Re: [squid-users] log_referrer question

On 22/05/24 07:51, Alex Rousskov wrote: On 2024-05-21 13:50, Bobby Matznick wrote: I have been trying to use a combined log format for squid. The below line in the squid config is my current attempt. logformat combined %>a %[ui %[un [%tl "%rm %ru HTTP/%rv" %>Hs %"%{Referer}>h"

Re: [squid-users] Tune Squid proxy to handle 90k connection

On 17/05/24 02:23, Bolinhas André wrote: Hi Alex Has I explain, by default I set those directives to off to avoid high cpu consumption. Ah, actually with NTLM auth you are using *more* CPU per transaction with those turned off. The thing is that auth takes a relatively long time to

Re: [squid-users] deny_info URL not working

On 12/05/24 17:48, Dieter Bloms wrote: Hello, On Sat, May 11, Vilmondes Queiroz wrote: deny_info http://example.com !authorized_ips does it works, if you add the http status code like: deny_info 307:http://example.com !authorized_ips Also the "!" is not valid here. The ACL on deny_info

Re: [squid-users] Dynamic ACL with local auth

On 8/05/24 19:55, Albert Shih wrote: Le 06/05/2024 à 12:21:10+0300, ngtech1ltda écrit Hi, The right way to do it is to use an external acl helper that will use some kind of database for the settings. Ok. I will check that. The other option is to use a reloadable ACLs file. But those

Re: [squid-users] Linux Noob - Squid Config

your attention, but they are not related to Squid. Cheers Amos - Josh -Original Message- From: squid-users On Behalf Of Amos Jeffries Sent: Monday, May 6, 2024 12:59 PM To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] Linux Noob - Squid Config Caution: This email

Re: [squid-users] Linux Noob - Squid Config

FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64-v2 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' 'PKG_CONFIG_PATH=:/usr/lib

Re: [squid-users] Squid TCP_TUNNEL_ABORTED/200

On 4/05/24 11:17, Emre Oksum wrote: >In this case, all your tcp_outgoing_addr lines being tested. Most of >them will not match. Sorry I'm not really a Squid guy I was working on it due to a job that I took but I cannot figure this out. What do you mean most of them do not match? Does it mean

Re: [squid-users] Squid TCP_TUNNEL_ABORTED/200

On 4/05/24 09:48, Emre Oksum wrote: Hi Amos, >FTR, "debug_options ALL" alone is invalid syntax and will not change >from the default cache.log output Yes, you were right! I was surely missing on that one. I changed debug_options ALL to debug_options ALL 5 and now, I found these warnings in

Re: [squid-users] Squid TCP_TUNNEL_ABORTED/200

On 4/05/24 08:33, Emre Oksum wrote: Hi Jonathan, >> Have you attempted to enable debugging ?? Yes, debugging was enabled but as I have pointed out, unfortunately it didn't give any information about the issue. Maybe I was missing something? I don't know. debug_options was ALL in my

Re: [squid-users] Linux Noob - Squid Config

On 4/05/24 07:59, Piana, Josh wrote: Hey Everyone. I apologize in advance for any lack of formality normally shared on mailing lists such as these, it’s my first time seeking product support in this manner. NO need to apologize. Help and questions is most of what we do here :-) I want

Re: [squid-users] Squid TCP_TUNNEL_ABORTED/200

On 4/05/24 02:29, Emre Oksum wrote: Hi everyone, I'm having a issue with Squid Cache 4.10 which I cannot fix for weeks now and kinda lost at the moment. I will be appreciated if someone can guide me through the issue I'm having. I need to create a IPv6 HTTP proxy which should match the entry

Re: [squid-users] Best way to utilize time constraints with squid?

onnections don’t work during the timeframe so that is a plus. Sent from my iPhone On Apr 27, 2024, at 00:41, Amos Jeffries wrote: On 26/04/24 17:15, Jonathan Lee wrote: aclblock_hourstime01:30-05:00ssl_bumpterminateallblock_hourshttp_accessdenyallblock_hours In this a good way to time

Re: [squid-users] Container Based Issues Lock Down Password and Terminate SSL

On 24/04/24 17:27, Jonathan Lee wrote: Hello fellow Squid users I wanted to ask a quick question for use with termination would http access for cache still work with this type of setup and custom refresh patterns? I think it would terminate all but the clients and if they use the cache it

