Hi Squid Community,
the last weeks it felt that more and more websites are going to be
"incompatible" with Squid SSL bump.
Some Websites are not displayed at all and a "403 Forbidden" from their proxy
is displayed, others are displayed very ugly because some CSS is missing due to
HTTP Error
Hi Squid Community,
how can I configure Squid to create SSL Bump Certifications with only 3-12
months date of expiry?
Currently, Squid SSL bumped Certifications are valid 20 years in my case, way
too long, as Apple & Google & Mozilla will trust only <1 Year SSL
certifications in the future.
Hi av,
have had the same issue due to authenticate any user before passing the proxy.
Squid couldn't fetch the intermediate certificates.
I added the following in squid.conf before the line "acl Authenticated_Users
proxy_auth REQUIRED":
###
#Allow fetch intermediate certs before required
> The configuration is as follows:
>
> ```shell
> # Squid normally listens to port 3128
> always_direct allow all
> ssl_bump bump all
> sslproxy_cert_error allow all
> http_port 3128 ssl-bump cert=/etc/squid/squid.pem key=/etc/squid/squid.pem
> generate-host-certificates=on options=NO_SSLv2
>
Hi Stan,
when you are using NTLM according the latest sentence in
https://wiki.squid-cache.org/ConfigExamples/Authenticate/Ntlm (very bottom):
"Note that when using NTLM authentication, you will see two "TCP_DENIED/407"
entries in access.log for every request. This is due to the
For my understanding, with (NTLM) authentication every request needs to be
authenticated. Therefore you will see TCP_DENIED/407 anytime before TCP_***/200
because the request needs to be authenticated anytime again.
Anybody else correct me if I am wrong ;-)
Schroeffu
4. Dezember 2019 15:09,
ags: nsswitch
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
Hi Lukas
for my understanding you have to decrypt the SSL connection with SSL bump,
otherwise Squid is unable to read what mime type is going through the ssl
tunneled connection.
lot regards
schroeffu
7. Mai 2019 22:41, "Lukas Yčas" mailto:lukasy...@gmail.com?to=%22Lukas%20Y%C4%8Das%22%20)>
Hi Squid Users,
with Squid 4.6 I cannot open these 2 domains when SSL bump is enabled:
https://www.hays.de
https://www.plantronics.com
Both are showing me a different type of error, details below.
I could not find any HPKP site or subdomain there, so I guess Squid has another
problem with this
Hey Squid Users, I have Squid 4.6 running and Chrome cannot display ftp://
links.
Chrome is downloading the directory listing as a file with HTML code inside,
instead of displaying it.
Example URL: ftp://ftp.adobe.com/pub/connect/updaters/meeting/10_1
Hi all,
i am trying to solve the problem, that SQUID is caching all the big files (for
example 1GB) before sending them to the client, but the connected ICAP virus
scanner is configured with max_file_size 2MB and scan_timeout 5 seconds. So all
bigger files, or longer scanning times, should
Hi all,
I am getting the following error while opening https://www.hawesko.de with
Squid 4.4 and sslbump.
Deactivate bumping makes the error disappear.
Error:
--
The following error was encountered while trying to retrieve the URL:
https://www.hawesko.de
ESI Processing failed.
The
> Hi,
>
> Works “well” on my squid v 4.4 (patched) “ debian 9.
>
> Although the site does not load well, squid does not die:
>
> (…)
>
> TCP_MISS/502 1609 GET
> https://cache.drcleaner.com/extend/home/js/jquery-2.0.0.min.js -
> ORIGINAL_DST/99.84.27.102 text/html
>
> TCP_MISS/403 684 GET
>
Hi all,
my Squid 4.4 with SSL bump is crashing while trying to open this website:
https://www.drcleaner.com/de/dr-cleaner/
(https://www.drcleaner.com/de/dr-cleaner/)
So, after trying open this site with SSL bump enabled, no Squid process is
running anymore. Just. Dead.
What can I do for debug
Changing the error_directory to non-english like german or italian, the ssl
bump error messages like "expired certificate" or "self signed certificated"
are not showing anymore. Browser is just displaying an ugly error 503. But,
other error messages like "access denied" are displayed properly,
> FYI: By placing that "all" ACL (or any other non-authentication ACL) at
> the end of your access line you are currently making Squid *not* fetch
> credentials from users.
>
> If the UA/Browser is so insecurely configured that it broadcasts user
> credentials out to the network without being
Hello and thanks for your explanation.
What kind of ACL would then match "all squid internal requests" to allow
without authentification?
> For most modern Squids, this http_access policy is, IMO, incorrect
> because it blocks internally-generated requests, such as requests for
> missing
Hi.
I've configured a firewall in our company with pfSense using Squid as
proxy server. I made it work combined with Diladele to show graphs,
filter logs, configure blocked sites, etc.
What I'm trying to do now is to use an external certificate from a
trusted certificate authority (in this
for about couple hours
http://webchat.freenode.net/?channels=squid
On 07/08/2014 10:19 PM, Info OoDoO wrote:
Configured Squid 3.4.6 again with all the options, still facing the same
issue.
