Dear Amos,
i already pasted my squid.conf here
and error logs
so what you supposed for me to do or which above text should i follow ???
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/anyOne-who-has-working-ssl-bump-configuration-for-facebook-tp466345
On 23/11/2013 4:48 p.m., Sachin Gupta wrote:
> and squidclient as 3.1.20
>
> http://packages.debian.org/wheezy/squidclient
>
> Regards
>
> On Sat, Nov 23, 2013 at 9:16 AM, Sachin Gupta wrote:
>> Hi All,
>>
>> Which version of squid is stable and available for Debian Wheezy?
>>
>> Will 3.3.10 wo
Eliezer
I just now tried a connection with the cache_peer set to port 80
without SSL , i left the frontend ssl
same result.. tiny file makes it through , larger files do not.
Madhav
this is what seems to be wrong..
2013/11/22 23:21:02.291 kid1| http.cc(1080) persistentConnStatus:
local=192
and squidclient as 3.1.20
http://packages.debian.org/wheezy/squidclient
Regards
On Sat, Nov 23, 2013 at 9:16 AM, Sachin Gupta wrote:
> Hi All,
>
> Which version of squid is stable and available for Debian Wheezy?
>
> Will 3.3.10 work on wheezy. Debian.org shows 2.7.
>
> Regards
Hi All,
Which version of squid is stable and available for Debian Wheezy?
Will 3.3.10 work on wheezy. Debian.org shows 2.7.
Regards
Sorry for the typo:
It's 25M for both values.
Eliezer
On 23/11/13 01:51, Eliezer Croitoru wrote:
Hey,
I would try to test it per case to understand the issue.
lets take a simple apache server using a POST form to upload a file:
upload_max_filesize = 10M
post_max_size = 10M
Set the above in ph
On 23/11/2013 12:16 p.m., iishiii wrote:
> I think there is some issue with my openssl setting...
>
> i hv reinstalled centos and rebuild squid ...bit now again problem exist
> kindly check the logs and please suggest what to do
>
> 2013/11/23 04:09:06| Set Current Directory to /cache
> *(ssl_c
Thanks Amos.
That causes a big problem for me if basic authentication cannot be
shared across domains. Is there anyway I can configure squid so that
authentication challenge is sent for one or the other but not both.
For e.g if user is authenticated (basic) on siteA then don't ask for
authenticati
Hey,
I would try to test it per case to understand the issue.
lets take a simple apache server using a POST form to upload a file:
upload_max_filesize = 10M
post_max_size = 10M
Set the above in php.ini.
Build a php form that will make it possible to upload a file.
Now for couple cases which are
I think there is some issue with my openssl setting...
i hv reinstalled centos and rebuild squid ...bit now again problem exist
kindly check the logs and please suggest what to do
2013/11/23 04:09:06| Set Current Directory to /cache
*(ssl_crtd): Uninitialized SSL certificate database directory:
Hey There,
I was wondering about this setup you do have there.
I do not know of any bugs that would not allow you to set explicitly
"Cache-control" in IIS 7+.
Since I am not working at MS I am not sure I can even try to resolve the
issue but I have seen this issue in the past while there is a
Thx but that did not change anything. I first tried changing all single
quotes to double quotes and had same effect. Then based on your comment
about white space I removed all quotes and relied on white space and still
no change.
I have tried every solution I can find on the Internet w/o any luck.
This is the snippet of what we use to SSL bump browser CONNECT requests which
have proxy settings explicitly set to use Squid (only selected sites are
bumped).
http_port 3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/etc/opt/quintolabs/qlproxy/myca.pem
sslcrt
The config looks good, as long as you configure your browsers to use port 3127
for HTTPS. You don't need the example broken_sites acl, but it is also
harmless.
Please open the Firefox settings and go to Advanced - Certificates - View
certificates. A new window will appear. Click the Authorities
On 23/11/2013 3:59 a.m., davidheijkamp wrote:
> Hi,
>
> We're currently designing our web hosting architecture and have some
> difficulty figuring out the best way to use Squid as reverse proxy.
> As was explained on this list, in the case of single reverse proxy with two
> cache_peer entries w
Hi,
We're currently designing our web hosting architecture and have some
difficulty figuring out the best way to use Squid as reverse proxy.
Our first design looked like this:
INTERNET
|
+--+
|Load Balancer |
+--+
| |
I am using SSL bumping as below:
http_port 10.10.17.23:3127 intercept
http_port 10.10.17.23:3128
http_port 10.10.17.23:3129 generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/mycert.pem intercept ssl-bump
ssl_bump server-first
sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s
yes that is true,
so with https sites using CONNECT this will not work,
but with an sslbump implementation in squid , which http headers can
you manipulate and then forward?
-Original Message-
From: Will Roberts
To: squid-users@squid-cache.org
Subject: Re: [squid-users] HTTP_X_FO
Unless you do SSL bumping, Squid will not touch the contents of HTTPS
connections.
--Will
On 11/22/2013 09:12 AM, Madhav V Diwan wrote:
Add this directive to your squid.conf file
forwarded_for on
The documentation for the directive is here:
http://www.squid-cache.org/Doc/config/forwarded_f
Add this directive to your squid.conf file
forwarded_for on
The documentation for the directive is here:
http://www.squid-cache.org/Doc/config/forwarded_for/
-Original Message-
From: Nil Nik
To: squid-users@squid-cache.org
Subject: [squid-users] HTTP_X_FORWARDED_FOR for https reque
I have setup squid (3.3.9) and Apache(https enabled) on same system.
when I access https site on Apache through squid proxy then
HTTP_X_FORWARDED_FOR is not found.
I want to get client IP on Apache. Please help me.
