Yes, welcome to the host header forgery mess. I don't know who
benefited from this but a lot of people got bitten by it.
I mentioned this first day
http://bugs.squid-cache.org/show_bug.cgi?id=3325
Anyone doing ANYCAST will be screwed (and a whole lotta people do
that).
p4$ host
Anyone know if it is possible to watch Bambuser live
broadcasts through squid, and if it should work out
of the box or if it needs special configuration?
We can watch finished Bambuser broadcasts, but live
broadcasts won't start.
www.bambuser.com/broadcasts
Their FAQ states:
To watch a
I tried using the path end It works perfectly.
Thank you very much!!
Amos Jeffries squ...@treenet.co.nz 02/12/2011 8.54
On 2/12/2011 4:37 a.m., Roberto Galluzzi wrote:
Hi,
I'm using Squid 3.1 and SquidGuard with success. Now I want to add
SquidClamav 6.
Versions 6.x need Icap and I
Le vendredi 02 décembre 2011 à 15:05 +1300, Amos Jeffries a écrit :
Hooray progress :)
On 2/12/2011 5:49 a.m., David Touzeau wrote:
Here it is the log in debug mode :
--
2011/12/01 17:49:14.106 kid1| HTTP Client local=4.26.235.254:80
remote=192.168.1.228:1074 FD 30
Hi,
I'm testing squid v3 with SSL interception (the interception is to do
AV checking with icap) in routing mode.
Sslbump/dynamic certs are configured. A self-signed cert is used on
the proxy, and installed as a ca on browsers.
https to several sites (such as Gmail.com boi.com) works with FF
I have squid 3.1.4 but using this conf, the rate limiting to 1Mbps does not
seem to work.
What can I change in the conf / delay parameters?
auth_param basic realm Myname proxy server
auth_param basic credentialsttl 2 hours
auth_param basic program /usr/lib/squid/ncsa_auth
Hi,
I use 64-bit machine, HP DL380 G7. I thought that it should be
better to use tmpfs (part of the memory). After reboot it is clean and
empty, squid creates directories again automaticaly.
So you recommend use a few of disk capacity and set caching to memory only ?
Thanks
J.K.
Hi there !
I want to configure a transparent proxy for HTTP and SSL. HTTP works
pretty well but i'm stuck with SSL even if i use the ssl-bump feature.
Right now, it almost works if i use 2 differents ports for the http_port
https_port :
http_port 3129 transparent
https_port 3130 ssl-bump
On 12/02/2011 12:44 AM, Amos Jeffries wrote:
I can't speak for what they know. I only pay attention to the details
directly affecting Squid features on the netfilter lists.
Of course you can't, sorry. I just thought that, out of the thousands of
sites we visit every day, accessing this
Yes it was add to the Windows cert store. (Tools Options Content
Certiifcates Trusted Root Certification Authorities).
Not all all HTTPS websites cause errors either, e..g
https://www.credit-suisse.com is fine.
Sean
On 2 December 2011 15:03, Guy Helmer guy.hel...@palisadesystems.com wrote:
I'm not sure you can use sslbump in transparent mode.
I remember reading something to that effect.
There are also articles like this that might help:
https://dvas0004.wordpress.com/2011/03/22/squid-transparent-ssl-interception/
Sean
On 2 December 2011 13:02, Maret Ludovic
With squid running sslbump in routing mode, and used by a handful of
users, squid is crashing regularly, linked to visiting SSL sites.
Logs
--
2011/11/29 11:39:36| clientNegotiateSSL: Error negotiating SSL connection on FD
45: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
On 2/12/2011 10:51 p.m., David Touzeau wrote:
Le vendredi 02 décembre 2011 à 15:05 +1300, Amos Jeffries a écrit :
Hooray progress :)
On 2/12/2011 5:49 a.m., David Touzeau wrote:
Here it is the log in debug mode :
--
2011/12/01 17:49:14.106 kid1| HTTP Client local=4.26.235.254:80
On 3/12/2011 1:02 a.m., Maret Ludovic wrote:
Hi there !
I want to configure a transparent proxy for HTTP and SSL. HTTP works
pretty well but i'm stuck with SSL even if i use the ssl-bump feature.
