[squid-users] how to avoid browser finger printing using squid3
Hi all, Can we avoid browser finger printing using squid 3..? Please help me. Regards, krish -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/how-to-avoid-browser-finger-printing-using-squid3-tp4670244.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] syslog using squid-3.4.8
Hi guys, I'm using squid-3.4.8 in my box running on Linux platform. I want to syslog the access_log to remote server. But I don't see any logs on remote server when I use 'NOTICE' priority in my config file. Below is my config file. http_port 3128 transparent access_log syslog:local7.notice netsrc_acl_0 netdst_acl_0 access_log syslog:local7.notice netsrc_acl_1 netdst_acl_1 access_log none all Below is my syslogd.conf: local7.notice @10.0.1.2 Please help me in this issue. Regards, krish -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/syslog-using-squid-3-4-8-tp4669854.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] Re: squid block email
Hi, I mean users can access account( gmail ,yahoo.. etc..), but should not be allowed to send any mail. Is there any options.. ?? Thanks for reply. Regards, krish -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-block-email-tp4666958p4666962.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Re: squid block email
Hi, I have enabled debug_options 73,5 in my squid.conf for HTTP request, but there were no logs found. Any other option.. ? Thanks for reply. Regards, krish -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-block-email-tp4666958p4666966.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Re: Hotmail issue in squid 3.4.4
Hi Eliezer , Please help me in solving this issue. If anyone solved the issue about blank page when we open 'http://www.hotmail.com'. Please reply. Regards, krish -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Hotmail-issue-in-squid-3-4-4-tp4666020p4666957.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] squid block email
Hi all, I'm using squid 3.4.4, I want to block users from sending email(ex: gmail, yahoo, .etc..). Does squid provide any option...?? Regards, krish -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-block-email-tp4666958.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Re: Hotmail issue in squid 3.4.4
Hi Eliezer , OS is CentOS 5.5 uname -a : Linux username 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 i686 i386 GNU/Linux getenforce : Disabled ls -la /etc/squid3/ssl_cert/ total 20 drwxr-xr-x 3 root root 4096 Jun 10 14:33 . drwxr-xr-x 3 root root 4096 Jun 10 14:32 .. -rw-r--r-- 1 root root 848 Jun 10 14:33 myCA.der -rw-r--r-- 1 root root 2091 Jun 10 14:32 myCA.pem drwxr-xr-x 2 root root 4096 Jun 10 14:32 ssl_db Regards, krish -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Hotmail-issue-in-squid-3-4-4-tp4666020p409.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Re: Hotmail issue in squid 3.4.4
Hi Eliezer , Please help me out of this issue. I'm still getting blank page when I open 'https://www.hotmail.com' and the ssld_program is crashing rapidly. Please help me. Thanks in advance. Regards, krish -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Hotmail-issue-in-squid-3-4-4-tp4666020p4666587.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Re: Hotmail issue in squid 3.4.4
Hi Amos, When I created 'ssl_crtd', by default it had 'root' permission, then I changed to my user 'squid' and run. After changing to my user also error comes. But when I ran at command prompt with /usr/local/squid/libexec/ssl_crtd -c -s /etc/squid3/ssl_cert/ssl_db it initialized, then I tried to run from squid conf as mentioned in the doc, sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /etc/squid3/ssl_cert/ssl_db -M 16MB then the error comes: FATAL: The ssl_crtd helpers are crashing too rapidly, need help! Thanks for reply. Regards, krish -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Hotmail-issue-in-squid-3-4-4-tp4666020p4666282.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Re: Hotmail issue in squid 3.4.4
Hi Eliezer, Sorry for late reply as I was busy with some other issues. But I tested long back but was not able to reply you. I tested with your bash script but it throws error all time as: 2014/06/10 10:33:13| Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 19 flags=9 2014/06/10 10:33:13| Accepting NAT intercepted SSL bumped HTTPS Socket connections at local=[::]:3129 remote=[::] FD 20 flags=41 2014/06/10 10:33:13| WARNING: ssl_crtd #Hlpr0 exited 2014/06/10 10:33:13| Too few ssl_crtd processes are running (need 1/10) 2014/06/10 10:33:13| Closing HTTP port [::]:3128 2014/06/10 10:33:13| Closing HTTPS port [::]:3129 2014/06/10 10:33:13| storeDirWriteCleanLogs: Starting... 2014/06/10 10:33:13| Finished. Wrote 0 entries. 2014/06/10 10:33:13| Took 0.00 seconds ( 0.00 entries/sec). FATAL: The ssl_crtd helpers are crashing too rapidly, need help! and my configuration is: http_port 3128 https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=16MB cert=/etc/squid3/ssl_cert/myCA.pem sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /etc/squid3/ssl_cert/ssl_db -M 16MB sslcrtd_children 10 I have gone through forum and search also, as they specify about the change of permission and ownership to my user 'squid' to the ssl directory, but it didn't work. Can you please help me out... Regards, krish -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Hotmail-issue-in-squid-3-4-4-tp4666020p4666279.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Re: Hotmail issue in squid 3.4.4
