Re: [squid-users] Help with squid Proxy

On Wednesday 12 July 2023 at 18:11:08, Andrés Leandro Regalado wrote: > I implemented squid proxy in a small office to filter the internet and now it > blocks the communication of the mail client with the mail server, I need to > know how I can allow outlook or thunderbird to work through squid.

Re: [squid-users] Help to understand tcp_denied in access.log

.squid-cache.org Assunto: Re: [squid-users] Help to understand tcp_denied in access.log On 4/13/23 21:23, andre.bolin...@articatech.com wrote: I'm seeing to many requests to website mainnet.infura.io, by analyzing the access.log seams that the website is blocked Which directive/mechanism

Re: [squid-users] Help to understand tcp_denied in access.log

-users Em Nome De Alex Rousskov Enviada: 14 de abril de 2023 04:01 Para: squid-users@lists.squid-cache.org Assunto: Re: [squid-users] Help to understand tcp_denied in access.log On 4/13/23 21:23, andre.bolin...@articatech.com wrote: > I'm seeing to many requests to website mainnet.infura.io,

Re: [squid-users] Help to understand tcp_denied in access.log

On 4/13/23 21:23, andre.bolin...@articatech.com wrote: I'm seeing to many requests to website mainnet.infura.io, by analyzing the access.log seams that the website is blocked Which directive/mechanism blocks them (e.g., http_access, reply_body_max_size, ICAP/eCAP, etc.)? Each TCP_DENIED

Re: [squid-users] Help with using Squid proxy and VPN at the same time.

On Mon, 20 Feb 2023 02:21:52 -, Amos Jeffries wrote: On 20/02/2023 10:26 am, Peter Hucker wrote: I use a Squid proxy just for Boinc (I have 8 PCs and it caches the downloads which all 8 machines get (large data files). I also use a VPN. I want to tell the VPN to not put Squid through it

Re: [squid-users] Help with using Squid proxy and VPN at the same time.

On 20/02/2023 10:26 am, Peter Hucker wrote: I use a Squid proxy just for Boinc (I have 8 PCs and it caches the downloads which all 8 machines get (large data files). I also use a VPN. I want to tell the VPN to not put Squid through it (as for some reason Boinc servers hate VPNs). I can tell

Re: [squid-users] help to redirect http request to another squid proxy

On 26/02/21 8:47 pm, jmpatagonia wrote: Hello I need help to redirect request http/https from a specific domain to another squid proxy server. Like a domain for example microsoft.com redirect o transfer all request to another squid proxy server. Firstly, "redirect"

Re: [squid-users] Help with with delay pools

On 15/10/20 7:52 am, Service MV wrote: > Hello everyone, I don't know if anyone can help me with this configuration. > > acl Domain_Users note group AQUAAAUV7TIfbORUj8PLQv4YAQIAAA== > delay_pools 1 > delay_class 1 1 > delay_parameters 1 250/250 > delay_access 1 allow Domain_User >

Re: [squid-users] Help Request: How to deal with Basic Authentication

FYI; if this file is only accessed by the Squid auth helper (usually the case) it should be in /etc/squid or a sub-dir under there and have the proxy group read access (no write). Ownership should be root or an admin account with permission to add/remove entries, Squid does not need those

Re: [squid-users] Help Request: How to deal with Basic Authentication

Thanks Amos, problems has been fixed, it's because of my passwd file couldn't be read by user squid, I wrongly placed it at root user's home directory and forgot to change its owner attributes. On 2020/9/17 6:34 PM, Amos Jeffries wrote: I see Squid being told to accept valid credentials. What

Re: [squid-users] Help Request: How to deal with Basic Authentication

On 17/09/20 5:22 pm, Wind Lee wrote: > Hi all, > > I'm trying to set up a http(s) proxy with Basic Authentication, for now > it works fine without auth, but as long as I add those auth part, it > keeps rejecting auth request from client side, such as keeps requesting > username and password on

Re: [squid-users] Help

On 30.05.20 16:35, santosh panchal wrote: We have setup outbound proxy in AWS for private infra We have put required entry in /etc/profile what "required entry"? and try to install package on ubuntu machine but getting error as it is not going over the internet Error Connecting to

