Re: [CentOS] Squid and log files

> I don't know if the compressed and archived *.gz log files are supposed > to be erased some time. Anyway, I'd like to make sure they are kept at > least for one full year. > > Where is this defined ? > It's the logrotate system. Look in /etc/logrotate.conf and /etc/logrotate.d/ and 'man

[CentOS] Squid and log files

Hi, I have Squid running on several CentOS proxy servers. Here's what the Squid log file directory looks like on my own server: access.log access.log-20180311.gz access.log-20180319.gz access.log-20180429.gz access.log-20180506.gz access.log-20180514.gz cache.log cache.log-20180416.gz

Re: [CentOS] Squid + SquidGuard : static block page not working

Le 14/03/2018 à 14:40, m.r...@5-cent.us a écrit : > Stupid questions: >0. Does http://nestor.microlinux.lan/avertissement.html exist? >1. What are its ownership and group? >2. Can Apache access that directory and file? > > mark Problem solved.

Re: [CentOS] Squid + SquidGuard : static block page not working

Le 14/03/2018 à 14:40, m.r...@5-cent.us a écrit : > Stupid questions: >0. Does http://nestor.microlinux.lan/avertissement.html exist? >1. What are its ownership and group? >2. Can Apache access that directory and file? > > mark OK, I found the solution. Apparently I have to use a

Re: [CentOS] Squid + SquidGuard : static block page not working

Le 14/03/2018 à 14:40, m.r...@5-cent.us a écrit : > Stupid questions: >0. Does http://nestor.microlinux.lan/avertissement.html exist? >1. What are its ownership and group? >2. Can Apache access that directory and file? > > mark Yes, the page exists, and it can be opened from any

Re: [CentOS] Squid + SquidGuard : static block page not working

Nicolas Kovacs wrote: > Hi, > > I've been working with Squid + SquidGuard for a few years, though only > on Slackware. I'm currently transferring my proxy expertise to CentOS 7, > and right now I'm having a little problem with that. > > Squid works perfectly so far as a transparent HTTP + HTTPS

[CentOS] Squid + SquidGuard : static block page not working

Hi, I've been working with Squid + SquidGuard for a few years, though only on Slackware. I'm currently transferring my proxy expertise to CentOS 7, and right now I'm having a little problem with that. Squid works perfectly so far as a transparent HTTP + HTTPS cache proxy. The next step is to

Re: [CentOS] Squid vs. iptables redirection: exception for certain domains ?

Le 12/03/2018 à 10:37, Nux! a écrit : > Another idea - but this gets complicated and with that, prone to > faults - use a simple shell script to resolve the desired domains and > keep their IPs in an ipset, then use the ipset in your firewall > rules, this way you can keep your iptables rules

Re: [CentOS] Squid vs. iptables redirection: exception for certain domains ?

and simply add or remove IPs from the ipset. -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - > From: "Nicolas Kovacs" <i...@microlinux.fr> > To: "CentOS mailing list" <centos@centos.org> > Sent: Sunday, 11 Ma

Re: [CentOS] Squid vs. iptables redirection: exception for certain domains ?

On Sun, March 11, 2018 7:09 am, Leon Fauster wrote: > Am 11.03.2018 um 11:53 schrieb Nicolas Kovacs : >> >> I've experimented some more, and I have a partial success. Here, I'm >> redirecting all HTTPS traffic *except* the one that goes to my bank: >> >> iptables -A PREROUTING

Re: [CentOS] Squid vs. iptables redirection: exception for certain domains ?

Le 11/03/2018 à 13:09, Leon Fauster a écrit : > It is not a good practice to place domain names into iptables rules. Define > a custom table, place this table into your rule list (to stick at the right > place) and feed that table with the resolved domain names. This can be > altered > while

Re: [CentOS] Squid vs. iptables redirection: exception for certain domains ?

Am 11.03.2018 um 11:53 schrieb Nicolas Kovacs : > > I've experimented some more, and I have a partial success. Here, I'm > redirecting all HTTPS traffic *except* the one that goes to my bank: > > iptables -A PREROUTING -t nat -i $IFACE_LAN -p tcp ! -d >

Re: [CentOS] Squid vs. iptables redirection: exception for certain domains ?

