I would certainly be willing to give it a shot, yes!
Thank you!
Jason
<https://www.avast.com/sig-email?utm_medium=email_source=link_campaign=sig-email_content=webmail>
Virus-free.www.avast.com
<https://www.avast.com/sig-email?utm_medium=email_source=link_campaign=sig-email_conten
144020% 10080
refresh_pattern ^gopher:14400% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
debug_options rotate=1 ALL,2
negative_dns_ttl 0 seconds
dns_timeout 5 seconds
Thank you for any help that you can provi
Hello,Thank you so much for your reply.1- Regarding security, what parameters
should be changed or added in the configuration file?
2- How to configure Squid-cache service for 1000 clients?
On Sat, Sep 23, 2023 at 12:26 AM, Francesco Chemolli
wrote: Hi Jason!
Squid is a complex piece
Hello,I have some questions:1- What tips should be considered to keep
Squid-cache safe?
2- How strong is Squid-cache? How many users can use it at the same time?
3- Can Squid-cache also play the role of a firewall? Something like the
Microsoft ForeFront TMG Replacement or the Kemp LoadMaster.
Hello,
Thank you so much for your reply.
Dante (https://www.inet.no/dante/)? How does it performance?
Can it also act as an HTTP server?
On Tuesday, September 12, 2023 at 10:08:01 AM GMT+3:30, Matus UHLAR - fantomas
wrote:
>On 9/11/23 4:23 AM, Jason Long wrote:
>>Does the Sq
PM Jason Long wrote:
> Hello,
> Can I use Squid-cache to set up a SOCKS5 proxy server?
>
> Thank you
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-user
Hello,Can I use Squid-cache to set up a SOCKS5 proxy server?
Thank you ___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
Hello,
Thanks again.
You right, I must move the following lines after the authentication lines:
http_access allow localnet
http_access allow localhost
http_access deny all
It worked.
On Sunday, September 10, 2023 at 01:57:32 AM GMT+3:30, Alex Rousskov
wrote:
On 2023-09-09 15:09, Jason
ote: On 2023-09-09 09:09, Jason
Long wrote:
> Hello,
> I installed the Squid-cache on Debian 12, then I installed the Apache utils:
>
> $ sudo apt install apache2-utils
>
> After it, I did the following steps:
>
> $ sudo touch /etc/squid/passwd
> $ sudo chown proxy /e
Hello,
I installed the Squid-cache on Debian 12, then I installed the Apache utils:
$ sudo apt install apache2-utils
After it, I did the following steps:
$ sudo touch /etc/squid/passwd
$ sudo chown proxy /etc/squid/passwd
Then:
$ sudo htpasswd /etc/squid/passwd jason
After it, I opened
, but it
doesn't seem a good option in any case.
- Jason
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
examine each and
every Host header and compare it to the TLS SNI to see if there is a
discrepancy.
Looking at the code at the moment I can only see absolute URL vs host
header checks, which do not appear to look at the CONNECT TLS SNI, which I
think to be found in the master xaction.
Regards,
Jason
again (I have never seen this before) I'll be sure
to do the debugging thang.
On Tue, Feb 22, 2022 at 3:16 AM Alex Rousskov <
rouss...@measurement-factory.com> wrote:
> On 2/20/22 20:43, Jason Haar wrote:
>
> > I've noticed that the Internet ipv6 is not quite as reliable as ipv
what's going on there? thanks!
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
squid-users mailing list
squid-users@lists.squi
On Wed, 1 Dec 2021 at 18:29, Alex Rousskov
wrote:
>
> On 12/1/21 12:06 PM, David Touzeau wrote:
> >
> > Hi
> >
> > We used Squid 5.2 and we see that security_file_certgen consume I/O
> > Is there any way to put the ssldb in memory without need to mount a tmpfs ?
>
> Yes, there are at least two
Hello Alex,
Thanks I did not see that one.
...
> AFAICT, this assertion is tracked as Bug 5154:
> https://bugs.squid-cache.org/show_bug.cgi?id=5154
...
___
squid-users mailing list
squid-users@lists.squid-cache.org
a07056701e in SquidMain (argc=,
argv=) at main.cc:1716
#16 0x55a07040fac1 in SquidMainSafe (argv=0x7ffc00c111b8, argc=6)
at main.cc:1403
#17 main (argc=6, argv=0x7ffc00c111b8) at main.cc:1391
Regards,
Jason
___
squid-users mailing list
squid-users@l
hat %master_axtion is a counter which resets when you restart
squid, and is not unique among squids (or restarts), is there not a
case to be made for making one available?
