from your site?
Ubuntu includes squid packages, and provides security support for them.
It's rarely needed to rebuild packages on your own, you should not need it.
I prefer Debian which is similat to ubuntu and it comes with certgen, so it
might wor for you.
--
Matus UHLAR - fantomas, uh...@fant
UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Quantum mechanics: The dreams stuff is made of.
___
squid
/Features/RockStore
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Emacs is a complicated operating system without good text editor
ves.
https://lists.squid-cache.org/pipermail/squid-users/2023-September/026164.html
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Despit
; try
reading one.
I am not a squid developer, you idiot.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
If Barbie is so popular, why do you
_crtd" process you have configured
to create certificates for you is crashing.
I have asked and you have not answered: What's in the cache_log file?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovani
interface/route.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Have you got anything without Spam in it?
- Well, there's Spam egg sausage
Oops something went wrong lol" errors.
The same applies to web clients, what do you expect squid to do, display
"squid admin screwed up the ssl_crtd configuration"?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail ad
it.
On Thu, Sep 28, 2023 at 3:41 AM Matus UHLAR - fantomas
wrote:
On 27.09.23 16:48, Fernando Giorgetti wrote:
>I would like to know if it is possible to set up Squid to perform
>TLS passthrough to a given backend, relaying TLS encrypted
>traffic to the backend, similarly to what HAProxy d
-users/2023-September/026103.html
from the mail:
acl urldst_ipv6 url_regex ^http://\[
http_access deny urldst_ipv6
I believe it should be replaced by dstdom_regex.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising
/encryption-strategies/#tls-passthrough
I have tried a few different configurations using reverse proxy,
or peek and splice, but I could not make it work without providing
a valid HTTP request or a CONNECT request.
what's the difference between TCP redirect and this?
--
Matus UHLAR - fantomas
On 2023-09-26 07:39, Matus UHLAR - fantomas wrote:
I have just encountered bug 4906 with squid-4.13 (Debian 11)
I could upgrade system fo Debian 12 with squid-5.7 but this issue
doesn't seem to be resolved in it, at least:
http://www.squid-cache.org/Versions/v5/changesets/
does not mention
On 22/09/23 01:15, Matus UHLAR - fantomas wrote:
I'm curious if the udp:// logging is syslog-compatible.
Do I just need to congigure proper logformat?
On 26.09.23 12:20, Amos Jeffries wrote:
The Squid "udp" logging module sends your log lines as opaque UDP
packet payload to the
...but I find trying such complicated patch too risky.
I would like to avoid the "has request" ACL to ba able to see problems that
come from other hosts than the load balancer.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to rece
Hello,
I'm curious if the udp:// logging is syslog-compatible.
Do I just need to congigure proper logformat?
Does anyone have experience with this?
Thanks
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address
n 12.09.23 10:07, Jason Long wrote:
Thank you so much for your reply.
Dante (https://www.inet.no/dante/)? How does it performance?
yes, that one. performance is fine.
Can it also act as an HTTP server?
No. It's strictly SOCKS server.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http
server?
Dante is quite capable and can do a LOT of things.
To be frank, having configuration, logging and ACL's on one place made me
also think to use SQUID for SOCKS in the past.
But for SOCKS I use Dante because of that.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk
wrote:
Thank you so much for your reply.
Does the Squid-cache team have any plans to add this feature?
There is project to support is but it needs testing and programmer's work:
https://wiki.squid-cache.org/Features/Socks
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk
esses, I'm not seeing another option which would
match those and allow to use a device name instead (my original
requirement).
you'd find that the "eth0" interface has configured address 192.0.2.1 so
you use 192.0.2.1 as outgoing address.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; ht
se and use
those address (so you can define "eth0" instead of 192.0.2.1), but routing
is still matter of kernel, so dante does not decide which way packets will
go through.
As a note, in exchange Dante lacks the functionality of routing DNS
requests through the outgoing device/IP addre
need to make routing/firewall rules for this.