Re: [squid-users] enctype aes256-cts found in keytab but cannot decrypt ticket

On 24/04/24 17:31, ivc chgaki wrote: hello. i hve Samba DC and squid. i created user, then SPN, and then exported keytab and imported him to squid. im using kerberos negotiate helper but when i try go to internet i have popup window with login/password and in cace.log log error 2024/04/21

Re: [squid-users] tls_key_log

On 25/04/24 19:57, Andrey K wrote: Hello, Does squid 6.9 allow you to log TLS 1.3 keys so that you can then decrypt traffic using Wireshark? I found that there was an issue earlier with using tls_key_log to decrypt TLS 1.3:

Re: [squid-users] Best way to utilize time constraints with squid?

On 26/04/24 17:15, Jonathan Lee wrote: aclblock_hourstime01:30-05:00ssl_bumpterminateallblock_hourshttp_accessdenyallblock_hours In this a good way to time lock squid with times lock down? That depends on your criteria/definition of "good". Be aware that http_access only checks *new*

Re: [squid-users] Container Based Issues Lock Down Password and Terminate SSL

On 23/04/24 11:52, Jonathan Lee wrote: Hello fellow Squid Accelerator/Dynamic Cache/Web Cache Users/PfSense users I think this might resolve any container based issues/fears if they happened to get into the cache. Ie a Docker Proxy got installed and tried to data marshal the network card

Re: [squid-users] Warm cold times

On 22/04/24 17:42, Jonathan Lee wrote: Has anyone else taken up the fun challenge of doing windows update caching. It is amazing when it works right. It is a complex configuration, but it is worth it to see a warm download come down that originally took 30 mins instantly to a second client. I

Re: [squid-users] SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR

On 11/04/24 08:22, Jonathan Lee wrote: Could it be related to this ?? "WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048'. error:1E08010C:DECODER routines::unsupported” That would certainly make Squid unable to use EC (Elliptic Curve) ciphers. Unfortunately OpenSSL is not

Re: [squid-users] Squid as a http/https transparent web proxy in 2024.... do I still have to build from source?

On 11/04/24 21:55, PinPin Poola wrote: I don't care which Linux distro tbh; but would prefer Ubuntu as I have most familiarity with it. Latest Ubuntu provide the "squid-openssl" package, which contains the SSL-Bump and other OpenSSL-exclusive features. Just install that package as you

Re: [squid-users] squidclient -h 127.0.0.1 -p 3128 mgr:info shows access denined

On 6/04/24 18:48, Jonathan Lee wrote: Correction I can’t access it from the loop back From the config in the other "Squid cache questions" thread you are only intercepting traffic on the loopback 127.0.0.1:3128 port. You cannot access it directly on "localhost". You do have direct proxy

Re: [squid-users] Squid cache questions

On 6/04/24 11:34, Jonathan Lee wrote: if (empty($settings['sslproxy_compatibility_mode']) || ($settings['sslproxy_compatibility_mode'] == 'modern')) { // Modern cipher suites $sslproxy_cipher =

Re: [squid-users] Squid cache questions

On 5/04/24 17:25, Jonathan Lee wrote: ssl_bump splice https_login ssl_bump splice splice_only ssl_bump splice NoSSLIntercept ssl_bump bump bump_only markBumped ssl_bump stare all acl markedBumped note bumped true url_rewrite_access deny markedBumped for good hits should the url_rewirte_access

Re: [squid-users] Squid cache questions

On 4/04/24 17:48, Jonathan Lee wrote: Is there any particular order to squid configuration?? Yes. Does this look correct? Best way to find out is to run "squid -k parse", which should be done after upgrades as well to identify

Re: [squid-users] Chrome auto-HTTPS-upgrade - not falling to http

There is no way to configure around this. The error produced by Squid is a hard-coded reaction to TLS level errors in the SSL-Bump process. Squid needs some significant code redesign to do a better job of handling the situation. Which I understand is already underway, but still some way off

Re: [squid-users] BWS after chunk-size

On 2/04/24 16:03, root wrote: Hi Team, after an upgrade from squid 5.4.1 to squid 5.9, unable to parse HTTP chunked response containing whitespace after chunk size. > I think the following bugs were fixed and worked fine in squid 5.9 and earlier.

