By the help of God.
I'm using squid 4.15
When I said transparent proxy I meant to say that I'm using tproxy
configuration with iptables redirection.
Squid returns http 503 and when bypassing squid I see http 302.
What do you think is the best way to overcome this problem?
Thanks,
Ben
בתאריך
On 2/09/21 10:43 pm, Ben Goz wrote:
By the help of God.
I configured squid to be transparent proxy with ssl bump
I saw that when the users trying to access next.co.il or pinterest.com
They observed squid errors sometimes it's connection refused sometimes
connection timed out
But when I bypass
By the help of God.
I configured squid to be transparent proxy with ssl bump
I saw that when the users trying to access next.co.il or pinterest.com
They observed squid errors sometimes it's connection refused sometimes
connection timed out
But when I bypass squid proxy it's working fine.
I saw
On 23/06/20 2:50 am, Tanner wrote:
> I have squid set up as a transparent outbound proxy using version 3.5.
> When upgrading to 4.12, I am seeing an error "Error parsing SSL Server
> Hello Message on FD XX" that did not happen before. Here is my config:
>
...
>
> Previous to 4.12, if I tried to
I have squid set up as a transparent outbound proxy using version 3.5. When
upgrading to 4.12, I am seeing an error "Error parsing SSL Server Hello
Message on FD XX" that did not happen before. Here is my config:
http_port 3129 intercept
cache_effective_user squid
cache_effective_group squid
03.01.2018 02:13, Amos Jeffries пишет:
> On 03/01/18 02:48, Roberto Carna wrote:
>> Dear, I've setup a Squid transparent proxy + Squidgard on pfSEnse 2.4
>> in order to filter HTTP and HTTPS web content for different types of
>> WiFi clients on my company:
>>
>> - Android (different versions)
>>
On 03/01/18 02:48, Roberto Carna wrote:
Dear, I've setup a Squid transparent proxy + Squidgard on pfSEnse 2.4
in order to filter HTTP and HTTPS web content for different types of
WiFi clients on my company:
- Android (different versions)
- Notebooks Windows 7/10
- Iphone
- Etc.
In some cases,
Dear, I've setup a Squid transparent proxy + Squidgard on pfSEnse 2.4
in order to filter HTTP and HTTPS web content for different types of
WiFi clients on my company:
- Android (different versions)
- Notebooks Windows 7/10
- Iphone
- Etc.
In some cases, depending on the device Operating System,
On 2/12/2016 6:27 a.m., klops wrote:
> Does this mean the squid box has to be the overall gateway for the internal
> network for transparrancy to work?
That is just one option. The other two are routing or tunnel, as I
mentioned in the second sentence.
>
> The reason the proposed setup the way
Does this mean the squid box has to be the overall gateway for the internal
network for transparrancy to work?
The reason the proposed setup the way it is is because AWS VPC service has
a service based NAT gateway which we have not low level control over and it
is the default gateway. We want to
On 29/11/2016 10:33 a.m., kevin2345 wrote:
Hello, new to squid here. I'm trying to setup a transparent proxy with squid
for my internal hosts to reach outbound destinations. We are hosted in AWS
with a VPC setup and multiple subnets. The squid host is in a "public"
subnet that has outbound
Hello, new to squid here. I'm trying to setup a transparent proxy with squid
for my internal hosts to reach outbound destinations. We are hosted in AWS
with a VPC setup and multiple subnets. The squid host is in a "public"
subnet that has outbound access, while the other subnets are "private"
On 8/09/2016 11:54 p.m., John Sayce wrote:
> Yeah, that was the key. I was expecting my firewall to be doing NAT but
> destination NAT rather than source NAT. I hadn't realised this was
> completely wrong.
>
> Got it working now.
Source-NAT is fine and sometimes needed to translate between
] On Behalf
Of Antony Stone
Sent: 08 September 2016 10:00
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Transparent Proxy
On Thursday 08 September 2016 at 10:44:12, John Sayce wrote:
> After I wrote this I realised it should be changing the mac not the
> ip, which is not
y routing.