Le 11/03/2018 à 11:01, Nicolas Kovacs a écrit : > So here's what I want to do, in plain words: > > 1. Redirect all HTTP traffic (port 80) to port 3128. So far so good. > > 2. Redirect all HTTPS traffic (port 443) to port 3129. Equally OK. > > AND... > > 3. DO NOT REDIRECT traffic that goes to

[CentOS] Squid vs. iptables redirection: exception for certain domains ?

Hi, I'm currently facing a quite tricky problem. Here goes. I have setup Squid as a transparent HTTP+HTTPS proxy in my local network. All web traffic gets handed over to Squid by an iptables script on the server. Here's the relevant section in /etc/squid/squid.conf:

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Hello Nicolas, On Wed, 28 Feb 2018 23:38:19 +0100 Nicolas Kovacs wrote: > Le 28/02/2018 à 22:32, Itamar Reis Peixoto a écrit : > > I recommend everyone in France to spend their money on a school with > > free internet. > > I'm not sure I understand. Our students sure

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Le 08/03/2018 à 19:09, Leon Fauster a écrit : > Just to rephrase my implicit question: Does your setup works for the > combination Chrome browser and google.com? > > Or in general, what are the limits of your described setup. Just > curious ... Works perfectly.

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Am 08.03.2018 um 18:07 schrieb Nicolas Kovacs : > > Guys. This is the CentOS mailing list, a place to discuss technical > questions... such as web content filtering. Just to rephrase my implicit question: Does your setup works for the combination Chrome browser and

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Le 08/03/2018 à 17:15, hw a écrit : > But you aren´t broadcasting messages, or are you? > > If they mean something like "make data accessible", the only way to > be compliant with such a law is by not providing public access. How > do you distinguish between things that are contrary to basic

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Nicolas Kovacs wrote: Le 08/03/2018 à 11:30, hw a écrit : The government says you must use squidguard to filter something? The law in France (Code Pénal, article 227-24) states that a public network is not allowed to broadcast messages containing violence, pornography or any content contrary

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

On 03/08/18 06:09, Nicolas Kovacs wrote: Le 08/03/2018 à 11:30, hw a écrit : The government says you must use squidguard to filter something? The law in France (Code Pénal, article 227-24) states that a public network is not allowed to broadcast messages containing violence, pornography or

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Le 08/03/2018 à 11:30, hw a écrit : > The government says you must use squidguard to filter something? The law in France (Code Pénal, article 227-24) states that a public network is not allowed to broadcast messages containing violence, pornography or any content contrary to basic human dignity,

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Nicolas Kovacs wrote: Le 06/03/2018 à 18:48, hw a écrit : And how do you get a list of IPs from which data could be retrieved which the students are not supposed to see? How is this done anyway, does the government give out a list of URLs or IPs which you are required to block?  If not, what

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Le 06/03/2018 à 18:48, hw a écrit : > And how do you get a list of IPs from which data could be retrieved > which the students are not supposed to see? > > How is this done anyway, does the government give out a list of URLs > or IPs which you are required to block?  If not, what if you overlook

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Valeri Galtsev wrote: On 03/05/18 08:34, Bill Gee wrote: On Monday, March 5, 2018 7:23:53 AM CST Leon Fauster wrote: Am 05.03.2018 um 13:04 schrieb Nicolas Kovacs : Le 28/02/2018 à 22:23, Nicolas Kovacs a écrit : So far, I've only been able to filter HTTP. Do any of

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Leon Fauster wrote: Am 05.03.2018 um 13:04 schrieb Nicolas Kovacs : Le 28/02/2018 à 22:23, Nicolas Kovacs a écrit : So far, I've only been able to filter HTTP. Do any of you do transparent HTTPS filtering ? Any suggestions, advice, caveats, do's and don'ts ? After a