Re: [squid-users] GCC optimizer is provably junk. Here is the evidence.

This inflammatory post is not relevant to Squid. Please do not followup to this thread. Cheers Amos Jeffries The Squid Software Foundation ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid

Re: [squid-users] After upgrade from squid6.6 to 6.8 we have a lot of ICAP_ERR_OTHER and ICAP_ERR_GONE messages in icap logfiles

On 12/03/24 04:31, Dieter Bloms wrote: Hello, after an upgrade from squid6.6 to squid6.8 on a debian bookworm we have a lot of messages from type: ICAP_ERR_GONE/000 ICAP_ERR_OTHER/200 ICAP_ERR_OTHER/408 ICAP_ERR_OTHER/204 and some of our users claim about bad performance and some get "empty

Re: [squid-users] Manipulating request headers

On 12/03/24 04:00, Ben Goz wrote: By the help of God. Hi all, I'm using squid with ssl-bump I want to remove br encoding for request header Accept-Encoding currently I'm doing it using the following configuration: request_header_access Accept-Encoding deny all request_header_add

Re: [squid-users] Squid Proxy timing out 500/503 errors

On 6/03/24 07:23, M, Anitha (CSS) wrote: Hi team, We are using squid service deployed as a KVM VM on SLES 15 Sp5 os image. We are using squid. Rpm: *squid-5.7-150400.3.20.1.x86_64* ** We are seeing too many 503 errors with this version of squid. This is the squid configuration file. Pls

[squid-users] [squid-announce] [ADVISORY] SQUID-2024:1 Denial of Service in HTTP Chunked Decoding

__ Squid Proxy Cache Security Update Advisory SQUID-2024:1 __ Advisory ID: | SQUID-2024:1 Date: | Mar 4, 2024 Summary: | Denial of

[squid-users] [squid-announce] [ADVISORY] SQUID-2024:2 Denial of Service in HTTP Header parser

__ Squid Proxy Cache Security Update Advisory SQUID-2024:2 __ Advisory ID: | SQUID-2024:2 Date: | Feb 15, 2024 Summary: | Denial of

[squid-users] [squid-announce] [ADVISORY] SQUID-2023:11 Denial of Service in Cache Manager

__ Squid Proxy Cache Security Update Advisory SQUID-2023:11 __ Advisory ID: | SQUID-2023:11 Date: | Jan 24, 2024 Summary: | Denial of

[squid-users] [squid-announce] [ADVISORY] SQUID-2023:10 Denial of Service in HTTP Request parsing

__ Squid Proxy Cache Security Update Advisory SQUID-2023:10 __ Advisory ID: | SQUID-2023:10 Date: | Dec 10, 2023 Summary: | Denial of

Re: [squid-users] Missing IPv6 sockets in Squid 6.7 in some servers

On 5/03/24 08:03, Dragos Pacher wrote: Hello, I am a Squid beginner and we would like to use Squid inside our organization only as a HTTPS traffic inspection/logging tool for some 3rd party apps that we bought, something close to what a "MITM proxy" is called but we will not do that, instead

Re: [squid-users] ICAP response to avoid backend

On 26/02/24 06:52, Ed wrote: On 2024-02-24 17:26+, Ed wrote: In varnish land this is doable in the vcl_miss hook, but I don't know how to do that in squid. I think I found a way, but maybe there's a better method - I'd like to the cache_peer_access to apply to all backends, but this does

Re: [squid-users] Can't verify the signature of squid-6.7.tar.gz

, I still get an issue, although a slightly different one: #gpg --verify squid-6.7.tar.gz.asc squid-6.7.tar.gz gpg: Signature made Tue 06 Feb 2024 10:51:28 PM EET using ? key ID FEF6E865 gpg: Can't check signature: Invalid public key algorithm On Thu, Feb 8, 2024 at 7:58 AM Amos Jeffries wrote

Re: [squid-users] Squid Segment Violation with authorization

On 16/02/24 15:30, Eternal Dreamer wrote: Hi! When I'm trying to send curl request with provided basic proxy-authorization credentials through my proxy I see Segment Violation error in my logs and empty reply from server. Command is: curl -v --proxy-basic --proxy-user login:password --proxy

Re: [squid-users] Error files removed from 6.7

On 15/02/24 05:01, Stephen Borrill wrote: I see the translations of error messages have been removed from 6.7 compared to 6.6 (and earlier), but I see no mention of this in the changelog: https://github.com/squid-cache/squid/blob/552c2ceef220f3bbcdbedf194eae419fc791098e/ChangeLog Was this

Re: [squid-users] Anyone build Squid for on multiarch ie arm and arm64?