The system does not support selecting outgoing interface other way.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT
::server_name_regex -i chat.google.com
And still I can see in the logs that chat.google.com is bumped.
acl just defines "access class list"
bumping is configed by using other directives, notably ssl_bump.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to
On 08.07.23 13:07, robert k Wild wrote:
True but I don't want to create two ACL lists, one for "ssl name" and one
for "ssl name regex"
try only create one for ssl name. You rarely need regex.
performance will thank youl
On Sat, 8 Jul 2023, 12:57 Matus UHLAR - fantomas,
redshift3d.com
AFAIK "dstdomain .redshift3d.com"
matches the same, but without complicated, cpu-expensive and hardly readable
regular expressions
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Var
ony Stone,
wrote:
There is no such thing as an ICMP proxy.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The early bird may get the w
UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Saving Private Ryan...
Private Ryan exists. Overwrite? (Y/N
to different
database tables.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Quantum mechanics: The dreams stuff is made
from 2 servers each.
Or there are the logs which contain (or can be configured to record)
a details of *completed* transactions.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem
CKS v.4), 5 (SOCKS v.5) and connect (HTTPS
proxy). If the protocol is not specified, SOCKS version 5 is
used.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adr
socks proxy by default, you should configure it to use http
connect proxy using the -X option.
I would try configuring proxychains or connect-proxy instead of nc.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising
isn't much documentation online about it.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Depression is merely anger without
omain.
Hello people.
I running squid 5.7, I got an issue that would like to know if I could fix this.
In my blacklist I got this entries:
.party
.porn
.xxx
.vip
.me
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this ad
ample :
1-1ads.com
101com.com
101order.com
123freeavatars.com
180hits.de
180searchassistant.com
the "t.co" matches.
there are no regexes in that file you should probably use "dstdomain"
instead.
regexes match . as any character and match in the middle of strings.
--
Matus UHLA
the RHEL family.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Micro$oft random number generator: 0, 0, 0, 4.33e+67
that I've had have used /24 or larger
subnets to protect client identity.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Save the whale
On 10/25/22 10:18 AM, Matus UHLAR - fantomas wrote:
term "interception proxy" better defines what happens here:
Instead, an interception proxy filters or redirects outgoing TCP
port 80 packets (and occasionally other common port traffic).
On 25.10.22 12:52, Grant Taylor wrote:
Whe
On 10/25/22 11:03 AM, Matus UHLAR - fantomas wrote:
I think intercepting is better, more precise.
On 25.10.22 12:14, Grant Taylor wrote:
I think that Squid can be an interception proxy as it can filter /
alter content.
I also think that Squid (as an interception proxy) can be used
On 10/25/22 10:18 AM, Matus UHLAR - fantomas wrote:
I prefer to explicitly state what one means by transparent because
RFC2616 has defined transparent proxy diferently:
On 25.10.22 10:56, Grant Taylor wrote:
I do too. I /thought/ that I was explicitly stating. At least that
was my intention
On 10/25/22 2:43 AM, Matus UHLAR - fantomas wrote:
if by "transparent" you mean "intercepting" proxy, that is incorrect
On 25.10.22 09:47, Grant Taylor wrote:
By "transparent" I mean using network techniques to force clients to
use a proxy that aren't themse
xy out of the box
yes, by using PAC script, or perhaps an extention that configures it
instead. foxyproxy was mentioned iirc
But anyway, my next step is to use a PAC file, since it is the legacy
method, if this doesn't work either I'm gonna use stunnels
I know nothing of autoconfig being le
t work
And what's more misleading is that the bug is tagged resolved, as if starting
from firefox 33, it supports https proxy out of the box
But anyway, my next step is to use a PAC file, since it is the legacy method
legacy?
if this doesn't work either I'm gonna use stunnels
--
Matus UHLAR - f
On 10/21/22 2:25 AM, Matus UHLAR - fantomas wrote:
apparently this is a hack to be able to define proxy autoconfig in
the location field.
