On Sun, Jan 9, 2011 at 5:42 AM, Helmut Hullen hul...@t-online.de wrote:
Is there any advantage of using squid on a personal computer? I can
see that in a household, running squid on a central server could be
beneficial. What if there was only one machine in the home?
It's a kind of big
See: http://wiki.squid-cache.org/Features/SslBump
On Thu, Mar 18, 2010 at 11:54 AM, Sheahan, John
john.shea...@priceline.com wrote:
If Squid is configured to use the squid wildcard certificate, does this
mean that all of the HTTPS clients have to manually accept this certificate
in order to
On Tue, Feb 16, 2010 at 7:17 AM, Matus UHLAR - fantomas
uh...@fantomas.sk wrote:
On 14.02.10 18:30, Andres Salazar wrote:
Iam trying to configure SSLbump so that I can use squid in transparent
mode and redirect with iptables/pf port 443 and 80 to squid.
Why transparent?
Are you aware of all
1. Use de WPAD protocol: lets say PROXY squid1; PROXY squid2
(this is fail over)
IMHO, using PAC (with or without WPAD) is the simplest and most
effective approach to failover, requiring no additional software
beyond a web server to host the PAC file.
With PAC, the browser will automatically
Have you considered running one of the machines as an NTP server, have
the others sync their clock to that?
On 4/14/08, Jon Drukman [EMAIL PROTECTED] wrote:
Should I throw an Expires header in there?
Yes, explicit 'Expires' headers help squid make smarter decisions.
If you know an object is
On 3/22/08, Sadiq Walji [EMAIL PROTECTED] wrote:
When squid fails, all the users cannot browse and we have to manually stop
squid to bypass it. Is there any way/feature that enables to bypass squid
automatically if and when it fails or has some problems?
Yes, use a PAC (Proxy Automatic
On 1/4/08, Tim Bates [EMAIL PROTECTED] wrote:
Remembering of course to lower the maximum cache size in the config too
so it doesn't get too much again...
Good point. Which brings up the question, why manually delete the cache at all?
Instead, just lower the maximum cache size (e.g. the
I'd assume that the limit on cached data for Squid is not the number
of bytes, but the number of cached objects?
If you were to tune squid to be aggressive about caching large popular
objects, then you could certainly fill a terabyte plus cache_dir, but
I'm not sure how cost effective it would be
On 8/1/07, Daniel Bearer [EMAIL PROTECTED] wrote:
Is it possible to run Squid on a virtual/shared server?
There's nothing unique about Squid which would preclude it from
running on a virtual server, or as an ordinary user on a shared
server.
The bare minimum necessary for Squid to run is
On 7/31/07, Frank Pittel [EMAIL PROTECTED] wrote:
I need to set up a secure http proxy using secureid fobs for
authentication. Is squid capable of doing this.
Squid can authenticate against PAM, and there are PAM modules for SecurID.
The RSA SecurID PAM module is free, is available for specific
On 7/31/07, Michele Vetturi [EMAIL PROTECTED] wrote:
I'm facing troubles with Squid (currently using 3.0PRE5 on Debian
etch, but already tried 2.6 branch) surfing on https sites (webmail and
internet banking in particular).
Surfing on those sites, ssl connections seems really slow. The
These numbers appear to indicate that Squid is nearly as fast as
Apache serving up static content, which is pretty much exactly what I
would expect.
The very high 'max' field suggests that the total is being skewed by
one very slow transaction, both for Apache (3 seconds) and then even
more so
I'd recomend trying a different testing tool, one that can display
min/median/max response time, rather than just the mean. One such
tool is httperf.
On 7/19/07, 程卫星 [EMAIL PROTECTED] wrote:
Yes, Squid request status in access log is TCP_HIT:NONE.
Why TCP_HIT instead of TCP_MEM_HIT?
KK
On 7/6/07, FREGONI Roberto [EMAIL PROTECTED] wrote:
I'd like to permit only Skype voice traffic and deny file transfer,
chatting and device sharing through my squid proxy. Do you know if it is
possible to do it.
Squid isn't capable of doing what you ask -- I doubt any network
firewall or proxy
On 6/21/07, Chuck Kollars [EMAIL PROTECTED] wrote:
I think what we really need is just the much simpler
blacklist/whitelist capability. If we can
transparently intercept, and give a
thumbs-up/thumbs-down to every destination IP address
(perhaps after doing a reverse DNS lookup on it),
that's all
On 6/19/07, Jakob Curdes [EMAIL PROTECTED] wrote:
Vadim Pushkin schrieb:
Has anyone on this list ever deployed a third-party tool to do what JC
suggests? I.e. block or limit file-tyransfers, inspect https traffic
so as to block/allow it based on what it is doing?