On 13/02/24 07:22, ngtech1ltd wrote: I have couple RouterOS devices which supports containers with the next CPU arches: • x86_64 • arm64 • armv6 • armv7 And I was wondering if someone bothered compiling squid containers for these arches? I know that there are packages for Debian and Ubuntu

Re: [squid-users] Can't verify the signature of squid-6.7.tar.gz

licate signature removed gpg: key B268E706FF5CF463: 4 signatures not checked due to missing keys gpg: /tmp/squid/trustdb.gpg: trustdb created gpg: key B268E706FF5CF463: public key "Amos Jeffries " imported gpg: key 4250AB432402F2F8: 1 signature not checked due to a missing key gpg: key

Re: [squid-users] stale-if-error returning a 502

On 8/02/24 07:45, Robin Carlisle wrote: Hi, I have just started my enhanced logging journey and have a small snippet below that might illuminate the issue ... /2024/02/07 17:06:39.212 kid1| 88,3| client_side_reply.cc(507) handleIMSReply: origin replied with error 502, forwarding to client

Re: [squid-users] Is Squid 6 production ready?

On 1/02/24 11:22, Miha Miha wrote: On 10/01/24 12:18, Miha Miha wrote: Release note of latest Squid 6.6 says: "...not deemed ready for production use..." For comparison Squid 5.1 was 'ready'. When v6 is expected to be ready for prod systems? On Fri, Jan 12, 2024 at 3:37 PM Amo

Re: [squid-users] Security advisories are not accessible

Thanks for the notice. This appears to be a github issue that has been occuring to many other projects for at least 5hrs now. For now we can only hope that it gets resolved soon Cheers Amos On 30/01/24 01:50, Adam Majer wrote: Hi, http://www.squid-cache.org/Versions/v6/ lists security

Re: [squid-users] offline mode not working for me

On 20/01/24 02:05, Robin Carlisle wrote: I do have 1 followup question which I think is unrelated, let me know if etiquette demands I create a new post for this. When I test using chromium browser, chromium sends OPTION requests- which I think is something to do with CORS.   These always

Re: [squid-users] offline mode not working for me

On 19/01/24 03:53, Robin Carlisle wrote: Hi, Hoping someone can help me with this issue that I have been struggling with for days now.   I am setting up squid on an ubuntu PC to forward HTTPS requests to an API and an s3 bucket under my control on amazon AWS.  The reason I am setting up the

Re: [squid-users] Is Squid 6 production ready?

On 10/01/24 12:18, Miha Miha wrote: Release note of latest Squid 6.6 says: "...not deemed ready for production use..." For comparison Squid 5.1 was 'ready'. When v6 is expected to be ready for prod systems? Sorry, that is an oversight in the release notes text. Removing it now. Squid 6 is

Re: [squid-users] squid hangs and dies and can not be killed - needs system reboot

On 19/12/23 16:29, Amish wrote: Hi Alex, Thank you for replying. On 19/12/23 01:14, Alex Rousskov wrote: On 2023-12-18 09:35, Amish wrote: I use Arch Linux and today I updated squid from squid 5.7 to squid 6.6. > Dec 18 13:01:24 mumbai squid[604]: kick abandoning conn199 I do not know

Re: [squid-users] IP based user identification/authentication

On 7/12/23 15:34, Andrey K wrote: Hello, I was interested if I can configure some custom external helper that will be called before any authentication helpers and can perform user identification/authentication based on the client src-IP address. Well, yes and no. The order of

[squid-users] [squid-announce] [ADVISORY] SQUID-2023:9 Denial of Service in HTTP Collapsed Forwarding

__ Squid Proxy Cache Security Update Advisory SQUID-2023:9 __ Advisory ID: | SQUID-2023:9 Date: | December 1, 2023 Summary: | Denial of