Regards,
Jason
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
est may dematerialise, but by this
time is there
not a note on the client connection with conn_id="some already-evaluated thing"
which persists until the client connection closes?
What perhaps you mean is that the client connection object does change
on account of the connect
being intercep
Hello,
I am using squid 5, and after reading the following I have attempted
to link the connect requests to the other requests within a TLS
tunnel.
http://lists.squid-cache.org/pipermail/squid-users/2021-April/023526.html
I added an extra log format code to squid 5, called %random, which
always
If you look at the squid logformat page you can find various
additional logging options available to start with, such as ICAP
processing time. This is a good place to start if you are not using a
custom format already:
http://www.squid-cache.org/Doc/config/logformat/
.e.g.
On Mon, 5 Jul 2021 at 17:02, Alex Rousskov
wrote:
>
> On 7/5/21 11:19 AM, Jason Spashett wrote:
>
> > I saw some anecdotal information on the web that said the SNMP data
> > available from squid was a restricted subset of that available via the
> > cache-manager inter
Hello,
I saw some anecdotal information on the web that said the SNMP data
available from squid was a restricted subset of that available via the
cache-manager interface. Is this still largely the case? Looking to
use squid4, and 5, shortly.
Regards,
Jason
they do play a role in the causal chain of
events.
Does anyone have any suggestions on extracting further details in the
case of failed requests?
Regards,
Jason
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org
Got it !
Just add the following line before :
acl vip dst 192.168.1.10
http_access allow vip
Sorry for the noise.
Le 2020-09-15 11:08, Jason Loel a écrit :
Hi,
I use Squid 4.6 with Debian 10 (Buster).
I use Kerberos Authentication and it works :
auth_param negotiate program /usr/lib
Hi,
I use Squid 4.6 with Debian 10 (Buster).
I use Kerberos Authentication and it works :
auth_param negotiate program /usr/lib/squid/negotiate_kerberos_auth -s
HTTP/proxy.lab@lab.lan
auth_param negotiate children 10
auth_param negotiate keep_alive on
acl lan proxy_auth REQUIRED
ability?
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squi
unsubscribe
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
please *don't*
> CC me.
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
>
> __
f Of Amos Jeffries
> Sent: Monday, July 31, 2017 13:22
> To: squid-users@lists.squid-cache.org
> Subject: Re: [squid-users] dumb question: how to get http server IP into
> logs?
>
> On 30/07/17 22:02, Jason Haar wrote:
> > Hi there
> >
> > We're running squid-3.5.2
that by default?
(DIRECT/1.2.3.4?). All our logs are now "HIER_DIRECT"
Thanks
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
squid-use
I reconfigured add " --with-nat-devpf " (squid-3.5.24 on FreeBSD 9.1)
This issue *has been resolved*
thanks to Amos Jeffries
The follow is my squid version and configure.
Squid Cache: Version 3.5.24-20170331-r14150
Service Name: squid
configure options: '--prefix=/usr/local/squid'
test case 1 :
-
I changed my squid setting (don't use intercept mode)
http_port 3129 ssl-bump cert=/usr/local/squid/ssl_cert/myCA.pem
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
thab client Web Browser set proxy to 192.168.95.81:3129
I also tested the following cases
test case 1:
add the following settings in squid.conf
acl bumpedPorts myportname 3129
http_access allow CONNECT bumpedPorts
test results: ssl bump is failed
1. access.log no record
2. web browser has been waiting , no response
I also tested the following cases
test case 1:
add the following settings in squid.conf
acl bumpedPorts myportname 3129
http_access allow CONNECT bumpedPorts
test results: ssl bump is failed
1. access.log no record
2. web browser has been waiting , no response
I had a FreeBSD 9.1 bridge (em0, em1) environment,
Use "pf rdr to" redirect HTTPS (port 443) packets to squid (squid 127.0.0.1:
3129)
Squid *3.3.11* ssl bump is OK.
The following is the setting of squid 3.3.11
Squid Cache: Version 3.3.11-20140220-r12672
Configure options: '--prefix = / usr /
If you do "lsof /var/log | grep -i delete" does it show squid writing to a
deleted access.log / cache.log?
j
From: "Chee M Gui"
To: squid-users@lists.squid-cache.org
Sent: Wednesday, March 22, 2017 10:17:32 AM
Subject: [squid-users] Squid stopped working after
--- Original Message -
From: "Alex Rousskov" <rouss...@measurement-factory.com>
To: squid-users@lists.squid-cache.org
Cc: "Jason Nance" <ja...@tresgeek.net>
Sent: Tuesday, March 21, 2017 4:42:33 PM
Subject: Re: [squid-users] URL list from a URL
On 03/21/2017 02:30
, March 21, 2017 1:19:43 PM
Subject: Re: [squid-users] URL list from a URL
Yes.