Re: [squid-users] Help with FTP native proxy squid 3.5

On 4/29/20 3:45 PM, Dawood Aijaz wrote: > I am able to configure an FTP proxy through HTTP however I need a native > FTP. I was told squid supports as of Cv3.5.But I am unable to find any > help regarding configuration and any tutorial to help me do this task > > Can anyone share configuration

Re: [squid-users] Help regarding configuring a native FTP proxy

On 27.04.20 18:46, Dawood Aijaz wrote: After Amos Jeffries pointed out that there is native FTP support in squid as of Cv3.5.But I am unable to find any help regarding configuration and any tutorial to help me do this task Can anyone share configuration for setting up native FTP proxy, I

Re: [squid-users] help with TC_MISS/200

On 7/04/20 10:13 am, Juan Manuel P wrote: > Hello a implementing a reverse transparent  proxy, connected directed to > internet with round-robin balance to two internal again reverse > transparent proxy. > There is no such thing as "reverse transparent proxy". "reverse proxy" and "transparent

Re: [squid-users] Help with HTTPS SQUID 3.1.23 https proxy not working

Thanks for help me, I fix my problem now I can see SuCarroRD.com Bing.com and more. Thanks for your Help. I will recommend this site to my another friends. Have good day -- Sent from:

Re: [squid-users] Help with HTTPS SQUID 3.1.23 https proxy not working

On 21.09.19 02:51, KleinEdith wrote: Squid as the https proxy not working # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src

Re: [squid-users] Help with HTTPS SQUID 3.1.23 https proxy not working

Squid as the https proxy not working # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible

Re: [squid-users] help with helper

On 4/09/19 1:13 am, jmperrote wrote: > Hello Amos, yes but how can I identified that is on the first request ?? > It will be first? but what does first actually mean? first this year? first today? first this second? HTTP is stateless. There is no concept of "second request" etc. outside of

Re: [squid-users] help with helper

Hello Amos, yes but how can I identified that is on the first request ?? Else squid request to autentificate and later when invoque the helper again request to autentificate. I handle recover the user from squid cache (cachmanager) on the helper, for asking if the user previous exist, but

Re: [squid-users] help with helper

On 3/09/19 10:35 pm, jmperrote wrote: > Hello we have a helper to validate users on squid reverse proxy, and > have a problem on the first validation time !! > > On a normal day the first validation, when a user open the client > browser squid invoque the pop/up and users insert user/password

Re: [squid-users] Help with IP forwarder on squid

On 28.08.19 09:22, jmperrote wrote: Hello Matus thanks for the answer, but on the apache backend server we just receip request from the reverse proxy, and we mounted software for DDOS on the apache server, so we need to identified the ip from reverse proxy for DDOS work. and this is eaxctly

Re: [squid-users] Help with IP forwarder on squid

Hello Matus thanks for the answer, but on the apache backend server we just receip request from the reverse proxy, and we mounted software for DDOS on the apache server, so we need to identified the ip from reverse proxy for DDOS work. regards. El 28/8/19 a las 08:40, Matus UHLAR - fantomas

Re: [squid-users] Help with IP forwarder on squid

On 28.08.19 07:59, jmperrote wrote: Hello we have a reverse proxy squid and on the backend a apache server with anti DDOS software. Any request on the apache comming from the same ip of the reverse proxy because it is forwader to the apache backend. We need that the apache server receip the

Re: [squid-users] help to disconnect users after determinated time. TTL

On 16/08/19 3:30 am, jmperrote wrote: > Hello Emmanuel, we finish implementing a solution on PHP script, getting > the TTL time < 0 on the cachemgr, and it work. > > The problem is that the param --> auth_param basic credentialsttl 3 > minutes, give this time (180 seconds), but if the user still

Re: [squid-users] help to disconnect users after determinated time. TTL

Hello Emmanuel, we finish implementing a solution on PHP script, getting the TTL time < 0 on the cachemgr, and it work. The problem is that the param --> auth_param basic credentialsttl 3 minutes, give this time (180 seconds), but if the user still navigating on the site, this value "Check

Re: [squid-users] help to disconnect users after determinated time. TTL

Le 13/08/2019 à 16:44, jmperrote a écrit : > Hello, we have a squid reverse proxy, and use the param "auth_param > basic credentialsttl 10 minutes" to disconnect users that are inactive > for a time, but this NOT work, because later a users validated on a > reverse proxy can continue navigating