[squid-users] [squid-announce] [ADVISORY] SQUID-2023:8 Denial of Service in Helper Process management

__ Squid Proxy Cache Security Update Advisory SQUID-2023:8 __ Advisory ID: | SQUID-2023:8 Date: | December 1, 2023 Summary: | Denial of

[squid-users] [squid-announce] [ADVISORY] SQUID-2023:7 Denial of Service in HTTP Message Processing

__ Squid Proxy Cache Security Update Advisory SQUID-2023:7 __ Advisory ID: | SQUID-2023:7 Date: | December 1, 2023 Summary: | Denial of

[squid-users] [squid-announce] [ADVISORY] SQUID-2023:4 Denial of Service in SSL Certificate validation

__ Squid Proxy Cache Security Update Advisory SQUID-2023:4 __ Advisory ID: | SQUID-2023:4 Date: | November 2, 2023 Summary: | Denial of

[squid-users] [squid-announce] [ADVISORY] SQUID-2023:5 Denial of Service in FTP

__ Squid Proxy Cache Security Update Advisory SQUID-2023:5 __ Advisory ID: | SQUID-2023:5 Date: | October 22, 2023 Summary: | Denial of

[squid-users] [squid-announce] [ADVISORY] SQUID-2023:1 Request/Response smuggling in HTTP(S) and ICAP

fidence until the impact has been established. __ Credits: This vulnerability was discovered by Keran Mu and Jianjun Chen, from Tsinghua University and Zhongguancun Laboratory. Fixed by Amos Jeffries of Treehouse Networks Ltd. ___

[squid-users] [squid-announce] [ADVISORY] SQUID-2023:2 Multiple issues in HTTP response caching

__ Squid Proxy Cache Security Update Advisory SQUID-2023:2 __ Advisory ID: | SQUID-2023:2 Date: | October 22, 2023 Summary: | Multiple

[squid-users] [squid-announce] [ADVISORY] SQUID-2023:3 Denial of Service in HTTP Digest Authentication

__ Squid Proxy Cache Security Update Advisory SQUID-2023:3 __ Advisory ID: | SQUID-2023:3 Date: | October 22, 2023 Summary: | Denial of

Re: [squid-users] SSL Virtual Hosting Problem

On 1/12/23 04:55, Mario Theodoridis wrote: I do have one more problem at this point. Using openssl i can work with what i have below, but i cannot add a 2nd certificate https_port 0.0.0.0:443 accel defaultsite=regify.com \     tls-cert=/etc/ssl/certs/regify.com.pem \    

Re: [squid-users] Module c-icap help

On 30/11/23 22:22, MIKA wrote: Hello everyone, Thank you again for all the work you were able to do on this project. I try to control the cookies with squid but it's impossible. the c-icap module in the squid.conf file does not seem to work because the c-icap server does not seem to work. Can

Re: [squid-users] SSL Virtual Hosting Problem

On 28/11/23 23:29, Mario Theodoridis wrote: Hello everyone, i'm trying to use squid as a TLS virtual hosting proxy on a system with a public IP in front of several internal systems running TLS web servers. I would like to proxy the incoming connections to the appropriate backend servers

Re: [squid-users] how to avoid use http/1.0 between squid and the target

On 27/11/23 23:05, David Komanek wrote: On 11/27/23 10:40, Amos Jeffries wrote: On 27/11/23 22:21, David Komanek wrote: here are the debug logs (IP addresses redacted) after connection attempt to https://samba.org/ : ... 2023/11/27 09:58:07.370 kid1| 11,2| Stream.cc(274

Re: [squid-users] Https from sibling peers does not work

On 27/11/23 22:38, Mihkel Tammepuu wrote: Hello! I am trying to set up a sibling cluster of 4 Squid instances. The purpose of the cluster is redundancy AND sharing cache disk space. FWIW, if these are running on the same machine you may find SMP workers with rock type cache_dir easier to

Re: [squid-users] Intercepted connections are not bumped

On 23/11/23 23:05, Andrea Venturoli wrote: Hello. I've got the following config: ... http_port 8080 ssl-bump cert=/usr/local/etc/squid/proxyCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB https_port 3129 intercept ssl-bump cert=/usr/local/etc/squid/proxyCA.pem

Re: [squid-users] how to avoid use http/1.0 between squid and the target

On 27/11/23 22:21, David Komanek wrote: here are the debug logs (IP addresses redacted) after connection attempt to https://samba.org/ : ... 2023/11/27 09:58:07.370 kid1| 11,2| Stream.cc(274) sendStartOfMessage: HTTP Client REPLY: - HTTP/1.1 400 Bad Request Server: squid/6.5

Re: [squid-users] What's this 'errorno=104' error?