Thanks all for giving time at my post
Here is my squid conf.
acl snmppublic snmp_community public
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl zainnet src 192.168.0.0/24
acl SSL_ports port 443
acl Safe_ports port 80 # h
I tried to import the certificate but not sure it was correct or not
...i am using chrome ...firfox ...EI10 for testing ... the following is my
setting
http_port 3128 intercept
https_port 3127 intercept ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/usr/loca
OK slight change in my report of large and small files ,
When I attempt connection to my OWA system via the 3.3.9 proxy i can
upload up to 6 MB files , just like the original poster
( techguy005-me)
When i attempt to upload to the portal it will not take a file greater
than 30 K .. keeps askin
On 23/11/2013 2:22 a.m., Víctor Fernández Martínez wrote:
> Hi,
>
> I use the ssl_bump and Facebook works flawlessly.
>
> - Did you import the ssl_bump root CA certificate into the client you're
> using
> to browse those websites?
> - Which kind of certificate errors do you get? Which browser a
On 22/11/2013 11:02 p.m., Lê Trung Kiên wrote:
> It seems that IIS7.5 has bugs that cannot change "Cache-control: private"
> header.
> However Squid 3.1 deals with this by using "ignore-private", squid 3.2 or
> 3.3 doesn't work with this directive.
>
> Any suggest solutions please?
ignore-priva
Hi,
I use the ssl_bump and Facebook works flawlessly.
- Did you import the ssl_bump root CA certificate into the client you're using
to browse those websites?
- Which kind of certificate errors do you get? Which browser are you using?
Best regards,
Victor
On Friday 22 November 2013 05:13:59 i
Dear All.
Anybody who has working ssl_bump and caching h https websites like
Facebook... please share your configuration.. I tried 3.3.8 ..3.3.10 and
then 3.4.0.2 on centOS.. But on opening https websites there are broken
pages and too much security alerts
please share your opinion and gu
On 22/11/2013 11:16 p.m., P K wrote:
> Hi,
>
> I can't get the reverse proxy to work properly. Basically I want squid
> to serve as reverse proxy to two of my domains - x.example.com and
> y.example.com. I also want squid to perform basic authentication
> against my own radius server which should
And what does this 503 page content??
I do not know what the issue in hands is but there are couple things to
first test before running into full debug or try to fix issues that
might not exists.
The version upgrade is there for a reason.
I do know why an upgrade might not solve the issues but
On 22/11/2013 11:50 p.m., Bhagwat Yadav wrote:
> Hi,
>
> Tried this also, but it is still hanging for some requests.
>
> It is taking 1 minute time in between below calls:
>
> 2013/11/22 04:39:32.630| clientReadSomeData: FD 9: reading request...
A socket FD 9 - client starting to send the HTTP
Hi,
Tried this also, but it is still hanging for some requests.
It is taking 1 minute time in between below calls:
2013/11/22 04:39:32.630| clientReadSomeData: FD 9: reading request...
2013/11/22 04:40:32.904| comm.cc(2190) will call SomeTimeoutHandler(FD
11, data=0xe3b1c8) [call5094]
Thanks,
B
> I have just one problem for the moment, sometimes the ident banner
> appear twice I guess there is a problem about user()->expiretime =
> current_time.tv_sec place when the user is beyond two minutes
> without browsing the timer is expired again, I will investigate ...
>
No I'm wrong no proble
Hi,
I can't get the reverse proxy to work properly. Basically I want squid
to serve as reverse proxy to two of my domains - x.example.com and
y.example.com. I also want squid to perform basic authentication
against my own radius server which should be common for both the
sites. I mean I want user
It seems that IIS7.5 has bugs that cannot change "Cache-control: private"
header.
However Squid 3.1 deals with this by using "ignore-private", squid 3.2 or
3.3 doesn't work with this directive.
Any suggest solutions please?
-Original Message-
From: Lê Trung Kiên [mailto:trungkien...@viet
On 21/11/2013 11:37 p.m., alamb200 wrote:
> Hi Amos,
> I am using Hyper V to host the server and so was looking at using Ubuntu.
> Do I need the server or desktop version?
The only OS which Squid placs a limit like that on is Squid-2.7
requiring Windows Server. (The latest 3.3 experiements seem to
Hi,
I added a loop waiting for the end of all squid processes ( with 30
seconds limit, I don't want to loop forever ..) and it did the trick :
for i in {1..30}
do
sleep 1
pidof 'squid' > /dev/null
pssquid=$?
if [ "$pssquid" -eq "0" ];then
echo "Attente fin de process squid
On 22/11/2013 10:43 p.m., Bhagwat Yadav wrote:
> Hi,
>
> Your are very right, I have tried this. It is causing problem.
>
> Can you please suggest anything else?
The alternative is to leave the statInit() working but comment out the
eventAdd() line inside it. That prevents the times even happeni
On 22/11/2013 12:08 p.m., Brig wrote:
>
> Sounds like good advice!
>
> 'squidauth' was just an example I was using for this forum. We have two AD
> accounts that we have created for these kinds of authentications so I cannot
> just easily go change the passwords yet I can request a new account.
>
Hi,
Your are very right, I have tried this. It is causing problem.
Can you please suggest anything else?
TIA,
Bhagwat
On Fri, Nov 22, 2013 at 3:09 PM, Amos Jeffries wrote:
> On 22/11/2013 7:14 p.m., Bhagwat Yadav wrote:
>> Hi Amos/All,
>>
>> I am commenting out function statInit() from main.cc
On 22/11/2013 7:14 p.m., Bhagwat Yadav wrote:
> Hi Amos/All,
>
> I am commenting out function statInit() from main.cc because I suspect
> that it might be causing this issue with squid.
> I believe this function is for collection of stats which we are not
> doing at the moment.
>
> Can you please
41 matches
Mail list logo