Right now, it almost works if i use 2 differents ports for the http_port
https_port :
http_port
On 3/12/2011 4:16 a.m., Sean Boran wrote:
Yes it was add to the Windows cert store. (Tools Options Content
Certiifcates Trusted Root Certification Authorities).
Not all all HTTPS websites cause errors either, e..g
https://www.credit-suisse.com is fine.
Ouch. Their certificate is
On 2/12/2011 11:10 p.m., Josef Karliak wrote:
Hi,
I use 64-bit machine, HP DL380 G7. I thought that it should be
better to use tmpfs (part of the memory). After reboot it is clean and
empty, squid creates directories again automaticaly.
So you recommend use a few of disk capacity and set
Hello,
we are trying to set squid up as an SSL reverse proxy in front of SSL.
The flow is browser - ssl - squid - ssl - application.
When we do this we're not seeing persistent connections being used for
the backend connection. It appears that squid is starting a new SSL
connection for every
On 3/12/2011 4:44 a.m., Sean Boran wrote:
With squid running sslbump in routing mode, and used by a handful of
users, squid is crashing regularly, linked to visiting SSL sites.
Logs
--
2011/11/29 11:39:36| clientNegotiateSSL: Error negotiating SSL connection on FD
45: error:1408F10B:SSL
I have an Exchange 2007 Environment that I am upgrading to Exchange 2010. I
have Squid configured as a reverse proxy, and I placed it in front of my
Exchange 2007 CAS server. Both servers are located in the same Active Directory
site.
Exchange 2010 does not allow OWA proxying to Exchange 2007
Well yes, we are trying to incept...
I dont see where the forgery is, if my proxy CA is trusted and a
cert is generated for that target, signed by that CA, why should the
browser complain?
And why would FF not complain but IE9 does?
Sean
On 2 December 2011 17:29, Amos Jeffries
On 2 December 2011 01:01, Jenny Lee bodycar...@live.com wrote:
p4$ host download.windowsupdate.com
mscom-wui-any.vo.msecnd.net has address 70.37.129.251
mscom-wui-any.vo.msecnd.net has address 70.37.129.244
p12$ host download.windowsupdate.com
a26.ms.akamai.net.0.1.cn.akamaitech.net has
On Fri, 02 Dec 2011 15:15:59 +1300
Amos Jeffries wrote:
On 2/12/2011 5:13 a.m., Matus UHLAR - fantomas wrote:
On 01.12.11 15:05, Josef Karliak wrote:
I wanna use tmpfs for squid cache, is 8GB enough or too big ?
We've about 3000 computers behind squid, for OS is 16GB
sufficient, that's
Hello,
When I try to build the last version as usual, make all it's giving
me this output (my compiler is gcc-4.5.3):
ftp.cc: In member function 'void
FtpStateData::ftpAcceptDataConnection(const CommAcceptCbParams)':
ftp.cc:3124:38: error: redeclaration of 'char ntoapeer [75]'
ftp.cc:3076:31:
Pedro Correia Sardinha wrote:
Hello,
When I try to build the last version as usual, make all it's giving
me this output (my compiler is gcc-4.5.3):
ftp.cc: In member function 'void
FtpStateData::ftpAcceptDataConnection(const CommAcceptCbParams)':
ftp.cc:3124:38: error: redeclaration of 'char
I Compiled 3.1.15 and 3.1.16 so far without any problems, today i try to
compile the last version 3.1.17 and i got errors:
./configure CFLAGS=-DNUMTHREADS=128 --with-filedescriptors=16384
--enable-removal-policies=heap,lru --enable-epoll
--enable-stopreio=ufs,aufs,diskd --enable-async-io=128
On 3/12/2011 12:45 p.m., Jose-Marcio Martins da Cruz wrote:
Pedro Correia Sardinha wrote:
Hello,
When I try to build the last version as usual, make all it's giving
me this output (my compiler is gcc-4.5.3):
ftp.cc: In member function 'void
FtpStateData::ftpAcceptDataConnection(const
On 3/12/2011 6:22 a.m., Sean Boran wrote:
Well yes, we are trying to incept...
I dont see where the forgery is, if my proxy CA is trusted and a
cert is generated for that target, signed by that CA, why should the
browser complain?
The forgery is that you are creating a certificate claiming to
27 matches
Mail list logo