Re: [squid-users] Help with HTTPS SQUID 3.1.23

On 27/06/19 1:29 am, Anderson Rosario wrote: > I can not access to HTTPS sites, 3 weeks ago was working fine, without > doing any change in the topology update or config stopped and it is not > working with HTTPS sites. it keeps loading and I recieve a message from > navegators The connection to

Re: [squid-users] Help with transparent whitelisting proxy on Squid 4.4

On 27/06/19 11:39 am, Jared Fox wrote: > Hi Amos > > So i have tried the following based on your suggestions, but it is > still failing and have errors below: > > 1. Switched to a wildcard whitelist instead of single domain > 2. Updated the logformat to provide more information, see below: > 3.

Re: [squid-users] Help with transparent whitelisting proxy on Squid 4.4

Hi Amos So i have tried the following based on your suggestions, but it is still failing and have errors below: 1. Switched to a wildcard whitelist instead of single domain 2. Updated the logformat to provide more information, see below: 3. Add in `--client-requested`, but this made no

Re: [squid-users] Help with transparent whitelisting proxy on Squid 4.4

On 26/06/19 2:45 pm, Jared Fox wrote:> > == Bad news / Major Blocker == > https connections to cloud tracing is still being blocked, these are > TLS 1.2 and uses SNI as seen via tcpdump. > Okay, now that you have the v4 capabilities: * Please add %ssl::bump_mode to your log so we can see easily

Re: [squid-users] Help with transparent whitelisting proxy on Squid 4.4

Hi Amos / Squid-Users So some good news and bad news and i'm still blocked. == Good news == I have managed to get Squid 4.7 running on Centos 7.6.1810, with the squid & squid-helpers binary rpms from `http://www1.ngtech.co.il/repo/centos/$releasever/$basearch/`. FYI: The squid-helpers rpm does

Re: [squid-users] Help with transparent whitelisting proxy on Squid 4.4

Thank you Amos I will update the Squid config and give Squid-helpers 3.5 a go today and let you know. Do you have any idea why only some tls 1.2 connections would work with the whitelisting.? Thanks Jared DevOps Architect - Practiv On Tue, Jun 25, 2019 at 9:04 PM Amos Jeffries wrote: > > On

Re: [squid-users] Help with transparent whitelisting proxy on Squid 4.4

On 25/06/19 1:24 pm, Jared Fox wrote: > Hi Squid-Users > > I need your help! > > So i have had been using Squid 3.5.20 (installed on Amazon Linux 2) > and its acting as a transparent ssl proxy with whitelist of allowed > addresses. I want to avoid running a mitm proxy and having to add CA >

Re: [squid-users] help with reverse proxy sending user to peer

On 17/05/19 2:56 am, jmperrote wrote: > > OK now I want to know it is posible to get or recover from the ldap an > attribute for later deliver this attribute to the peer server on same > way that I deliver on the header the username. See

Re: [squid-users] help with reverse proxy sending user to peer

Hello again Amos, finally on my reverse-proxy a could deliver to the upstream peer/server the data (username) that I need, using the directive request_header_add X-Remote-User "%ul" This is the user captured from authentication (%ul  User name) and validated for --> auth_param basic program

Re: [squid-users] help with reverse proxy sending user to peer

Thanks a lot Amos, a try to use this for testing. Regards. El 16/5/19 a las 06:24, Amos Jeffries escribió: On 16/05/19 3:26 am, jmperrote wrote: Hello Amos, we use --> auth_param basic program ./.../auth.php for authenticate teh user to the reverse proxy. auth_param is full HTTP

Re: [squid-users] help with reverse proxy sending user to peer

On 15/05/19 12:09 pm, jmperrote wrote: > hello I need a help to know it is posible with squid to pass the > username autenticated on reverse proxy to the peer ? > Firstly, please be aware that the username you may see in proxy logs is not required to be authenticated. In modern Squid it just has

Re: [squid-users] HELP! Ssl_bump - acl , dstdomain , denied by fqdn need ip

On 1/25/19 1:15 AM, Александр Александрович Березин wrote: > 0 192.168.50.10 TCP_DENIED/200 0 CONNECT 208.64.202.87:443 - HIER_NONE/- - Looks like your http_access rules deny some (or all) CONNECT requests, probably during SslBump step1. This is not related to your ssl_bump rules. Examine those