Regards,
Antony.
> -Original Message-
> From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On
> Behalf Of Antony Stone Sent: 08 September 2016 09:36
> To: squid-users@lists.squid-cache.org
> Subject: Re: [squid-users] Transparent Proxy
>
>
: 08 September 2016 09:36
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Transparent Proxy
On Thursday 08 September 2016 at 10:12:48, John Sayce wrote:
> For testing purposes I've reduced it to the following:
>
> http_port 3128 intercept
> #dns_v4_first on
>
On Thursday 08 September 2016 at 10:12:48, John Sayce wrote:
> For testing purposes I've reduced it to the following:
>
> http_port 3128 intercept
> #dns_v4_first on
> dns_nameservers 10.8.2.3 194.168.4.100 10.8.2.2 8.8.8.8
> acl wifi src 10.8.14.0/24
> acl all src all
> http_access allow all
>
-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of Antony Stone
Sent: 07 September 2016 10:27
To: 'squid-users@lists.squid-cache.org'
Subject: Re: [squid-users] Transparent Proxy
On Wednesday 07 September 2016 at 10:51:49, John Sayce wrote:
>
On 7/09/2016 9:27 p.m., Antony Stone wrote:
> On Wednesday 07 September 2016 at 10:51:49, John Sayce wrote:
>
FYI: Jon. Please be careful about yoru use of teh word "forward" and
"forwarding". Both NAT and routing are methods of forwarding, but which
one is used at each particular step of the
On Wednesday 07 September 2016 at 10:51:49, John Sayce wrote:
> I believe so. The specific command I used was:
>
> iptables -t nat -A PREROUTING -i ens33 -p tcp --dport 80 -j REDIRECT
> --to-port 3128
>
> (For some reason my adapter is ens33, I have no idea why it's not eth0.
> Squid is set
translation? when the packet is sent back to
the client?
-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of Antony Stone
Sent: 07 September 2016 09:28
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Transparent Proxy
I'm trying to set up a transparent proxy but I'm fairly sure I'm missing
something.
I've followed the instructions on the juniper website along with a couple of
other blogs as per:
https://damn.technology/using-squid-juniper-pbr-transparent-proxy
> -Original Message-
> From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
> Of Amos Jeffries
> Sent: Thursday, September 1, 2016 11:05 AM
> To: squid-users@lists.squid-cache.org
> Subject: [EXTERNAL] Re: [squid-users] Transparent Pro
On 1/09/2016 5:59 a.m., Shively, Gregory wrote:
>> On 31/08/2016 11:19 a.m., Shively, Gregory wrote:
>
>>> I'm attempting to get a squid working as a transparent proxy on
>>> OSX
>
>>> Yosemite. Every attempt ended with a "Forward loop detected". I
>
>>> initially started with the version from
> On 31/08/2016 11:19 a.m., Shively, Gregory wrote:
> > I'm attempting to get a squid working as a transparent proxy on OSX
> > Yosemite. Every attempt ended with a "Forward loop detected". I
> > initially started with the version from homebrew and moved to just
> > compiling myself to see if
On 31/08/2016 11:19 a.m., Shively, Gregory wrote:
> I'm attempting to get a squid working as a transparent proxy on OSX
> Yosemite. Every attempt ended with a "Forward loop detected". I
> initially started with the version from homebrew and moved to just
> compiling myself to see if I could figure
I'm attempting to get a squid working as a transparent proxy on OSX Yosemite.
Every attempt ended with a "Forward loop detected". I initially started with
the version from homebrew and moved to just compiling myself to see if I could
figure out what was going on. Being new to both pf network
I have a Squid/Dansguardian proxy server that successfully works when
the client web browser is manually configured to use the proxy address:port.
What I want to do is configure a transparent proxy server, presuming I
wouldn't have to manually configure browsers.