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Wouldn't filtering the DNS be more practical? On 5 March 2018 at 18:57, Leon Fauster wrote: > > > Am 05.03.2018 um 15:34 schrieb Bill Gee : > > > > > > On Monday, March 5, 2018 7:23:53 AM CST Leon Fauster wrote: > >> Am 05.03.2018 um 13:04

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

of you do transparent HTTPS filtering ? Any suggestions, advice, caveats, do's and don'ts ? Cheers from the snowy South of France, Niki I made a video on doing this yesterday on Debian. If you skip the part about the Debian install and use the CentOS Squid 3.5 packages from the binary package

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

> Am 05.03.2018 um 15:34 schrieb Bill Gee : > > > On Monday, March 5, 2018 7:23:53 AM CST Leon Fauster wrote: >> Am 05.03.2018 um 13:04 schrieb Nicolas Kovacs : >>> Le 28/02/2018 à 22:23, Nicolas Kovacs a écrit : So far, I've only been able to

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

On 03/05/18 10:21, Nicolas Kovacs wrote: Le 05/03/2018 à 16:30, Valeri Galtsev a écrit : Sorry, I missed the beginning of this thread. This sounds to me like running one's own Certification Authority. I did that a while ago for over a decade. However, these days one may consider

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Le 05/03/2018 à 16:30, Valeri Galtsev a écrit : > Sorry, I missed the beginning of this thread. This sounds to me like > running one's own Certification Authority. I did that a while ago for > over a decade. However, these days one may consider > > https://letsencrypt.org/ > > - you will have to

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

On 03/05/18 08:34, Bill Gee wrote: On Monday, March 5, 2018 7:23:53 AM CST Leon Fauster wrote: Am 05.03.2018 um 13:04 schrieb Nicolas Kovacs : Le 28/02/2018 à 22:23, Nicolas Kovacs a écrit : So far, I've only been able to filter HTTP. Do any of you do transparent HTTPS

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

On 03/05/18 07:23, Leon Fauster wrote: Am 05.03.2018 um 13:04 schrieb Nicolas Kovacs : Le 28/02/2018 à 22:23, Nicolas Kovacs a écrit : So far, I've only been able to filter HTTP. Do any of you do transparent HTTPS filtering ? Any suggestions, advice, caveats, do's and

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

The certificate should have *CA:true* set for act a CA for dynamic signing certificates by Squid. Most probably, Let's Encrypt will ignore this constraint in CSR. 2018-03-05 12:33 GMT-03:00 Chris Adams : > Once upon a time, Valeri Galtsev said: > >

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Once upon a time, Valeri Galtsev said: > https://letsencrypt.org/ > > - you will have to run web server to have certificate signed by > them Not necessarily - we do most of our Let's Encrypt validation with DNS rather than HTTP. -- Chris Adams

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

On 03/05/18 06:34, Nicolas Kovacs wrote: Le 05/03/2018 à 13:30, Nux! a écrit : You could probably just drop your CA cert in the filesystem and run a couple of commands to get it imported, rather than having to import the CA in the browsers individually. You could probably deliver it via

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Starting with version 3.5 of Squid, was introduced a new feature named "*SslBump Peek and Splice*". With this functionality, Squid is able to intercept HTTPS traffic transparently (with exceptions, of course). This manner, Squid, with spike, is able to logging HTTPS traffic and apply directives

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

On Monday, March 5, 2018 7:23:53 AM CST Leon Fauster wrote: > Am 05.03.2018 um 13:04 schrieb Nicolas Kovacs : > > Le 28/02/2018 à 22:23, Nicolas Kovacs a écrit : > >> So far, I've only been able to filter HTTP. > >> > >> Do any of you do transparent HTTPS filtering ? Any

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Am 05.03.2018 um 13:04 schrieb Nicolas Kovacs : > > Le 28/02/2018 à 22:23, Nicolas Kovacs a écrit : >> So far, I've only been able to filter HTTP. >> >> Do any of you do transparent HTTPS filtering ? Any suggestions, >> advice, caveats, do's and don'ts ? > > After a week of

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Le 05/03/2018 à 13:30, Nux! a écrit : > You could probably just drop your CA cert in the filesystem and run a > couple of commands to get it imported, rather than having to import > the CA in the browsers individually. You could probably deliver it > via yum/rpm or better yet, ansible or even some

