to the already existing header if any, so X-Forwarded-For may
contain a list of
fre 2008-04-11 klockan 16:41 -0300 skrev jorge escudero:
Is it neccesary to clean the cache periodicly to improve performance of
Squid?
No. It's taken care of automatically.
Regards
Henrik
fre 2008-04-11 klockan 15:35 -0400 skrev Gary Tai:
The web application works correctly without Squid. It returns the
correct page with the port number. It's only when Squid is used to
intercept that the port is dropped.
What do your http_port line look like?
Regards
Henrik
fre 2008-04-11 klockan 15:59 -0400 skrev Chris Woodfield:
More to the point, would a vendor only be obligated to provide the
source code directly (as opposed to providing a link to, say, squid's
main source repository) if the vendor made modifications to said
source code? Or is the
http_port wiki1:8880 accel defaultsite=wiki1
On Fri, Apr 11, 2008 at 9:26 PM, Henrik Nordstrom
[EMAIL PROTECTED] wrote:
fre 2008-04-11 klockan 15:35 -0400 skrev Gary Tai:
The web application works correctly without Squid. It returns the
correct page with the port number. It's only when
thanks, that's right.
On Sat, Apr 12, 2008 at 1:41 AM, Henrik Nordstrom
[EMAIL PROTECTED] wrote:
tor 2008-04-10 klockan 17:19 +0800 skrev J. Peng:
from what I know, in squid-2.5 it can't forward a cache miss to its
sibling cache.
It can only forward the request which is cache hit on
This will make Squid assume the user requested
http://wiki1/path
You probably want
defaultsite=wiki1:8880
Also make sure the app server and Squid runs on the same port number
(but different IP addresses). If not there will be mismatches unless the
app server has special support for
48 matches
Mail list logo
