Hi,
Sadly I have deleted my access.log files - and have rolled back to Squid
3.1, and caching is working perfectly. I still need to upgrade to Squid
3.4.6 sometime soon for the sslbump feature. I tried with the djmaza.info
site with the Squid 3.4.6, and nothing is cached. I am going to try and set
On Mon, 2014-06-30 at 22:56 +1000, Dan Charlesworth wrote:
> Yeah, pinned SSL ‘aint gonna be bumped. The Twitter apps are another popular
> one that use pinning.
>
> As far as your broken_sites ACL goes, you can’t use `dstdomain` because the
> only thing Squid can see of the destination before b
On Monday 30 June 2014 at 16:12:58, James Lay wrote:
> Please don't peddle your (subscription fee based no less...yugh)
> garbage
Just out of interest, I took a look at what was being offered by this guy
(http://www.squidblacklist.org) and I noticed two things:
1. It's a subscription-based serv
Any reason not to build squid from newest sources ?
Will probably increase your chances of getting better support, as 2.1 is not
much newer than 2.7 :-)
(Still using latest 2.7, with private mods, myself. Solid as a rock.)
--
View this message in context:
http://squid-web-proxy-cache.1019090.n
Did you try without Antivirus ? Not so into the squid code, but I would
suspect a problem in the interface to Trend, first. As squid is crashing
already during/immediately after startup.
BTW: What should happen here ?
maximum_object_size 1 KB
maximum_object_size 50 MB
Probably, you can
Hi,
I'm having trouble with connection pinning. I'm on SUSE Linux Enterprise
(SLES) 11 SP3, so I'm stuck with squid3-3.1.12-8.16.18.1 at the moment.
My scenario: Firefox, Squid and a parent proxy (McAfee Web Gateway). The
parent proxy offers "Proxy-Authenticate: Negotiate" and
"Proxy-Authenticate
On 2014-06-30 07:13, Dan Charlesworth wrote:
No worries.
Sounds like this is the feature you should be waiting with baited
breath for: http://wiki.squid-cache.org/Features/SslPeekAndSplice
I’m not a developer so I have no idea how far along that is right
now.
On 30 Jun 2014, at 11:05 pm, Jam
If your company allows you, you could look into a relatively
inexpensive Linux-based software router called Mikrotik. They have
something called PCQ which does well as a QOS policy.
Regards
On Fri, May 16, 2014 at 7:03 PM, Antoine Klein wrote:
> Ok i fear to waste many time to understand that,
Hello,
I've setup a internal proxy with squid 3.4.4 on SLES 11 SP3. And with the
same version of squid and OS a proxy in DMZ. The internal proxy crashed
every 5 minutes. I can't find the reason.
2014/06/30 16:09:06 kid1| Set Current Directory to /var/cache/squid
2014/06/30 16:09:06 kid1| Starti
Good morning List Troll!
Please don't peddle your (subscription fee based no less...yugh)
garbage off listor heck ON list for that matter. Squid-users admin,
kindly nuke/destroy/delete/erase the below...thank you.
James
Original Message
Subject: Squidblacklist.org - A
No worries.
Sounds like this is the feature you should be waiting with baited breath for:
http://wiki.squid-cache.org/Features/SslPeekAndSplice
I’m not a developer so I have no idea how far along that is right now.
On 30 Jun 2014, at 11:05 pm, James Lay wrote:
> On Mon, 2014-06-30 at 22:56 +1
On Mon, 2014-06-30 at 22:56 +1000, Dan Charlesworth wrote:
> Yeah, pinned SSL ‘aint gonna be bumped. The Twitter apps are another popular
> one that use pinning.
>
> As far as your broken_sites ACL goes, you can’t use `dstdomain` because the
> only thing Squid can see of the destination before b
Yeah, pinned SSL ‘aint gonna be bumped. The Twitter apps are another popular
one that use pinning.
As far as your broken_sites ACL goes, you can’t use `dstdomain` because the
only thing Squid can see of the destination before bumping an intercepted
connection is the IP address. So for `ssl_bump
Topic pretty much says it...most sites work fine using my below set up,
but some (Apple's app store) do not. I'm wondering if cert pinning is
the issue? Since this set up is basically two separate sessions, I
packet captured both. The side the I have control over gives me a TLS
Record Layer Aler
Hello,
we need to configure two way ssl for reverse http proxy (squid).
client -> (https two-way ssl) -> squid -> (https one-way ssl) -> server
Is there any examples of configuration file?
Regards,
Vlado
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Tw
Thanks for your reply.
I used following line & its working fine:
http_port 10.10.16.56:3128 ssl-bump intercept generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/etc/squid/mycert.pem
But now its showing certificate error for every https website. How we can
resolve this error?
I would say +1 for binary search..
Remove all specials and make it:
https_port 10.x.x.95:443 accel
cert=/usr/newrprgate/CertAuth/cert/cert.crt
key=/usr/newrprgate/CertAuth/cert/key.pem defaultsite=server_1.uk
Which will minimize it to a working settings which works on every linux
version with an
Eliezer
The line that was working but is now causing problems is;
https_port 10.x.x.95:443 accel
cert=/usr/newrprgate/CertAuth/cert/cert.crt
key=/usr/newrprgate/CertAuth/cert/key.pem
cipher=ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
options=NO_SSLv2 defaultsite=server_1.uk
John
On
On 06/30/2014 12:25 PM, Der Dutz wrote:
Hi Eliezer,
Thanks for your kind respond. actually im reposting because i see
onhttp://marc.info/ that my email is unreadable because the format from the
email client i used (yahoo internal send mail editor), because its unreadable
then im afraid no on
Hi Eliezer,
Thanks for your kind respond. actually im reposting because i see on
http://marc.info/ that my email is unreadable because the format from the email
client i used (yahoo internal send mail editor), because its unreadable then im
afraid no one will reply to it.
Ok for the squid prob
20 matches
Mail list logo