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

. -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - > From: "Nicolas Kovacs" <i...@microlinux.fr> > To: "CentOS mailing list" <centos@centos.org> > Sent: Monday, 5 March, 2018 12:04:59 > Subject: Re: [Cent

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Le 28/02/2018 à 22:23, Nicolas Kovacs a écrit : > So far, I've only been able to filter HTTP. > > Do any of you do transparent HTTPS filtering ? Any suggestions, > advice, caveats, do's and don'ts ? After a week of trial and error, transparent HTTPS filtering works perfectly. I wrote a detailed

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

On Wed, Feb 28, 2018 at 06:43:50PM -0300, Marcelo Ricardo Leitner wrote: > On Wed, Feb 28, 2018 at 10:23:31PM +0100, Nicolas Kovacs wrote: > > Hi, > > > > I've been running Squid successfully on CentOS 7 (and before that on 6 > > and 5), and it's always been running nicely. I've been using it

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Le 28/02/2018 à 22:43, Marcelo Ricardo Leitner a écrit : > I did some experiments ~2 weeks ago. It worked, but I still need to > work on the certificates. Squid will re-issue certificates for those > connections that it intercepts, and if the browser doesn't recognize > the CA, it's going to

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

Le 28/02/2018 à 22:32, Itamar Reis Peixoto a écrit : > I recommend everyone in France to spend their money on a school with > free internet. I'm not sure I understand. Our students sure don't pay for accessing the Internet. > > please tell us the name of your school's. https://www.scholae.fr/

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

On Wed, Feb 28, 2018 at 10:23:31PM +0100, Nicolas Kovacs wrote: > Hi, > > I've been running Squid successfully on CentOS 7 (and before that on 6 > and 5), and it's always been running nicely. I've been using it mostly > as a transparent proxy filter in school networks. > > So far, I've only been

Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?

On 2018-02-28 06:23 PM, Nicolas Kovacs wrote: Hi, I've been running Squid successfully on CentOS 7 (and before that on 6 and 5), and it's always been running nicely. I've been using it mostly as a transparent proxy filter in school networks. So far, I've only been able to filter HTTP. Do any

[CentOS] Squid and HTTPS interception on CentOS 7 ?

Hi, I've been running Squid successfully on CentOS 7 (and before that on 6 and 5), and it's always been running nicely. I've been using it mostly as a transparent proxy filter in school networks. So far, I've only been able to filter HTTP. Do any of you do transparent HTTPS filtering ? Any

[CentOS] Squid + wccp + firewalld

Hi Everyone, I'm trying to get squid + wccp on a Centos 7 box working with a Cisco router. I've done this before several times using Centos 6 and iptables, but never on Centos 7 with firewalld. I've searched far and wide for clear, concise instructions on how to do what I want in Centos 7. I've

Re: [CentOS] Squid question

for SSL inception, SSLBump is required: http://wiki.squid-cache.org/Features/SslBump This a bit complex to setup. SSL inception is not really good idea to implement.. I think it will not work with upstream proxy also. -- Eero 2016-10-29 22:37 GMT+03:00 paul.greene.va

Re: [CentOS] Squid question

I should have mentioned - this is squid 3.3 running on Centos 7 . On 10/29/2016 3:37 PM, paul.greene.va wrote: I'm having issues getting squid to send traffic through a specific upstream gateway. I need for a MS WSUS server and a Symantec Endpoint Protection Manager to get through a

[CentOS] Squid question

I'm having issues getting squid to send traffic through a specific upstream gateway. I need for a MS WSUS server and a Symantec Endpoint Protection Manager to get through a squid proxy to get out to Microsoft and Symantec respectively to get MS patches and Symantec DAT files. The traffic

[CentOS] Squid for CentOS 7 and available file descriptors

Hi, I'm installing a Squid instance for a large (ish) group of users. In the past I've had to increase the number of available file descriptors for the Squid process in order to avoid hitting the limits (and disrupting the service). It seems that the packaged Squid for CentOS 7 has a hardcoded