On 22/11/23 07:01, Wen Yue wrote: I configured Squid6.3 as a MITM proxy and used Chrome to browse web pages through this Squid proxy, such as twitter.com. However, I noticed these error messages in the cache.log: ... 2023/11/22 01:33:38 kid1| ERROR: system call failure while accepting a TLS

Re: [squid-users] how to avoid use http/1.0 between squid and the target

On 22/11/23 23:03, David Komanek wrote: Hello, I have a strange problem (definitely some kind of my own ignorance) : If I try to access anything on the site https://www.samba.org WITHOUT proxy, my browser negotiate happily for http/2 protocol and receives all the data. For 

Re: [squid-users] mime.conf path

On 13/11/23 09:35, Sai Eshwar wrote: Hello, I am trying to install squid on CentOS without root privilege following the information present at https://stackoverflow.com/questions/36651091/how-to-install-packages-in-linux-centos-without-root-user-with-automatic-depen

Re: [squid-users] access.log - POST requests

On 4/11/23 20:53, Stefan Meurer wrote: Hello, is there a way to remove out all POST requests from access.log file? acl POST method POST access_log stdio:/var/log/squid/access.log format=squid !POST Cheers Amos ___ squid-users mailing list

Re: [squid-users] [DMARC] log_db_daemon errors

On 3/11/23 08:14, jose.rodriguez wrote: On 2023-11-02 13:46, Brendan Kearney wrote: list members, i am trying to log to a mariadb database, and cannot get the log_db_daemon script working.  i think i have everything setup, but an error is being thrown when i try to run the script manually.

Re: [squid-users] Cache NTLM Authenticaion

On 27/10/23 14:08, Andre Bolinhas wrote: Hi It's possible squid cache NTLM authentication from users? NTLM tokens are unique per TCP connection. So no, caching is a pointless waste of CPU and memory. The best that can be done already is. My goal is to store the credentials in cache in

Re: [squid-users] [ext] Re: Squid 6.4 assertion errors: FATAL: assertion failed: stmem.cc:98: "lowestOffset () <= target_offset" current master transaction: master655 (backtrace)]

On 24/10/23 22:26, Ralf Hildebrandt wrote: I'll add a "me too" to this. 6.3 reliable, 6.4 crashes and this is under _very_ low load. NetBSD 9.3_STABLE. You can check the debugging recommendation in https://bugs.squid-cache.org/show_bug.cgi?id=5309 I'll try 6.4 on my test proxy now (with very

Re: [squid-users] Spliced domains tunnel connect is very slow

On 19/10/23 01:21, Ben Goz wrote: By the help of God. Hi, I saw in my access log a traces that shows that spliced URLs tunneling is very slowly: Please clarify what you mean by "slow" ? How have you determined speed ? What speed are you expecting / would you call non-slow ? FYI,

Re: [squid-users] How to configure a transparent, pass-all, Squid proxy?

On 20/10/23 07:17, Bud Miljkovic wrote: Chain EXTERNAL_RULES (2 references) pkts bytes target prot opt in out source destination 83158 15M DROP all -- * * 0.0.0.0/0 0.0.0.0/0 FYI, All of the traffic leaving the machine is being dropped by your iptables

Re: [squid-users] Transparent HTTPS Squid proxy does not work!

I think your problem is the NAT table rules. You are missing some critical exceptions to let squid make the outbound tunnels. On 17/10/23 07:51, Bud Miljkovic wrote: Let me try one more time. Here is my system configuration: {HW-Box} --> Local Server{ (eth0[port 444]) -+

Re: [squid-users] 2 year old security bugs not fixed?