Re: [squid-users] HELP! Ssl_bump - acl , dstdomain , denied by fqdn need ip

On 25/01/19 9:15 pm, Александр Александрович Березин wrote: > Please HELP! >   > Hello dear members of the community > excuse me for disturbing me, but I could not find an answer to the > question, so I speak to you, sorry again >   > i have >   ... > > in /etc/squid.conf > > ... > > acl

Re: [squid-users] Help: squid restarts and squidGuard die

Hi Eliezer, I apologize! I don't know why I stopped receiving emails from the squid users list. Only today I see the thread in nabble.com and I see that it has 23 posts! Regarding your question, I didn't investigate the error of squidGuard... I started to migrate my lists to native squid lists as

Re: [squid-users] Help: squid restarts and squidGuard die

Hey Gabriel, The thread seems to me as a milestone in this mailing list and in Squid-Cache history. >From what I understood there is an issue when SquidGuard receives a specific >line from Squid. In this whole long thread I have not seen any debug logs of what SquidGuard receives from

Re: [squid-users] Help: squid restarts and squidGuard die

On 25/09/18 7:07 AM, Marcus Kool wrote: > The sub-thread starts with "do not use the url rewriter helper because > of complexity" The thread started earlier than that, with essentially "move simple rules to squid.conf" On 18/09/18 6:38 AM, Amos Jeffries wrote: > > I recommend you convert as many

Re: [squid-users] Help: squid restarts and squidGuard die

On 25/09/18 3:46 AM, Donald Muller wrote: > I will be downloading the blacklists from the internet and I'm sure that there > will be sites that I want to whitelist via > > acl whitelist dstdomain "/some folder path/whitelist.acl" > http_access allow whitelist > > What logging do I need to enable

Re: [squid-users] Help: squid restarts and squidGuard die

The sub-thread starts with "do not use the url rewriter helper because of complexity" and ends with that the (not less complex) external acl helpers are fine to use. And in between there is an attempt to kill the URL rewriter interface. It would be a lot less confusing if you started with

Re: [squid-users] Help: squid restarts and squidGuard die

to access is blacklisted so I can add it to the whitelist? Thanks > -Original Message- > From: squid-users On Behalf > Of Donald Muller > Sent: Friday, September 21, 2018 1:18 PM > To: Amos Jeffries ; squid-users@lists.squid- > cache.org > Subject: Re: [squid-users] Help: sq

Re: [squid-users] Help: squid restarts and squidGuard die

> -Original Message- > From: squid-users On Behalf > Of Amos Jeffries > Sent: Thursday, September 20, 2018 3:50 PM > To: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] Help: squid restarts and squidGuard die > > On 21/09/18 3:46

Re: [squid-users] Help: squid restarts and squidGuard die

On 09/20/2018 02:41 PM, Amos Jeffries wrote: > Squid does not close or break any client connections when reconfigured. IIRC, this statement is inaccurate (unfortunately): Reconfiguring Squid may break client connections that Squid has not started processing yet. The connections already being

Re: [squid-users] Help: squid restarts and squidGuard die

On 09/20/2018 01:50 PM, Amos Jeffries wrote: > On 21/09/18 3:46 AM, Donald Muller wrote: >> Does Squid monitor dstdomain files for changes and reload them or does a '-k >> reconfigure' need to be issued? > Not currently. I'm looking for a nice portable way to do file watching. > Patches

Re: [squid-users] Help: squid restarts and squidGuard die

On 21/09/18 3:46 AM, Marcus Kool wrote: > > On 20/09/18 08:46, Amos Jeffries wrote: >> On 19/09/18 11:49 PM, Marcus Kool wrote: >>> >>> On 18/09/18 23:03, Amos Jeffries wrote: On 19/09/18 1:54 AM, neok wrote: > Thank you very much Amos for putting me in the right direction. > I

Re: [squid-users] Help: squid restarts and squidGuard die

On 21/09/18 3:46 AM, Donald Muller wrote: > >> -Original Message- >> From: Matus UHLAR - fantomas >> Sent: Thursday, September 20, 2018 7:16 AM >> >> On 19.09.18 20:47, Donald Muller wrote: >>> So instead of using squidguard are you saying you should use something >> like the following?