My LAN environment diagram:
On 2/10/2015 8:15 a.m., Jake wrote:
> I have a Squid/Dansguardian proxy server that successfully works when
> the client web browser is manually configured to use the proxy address:port.
>
> What I want to do is configure a transparent proxy server, presuming I
> wouldn't have to manually
On 14/07/2015 8:34 a.m., John Pearson wrote:
Thanks Yuri for the response, I understand. I do have Shorewall configured
and I understand the security implications. My Router is also the Wireless
AP, so I want to try out this setup without having to buy another Wireless
AP.
I don't mind it
I use a bit another configuration:
http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv15Wccp2
As you can see, squid box placed between two routers. Front router uses
NAT to white IP, back router has no NAT and configured with WCCPv2
redirection. DMZ configured between two routers.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Ah,
forgot about:
Your squid in scheme I wrote will have static gray IP. And this IP must
be excluded from DHCP pool on router.
14.07.15 2:15, John Pearson пишет:
Hi Everyone,
My setup is: Internet -- Squid-eth0 -- Squid-eth1 -- Router --
Thanks Yuri for the response, I understand. I do have Shorewall configured
and I understand the security implications. My Router is also the Wireless
AP, so I want to try out this setup without having to buy another Wireless
AP.
I don't mind it being complex, do you have any suggestions on
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Too complex setup for simple task.
You can simple re-connect squid box before router and configure it as
gateway for devices. And setup NAT redirection directly onto squid box.
Something like this:
Internet - Router + DHCP + NAT --
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Note:
If you want to use two NIC onto Squid box, you need to configure this
box TCP stack as a static router.
But more better to aggregate both NIC and connect router and squid box
with switch.
14.07.15 2:15, John Pearson пишет:
Hi Everyone,
On 8/07/2015 1:54 a.m., S.Kirschner wrote:
Amos Jeffries wrote
On 7/07/2015 11:45 p.m., S.Kirschner wrote:
I think the issues exist because the reverse lookup dont got the anwser
sparkasse.de, but why it does not use the hostname from the dns request
to
the dns-server ?
Because Squid is
On 7/07/2015 11:45 p.m., S.Kirschner wrote:
Hi I´m using squid version 3.5.3 as transparent proxy in pfsense and got an
issue with my configuration.
I would like to bump ssl connections and some should be spliced(for the
example I used sparkasse.de), in my case banking sites should be
Amos Jeffries wrote
On 7/07/2015 11:45 p.m., S.Kirschner wrote:
I think the issues exist because the reverse lookup dont got the anwser
sparkasse.de, but why it does not use the hostname from the dns request
to
the dns-server ?
Because Squid is not a DNS server.
The HTTP message details
On 1/07/2015 6:21 a.m., Chris Greene wrote:
I’ve had Squid running on Ubuntu for a few weeks. I’d configured the
proxy settings in the browsers. Everything has been working well and
I've been pleased with the results. But now I need to make this a
transparent proxy and I’m running into
I’ve had Squid running on Ubuntu for a few weeks. I’d configured the proxy
settings in the browsers. Everything has been working well and I've been
pleased with the results. But now I need to make this a transparent proxy
and I’m running into trouble need some help.
I’ve got a Destination
On 2015-06-30 12:21 PM, Chris Greene wrote:
I’ve had Squid running on Ubuntu for a few weeks. I’d configured the
proxy settings in the browsers. Everything has been working well and
I've been pleased with the results. But now I need to make this a
transparent proxy and I’m running into
: Wednesday, May 13, 2015 12:48:45 PM
Subject: Re: [squid-users] transparent proxy
On 13/05/2015 8:45 p.m., Simon Dcunha wrote:
Dear All,
I want to implement transparent proxy with wccp2. kindly appreciate if
someone can advise me a link explaining the steps to follow
That would be the Squid
Dear All,
I want to implement transparent proxy with wccp2. kindly appreciate if someone
can advise me a link explaining the steps to follow
regards
simon
--
-
Network Administrator
Kuwait Municipality!!!