On 14/10/23 04:19, Dieter Bloms wrote: Hello, I stumbled across this page https://joshua.hu/squid-security-audit-35-0days-45-exploits and wonder if all these security holes are really still there. Can someone from the developers give a status? Thank you very much. We continue to close the

Re: [squid-users] squid 5.9 Kerberos authentication problem

On 6/10/23 06:15, Ludovit Koren wrote: Amos Jeffries writes: > On 5/10/23 19:30, Ludovit Koren wrote: >> Hello, >> I am using squid 5.9 with AD Kerberos authentication and could not >> solve >> the problem of sending incorrect

Re: [squid-users] squid 5.9 Kerberos authentication problem

On 10/10/23 22:23, Ludovit Koren wrote: Hi, I am sorry to bother you once again, but I sent you and described just the problem you were talking about and did not get any answer. Sorry about that. Following up on the original thread in a short while. PS. Normally no answer means nobody

Re: [squid-users] squid 5.9 Kerberos authentication problem

On 5/10/23 19:30, Ludovit Koren wrote: Hello, I am using squid 5.9 with AD Kerberos authentication and could not solve the problem of sending incorrect request according to client configuration followed by the correct one, i.e.: 1695983264.808 0 x.y.z TCP_DENIED/407 4135 CONNECT

Re: [squid-users] [ext] Squid quits while starting?!

On 2/10/23 10:28, Dave Blanchard wrote: Squid's user friendliness could use a major overhaul. Agreed. As one of the people trying to do that for the past decade ... any suggestions of better wording are welcome. I absolutely despise programs which are designed this way. Ah, there we

Re: [squid-users] TLS passthrough

On 30/09/23 11:06, Fernando Giorgetti wrote: If someone has already done that, with the client running in a different machine, I would love to know how. There are several ways; 1) run Squid on the gateway router for your network, or 2) place Squid in a DMZ between the LAN gateway and WAN

[squid-users] [squid-announce] SQUID-2021:8 Denial of Service in Gopher gateway

__ Squid Proxy Cache Security Update Advisory SQUID-2021:8 __ Advisory ID: | SQUID-2021:8 Date: | September 27, 2023 Summary: | Denial

[squid-users] [squid-announce] SQUID-2020:13 Denial of Service in gopher gateway

__ Squid Proxy Cache Security Update Advisory SQUID-2020:13 __ Advisory ID: | SQUID-2020:13 Date: | September 06, 2023 Summary: | Denial

Re: [squid-users] Transparent deployment VS web services behind DNS load balancing

On 26/09/23 05:35, Denis Roy wrote: My installation is fairly simple: I run Squid 5.8 in transparent mode, on a pF based firewall (FreeBDS 14.0) . I intercept both HTTP 80, and HTTPS 443. Splicing the exceptions I have in a whitelist, bumping everything else. Simple. This is a relatively

Re: [squid-users] access_log UDP format

On 22/09/23 01:15, Matus UHLAR - fantomas wrote: Hello, I'm curious if the udp:// logging is syslog-compatible. Do I just need to congigure proper logformat? The Squid "udp" logging module sends your log lines as opaque UDP packet payload to the named UDP server:port. The Squid "syslog"

Re: [squid-users] A few things about Squid-cache

On 25/09/23 07:49, Jason Long wrote: Hello, Thank you so much for your reply. 1- Regarding security, what parameters should be changed or added in the configuration file? First steps with a new Squid install are to check in squid.conf for the "acl localnet" lines and adjust so it lists

Re: [squid-users] Squid BUG: assurance failed: tok.skip(WellKnownUrlPathPrefix())

On 15/09/23 18:23, Loučanský Lukáš wrote: Ok - thanks for your reply. But this does not clarify it fully. You said cachemgr.cgi auto-detects the existence of MGR_INDEX template. But what is it supposed to do if none is found? Just displaying the message about missing MGR_INDEX? Or doing the

Re: [squid-users] Squid BUG: assurance failed: tok.skip(WellKnownUrlPathPrefix())

On 15/09/23 09:55, Alex Rousskov wrote: On 2023-09-14 06:40, Loučanský Lukáš wrote: But - could someone (or you) clarify the next one for me? I've read some questions about the "new" cachemgr.cgi and the MGR_INDEX template. Sorry, I cannot help with cachemgr.cgi without heroic efforts.