Re: [squid-users] Help: squid restarts and squidGuard die

On 20/09/18 08:46, Amos Jeffries wrote: On 19/09/18 11:49 PM, Marcus Kool wrote: On 18/09/18 23:03, Amos Jeffries wrote: On 19/09/18 1:54 AM, neok wrote: Thank you very much Amos for putting me in the right direction. I successfully carried out the modifications you indicated to me.

Re: [squid-users] Help: squid restarts and squidGuard die

> -Original Message- > From: squid-users On Behalf > Of Matus UHLAR - fantomas > Sent: Thursday, September 20, 2018 7:16 AM > To: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] Help: squid restarts and squidGuard die > > On 19.09.18 20:47, Do

Re: [squid-users] Help: squid restarts and squidGuard die

I'm saying the purpose of the url_rewrite_* API in Squid is to tell Squid whether the URL (only) needs some mangling in order for the server/origin to understand it. It can re-write transparently with all the problems that causes to security scopes and URL sync between the endpoints. Or redirect

Re: [squid-users] Help: squid restarts and squidGuard die

On 19/09/18 11:49 PM, Marcus Kool wrote: > > On 18/09/18 23:03, Amos Jeffries wrote: >> On 19/09/18 1:54 AM, neok wrote: >>> Thank you very much Amos for putting me in the right direction. >>> I successfully carried out the modifications you indicated to me. >>> Regarding ufdbGuard, if I

Re: [squid-users] Help: squid restarts and squidGuard die

Processing of those is very inefficient inside of squid. -Original Message- From: squid-users On Behalf Of Amos Jeffries Sent: Tuesday, September 18, 2018 10:04 PM To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] Help: squid restarts and squidGuard die On 19/09/18 1:54 AM,

Re: [squid-users] Help: squid restarts and squidGuard die

rted in alphabetical order? Don > -Original Message- > From: squid-users On Behalf > Of Amos Jeffries > Sent: Tuesday, September 18, 2018 10:04 PM > To: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] Help: squid restarts and squidGuard die > > On 19/0

Re: [squid-users] Help: squid restarts and squidGuard die

On 18/09/18 23:03, Amos Jeffries wrote: On 19/09/18 1:54 AM, neok wrote: Thank you very much Amos for putting me in the right direction. I successfully carried out the modifications you indicated to me. Regarding ufdbGuard, if I understood correctly, what you recommend is to use the

Re: [squid-users] Help: squid restarts and squidGuard die

Thank you for this information Amos! :) I had ufdbguard as possible replacement in my list, your info about it beeing a fork, is the reason that I will switch to it soon. Thanks :) Am 19. September 2018 04:03:39 MESZ schrieb Amos Jeffries : >On 19/09/18 1:54 AM, neok wrote: >> Thank you very

Re: [squid-users] Help: squid restarts and squidGuard die

On 19/09/18 1:54 AM, neok wrote: > Thank you very much Amos for putting me in the right direction. > I successfully carried out the modifications you indicated to me. > Regarding ufdbGuard, if I understood correctly, what you recommend is to use > the ufdbConvertDB tool to convert my blacklists in

Re: [squid-users] Help: squid restarts and squidGuard die

Thank you very much Amos for putting me in the right direction. I successfully carried out the modifications you indicated to me. Regarding ufdbGuard, if I understood correctly, what you recommend is to use the ufdbConvertDB tool to convert my blacklists in plain text to the ufdbGuard database

Re: [squid-users] Help: squid restarts and squidGuard die

Just want to add, I use SquidGuard in two High load setups and never ran into issues. I didnt integrate it as url rewrite helper but as external acl helper and it works great with 800 Users.. Am 17. September 2018 20:38:06 MESZ schrieb Amos Jeffries : >On 18/09/18 3:37 AM, Service MV wrote:

Re: [squid-users] Help: squid restarts and squidGuard die

On 18/09/18 3:37 AM, Service MV wrote: > Dear Ones, I draw on your experience in seeking help to determine > whether or not it is possible to achieve the configuration I am looking > for, due to a strange error I am having. FYI: SquidGuard has not been maintained for many years now. I recommend

Re: [squid-users] Help Team Squid

On 13/08/18 12:30, John Renzi Manzo wrote: > Good day team squid, >                  Please help me, >                  I am using squid 3.0 in our windows server 2012 r2, i > already configure it. First thing is please try an upgrade. Squid-3.0 was deprecated in 2010. For more current packages