--
This message has been scanned for viruses and
dangerous content by
On 13/05/2015 8:45 p.m., Simon Dcunha wrote:
Dear All,
I want to implement transparent proxy with wccp2. kindly appreciate if
someone can advise me a link explaining the steps to follow
That would be the Squid wiki.
http://wiki.squid-cache.org/ConfigExamples#Interception
Amos
On 22/04/2015 12:43 a.m., jaykbvt wrote:
Hi Amos,
Thanks for reply.
local=*10.58.200.33:80 remote=10.210.83.249:*3375 FD 10 flags=33: accepted
since squid is able to understand which client is requesting and following
lines talks
On 22/04/2015 7:31 a.m., jaykbvt wrote:
Hi Amos,
Thanks for reply,
I think I got ur point. If I understood correctly,
if a user makes request for http://www.wikipedia.org then the client request
header should look like:
src: client_IP:random_port
dst: wikipedia.org(ip_address):http
So, what?
What's the problem?
21.04.15 16:44, jaykbvt пишет:
Hi,
My squid is configured in interception mode with
http_port 3130
http_port 3129 intercept
squid is running with single network card. request comes from the Cisco ISG
and internet is also allowed from the same Cisco ISG only.
On 21/04/2015 10:44 p.m., jaykbvt wrote:
Hi,
My squid is configured in interception mode with
http_port 3130
http_port 3129 intercept
squid is running with single network card. request comes from the Cisco ISG
and internet is also allowed from the same Cisco ISG only.
I think the Cisco
Hi,
As suggested by Amos...I've configured squid box with bellow mentioned
config.
I followed this doc
http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat
1. Configured iptables as:
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
On 8/04/2015 9:20 p.m., Jaydeep Kubavat wrote:
Hi,
I've configured a transparent squid proxy on a centos 6.6 with single NIC.
There is Cisco ISG in between with L4 redirection on www traffic.
The requests are coming on port 80 from client and ISG forwards that to
port 80 on my squid
Hi,
I've configured a transparent squid proxy on a centos 6.6 with single NIC.
There is Cisco ISG in between with L4 redirection on www traffic.
The requests are coming on port 80 from client and ISG forwards that to
port 80 on my squid server.
So there is no iptables configured on squid
Hi,
first of all what error do you get at client side? Timeout? Blank Page?
I'm also running squid in an ISG setup, my squid version is Squid Cache: Version
3.1.10 on Centos 6.5
Few things to check:
1) please ensure the iptables-rules are hit correctly by issuing .f.e:
iptables -t mangle -vnL
Yeap, squid perfectly splice the destination domain after step1 or
step2 or step3 when the browser is set to use proxy directly.
But, it does not work in case of transparent proxy. Squid uses the
destination IP address instead of SNI details.
The example of using client IP address is below:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 28/11/2014 2:48 a.m., Vadim Rogoziansky wrote:
Hello Amos.
Thank you for answer.
There was made an investigation related to squid's peek and splice
issues in transparent mode. One-line explanation is as follows - in
intercept mode squid
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 26/11/2014 7:22 a.m., Vadim Rogoziansky wrote:
Hello All.
My goal is to do ssl bumping in transparent proxy mode with domain
exclude possibility. Let me tell you about squid's strange
behaviour when I'm trying to do it.
In browsers it
Hello All.
My goal is to do ssl bumping in transparent proxy mode with domain
exclude possibility.
Let me tell you about squid's strange behaviour when I'm trying to do it.
In browsers it says something like this:
/This server could not prove that it is www.ukr.net; its security
certificate
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 6/10/2014 4:24 p.m., Robert Watson wrote:
still trying to get this working. To eliminate the self signed
certificate issue, I got a official signed certificate from
Starfield Tech. LLC. They've sent two certifcates but I'm unsure
how to use
HI
I am trying to set up a router that allows a group of devices on a
network to access the internet via Dansguardian and squid.