Re: [squid-users] Squid 6.2 with WCCP

. Cheers Amos Eliezer -Original Message- From: Amos Jeffries Sent: Tuesday, August 22, 2023 15:16 On 22/08/23 01:34, Alex Rousskov wrote: On 8/21/23 05:06, Callum Haywood wrote: Does anyone understand what is causing these errors? Are there any known issues or patches in progress

Re: [squid-users] Squid ssl_bump splice configuration

On 30/08/23 07:57, Ben Goz wrote: ב"ה I managed to get the ssl splice configurations to work but when I'm splicing for example: play.google.com I see in cache log the following: 2023/08/29 22:54:53.688 kid1| 33,2| client_side.cc(3214) fakeAConnectRequest: fake a

Re: [squid-users] How to upgrade correctly?

You should only need to: * stop squid * backup your existing installation (as mentioned by Eliezer) * install the current Debian "squid-openssl" package * run "squid -k parse" to check for squid.conf settings upgrade * manually check what "/opt/squid/var" was being used for; - any

Re: [squid-users] To many ERR_CANNOT_FORWARD

On 24/08/23 00:42, Andre Bolinhas wrote: Hi I'm using squid 5.2 but stating yesterday I'm getting too many errors ERR_CANNOT_FORWARD for random websites. FYI, current Squid is 6.2 with 6.3 due out next week. Squid-5.x are officially end-of-life now. What's could be the issue? This is

Re: [squid-users] Squid 6.2 with WCCP

On 22/08/23 01:34, Alex Rousskov wrote: On 8/21/23 05:06, Callum Haywood wrote: Does anyone understand what is causing these errors? Are there any known issues or patches in progress? A few years ago, several serious problems were discovered in WCCP code, including security

Re: [squid-users] Outgoing traffic through certain device instead of IP?

On 12/08/23 05:23, Robert 'Bobby' Zenz wrote: I'd like to send all the outgoing traffic from Squid through a certain network device instead of an IP. There's `tcp_outgoing_address` and `udp_outgoing_address` which only accepts an IP as parameter, but there's no way to use a certain device?

Re: [squid-users] squid 6.1 esi compile error, ubuntu 22.04

On 7/08/23 20:00, Dmitry Melekhov wrote: Hello! Built  using --disable-esi without problems. Could you tell me what can cause this? Seemingly lack of the libxml2 dependency. Please ensure you run this command before building Squid: apt-get build-dep squid If this issue or others

Re: [squid-users] cachemgr.cgi & Internal Error: Missing Template MGR_INDEX

On 29/07/23 14:42, Alex Rousskov wrote: On 7/28/23 20:08, Brendan Kearney wrote: i am running squid 6.1 on fedora 38, and cannot get the cachemgr.cgi working on this box.  I am getting the error: Internal Error: Missing Template MGR_INDEX when i try to connect using the cache manager

Re: [squid-users] Stack overflow with large IP lists

On 27/07/23 04:22, Alex Rousskov wrote:> * I am curious whether your specific use case (going beyond splay tree destruction) be better addressed by a different storage type than splay trees. For example, have you considered whether using a IP address-friendly hash would be faster for, say, one

Re: [squid-users] How to build Squid 6

On 23/07/23 11:57, Henning Svane wrote: Hi Alex I have now followed the instruction below. All compiling and building was done without problems. When I run sudo systemctl status squid I get this message Unit squid.service could not be found. And /usr/sbin/squid do not exist What do I miss?

Re: [squid-users] Dstdomain from external ACL

On 22/07/23 17:20, Alexeyяр Gruzdov wrote: Wow… Thank you so much ! For now I used a simple .py script that checks if url is in table and send reply OK or ERR, depends from result. But allow ask you - how squid parse the url??? I think it uses the regexp, is that true??? All parsers in the

Re: [squid-users] Dstdomain from external ACL

On 21/07/23 00:23, Alexeyяр Gruzdov wrote: Hello. Looks I found how to do that and this works well for me: The external helper script must check if the url is in DB and answer as OK (if there is) or ERR (if there isnt) You can probably use the ext_sql_session_acl helper bundled with Squid

Re: [squid-users] New blood

On 18/07/23 17:19, Mark Kenna wrote: Hi all, I'm very new been struggling to lean how to do all of this can I get a few pointer please Hi Mark, welcome to the Squid community. First off, do you have any particular goals you are trying to make Squid perform? For general knowledge about

  1   2   3   4   5   6   7   8   9   10   >