Re: [CentOS] Squid as interception HTTPS proxy under CentOS 7

Hey There, I think it would be better asked at squid-users list: - http://www.squid-cache.org/Support/mailing-lists.html#squid-users - squid-us...@lists.squid-cache.org Eliezer Croitoru On 04/02/2016 15:24, C. L. Martinez wrote: Hi all, I am trying to configure squid as a interception

Re: [CentOS] Squid as interception HTTPS proxy under CentOS 7

On Thu 4.Feb'16 at 20:24:58 +0200, Eero Volotinen wrote: > check out sslbump documentation: > http://wiki.squid-cache.org/Features/SslBump > > -- > Eero > I have changed my ssl-bump options to "ssl_bump server-first all" only, but nothing ... It doesn't works. Any more idea?? -- Greetings,

Re: [CentOS] Squid as interception HTTPS proxy under CentOS 7

On Thu, Feb 4, 2016 at 5:36 PM, Tris Hoar wrote: > On 04/02/2016 13:24, C. L. Martinez wrote: >> >> Hi all, >> >> I am trying to configure squid as a interception HTTPS proxy under >> CentOS 7. At every https request, I am receiving a certificate error. >> >> My current

[CentOS] Squid as interception HTTPS proxy under CentOS 7

Hi all, I am trying to configure squid as a interception HTTPS proxy under CentOS 7. At every https request, I am receiving a certificate error. My current config for squid is: # My localnet acl localnet src 172.22.55.0/28 acl localnet src 172.22.58.0/29 acl SSL_ports port 443 acl

Re: [CentOS] Squid as interception HTTPS proxy under CentOS 7

On 04/02/2016 13:24, C. L. Martinez wrote: Hi all, I am trying to configure squid as a interception HTTPS proxy under CentOS 7. At every https request, I am receiving a certificate error. My current config for squid is: # My localnet acl localnet src 172.22.55.0/28 acl localnet src

Re: [CentOS] Squid as interception HTTPS proxy under CentOS 7

check out sslbump documentation: http://wiki.squid-cache.org/Features/SslBump -- Eero 2016-02-04 15:24 GMT+02:00 C. L. Martinez : > Hi all, > > I am trying to configure squid as a interception HTTPS proxy under CentOS > 7. At every https request, I am receiving a

Re: [CentOS] Squid on CentOS 7: few questions

Hey Niki, On 07/03/2015 08:37, Niki Kovacs wrote: The LAN server here already has Iptables configured to redirect HTTP traffic to 3128 transparently. Which doesn't actually good. You should route traffic to the proxy and on the proxy redirect into a intercept port which should be defined.

[CentOS] Squid on CentOS 7: few questions

Hi, I recently migrated my office's server from Slackware64 14.1 to CentOS 7. Right now I'm in the process of configuring the Squid web proxy. I edited the default /etc/squid/squid.conf, and here's what I have so far: --8-- #

Re: [CentOS] Squid on CentOS 7: few questions

2015-03-06 12:29 GMT-06:00 Niki Kovacs i...@microlinux.fr: I recently migrated my office's server from Slackware64 14.1 to CentOS 7. Right now I'm in the process of configuring the Squid web proxy. I edited the default /etc/squid/squid.conf, and here's what I have so far:

Re: [CentOS] Squid on CentOS 7: few questions

Le 06/03/2015 21:08, Les Mikesell a écrit : The rpm should have configured logrotate: rpm -q --list squid |grep logrotate will show where the config file lands. OK The rpm should have created the squid user and group: rpm -q --scripts squid will show what it ran to do that. OK

Re: [CentOS] squid proxy, https and apple store - SOLVED

Take a look at: http://wiki.squid-cache.org/KnowledgeBase/RedHat Eliezer On 06/12/2014 09:38 AM, Götz Reinicke - IT Koordinator wrote: Hi, I checked the old config again and cant find any misconfiguration and did not get any more feedback. On a centos 6.x system I installed as suggested