I am setting it up as a transparent proxy and locking down the ports
with IPtables.
I am using IPtables to redirect connections on port 80 from the client
and
I asked this question in
http://serverfault.com/questions/606373/transparent-proxy-cache-on-bgp-multihome
please answer me here or there .
Provider A have transparent caching with squid .
In the situation which a client has multihome BGP with provider A and
provider B then client does not send
On 21/06/2014 1:12 a.m., Omid Kosari wrote:
I asked this question in
http://serverfault.com/questions/606373/transparent-proxy-cache-on-bgp-multihome
please answer me here or there .
Provider A have transparent caching with squid .
In the situation which a client has multihome BGP with
Hello,
I've configured a transparent proxy as TProxy4
(http://wiki.squid-cache.org/Features/Tproxy4).
But I don't see anything in squid access log.
* OS = Linux Fedora 20.
* Cache log says at start-up :
2014/02/19 12:23:53 kid1| Accepting WCCPv2 messages on port 2048, FD 11.
Hey,
I did not read the whole setup so sorry but I have written this article:
http://wiki.squid-cache.org/ConfigExamples/UbuntuTproxy4Wccp2
in the past which is very likely to help you to understand.
first disable SELINUX then make sure with tcpdump in what level is the
issue.
Hope it Helps,
Hey Eliezer,
Thanks for the pointer...
selinux is disabled. no problem in this side.
Cisco sees it :
cata6#sh ip wccp web-cache view
WCCP Routers Informed of:
192.168.201.165
WCCP Cache Engines Visible:
194.214.158.207
194.214.158.189 ---
WCCP
On 30/11/2013 10:26 a.m., Monah Baki wrote:
Hi all,
I'm trying to setup a transparent proxy squid 3.3.9 using the following URL:
http://www.broexperts.com/2013/03/squid-as-transparent-proxy-on-centos-6-4/
What's the difference between
http_port 3128 transparent
The above expects
Hi Amos,
Thanks for the explanation. I switched to intercept yet once I restart
squid, I am still seeing the No forward proxy ports configured.
The same machine later on will also be running IPtables since it has 2
NIC's in it.
Monah
On Sat, Nov 30, 2013 at 4:56 AM, Amos Jeffries
On 11/30/2013 03:33 PM, Monah Baki wrote:
Hi Amos,
Thanks for the explanation. I switched to intercept yet once I restart
squid, I am still seeing the No forward proxy ports configured.
The same machine later on will also be running IPtables since it has 2
NIC's in it.
You need both one
Thanks, error went away. All remains is my IPTable rules.
On Sat, Nov 30, 2013 at 7:45 AM, Pavel Kazlenka
pavel.kazle...@measurement-factory.com wrote:
On 11/30/2013 03:33 PM, Monah Baki wrote:
Hi Amos,
Thanks for the explanation. I switched to intercept yet once I restart
squid, I am still
Hi all,
I'm trying to setup a transparent proxy squid 3.3.9 using the following URL:
http://www.broexperts.com/2013/03/squid-as-transparent-proxy-on-centos-6-4/
What's the difference between
http_port 3128 transparent
and
http_port 3128
If I where to configure with http_port 3128
Hi Loïc,
Thank you for your tip.
I found the solution.
This helpt me.
Interception Proxying with PF
=
To configure an interception (a.k.a. transparent) proxy, Squid should be
configured in ${SYSCONFDIR}/squid.conf to bind to a specific address, for example:
Hello,
I guess it is an easy setup but i can’t get it work.
The Setup looks like thank:
(Internet) - (DSL-Modem) -- em0 [Soekris] em1- (LAN)
- OpenBSD 5.3.
