Re: [squid-users] c-icap documentation getting stuck

On Sat, Dec 21, 2019 at 7:42 PM robert k Wild wrote: > > WARNING Bad configuration keyword: enable_libarchive 0 > WARNING Bad configuration keyword: banmaxsize 2M You're probably running an outdated squidclamav. ___ squid-users mailing list

[squid-users] deny_info redirect with URL placeholder

Is there a way to tell squid to treat %o as-is in deny_info? In Apache2 with mod_proxy ProxyPass directives, I require to write a config directive such as: Header edit Location "(^http[s]?://)([^/]+)" "" Using %note or %o in squid 4.x or 3.x would be fine, but both have issues. The config

Re: [squid-users] deny_info redirect with URL placeholder

On Mon, Dec 9, 2019 at 10:04 AM Amos Jeffries wrote: > > > How could I refer to these values in the deny_info 302:%* line? > > deny_info 302:https:%o bad_Location > > This should do it for Squid-3 (and avoids the config parser bug). You > just have to have the helper produce the URL (without the

Re: [squid-users] deny_info redirect with URL placeholder

On Mon, Dec 9, 2019 at 10:04 AM Amos Jeffries wrote: > > > Is there a way to add a URL variable name to a deny_info 302 > > configuration directive? > > > > or as I showed > earlier with logformat codes. Though sorry that does require a later >

[squid-users] deny_info redirect with URL placeholder

Hi, Is there a way to add a URL variable name to a deny_info 302 configuration directive? Suppose I have the following: external_acl_type location_rewriter ttl=86400 negative_ttl=86400 children-max=80 children-startup=10 children-idle=3 concurrency=8

Re: [squid-users] reverse proxy and HTTP redirects

On Thu, Dec 5, 2019 at 11:48 AM Amos Jeffries wrote: > > external_acl_type location_rewriter % acl bad_Location external location_rewriter > > deny_info 302:%note{location-rewrite} bad_Location > acl 302 http_status 302 > http_reply_access deny 302 bad_Location I just read something

Re: [squid-users] reverse proxy and HTTP redirects

On Thu, Dec 5, 2019 at 11:48 AM Amos Jeffries wrote: > > external_acl_type location_rewriter % acl bad_Location external location_rewriter > > deny_info 302:%note{location-rewrite} bad_Location > acl 302 http_status 302 > http_reply_access deny 302 bad_Location Sorry to bother you

Re: [squid-users] reverse proxy and HTTP redirects

By the way, if I were to upgrade to Squid 4, would the following do the trick? reply_header_add Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" all ___ squid-users mailing list squid-users@lists.squid-cache.org

Re: [squid-users] reverse proxy and HTTP redirects

On Thu, Dec 5, 2019 at 11:48 AM Amos Jeffries wrote: > > Alternative to his would be an eCAP module that just re-writes the > Location headers in place. That would be simpler, but requires some > coding to create the module. Simpler, I like how that sounds... I presume a good starting point

Re: [squid-users] reverse proxy and HTTP redirects

I could try to use a redirector with location_rewrite_program, but this directive is not available anymore. I presume I need to use url_rewrite_program instead. I wonder if it will rewrite the "Location" header the origin server is sending to the client browser. Vieri

Re: [squid-users] reverse proxy and HTTP redirects

On Wed, Dec 4, 2019 at 6:15 AM Amos Jeffries wrote: > > I'm trying to see for myself if this is actually normal/OK - since I > don't know how familiar you are with HTTP accel mode syntax. > > The requests in particular are most interesting, though what responses > are paired with each is also

Re: [squid-users] reverse proxy and HTTP redirects

> Hmm, what version of Squid is this? 3.5.27 (yes, I'm aware of the security vulnerability, but I'm unable to upgrade right now) > Can you configure "debug_options 11,2" and see what the HTTP messages > look like? Everything looks OK until I get: 2019/12/03 14:52:26.509 kid1| 11,2|

Re: [squid-users] reverse proxy and HTTP redirects

Hi, On Tue, Dec 3, 2019 at 6:33 AM Amos Jeffries wrote: > > NP: you have not configured any Elliptic Curve to be used, so all those > EC ciphers will not be usable. Also you configured some DES based > ciphers and then disable DES. I'll review that, thanks. > The problem is that the client is

[squid-users] reverse proxy and HTTP redirects

Hi, I configured a reverse proxy with something like this: https_port 10.215.145.81:50443 accel cert=/etc/ssl/whatever.cer key=/etc/ssl/whatever_key_nopassphrase.pem options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE,CIPHER_SERVER_PREFERENCE,No_Compression

Re: [squid-users] (no subject)

On Wed, Oct 23, 2019 at 1:06 PM Amos Jeffries wrote: > > First problem with these rules is they depend on an IP address. IP is > the one detail guaranteed not to match properly when TPROXY spoofing is > going on. Thank you for giving me clues. Actually, my whole setup was OK except for one

Re: [squid-users] (no subject)

On Tue, Oct 22, 2019 at 1:48 PM Amos Jeffries wrote: > > I do not see any DIVERT rule at all in your firewall config dump. That > is at least part of the problem. I opened the previous dump and saw the divert rules here below: Chain PREROUTING (policy ACCEPT 573K packets, 462M bytes) pkts

Re: [squid-users] (no subject)

On Tue, Oct 22, 2019 at 1:48 PM Amos Jeffries wrote: > > On 22/10/19 11:22 pm, Vieri Di Paola wrote: > > > > I use Shorewall on this system. This program configures iptables and > > routing. > > I dumped all the network information while trying to access po

Re: [squid-users] (no subject)

Hi, On Fri, Oct 18, 2019 at 10:13 PM Amos Jeffries wrote: > > If you are able to share your config maybe we could help spot something, > both for that and for the timeout issue. I prepared and tested a trimmed-down squid conf: # cat squid.conf acl SSL_ports port 443 acl Safe_ports port 80

[squid-users] external_acl_type and ipv6

Hi, What is the advantage of using ipv6 instead of ipv4 by default for external_acl_type? http://www.squid-cache.org/Doc/config/external_acl_type/ Thanks, Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org

Re: [squid-users] (no subject)

On Fri, Oct 11, 2019 at 3:50 PM Amos Jeffries wrote: > > Note that this last entry is about a connection to port 443, whereas the > rest of the log is all about traffic to port 80. > > > > The Squid machine has no issues if I browse the web from command line, > > eg. 'links

[squid-users] (no subject)

Hi, I'm trying to connect from a LAN client with IP addr. 10.215.144.48 to a web server through Squid 3 + Tproxy. As you can see from the logs here below, there seems to be a timeout: https://pastebin.com/2Jka4es1 The Squid machine has no issues if I browse the web from command line, eg.

[squid-users] squid + antivirus

I installed squid as a transparent HTTP proxy on a Linux gateway. LAN HTTP port 80 traffic is redirected through squid default port. httpd_accel_host virtual and hhtpd_accel_port 80. I have Apache2 installed and listening on port 80. I'm a novice in this field. What is the easiest solution for

[squid-users] squid + antivirus

I haven't tried squid-vscan because it seems to be based on an older Squid release. Any suggestions? Is Dansguardian with antivirus plugin the only popular choice of the moment? Thanks in advance --- [EMAIL PROTECTED] wrote: I installed squid as a transparent HTTP proxy on a Linux gateway. LAN