Re: [CentOS] squid proxy, https and apple store - SOLVED

Am 11.06.14 17:57, schrieb Arun Khan: On Wed, Jun 11, 2014 at 7:18 PM, Götz Reinicke - IT Koordinator goetz.reini...@filmakademie.de wrote: Am 11.06.14 15:43, schrieb Arun Khan: CentOS version? old one 5.10 Squid version? squid-2.6.STABLE21-6.el5 FWIW, Squid2 supports http 1.0 and

[CentOS] squid proxy, https and apple store

Hi, I'm a bit confused regarding the connection of a Mac OS X system to the app store by the app store client. Squid is configured using ncsa_auth and I can access https and http websites without a problem. But the app store app is not logging in. I do get == /var/log/squid/cache.log ==

Re: [CentOS] squid proxy, https and apple store

On 06/11/14 07:45, Götz Reinicke - IT Koordinator wrote: Hi, I'm a bit confused regarding the connection of a Mac OS X system to the app store by the app store client. Hi, I'm a bit confused as to why you're posting a Mac OSX question, and one that I assume deals with the Apple app

Re: [CentOS] squid proxy, https and apple store

Am 11.06.14 14:02, schrieb mark: On 06/11/14 07:45, Götz Reinicke - IT Koordinator wrote: Hi, I'm a bit confused regarding the connection of a Mac OS X system to the app store by the app store client. Hi, I'm a bit confused as to why you're posting a Mac OSX question, and one that

Re: [CentOS] squid proxy, https and apple store

Am 11.06.14 15:43, schrieb Arun Khan: On Wed, Jun 11, 2014 at 5:15 PM, Götz Reinicke - IT Koordinator goetz.reini...@filmakademie.de wrote: I'm a bit confused regarding the connection of a Mac OS X system to the app store by the app store client. Squid is configured using ncsa_auth and I can

Re: [CentOS] squid proxy, https and apple store

On Wed, Jun 11, 2014 at 5:15 PM, Götz Reinicke - IT Koordinator goetz.reini...@filmakademie.de wrote: I'm a bit confused regarding the connection of a Mac OS X system to the app store by the app store client. Squid is configured using ncsa_auth and I can access https and http websites without

Re: [CentOS] squid proxy, https and apple store

On Wed, Jun 11, 2014 at 7:18 PM, Götz Reinicke - IT Koordinator goetz.reini...@filmakademie.de wrote: Am 11.06.14 15:43, schrieb Arun Khan: CentOS version? old one 5.10 Squid version? squid-2.6.STABLE21-6.el5 FWIW, Squid2 supports http 1.0 and Squid3 supports http1.1. My team faced

Re: [CentOS] squid cache question

From: ankush grover ankushcen...@gmail.com We are trying to cache some files from apple.com like .dmg, .pkg, .ipa etc.. so that local clients can fetch the data from the cache. The problem we are facing is that we have download restrictions for every client to 25 MB during work hours

Re: [CentOS] squid cache question

Thanks Les. I will test your suggestion only thing I need to unable is sending the original source IP to the parent proxy and not the squid child proxy ip otherwise all the clients connected to child proxy will have unlimited download limit. John, Delay pools will not work in my case.. Thanks

Re: [CentOS] squid cache question

Any update on this? We are stuck and need help.. Thanks Regards Ankush On Wed, Oct 3, 2012 at 9:20 AM, ankush grover ankushcen...@gmail.comwrote: Hi Friends, Same question has been asked on the Squid mailing list but so far no reply on the mailing list so posting it here also. We are

Re: [CentOS] squid cache question

On Sat, Oct 6, 2012 at 4:56 AM, ankush grover ankushcen...@gmail.com wrote: Any update on this? We are stuck and need help.. Can you add a second squid instance configured so the one near the clients caches but does not apply restrictions and the upstream parent applies the restrictions but

[CentOS] squid cache question

Hi Friends, Same question has been asked on the Squid mailing list but so far no reply on the mailing list so posting it here also. We are trying to cache some files from apple.com like .dmg, .pkg, .ipa etc.. so that local clients can fetch the data from the cache. The problem we are facing is