- Squid 3.2.7 (installation by pkg_add -i squid)
my /etc/squid.conf
#
# Recommended minimum
On Mon, 4 Nov 2013 16:05:38 +0100
Marc Sontowski m...@sontowski.net wrote:
# Pass all traffic to and from the local network, using quick
so that later
# rules are not evaluated if a packet match this. Some rulesets
would restrict
# local traffic
On Mon, Nov 04, 2013 at 04:33:29PM +0100, Marko Cupać wrote:
On Mon, 4 Nov 2013 16:05:38 +0100
Marc Sontowski m...@sontowski.net wrote:
# Pass all traffic to and from the local network, using quick
so that later
# rules are not evaluated if a packet match this.
Before we dive deeper into this, let's clarify:
- Do you have OpenBSD as a gateway to the Internet?
- Are your physical interfaces named em0 and em1?
- Is em0 connected to LAN, em1 to your ISP?
- Can you ping some public IP address from OpenBSD box?
- Can you browse the Web through OpenBSD gateway
On Mon, Nov 04, 2013 at 07:33:18PM +0100, Marko Cupać wrote:
Before we dive deeper into this, let's clarify:
- Do you have OpenBSD as a gateway to the Internet?
Yes
- Are your physical interfaces named em0 and em1?
Yes
- Is em0 connected to LAN, em1 to your ISP?
em0 = ISP
em1 = LAN
-
On Mon, 4 Nov 2013 20:15:17 +0100
Marc Sontowski m...@sontowski.net wrote:
# The internal interface (connected to the local network)
ext_if=em0
# The external interfaces (connected to the ipv4 and ipv6 network)
int_if=em1
Strangely enough, your interface macro names are switched in regard to
On OpenBSD i'm not using the configuration you mentioned for squid with
OpenBSD (5.2).
Here is mine:
# Normal for with WPAD
http_port 3128
# http redirected port
http_port 3129 intercept
# https redirected port
https_port 3130 intercept ssl-bump cert=/etc/ssl/squid.crt
key=/etc/ssl/squid.key
Hey,
I was wondering to myself?
Why do you intercept traffic using Amazon?
You should host your proxy close enough to have good response time which
is ok if Amazon is close enough.
In order to perform your goal you will need to use the right interfaces
rules in IPTABLES.
What are you using
Setup: VPN -- SQUID (both in Amazon EC2 classic instances, not VPC)
1) SQUID works fine by itself when I tried by configuring the browser (and
before setting SQUID as transparent proxy).
2) VPN (strongswan) works fine by itself as well.
Now I added a few iptables rules to route traffic to SQUID
El 07/08/13 16:02, Roman Gelfand escribió:
Is there a way I could control access to various sites based on user
irregardless of workstation they are on? All in transparent proxy.
Thanks in advance
I did this a long time ago.
I had a terminal server, so all the users came from the same IP.
I
On 8/08/2013 11:38 p.m., Alfredo Rezinovsky wrote:
El 07/08/13 16:02, Roman Gelfand escribió:
Is there a way I could control access to various sites based on user
irregardless of workstation they are on? All in transparent proxy.
Thanks in advance
I did this a long time ago.
I had a
Is there a way I could control access to various sites based on user
irregardless of workstation they are on? All in transparent proxy.
Thanks in advance
On Wednesday 07 August 2013 at 21:02:53, Roman Gelfand wrote:
Is there a way I could control access to various sites based on user
irregardless of workstation they are on? All in transparent proxy.
If it's transparent, you can't get authentication credentials (username /
password).
Since
Em 27/04/13 07:22, James Harper escreveu:
That's not really a useful answer though, is it?
You can't use the regular http WWW-Authenticate style authentication, but you
can redirect the user to a captive portal style page and have them authenticate to that,
then redirect back to the original
Dear All
Could you please guide me in order to configure authentication for
transparent proxy in squid?
Regards
Amir.
On 27/04/2013 8:52 p.m., Amir Mottaghian wrote:
Dear All
Could you please guide me in order to configure authentication for
transparent proxy in squid?
Please see the FAQ:
On 27/04/2013 8:52 p.m., Amir Mottaghian wrote:
Dear All
Could you please guide me in order to configure authentication for
transparent proxy in squid?