Thanks,
Ganesh J
On Tue, Jul 8, 2014 at 11:55 PM, Nyamul Hassan nya...@gmail.com wrote:
We were
using in
Mikrotik. Can you check if they match yours?
Regards
HASSAN
On Thu, Jul 10, 2014 at 6:28 AM, Info OoDoO i...@oodoo.co.in wrote:
Hi,
I'm using Microtik 1100 AH X2 Router,
here is my Basic Data from your latest script.
http://pastebin.com/GHkD5yYx
Thanks,
Ganesh J
On Wed, Jul 9
have covered all the steps mentioned in that section?
Regards
HASSAN
On Tue, Jul 8, 2014 at 2:37 AM, Info OoDoO i...@oodoo.co.in wrote:
Thanks Hassan,
Now the request are passing through Squid but Failing with 110
Connection Timed Out Error.
When I use transparent Mode its working fine. Any
shows all the rp_filter in your system.
The second shows if they are indeed set to 0 as needed.
Please do a pastebin for both sysctl.conf and the outputs of the find
commands.
Regards
HASSAN
On Tue, Jul 8, 2014 at 2:34 PM, Info OoDoO i...@oodoo.co.in wrote:
Thanks Hassan,
I have covered
header data.
Now, try to browse from client, and pastebin the output of both
cache.log tcpdump.
Regards
HASSAN
On Tue, Jul 8, 2014 at 4:54 PM, Info OoDoO i...@oodoo.co.in wrote:
Thanks Hassan,
Yes I have the following settings done.
Please see the details in the pastebin
http
+Eliezer
Thanks,
Ganesh J
On Tue, Jul 8, 2014 at 11:46 PM, Info OoDoO i...@oodoo.co.in wrote:
Sorry for the other mail chain. it was opened accidentally yesterday.
Thanks for the response.
please find the required data below.
http://pastebin.com/Abs3QmMe -- cache.log
http
Yes.. it is installed..
libcap-devel.x86_64 2.16-5.5.el6 @base
Thanks,
Ganesh J
On Tue, Jul 8, 2014 at 11:49 PM, Nyamul Hassan nya...@gmail.com wrote:
For your kind attention, i have not installed Squid 3.1.10 from YUM. I
have Compiled and installed from the
Sorry, I installed it recently and it was not there when i compiled
and configured squid from source.
Thanks,
Ganesh J
On Tue, Jul 8, 2014 at 11:52 PM, Info OoDoO i...@oodoo.co.in wrote:
Yes.. it is installed..
libcap-devel.x86_64 2.16-5.5.el6 @base
Thanks
also try the latest stable
version 3.4.6?
Regards
HASSAN
On Wed, Jul 9, 2014 at 12:24 AM, Info OoDoO i...@oodoo.co.in wrote:
Sorry, I installed it recently and it was not there when i compiled
and configured squid from source.
Thanks,
Ganesh J
On Tue, Jul 8, 2014 at 11:52 PM, Info
=/usr/share/info' '--enable-internal-dns'
'--disable-strict-error-checking' '--exec_prefix=/usr'
'--libexecdir=/usr/lib64/squid' '--localstatedir=/var'
'--datadir=/usr/share/squid' '--sysconfdir=/etc/squid'
'--with-logdir=$(localstatedir)/log/squid'
'--with-pidfile=$(localstatedir)/run/squid.pid
Thanks Hassan,
Now the request are passing through Squid but Failing with 110
Connection Timed Out Error.
When I use transparent Mode its working fine. Any Idea..!!
Thanks,
Ganesh J
Thanks,
OodoO Fiber,
+91 8940808080
www.oodoo.co.in
On Tue, Jul 8, 2014 at 1:16 AM, Nyamul Hassan
I'm running centos6 server 64 bit with squid 3.3 as a transparent proxy
server and I'm using a blacklist. I installed squid from the tarball with
'--enable ssl' and the program starts fine.
The blacklist is working for http sites but not for https sites. The
relevant lines I have in squid.conf
Hi,
Does squid load acl rules in memory? For example, a list of allowed IP
addresses.
If so, how to turn that off so that squid will check the acl file every
time?
Best regards,
Info @ AnchorFree Wireless
Dear Sir/madam,
i have 2 internet connection.1-via lised line (2way) 2- recive only by
satellite with some valid IP.
now my users ues of lieasd line and i have squid cache and work correctly.
now i want my users get thire HTTP requests only from My satelite
services. which change i must do in my
I'm running Squid 2.5 Stable4 on Linux Mandrake 8.2
Squid_auth_ldap helper to authenticate users coming into our network
through our gateway
I have to authenticate users that come from our gateway only (others don't
need to autheticate)
And I have to set different Internet access level for
http_access deny auth_user all
#deny all others
http_access deny all
#
Henrik Nordstrom [EMAIL PROTECTED]
06/02/2003 14:40
Pour : Yannick MASSE/INFO/FR/DELMAS [EMAIL PROTECTED]
cc :[EMAIL PROTECTED]
Objet : Re: [squid
34 matches
Mail list logo