Re: [CentOS] squid transparent proxy problem

Please verify you resolv.conf João Rodrigues On Sat, Jan 21, 2012 at 10:33 PM, Hüvely Balázs balazs.huv...@gmail.comwrote: Greetings, I installed a squid 3.1.10.i686 squid to a centos 6.2i686. The proxy is working fine with the default config. After I decided to use it as a transparent

[CentOS] squid transparent proxy problem

Greetings, I installed a squid 3.1.10.i686 squid to a centos 6.2i686. The proxy is working fine with the default config. After I decided to use it as a transparent proxy, I added two lines to config: http_proxy 10.0.5.1:3128 transparent, always_direct allow all http_port 10.0.5.1:3128

[CentOS] Squid to Cache RPMs from yum (was: forcing yum ...)

The default config won't cache large files. And yum will try to use different mirrors every time. Aha. I thought I had it set for no file limit, but I guess using different mirrors is what is confounding me. So squid will cache a specific file from a specific site, I guess? And even if

Re: [CentOS] Squid to Cache RPMs from yum (was: forcing yum ...)

On Mon, Dec 19, 2011 at 12:39 PM, Alan McKay alan.mc...@gmail.com wrote: The default config won't cache large files.   And yum will try to use different mirrors every time. Aha.  I thought I had it set for no file limit, but I guess using different mirrors is what is confounding me. So

Re: [CentOS] Squid to Cache RPMs from yum (was: forcing yum ...)

Yes, the default setup really goes out of its way to defeat any standard caching proxies and make the mirrors do extra work, although once you accumulate the copies from 5 or 6 sources everything will work like you expect. That used to bother me but now the mirrors seem to be insanely fast

Re: [CentOS] Squid to Cache RPMs from yum (was: forcing yum ...)

On Mon, Dec 19, 2011 at 1:47 PM, Alan McKay alan.mc...@gmail.com wrote: Yes, the default setup really goes out of its way to defeat any standard caching proxies and make the mirrors do extra work, although once you accumulate the copies from 5 or 6 sources everything will work like you

Re: [CentOS] Squid 3 with SSL Bump on Centos 5.7

I have successfully installed Squid 3 on Centos 5.7; and after I follow the guide:- https://dvas0004.wordpress.com/2011/03/22/squid-transparent-ssl-interception/.  Now I have the following two lines in my squid.conf:- http_port Internal_IP:8080 transparent https_port Internal_IP:3128 ssl-bump

Re: [CentOS] Squid 3 with SSL Bump on Centos 5.7

Fawzy Ibrhim writes: I have Centos 5.7 AMD64; is there a way to have Squid 3 with SSLBump feature in Centos 5.7? I appreciate any help on that? 3.1? Try this one - http://www.jur-linux.org/rpms/el-updates/5.4/SRPMS/ I'm using the 3.1.15 version here (w/o SSLBump), and it's been working

[CentOS] Squid 3 with SSL Bump on Centos 5.7

I have Centos 5.7 AMD64; is there a way to have Squid 3 with SSLBump feature in Centos 5.7? I appreciate any help on that? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos

[CentOS] SQUID Logrotate

Hi all, i have problem, after uprade CentOS 5.5 to 5.6, Logrotate don't work on two proxy servers. I have installed : squid-2.6.STABLE21-6.el5 logrotate-3.7.4-9.el5_5.2 On first server , squid logs never rotated, config is here cat /etc/logrotate.d/squid /var/log/squid/access.log { weekly

Re: [CentOS] Squid and SELinux

Thks, It's clear now for me, i have a lot of figths with SELinux, but i need to learn more, so i don't want deactivate it, allow squit to search home_root_t seems to be good, so i try to make the correct thinks and prepare a partition outside the home dir for squid. A lot of thks for your

Re: [CentOS] Squid and SELinux

Hi Tsuyoshi, The /home/squid dir have the user_u:object_r:squid_cache_t The /home dir have the system_u:object_r:home_root_t This seems that only can be achieved via audit2allow? A lot of thks for your fast reply. Regards. El 01/02/11 02:29, Tsuyoshi Nagata escribió: Hi Mrcos (2011/02/01

