Re: [squid-users] ACL in custom error page

On 14/03/18 05:46, Eduardo Carneiro wrote: > Hello everyone! > > Is there any way to display, in my custom error pages, the acl that denied > access? Two things: 1) There is no single ACL that denied Access. There is always an entire sequence of checks. 2) The error page template code has not

Re: [squid-users] SSL intercept in explicit mode

Thank Yuri!! I believe that this post is milestone in for the SSL-BUMP feature. Now the only thing left regarding weird memory leaks is to compare with these technical details: 3.5.27 4.0.24 5.0.0_alpha\head I cannot test and compare it myself due to the lack of time and CPU but I believe that

Re: [squid-users] SSL intercept in explicit mode

As practical experience shows, it is counterproductive to swear. :) Especially when you need to solve the problem;) It's just that sometimes a bad character wins :) 14.03.2018 03:30, Alex Rousskov пишет: > Yuri, > > The quality of many of your recent mailing list posts was > exceptionally

Re: [squid-users] SSL intercept in explicit mode

Yuri, The quality of many of your recent mailing list posts was exceptionally high: to-the-point, with a healthy level of technical detail, cool triage, actionable advice, and no distractions (up to the footer:-). Your new approach resulted in a much more enjoyable experience for me

Re: [squid-users] SSL intercept in explicit mode

Thanks Yuri. That helps. As for the "sslproxy_flags DONT_VERIFY_PEER", yes I understand the risks. In my specific case, where my "users" are actually a bunch of automated web clients doing some web crawling it's the right thing to do. -- Aaron Turner https://synfin.net/ Twitter:

Re: [squid-users] SSL intercept in explicit mode

FInally, just take a look: This is SSL Bump-aware setup. Seems no memory leaks, yes? Normal memory distribution. Let's see on overall OS memory: No leaks. 13.03.2018 23:44, Yuri пишет: > > AFAIK, > > SSL bump subsystem uses OpenSSL memory routines. So, first of all, > most probably leaks (if

Re: [squid-users] SSL intercept in explicit mode

AFAIK, SSL bump subsystem uses OpenSSL memory routines. So, first of all, most probably leaks (if any) can be OpenSSL-related, but not squid itself. Now let's see your config snippets. 13.03.2018 23:00, Aaron Turner пишет: > "Usually misconfiguration leads to memory overhead." > > This may be

Re: [squid-users] SSL intercept in explicit mode

"Usually misconfiguration leads to memory overhead." This may be true, but if you look in the list archives a few months ago I basically chased my tail in circles and nobody could tell me what I was doing wrong and so many of the docs are so old that they're worse then useless, they seem to

Re: [squid-users] SSL intercept in explicit mode

I've used it on all versions starting from 3.4. Now I'm using Squid 5.0.0. I'm afraid, my config is completely useless, because of it contains tons of optimizations/tweaks/tricks and designed for customized Squid 5.0.0, with different memory allocator for custom infrastructure. You can't just

[squid-users] ACL in custom error page

Hello everyone! Is there any way to display, in my custom error pages, the acl that denied access? Eduardo Carneiro -- Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html ___ squid-users mailing list

Re: [squid-users] SSL intercept in explicit mode

What version are you using Yuri? Can you share your config? Everytime I use ssl bump, I have massive memory leaks. It's been effectively unusable for me. -- Aaron Turner https://synfin.net/ Twitter: @synfinatic My father once told me that respect for the truth comes close to being the

Re: [squid-users] SSL intercept in explicit mode

Moreover, SSL Bump combines with interception/explicit proxy in one setup. And works perfectly. 13.03.2018 21:14, Marcus Kool пишет: > "SSL bump" is the name of a complex Squid feature. > With ssl_bump ACLs one can decide which domains can be 'spliced' (go > through the proxy untouched) or can

Re: [squid-users] SSL intercept in explicit mode

"SSL bump" is the name of a complex Squid feature. With ssl_bump ACLs one can decide which domains can be 'spliced' (go through the proxy untouched) or can be 'bumped' (decrypted). Interception is not a requirement for SSL bump. Marcus On 13/03/18 11:44, Danilo V wrote: I mean SSL bump in

Re: [squid-users] SSL intercept in explicit mode

I mean SSL bump in explicit mode. So intercept is a essencial requirement for running SSL bump? Em ter, 13 de mar de 2018 às 11:10, Matus UHLAR - fantomas < uh...@fantomas.sk> escreveu: > On 13.03.18 13:44, Danilo V wrote: > >Is it possible/feasible to configure squid in explicit mode with ssl >

Re: [squid-users] SSL intercept in explicit mode

On 13.03.18 13:44, Danilo V wrote: Is it possible/feasible to configure squid in explicit mode with ssl intercept? explicit is not intercept, intercept is not explicit. explicit is where browser is configured (manually or automatically via WPAD) to use the proxy. intercept is where network

Re: [squid-users] Squid Transparent Proxy with Policy Routing in pfSense

Hello Antonio, Sorry no pfsense tutorials for now, but these two are *proved* to be working just fine. https://docs.diladele.com/tutorials/policy_based_routing_squid/index.html https://docs.diladele.com/tutorials/mikrotik_transparent_squid/index.html Hope it helps. Best regards, Rafael

[squid-users] Squid Transparent Proxy with Policy Routing in pfSense

Hi guys. This is my last attempt before going to authenticated mode. I searched all over the internet for a way to set up a "transparent squid" but until then the most I can get is an exhausted timeout when I go to an http. My environment is as follows. - Box squid 3.5.20 - pfSense as the

Re: [squid-users] Settings for Bank & Health

On 13.03.18 20:37, Al Grant wrote: I have been told it would be good practice to respect users privacy when it comes to banking and health websites. I am not sure whether this means not logging those websites, not caching them or something else? On Tue, Mar 13, 2018 at 9:06 PM, Matus UHLAR -

Re: [squid-users] TCP_MISS_ABORTED/000|

Hello, I finally found the solution to the TCP_MISS_ABORTED/000 problem, result that the network manager person, give me a tplink load balance router with some filters setting inside them, he forgot that setting. This setting are in the filters setting, setting some words like porno, sex, and

Re: [squid-users] Settings for Bank & Health

On Tue, Mar 13, 2018 at 9:06 PM, Matus UHLAR - fantomas wrote: > On 13.03.18 20:37, Al Grant wrote: > >> I have been told it would be good practice to respect users privacy when >> it >> comes to banking and health websites. >> > > it's good practice respect users privacy when

Re: [squid-users] Settings for Bank & Health

On 13.03.18 20:37, Al Grant wrote: I have been told it would be good practice to respect users privacy when it comes to banking and health websites. it's good practice respect users privacy when it comes to all websites. I am not sure whether this means not logging those websites, not

[squid-users] Settings for Bank & Health

Hi, I have been told it would be good practice to respect users privacy when it comes to banking and health websites. I am not sure whether this means not logging those websites, not caching them or something else? Can someone please elaborate, and perhaps how it would be achieved? I am