Functionality you required is:
http://wiki.squid-cache.org/Features/StoreID
21.03.2017 21:52, Jason B. Nance пишет:
> Hello,
>
> I'm using Squid 3.5.20 and wonder if it is possible to define an ACL wh
oinov" <yvoi...@gmail.com>
To: squid-users@lists.squid-cache.org
Sent: Tuesday, March 21, 2017 1:19:43 PM
Subject: Re: [squid-users] URL list from a URL
Yes.
Functionality you required is:
http://wiki.squid-cache.org/Features/StoreID
21.03.2017 21:52, Jason B. Nance пишет:
> Hello,
Hello,
I'm using Squid 3.5.20 and wonder if it is possible to define an ACL which
retrieves the list of URLs from another URL (similar to pointing to a file).
In this specific use case it is to allow a Foreman server to sync Yum content
from the CentOS mirrors. I tell Foreman to use the
t to avoid as
I believe it has no future due to pinning.
Off to upgrade to 3.5.22 :-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
_
Greetings - I’m trying to install squid on an Ubuntu workstation in a VM. I install squid but unable to initialize caches. I get the following error:Initializing the Squid cache with the command squid3 -f /etc/squid/squid.conf -z ..FATAL: Bungled /etc/squid/squid.conf line 3467: cache_dir rock
is more secure over cleartext - but it's
also noticeably slower than Basic over latency links, so you can choose
your poison there
If you're really keen, you can actually do proxy-over-TLS via WPAD with
Firefox/Chrome - at which point I'd definitely recommend Basic for the
performance reasons ;-)
It's version 3.3.8
Sent from my Bell Samsung device over Canada's largest network.
Original message
From: erdosain9 Date:
2016-09-14 8:05 PM (GMT-07:00) To:
squid-users@lists.squid-cache.org Subject: Re: [squid-users] Cannot
get ACL to work
Hi.
Ugh, I am trying to get Squid to deny access to a particular AD group, but when
I enable the rule, then it denys everyone.
This is what I have in squid.conf
# NTLM
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 15
auth_param
lls block it so as to force it to tcp/443 - but you're
implying there are yet more alternatives?
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
not seeing this when squid tried to
execute it, so I'm fairly certain it has something to do with the
execution of the script rather than a problem with the script itself.
I've also examined the permissions, and those should be good.
Thanks in advance for the help.
--Jason
squid.conf
sponse to a public
> records request, do not send electronic mail to this entity. Instead,
> contact this office by phone or in writing.
>
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid
5
acl SSL_https port 443
ssl_bump splice SSL_https
On Tue, Mar 22, 2016 at 12:05 AM, Vito A. Smaldino <
vitoantonio.smald...@istruzione.it> wrote:
> Hi all,
> great, i'm just searching for this. Jason can you kindly post the whole
> squid.conf?
> Thanks
> V
>
>
to
this simplest case for the moment and avoid the "peek" call
Thanks!
Jason
On Mon, Mar 21, 2016 at 8:53 PM, Amos Jeffries <squ...@treenet.co.nz> wrote:
> On 21/03/2016 10:29 a.m., Jason Haar wrote:
> > Hi there
> >
> > I'm wanting to use tls intercept to just log (well
intercept basically ditches
the tcp/443 connection - which is as good as it gets without getting into
the wonderful world of real "bump"
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE
Or use socat. I have used it to allow ancient SSLv3-only clients to
communicate with TLS-only servers.
Jason
On Thu, Mar 10, 2016 at 12:28 AM, Amos Jeffries <squ...@treenet.co.nz>
wrote:
> On 9/03/2016 6:53 p.m., Howard Kranther wrote:
> > Hello, I am investigating the use of sq
On Tue, Feb 16, 2016 at 2:48 AM, Amos Jeffries <squ...@treenet.co.nz> wrote:
> Thanks for the reminder. I dont recall seeing a bug report being made.
> Though Jason has sent me a more detailed cache.log trace to work with.
>
Yeah - I actually got half-way through putting in a b
anyone figured out how to get
squid-4 working on such older systems?