Re: [squid-users] Help with WCCP: Cisco 1841 to Squid 3.5.25 on Ubuntu 16

On 09/05/18 18:36, Ilias Clifton wrote: > Ubuntu box is able to connect to the internet ok. If client PCs are > configured to use the Ubuntu box as proxy on port 3128 it works correctly. > > No hits in access.log for any transparent clients via wccp.. No network > response at all from Ubuntu. >

Re: [squid-users] Help with WCCP: Cisco 1841 to Squid 3.5.25 on Ubuntu 16

rom: "Alex K" <rightkickt...@gmail.com> To: "Ilias Clifton" <adili...@gmx.com> Cc: squid-users@lists.squid-cache.org Subject: Re: [squid-users] Help with WCCP: Cisco 1841 to Squid 3.5.25 on Ubuntu 16 Is the ubuntu able to reach Internet? Do you see any events at squid ac

Re: [squid-users] Help with WCCP: Cisco 1841 to Squid 3.5.25 on Ubuntu 16

On 09/05/18 16:59, Ilias Clifton wrote: > >  Hi Alex, > > On the wccp0 interface I only see traffic arriving in 1 direction - original > client ip to destination ip. > > The ubuntu box only has a single ethernet interface - Sorry, that should > have been in my original question. I see the

Re: [squid-users] Help with WCCP: Cisco 1841 to Squid 3.5.25 on Ubuntu 16

t > made a difference.. but same result. > > > > > Sent: Wednesday, May 09, 2018 at 2:37 PM > From: "Alex K" <rightkickt...@gmail.com> > To: "Ilias Clifton" <adili...@gmx.com> > Cc: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] Hel

Re: [squid-users] Help with WCCP: Cisco 1841 to Squid 3.5.25 on Ubuntu 16

ists.squid-cache.org Subject: Re: [squid-users] Help with WCCP: Cisco 1841 to Squid 3.5.25 on Ubuntu 16 Hi,   At the wccp0  interface do you see bidirectional http traffic? If the squid box has multiple interfaces, do you see traffic on its wan interface? That traffic might need NATing. Also I w

Re: [squid-users] Help with WCCP: Cisco 1841 to Squid 3.5.25 on Ubuntu 16

Hi, At the wccp0 interface do you see bidirectional http traffic? If the squid box has multiple interfaces, do you see traffic on its wan interface? That traffic might need NATing. Also I would check if squidbox drops any packages in case you have firewall configured on it. Alex On Wed, May

Re: [squid-users] help with the error TCP_MISS_ABORTED/000

Amos, tell me what more you need to analyze the incident. Every time that I access to this http://www.rionegro.gov.ar I have the error TCP_MISS_ABORTED/000, but also if access to ssl version https://www.rionegro.gov.ar the error NOT

Re: [squid-users] help with the error TCP_MISS_ABORTED/000

Juan Manuel P wrote: I am using Squid Cache: Version 3.5.12, but some pages give me the next error: 1/Feb/2018:18:14:40 -0300 || - || 10.12.43.20 || TCP_MISS_ABORTED/000|| GET || http://www.rionegro.gov.ar/download/images/00033494.jpg

Re: [squid-users] help with the error TCP_MISS_ABORTED/000

1519672183.376  3 192.168.201.10 TCP_MEM_HIT/200 99641 GET http://www.rioneg ro.gov.ar/download/images/00033494.jpg - HIER_NONE/- image/jpeg Request size = 99,641 No problem on 3.5.27 and 5.0.0. Try to upgrade proxy first. 27.02.2018 00:57, Juan Manuel P пишет: > I am using Squid Cache:

Re: [squid-users] Help with UA filtering in https connections

On 01/03/2018 10:38 AM, Matus UHLAR - fantomas wrote: >> In a general case, the admin has to pick between two evils: >> >> * Allow TLS handshakes with arbitrary servers on TLS ports (my sketch) >> >> * or tell Squid to respond with error pages that the user cannot see >>  (without bypassing