Yes. There are many
On 6/19/07, Vadim Pushkin [EMAIL PROTECTED] wrote:
I am only looking to inspect each SSL connection for the purposes of
determining if the traffic should be allowed, i.e. non-malicious (not chat,
file-transfer, etc).
If you actually want to inspect the protocol inside the SSL, I'm not
aware of
On 6/11/07, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
my question was regarding some user-excpetions. a combination of proxy-pac and
browser-settings is not possible - at least not with IE.
Correct. That is not possible.
When a browser is configured to use a Proxy script (via WPAD or
On 6/5/07, Terry Dobbs [EMAIL PROTECTED] wrote:
We have been using a proxy server with a WPAD.dat file for a year or
two. Now, we have setup another squid server in a remote site. I need to
configure the WPAD.dat file in a way where if you are on subnet A use
Proxy Server A and if you are on
On 6/5/07, Kamal Paryani [EMAIL PROTECTED] wrote:
in squid can we log all user web based activity - like
can we have a keylogger kind of a output of whatever activity they
have done on the web
Squid, like any other web proxy, will log the basic details of each
HTTP converation, but not the
On 5/23/07, Markus Moeller [EMAIL PROTECTED] wrote:
Henrik Nordstrom [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Most isn't actually using SSL, so a IDS system looking for odd traffic
in CONNECT requests will trap many of them (but not all).
Any chance of implementing basic Is
I'll take a look at the updated Wiki later today.
On 5/15/07, SSCR Internet Admin [EMAIL PROTECTED] wrote:
However, if the browser is not configured to use a PAC
file but a PAC file is delivered it brings up a
Security Alert because the browser never requested it.
I know the old Netscape
On 5/15/07, Adrian Chadd [EMAIL PROTECTED] wrote:
Its possible whatsmyipaddress.com is reading
the client IP address from the X-Forwarded-For header.
On 5/15/07, zulkarnain [EMAIL PROTECTED] wrote:
Have you turn OFF via and forwarded_for on your
squid.conf?
You can confirm which headers are
On 5/11/07, Adrian Chadd [EMAIL PROTECTED] wrote:
You can turn that cache behaviour off. I'll hunt around for the instructions
to tell IE not to cache proxy.pac lookups and add it to the documentation.
That'd be handy.
(P.S. Have you heard about the magical PAC refresh option in Microsoft's
On 5/10/07, Adrian Chadd [EMAIL PROTECTED] wrote:
There's plenty of examples of proxy.pac file based load balancing and failover.
It's important to keep in mind that some PAC behavior, including
failover, is different for different browsers and browser versions --
this particularly applies to
On 5/7/07, Fabio Silva [EMAIL PROTECTED] wrote:
Hi all, i need to configure a squid server in a machine but i need to
send the traffic of squid to another link!
link1link2
squid BOX
The link1 is the default GW of the network but i need to send the
traffic to the link2...
What
On 4/4/07, Ben Spencer [EMAIL PROTECTED] wrote:
I did some research for an answer to this question, but, things tend to
always resort to CPU usage and tuning (though, I did get some good
information from those threads also).
We have a squid appliance which is very heavy on CPU (which is
On 4/4/07, Vadim Pushkin [EMAIL PROTECTED] wrote:
Does anyone have any OS tips for Sparc/Solaris? (preferably 8).
Sell the Sparc, buy two Sun-badged AMD64 machines to run FreeBSD on?
Until recently I ran a number of large caches on Solaris 8/Sparc,
serving as parent caches for child caches
On 2/22/07, Adrian Chadd [EMAIL PROTECTED] wrote:
On Thu, Feb 22, 2007, Krzysztof Pawlak wrote:
I have a problem with caching the following:
HTTPS content is inherently uncacheable.
https://student.qantmcollege.edu.au:2096/
If Firefox doesn't use proxy for the mentioned url, everything
On 1/3/07, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
Quoting Nick Duda [EMAIL PROTECTED]:
I've been fighting this fight for far to long without resolution. I've
emailed the list at times with no resolution to my problem. I'm now
faced with ditching Squid and SquidGuard as our corporate
30 matches
Mail list logo