Re: [CentOS] Squid and SELinux

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/31/2011 08:29 PM, Tsuyoshi Nagata wrote: Hi Mrcos (2011/02/01 0:31), Marcos Lois Bermúdez wrote: semanage fcontext -a -t squid_cache_t '/home/squid(/.*)?' i check the files and are in the good context: drwxr-xr-x squid squid

[CentOS] Squid and SELinux

Hi. I'm trying to setup squid with SELinux, the problem i encounter is taht i want to add another directory for cache, in this system we have a home partition with huge space, i create a squid dir and add the path with semanage: semanage fcontext -a -t squid_cache_t '/home/squid(/.*)?' i

Re: [CentOS] Squid and SELinux

Hi Mrcos (2011/02/01 0:31), Marcos Lois Bermúdez wrote: semanage fcontext -a -t squid_cache_t '/home/squid(/.*)?' i check the files and are in the good context: drwxr-xr-x squid squid user_u:object_r:squid_cache_t. ** drwxr-xr-x squid squid system_u:object_r:home_root_t .. drwxr-x---

[CentOS] squid

I need to know the meaning of this line in my squid access log 1295267166.311 1069 10.6.50.123 TCP_MISS/200 16623 GET http://www.mycom.com/sendNews.php? - DIRECT/71.6.196.18 text/html Thx ___ CentOS mailing list CentOS@centos.org

Re: [CentOS] squid

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 madu...@gmail.com said the following on 17/01/11 18:44: I need to know the meaning of this line in my squid access log 1295267166.311 1069 10.6.50.123 TCP_MISS/200 16623 GET http://www.mycom.com/sendNews.php? - DIRECT/71.6.196.18 text/html The

[CentOS] Squid authenticating by Active Directory

Hi, Need some help for step by step to configure my squid integrate with Active Directory at my college. Could you please help me? Thank you. Rgds, ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Squid authenticating by Active Directory

Wahyu Darmawan wrote: Hi, Need some help for step by step to configure my squid integrate with Active Directory at my college. Could you please help me? Thank you. Rgds, Integrate how? What's your desired end state? -- Corey / KB1JWQ ___

Re: [CentOS] Squid authenticating by Active Directory

On Tue, Nov 3, 2009 at 4:35 PM, Corey Chandler li...@sequestered.netwrote: Wahyu Darmawan wrote: Hi, Need some help for step by step to configure my squid integrate with Active Directory at my college. Could you please help me? Thank you. Rgds, Integrate how? What's your

Re: [CentOS] Squid authenticating by Active Directory

Wahyu Darmawan wrote: On Tue, Nov 3, 2009 at 4:35 PM, Corey Chandler li...@sequestered.net mailto:li...@sequestered.net wrote: Wahyu Darmawan wrote: Hi, Need some help for step by step to configure my squid integrate with Active Directory at my college. Could you

Re: [CentOS] Squid authenticating by Active Directory

What kind of help you need？ 在2009-11-03，Wahyu Darmawan wahyu.darma...@gmail.com 写道： Hi, Need some help for step by step to configure my squid integrate with Active Directory at my college. Could you please help me? Thank you. Rgds, ___ CentOS

Re: [CentOS] Squid authenticating by Active Directory

Wahyu Darmawan wrote: Hi, Need some help for step by step to configure my squid integrate with Active Directory at my college. Could you please help me? Thank you. The squid website explains that clearly .. which part don't you undersand ?

Re: [CentOS] Squid authenticating by Active Directory

The squid website explains that clearly .. which part don't you undersand ? http://wiki.squid-cache.org/ConfigExamples/#Authentication I'll just add that the ntlm helper won't work under Windows 7/Windows Server 2008 R2. If you are starting from scratch, set up Kerb Auth as that will work with

[CentOS] Squid proxy as a Gateway Server

Hi all, Good Day for all, I need Help to Setup Squid proxy as a Gateway Server. The Idea is to use the (Server and Gateway) configured with Squid to run using AUTH_Pam or AUTH_ncsa , but additionally we need to filter some access via group, following the standard filter group used Filter Group 1

  1   2   >