Re: [squid-users] Help with UA filtering in https connections

On 01/03/2018 05:52 AM, Matus UHLAR - fantomas wrote: On 02.01.18 09:06, Alex Rousskov wrote: On 01/02/2018 07:08 AM, Matus UHLAR - fantomas wrote: On 02.01.18 06:04, squidnoob wrote: http_access allow CONNECT safe_ports http_access deny CONNECT the two lines above unconditionally allow

Re: [squid-users] Help with UA filtering in https connections

On 01/03/2018 05:52 AM, Matus UHLAR - fantomas wrote: > On 02.01.18 09:06, Alex Rousskov wrote: >> On 01/02/2018 07:08 AM, Matus UHLAR - fantomas wrote: >>> On 02.01.18 06:04, squidnoob wrote: http_access allow CONNECT safe_ports http_access deny CONNECT >>> the two lines above

Re: [squid-users] Help with UA filtering in https connections

On 03.01.18 13:52, Matus UHLAR - fantomas wrote: http_access deny CONNECT !safe_ports ... in this case you can deny the connect request later, unlike the previous example, where the CONNECT was allowed and further checks are done. corrected: _no_ futher checks are done. -- Matus UHLAR -

Re: [squid-users] Help with UA filtering in https connections

On 02.01.18 09:06, Alex Rousskov wrote: On 01/02/2018 07:08 AM, Matus UHLAR - fantomas wrote: On 02.01.18 06:04, squidnoob wrote: http_access allow CONNECT safe_ports http_access deny CONNECT the two lines above unconditionally allow CONNECT anywhere, This is incorrect. The lines deny

Re: [squid-users] Help with UA filtering in https connections

On 01/02/2018 07:08 AM, Matus UHLAR - fantomas wrote: > On 02.01.18 06:04, squidnoob wrote: >> http_access allow CONNECT safe_ports >> http_access deny CONNECT >> I understand adding this line that you suggested as it's not already >> there. >> http_access deny !safe_ports Yes, this or similar

Re: [squid-users] Help with UA filtering in https connections

On 02.01.18 06:04, squidnoob wrote: In my existing config, i have: # delay filtering decisions until we get to bumped requests http_access allow CONNECT safe_ports http_access deny CONNECT I understand adding this line that you suggested as it's not already there. http_access deny !safe_ports

Re: [squid-users] Help with UA filtering in https connections

In my existing config, i have: # delay filtering decisions until we get to bumped requests http_access allow CONNECT safe_ports http_access deny CONNECT I understand adding this line that you suggested as it's not already there. http_access deny !safe_ports However, i don't understand why i

Re: [squid-users] Help with UA filtering in https connections

On 30/12/17 05:32, squidnoob wrote: Ahh that's it! Thank you for your help! For anyone interested, i'm posting the working config i'm using. Hopefully this helps someone. This config allows clients to tunnel arbitrary traffic through your proxy to another one listening on port 80 without

Re: [squid-users] Help with UA filtering in https connections

Yes to clarify, this is basically trying to filter server egress traffic to the internet. It's not for internal server to other internal server traffic. -- Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html ___

Re: [squid-users] Help with UA filtering in https connections

Ahh that's it! Thank you for your help! For anyone interested, i'm posting the working config i'm using. Hopefully this helps someone. # # Working on squid version: 3.5.23 # # The general purpose of this configuration is: # - only allow a set of whitelisted domains through the proxy # - option

Re: [squid-users] Help with UA filtering in https connections

On 2017-12-29 11:59, squidnoob wrote: Hi there, I'm a squid noob. I have been trying to configure squid for the past 3 days looking high and low on the interwebs and have not found exactly what i'm looking for. Here's the context: - the squid server is running in a server environment. It

Re: [squid-users] Help with UA filtering in https connections

On 12/28/2017 03:59 PM, squidnoob wrote: > Here are my goals: > - i only want a handful of domains to be accessible. > - i want to allow certain UA's to bypass the whitelist rules. Since you appear to have full control over the environment, have you tried bumping everything and applying your

Re: [squid-users] Help to Compile Squid for Windows

Hi. > SBuf.cc:760:61: error: ‘memrchr’ was not declared in this scope > const void *i = memrchr(buf(), (int)c, (size_type)endPos); I encounterd this problem too. To avoid this, you may edit "config.status" as described below after running "/.configure". -D["HAVE_MEMRCHR"]=" 1"