Thanks
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
y like content
filtering proxies find it hard to keep up as they have become the enemy
(because they can be used for evil as well as good).
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9
navailable really isn't an option (in the case of
"peek-and-splice" over intercepted they seem to hang forever when this
error occurs). Perhaps an option to change it's behaviour would be
better? eg enable/disable and maybe "ignore client and use the IP
addresses squid thinks are
e scraping are you also filtering for duplicates and reducing
> multiple URLs in one doman down to fewer entries?
Yeah - no dupes - but no manually reading to figure out patterns
either. That would take a human eye - and I want set-and-forget automation
--
Cheers
Jason Haar
Corporate Informa
acl type - so regex it is (can't use
dstdomain because we want to block "http://good.site/bad.url; - not all
of "good.site")
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2
1sec). I'd say "outsourcing" this kind of
function to another process (such as url_rewriter or ICAP) still has
it's advantages ;-)
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7
files
that allowed for rapid searching for matches - is this done within squid
now? (presumably it wasn't some time ago?). If so, is that done in
memory or via the acl files? (ala SG) - the former means a much slower
squid startup?
Thanks
--
Cheers
Jason Haar
Corporate Information Security Manager, T
On 06/01/16 17:39, Amos Jeffries wrote:
> On 6/01/2016 5:04 p.m., Jason Haar wrote:
>> Hi there
>>
>> Weird - several times in the past couple of months I have found I cannot
>> get to http://wiki.squid-cache.org/ - I get the error below from my
>> squid-3.5.11 se
request again.
Your cache administrator is webmaster.
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
squid-users mailing lis
at what cache.log says about
> the state of the request that is being checked and failing.
I think we know what the problem is: TOR is making TLS connections (I
don't know if they're HTTPS) on port 443 and uses SNI names that aren't
real?
--
Cheers
Jason Haar
Corporate Information Security Manager
acl SSL_https port 443
ssl_bump splice SSL_https
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
signature.asc
Description: OpenPGP digital signat
ssfully used TOR, it must have cached a bunch of
things because I then re-enabled intercept and it's no longer making any
tcp/443 connections - it goes straight out on other "native" TOR ports.
So it may be this can only be tested on a fresh install (or after some
cache timeout period)
--
ient browser.
Could that be DNS? Is the server configured to use valid DNS servers?
Check each of them yourself to see what their response times are like, eg
time nslookup some.valid.site.that.isn't.in.cache
maybe you'll see 2sec show up on one of them...
--
Cheers
Jason Haar
Corporate Informat
On 15/10/15 14:25, Amos Jeffries wrote:
> All those lines imply is a certificate verify problem inside the SSL
> library.
Would it be possible to put the ip:port in those error messages? Would
certainly help answer those questions...
--
Cheers
Jason Haar
Corporate Information Security M
this can't have anything to do with Elliptic Curves or pinning
Jason
On 15/10/15 12:19, Alex Rousskov wrote:
> On 10/14/2015 05:00 PM, Dan Charlesworth wrote:
>
>> I feel like if server-first is working there must be *some*
>> combination of peek/stare/bump that’ll
On 16/10/15 13:08, Dan Charlesworth wrote:
> ORLY
>
> I seem to recall this happening on 10.10 as well, but it could be an El
> Capitan thing. Do you mind reminding me of your squid config Jason?
With my config I trying to "aggressively" figure out if the transaction
is s
t; k=/System/Library/Keychains/X509Anchors
> /dev/null 2>&1 || true
The "ipsec/smime" stuff is actually not needed - but I don't care ;-) I
went for the carpet bombing approach for the Mac (which I don't know well)
--
Cheers
Jason Haar
Corporate Information Security Manager, Tr
the CAs used
by those sites - thus causing the problem you see? Certainly matches the
symptoms
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 84
ly (ie I'm making sure revoked certs are never
bumped)
But this is a bug in squid - this means untrustworthy certs become
trusted again - not a good look
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6
ally got anything to do with the CA itself)
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
squid-users mailing l
.
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
squid-users mailing list
squid-users@lists.squid-cache.org
http
and
there's no obvious signs of a cert error - so I can't figure out what is
going wrong. I've manually downloaded the server cert using "openssl
s_client" and the cert chain validates just fine - so what is squid
doing to it? Weird...
--
Cheers
Jason Haar
Corporate Information Securi
.v.x.+!..n..J@9.[.J.C.1.L5.(.%%..9..
