-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 24.10.2016 22:19, Nicolas Valera пишет: > Hi Yuri, thanks for the answer! > > we don't have the squid in transparent mode in this network. So, you route all traffic to proxy box?
> the squid configuration is very basic. here is the conf: > > ------------------------------------------------------------------------- > http_port 1280 connection-auth=off > forwarded_for delete > httpd_suppress_version_string on > client_persistent_connections off > > cache_mem 16 GB > maximum_object_size_in_memory 8 MB > > url_rewrite_program /usr/bin/squidGuard > url_rewrite_children 10 > url_rewrite_access allow all > > acl numeric_IPs dstdom_regex ^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9a-f]+)?:([0-9a-f:]+)?:([0-9a-f]+|0-9\.]+)?\])):443 > acl Skype_UA browser ^skype > > acl SSL_ports port 443 563 873 1445 2083 8000 8088 10017 8443 5443 7443 50001 > acl Safe_ports port 80 82 88 182 210 554 591 777 873 1001 21 443 70 280 488 > acl Safe_ports port 1025-65535 # unregistered ports > > acl CONNECT method CONNECT > acl safe_method method GET > acl safe_method method PUT > acl safe_method method POST > acl safe_method method HEAD > acl safe_method method CONNECT > acl safe_method method OPTIONS > acl safe_method method PROPFIND > acl safe_method method REPORT > acl safe_method method MERGE > acl safe_method method MKACTIVITY > acl safe_method method CHECKOUT > > http_access deny !Safe_ports > http_access allow CONNECT localnet numeric_IPS Skype_UA > http_access deny CONNECT !SSL_ports > http_access deny !safe_method > http_access allow localnet > http_access allow localhost > http_access deny all > > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern Packages\.tar$ 0 20% 4320 refresh-ims ignore-no-cache > refresh_pattern Packages\.bz2$ 0 20% 4320 refresh-ims ignore-no-cache > refresh_pattern Sources\.bz2$ 0 20% 4320 refresh-ims ignore-no-cache > refresh_pattern Release\.gpg$ 0 20% 4320 refresh-ims > refresh_pattern Release$ 0 20% 4320 refresh-ims > refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims ignore-no-cache > refresh_pattern -i windowsupdate.com/.*\.(esd|cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims ignore-no-cache > refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims ignore-no-cache > refresh_pattern -i live.net/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims ignore-no-cache > refresh_pattern . 0 20% 4320 > > ------------------------------------------------------------------------- > > please, can you send me your settings for ssl bump? Copy-n-paste unknown configs is very bad idea, Nicolas. > > thanks again! > nicolás. > > On 10/23/2016 07:28 PM, Yuri Voinov wrote: >> > > > 24.10.2016 4:11, N V пишет: > >>> hi there, > >>> i've had problems with windows skype clients with the only internet > connection is through squid. the clients can login successful but when > they make a call, it hangs after 12 secconds. > >>> > >>> I checked the client connections and see that attempts to connect > directly even if the proxy is properly configured. > Exactly, Skype does not use HTTP to calls. So, why you expect it calls > should goes via proxy? > >>> > >>> my squid version is 3.5.12 > >>> the skype clients have the last version available. > >>> does anyone have the same issues? > >>> any idea? > With properly configured ssl bump and transparent proxy we have not any > problems with skype. I don't know your details. > >>> > >>> thanks in advance! > >>> Nicolás. > >>> > >>> pd. sorry about my english > >>> > >>> > >>> > >>> _______________________________________________ > >>> squid-users mailing list > >>> squid-users@lists.squid-cache.org > >>> http://lists.squid-cache.org/listinfo/squid-users > >> >> >> >> _______________________________________________ >> squid-users mailing list >> squid-users@lists.squid-cache.org >> http://lists.squid-cache.org/listinfo/squid-users >> > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users - -- Cats - delicious. You just do not know how to cook them. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJYDjURAAoJENNXIZxhPexGJAYH/jWHDNBJz43d17Lx1iUZSn1N 88PER8+AcS9aVlAzBWnu7uSu2yCWdcmMMNz1g5O2PYOnzuzMpyBHd2fKZFgksoP8 azdw5AXeHT9FOvXnY1qjGGWmn/vcBXC06NDpA8OEeuW9qNpEoRYR/0LQUrAOokW3 vLFft2FWT127ZK5c2DlD/p7yPrW7FmlovSkMlAAoe+sXkMMmPomSu75PhDBv3dKs HCsTpama4Cwv+huJg/HDMyOLCsy4uiYZoFmilNiOF92Hg6RNq18LymVqe2FX0IlY guY1U/DrkugmeGF1n8M+6Z5VWhR1Nhq2+lna9wlozRF1EqfuwsYT/a6EUSkx/LU= =fHtH -----END PGP SIGNATURE-----
0x613DEC46.asc
Description: application/pgp-keys
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