Re: [squid-users] Help troubleshooting proxy<-->client https

Thank you very much Amos and Alex for the helpful explanations, high level of detail, and for tracking down that this combo is not possible at this time. We're going to evaluate what to do next with this info. I'll probably be following up with more questions soon. -M On Fri, Jun 2, 2017 at

Re: [squid-users] Help troubleshooting proxy<-->client https

On 06/01/2017 01:26 PM, Alex Rousskov wrote: > On 06/01/2017 11:29 AM, Alex Rousskov wrote: > * HTTPS proxy is a rarely used feature that works well for some. > * SslBump is a frequently used feature that works well enough for some. > Disclaimer: I do not know of anybody using the _combination_

Re: [squid-users] Help troubleshooting proxy<-->client https

On 06/01/2017 11:29 AM, Alex Rousskov wrote: > On 05/31/2017 08:15 PM, Masha Lifshin wrote: >> If we want to only allow encrypted traffic between the browser and >> proxy, does that mean we'd only want to use the following line from your >> example? >> # HTTPS proxy; clients establish TLS

Re: [squid-users] Help troubleshooting proxy<-->client https

On 05/31/2017 08:15 PM, Masha Lifshin wrote: > > Sorry for the imprecise language, I mean not interception but rather > accepting connections to that port. Our browsers will be explicitly > configured to connect our proxy, so I believe that is not interception? You are correct. It is explicit

Re: [squid-users] Help troubleshooting proxy<-->client https

On 01/06/17 14:15, Masha Lifshin wrote: Thank you, very helpful. Some more clarifying questions for you. Sorry for the imprecise language, I mean not interception but rather accepting connections to that port. Our browsers will be explicitly configured to connect our proxy, so I believe

Re: [squid-users] Help troubleshooting proxy<-->client https

Thank you, very helpful. Some more clarifying questions for you. Sorry for the imprecise language, I mean not interception but rather accepting connections to that port. Our browsers will be explicitly configured to connect our proxy, so I believe that is not interception? If we want to only

Re: [squid-users] Help troubleshooting proxy<-->client https

On 05/31/2017 02:42 PM, Masha Lifshin wrote: > What I am trying to achieve is > 1. an https connection between the client and squid proxy, as well as > 2. listen on port 80 for http traffic, > 3. on port 443 for ssl traffic, and > 4. apply ssl-bump to the ssl traffic. If I parsed your

Re: [squid-users] Help troubleshooting proxy<-->client https

Dear Alex, Thank you very much for your helpful reply. I have a follow up question. What I am trying to achieve is an https connection between the client and squid proxy, as well as listen on port 80 for http traffic, on port 443 for ssl traffic, and apply ssl-bump to the ssl traffic. I am

Re: [squid-users] Help troubleshooting proxy<-->client https

On 05/26/2017 12:00 AM, Masha Lifshin wrote: > I have added an https_port directive > to squid.conf, but it must be misconfigured. > http_port 172.30.0.67:443 ... > https_port 172.30.0.67:443 ... You are right -- your Squid is misconfigured. You cannot use the same address for two ports.

Re: [squid-users] Help to Compile Squid for Windows

On 05/08/2017 08:29 AM, Tobias Tromm wrote: > I receive the following error, with i fix by changing > the line mentioned to " const void *i = memchr(buf(), (int)c, > (size_type)endPos); " > > someone probably has to change the fsource file with have the typo... This is not a typo: There is a

Re: [squid-users] Help to Compile Squid for Windows

squid-users@lists.squid-cache.org Assunto: Re: [squid-users] Help to Compile Squid for Windows On 09/05/17 00:13, Tobias Tromm wrote: > > Hi. > > > So I am trying now to compile the last version > squid-3.5.25-20170504-r14155 > <http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.

Re: [squid-users] Help to Compile Squid for Windows

On 09/05/17 00:13, Tobias Tromm wrote: Hi. So I am trying now to compile the last version squid-3.5.25-20170504-r14155 |05 May 2017| for Windows with Cygwin and I am having the erros on attached

Re: [squid-users] Help to Compile Squid for Windows

For testing purpose I enable "--disable-external-acl-helpers" and now I receive the following error, with i fix by changing the line mentioned to " const void *i = memchr(buf(), (int)c, (size_type)endPos); " someone probably has to change the fsource file with have the typo... c

  1   2   3   4   5   6   7   >