Hi Amos , I have NAT'ed tcp port 80 and 443 to 3128 and 3129 as below: iptables -t nat -A PREROUTING -i eth1 -s 10.0.0.0/24 -p tcp -m tcp -m multiport --dports 80 -j REDIRECT --to-ports 3128 iptables -t nat -A PREROUTING -i eth1 -s 10.0.0.0/24 -p tcp -m tcp -m multiport --dports 443 -j REDIRECT --to-ports 3129 and configured squid port as: # HTTP browser explicit proxy config http_port 8080 # HTTP port 80 NAT'ed http_port 3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=cert.crt key=cert.key options=... # HTTPS port 443 NAT'ed https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=cert.crt key=cert.key options=... as I'm running squid in transparent mode and used ssl-bump server-first option. I have imported my certificate in the Firefox browser. I want to allow all SSL/TLS version, so I have mentioned as options= in port configuration as mentioned in docs options=Various SSL implementation options. The most important being: NO_SSLv2Disallow the use of SSLv2 NO_SSLv3Disallow the use of SSLv3 NO_TLSv1Disallow the use of TLSv1.0 NO_TLSv1_1 Disallow the use of TLSv1.1 NO_TLSv1_2 Disallow the use of TLSv1.2 SINGLE_DH_USE Always create a new key when using temporary/ephemeral DH key exchanges ALL Enable various bug workarounds suggested as harmless by OpenSSL Be warned that this reduces SSL/TLS strength to some attacks. See OpenSSL SSL_CTX_set_options documentation for a complete list of options. I tried with options=ALL and without options= . But still protocol error exist when I go for 'http://www.hotmail.com'. Am I missing something..? Thanks for replying, krish -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Hotmail-issue-in-squid-3-4-4-tp4666020p4666068.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Re: Hotmail issue in squid 3.4.4
Hi, When I access 'https://www.hotmail.com', I get protocol error with the following logs: The cache log shows as below: 2014/05/21 11:51:42 kid1| fwdNegotiateSSL: Error negotiating SSL connection on FD 21: error:1411809D:SSL routines:SSL_CHECK_SERVERHELLO_TLSEXT:tls invalid ecpointformat list (1/-1/0) The access log shows as below: 1400652009.479 0 10.0.0.2 TAG_NONE/503 4185 GET https://login.live.com/login.srf? - HIER_NONE/- text/html 1400652009.573 0 10.0.0.2 TAG_NONE/400 4064 GET /my-warning - HIER_NONE/- text/html Regards, vin_krish -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Hotmail-issue-in-squid-3-4-4-tp4666020p4666036.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Re: Hotmail issue in squid 3.4.4
Hi Eliezer, When I remove 'transparent' in 'http_port', I get 'Invalid URL' error. I have enabled DNS also. Regards, krish -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Hotmail-issue-in-squid-3-4-4-tp4666020p4666037.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Re: Hotmail issue in squid 3.4.4
Hi Eliezer , I have configured as : http_port 8080 //for forward proxy https_port 3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=cert.crt key=cert.key options= https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=cert.crt key=cert.key options= but still 'protocol error' exists. and I tried http_port 8080 //for forward proxy http_port 3128 https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=cert.crt key=cert.key options= still the same 'protocol error'. Is it due to the self-signed certificate..? It should work when I access http://www.hotmail.com, but it doesn't. As I'm redirecting port 80 to 3128. Thanks for replying, Regards, krish -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Hotmail-issue-in-squid-3-4-4-tp4666020p4666048.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Hotmail issue in squid 3.4.4
Hi all, I have installed squid 3.4.4 on my box(OS:Linux) and running in transparent proxy mode. I have redirected port 80,443 to 3128,3129 using NATing. Below is about port configuration: http_port 8080 //for forward proxy http_port 3128 transparent http_port 3129 transparent ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=cert.crt key=cert.key options= and I using server-first for the acl's But when I browse to www.hotmail.com, I get blank white page. I have used balance_on_mulitple_ip off directive also, but no use. I have gone through the links in the forum but none worked. Please help me through the issue. Regards, krish -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Hotmail-issue-in-squid-3-4-4-tp4666020.html Sent from the Squid - Users mailing list archive at Nabble.com.