Please see the FAQ:
http://wiki.squid-
cache.org/SquidFaq/InterceptionProxy#Why_can.27t_I_use_authentication
yep, it is an ip based authentication.
On Fri, Feb 22, 2013 at 8:40 PM, Amos Jeffries squ...@treenet.co.nz wrote:
On 23/02/2013 8:48 a.m., Roman Gelfand wrote:
Please, consider the network topology below. I could always configure
outgoing http traffic on the firewall to authenticate with
On 24/02/2013 4:35 p.m., Roman Gelfand wrote:
yep, it is an ip based authentication.
Ah. Which is not authentication. But authorization.
Squid can also do that in transparent mode. The limitation is only about
use of HTTP auth headers on intercepted traffic.
You simply configure an
Please, consider the network topology below. I could always configure
outgoing http traffic on the firewall to authenticate with firewall
user. How is this different from having squid authenticate in
transparent mode?
WAN
On 23/02/2013 8:48 a.m., Roman Gelfand wrote:
Please, consider the network topology below. I could always configure
outgoing http traffic on the firewall to authenticate with firewall
user. How is this different from having squid authenticate in
transparent mode?
That is a good question.
I guess the 2 don't mix as per NOTICE: Authentication not applicable
on intercepted requests. message.
Would it follow user access control via transparent proxy? or is there
a way around the above limitation?
Thanks in advance
On 21/02/2013 4:42 a.m., Roman Gelfand wrote:
I guess the 2 don't mix as per NOTICE: Authentication not applicable
on intercepted requests. message.
Would it follow user access control via transparent proxy? or is there
a way around the above limitation?
Please read the Interception Proxy
On 27/08/2012 10:38 a.m., Roman Gelfand wrote:
Assuming that configuring client browsers' proxy is not a problem, is
there a good (where good overweighs bad) reason to use squid
transparent proxy feature?
The only other usefulness is to catch unconfigured clients and redirect
them at a how to
Assuming that configuring client browsers' proxy is not a problem, is
there a good (where good overweighs bad) reason to use squid
transparent proxy feature?
The reason why I am asking is I just skimmed through squid book and
they are not painting a rosy picture around transparent proxy.
Thanks
My goal is to make suid as transparent proxy. I see several options.
Not sure which one I should be using. I am looking for standard
transparent proxy server.
--enable-ipfw-transparent or --enable-ipf-transparent or --enable-pf-transparent
Thanks in advance
On 8/19/2012 10:00 PM, Roman Gelfand wrote:
My goal is to make suid as transparent proxy. I see several options.
Not sure which one I should be using. I am looking for standard
transparent proxy server.
--enable-ipfw-transparent or --enable-ipf-transparent or --enable-pf-transparent
debian/2.6.26-2-686
Thanks for your help
On Sun, Aug 19, 2012 at 3:14 PM, Eliezer Croitoru elie...@ngtech.co.il wrote:
On 8/19/2012 10:00 PM, Roman Gelfand wrote:
My goal is to make suid as transparent proxy. I see several options.
Not sure which one I should be using. I am looking for
On 8/19/2012 10:18 PM, Roman Gelfand wrote:
debian/2.6.26-2-686
Thanks for your help
Then ip|ipfwipf in not of your concern.
you need linux-netfilter.
Regards,
Eliezer
--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer at ngtech.co.il
El 04/07/12 02:07, Amos Jeffries escribió:
On 04.07.2012 07:05, Linos wrote:
Hi,
i have configured transparent proxy sometimes for the local network LAN,
but
now i want to actually control the output traffic from the machine
running the
squid itself without have to configure manually
Hi,
i have configured transparent proxy sometimes for the local network
LAN, but
now i want to actually control the output traffic from the machine running the
squid itself without have to configure manually browsers and other network
programs, i can't get it to work using iptables, what
1 - 100 of 586 matches
Mail list logo