Signature Algorithm: sha256WithRSAEncryption
Fake:
X509v3 Basic Constraints:
CA:FALSE
Signature Algorithm: sha256WithRSAEncryption
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd
browsers
Jason
PS: also note WPAD is about browsers - so don't expect miracles for
non-browser applications. Some apps can use it - bit most can't
On 10/09/15 08:39, Marcio Demetrio Bacci wrote:
> Hi,
>
> I'm having the following problem with my squid3:
>
> When I set the browser: &qu
g format, log parsers would skip all
PEEKED/CONNECT lines as redundant (although they're useful for us humans)
Yeah, it would break existing logging tools - but so does the "GET
https://...; stuff anyway - so they need updating too ;-)
--
Cheers
Jason Haar
Corporate Information Security Manager,
runninng
./configure CXXFLAGS="-DMAXTCPLISTENPORTS=200" when i make install
squid is not showing me the increased listen ports.
squid -v shows
Squid Cache: Version 3.5.7
Service Name: squid
configure options: '--build=x86_64-redhat-linux-gnu'
'--host=x86_64-redhat-linux-gnu'
Amos
Got the build working finally and the cxx Maxtcp flag shows in my -v but
still getting the 128 port limit!
What a let down Thought I had it for a moment.
On Monday, September 7, 2015, Amos Jeffries <squ...@treenet.co.nz> wrote:
> On 8/09/2015 2:11 p.m., Jason Enzer wrote:
&
trying to build in larger maxtcplistenports into 3.5.7 for centos 6
what would i need out of here to get a build working? i mean like it
does from elizers repo?
./configure --build=x86_64-redhat-linux-gnu
--host=x86_64-redhat-linux-gnu --target=x86_64-redhat-linux-gnu
--program-prefix=
a quad core i5 3.1ghz with 16GB ram running centos 6.6
any points in the right direction are greatly appreciated!
jason
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
not a popular topic i guess. can anyone point in the right direction
for setting up multiple squid instances on centos 6.6?
thanks,
jason
On Thu, Sep 3, 2015 at 3:43 PM, Jason Enzer <enz...@gmail.com> wrote:
> if i had 250+ ip addresses and wanted to run a large anonymous proxy
>
connect to 172.5:3172 it asks for password once authed ( which
i dont want to auth ) then shows outgoing address of 172.4. i realize
its acl related and the acl logic isnt correct. can someone point me
in the right direction?
thanks,
jason
___
squid-users
ept is bleak
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
squid-users mailing list
squid-users@lists.squid-ca
)
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid
On 20/08/15 12:42, Jason Haar wrote:
So now I can:
1. ###dynamically whitelist/splice non-SNI traffic via it's existence
(commented because it didn't work - ended up splicing everything)
Figured that one out: .* is a file - .* is a regex :-)
--
Cheers
Jason Haar
Corporate Information
who bash their way through multiple layers
of browser warning popups/etc in order to get infected are out of scope ;-)
Thanks again for your help Alex. Hopefully this conversation will be
useful for others. TLS intercept is a bit of a step up in complexity
over standard TCP ;-)
--
Cheers
Jason
is
useful)
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
squid-users mailing list
squid-users@lists.squid-cache.org
http
any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
cache_effective_user squid
cache_effective_group squid
thanks!
-jason
outgoing address from first acl statement... if i
comment out the first acl the 2nd acl works and the outgoing address
is what is expected.
stumped!
-jason
On Sun, Jul 12, 2015 at 11:29 AM, Dan Purgert d...@djph.net wrote:
On Sun, 12 Jul 2015 11:13:02 -0700, Jason Enzer wrote:
[...]
Looks like
!
-Jason
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
commercial CAs to create fake server certs
(let's be honest - all of this is about stopping government snooping -
not about normal criminal behavior)
Jason
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org
to mind
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
squid-users mailing list
squid-users@lists.squid-cache.org
http
www.site.name as the SNI)
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
squid-users mailing list
squid-users@lists.squid-cache.org
On 21/06/15 10:45, Antony Stone wrote:
The former - squid does the download and passes the content to ICAP.
Great. So squid does all the network calls and ICAP simply gets to
review the content (request and/or response) and potentially change it.
Perfect :-)
Thanks!
--
Cheers
Jason Haar
, ipv6
support,etc)
Thanks
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
squid-users mailing list
squid-users
optional)
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
squid-users mailing list
squid-users@lists.squid-cache.org
http
.
Yeah - windows firewall is a major pain. Better to turn the darn thing
off and rely on something else
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
1 - 100 of 506 matches
Mail list logo