Since it has very restricted capabilities, it's apparently non-issue.
I guess that you can only define FindProxyForURL() this way.
On 21.10.22 11:25
On 10/20/22 9:49 AM, Matus UHLAR - fantomas wrote:
Also, FTP protocol (port 21) does not support proxying, and using
FTP proxy usually involves hacks.
On 20.10.22 10:14, Grant Taylor wrote:
I completely disagree.
I've been using FTP through proxies for years. Firefox (and
Thunderbird) has
On 10/20/22 9:49 AM, Matus UHLAR - fantomas wrote:
proxy autoconfig is javascript-based but uses very limited javascript.
On 20.10.22 10:14, Grant Taylor wrote:
My comment was more directed at why is $LANGUAGE_DOESNT_MATTER used
/in/ /the/ /location/ /field/?
apparently this is a hack
and using FTP proxy
usually involves hacks.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I'm not interested in your website anymore.
I
impossible to find out real numbers.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Posli tento mail 100 svojim znamim - nech vidia aky si idiot
an ELK stack with
metricbeat on your server will do the job for sure, but it could be overkill.
My two cents
Xavier
- Mail original -
De: "Matus UHLAR - fantomas"
À: squid-users@lists.squid-cache.org
Envoyé: Lundi 19 Septembre 2022 18:06:22
Objet: [squid-users] bandwidth stat
give hint which sites take how
much of bandwidth at which time.
does anyone know a hint which tool could do that, or perhaps which tools
could produce similat output?
I'm quite familiar with perl
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish
amples/Intercept/IptablesPolicyRoute
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The only substitute for good manners is fast re
squid-users On Behalf Of Amos
Jeffries
Sent: Wednesday, 3 August 2022 5:31
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] filedescriptors on debian/systemd
On 3/08/22 01:54, Matus UHLAR - fantomas wrote:
I have encountered Debian bug 934208:
2022/07/28 16:40:53 kid1| With 1024 fil
-cache.org/SquidFaq/SquidAcl#Squid_doesn.27t_match_my_subdomains
www.example.com matches the exact host www.example.com, while .example.com
matches the entire domain example.com (including example.com alone)
but I wasn't sure if this matching also applies to ssl::server_name.
thanks
--
Matus UHLAR
--
From: squid-users On Behalf Of
Matus UHLAR - fantomas
Sent: Tuesday, 2 August 2022 16:54
To: squid-users@lists.squid-cache.org
Subject: [squid-users] filedescriptors on debian/systemd
Hello,
I have encountered Debian bug 934208:
2022/07/28 16:40:53 kid1| With 1024 file descriptors available
2022
ckadobe\.com$
>
> that would work as well probably, so i want to do something like this
>
> \.adobe\.com$
>
> ie put a dot . infront of adobe so
>
> www.adobe.com or
> account.adobe.com
>
> would work but then
>
> hackadobe\.com$
>
> would no longer wo
escriptors available
does anyone encounter this bug?
How do you fix it?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The early bird may ge
us variand.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Spam = (S)tupid (P)eople's (A)dvertisin
rg/SquidFaq/SquidAcl#Squid_doesn.27t_match_my_subdomains
indicates that since squid 2.4 it should.
and so, shouldn't ssl::server_name match both too?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie:
rk? AFAIK it should, IIRC domain matching in squid
matches "domain.com" if you check for ".domain.com".
i now have this for "ssl::server_name_regex"
^.*adobe.com$
it works, so im guessing its right
the dot should be escaped
--
Matus UHLAR - fantomas, uh...@fantomas
and crashes compared to older versions.
I still need a more stressed system to test the scripts.
I have created the next scripts for now:
* Fake helper
* Session helper based on Redis
* Session helper based on FS in /var/spool/squid/session_helper_fs
--
Matus UHLAR - fantomas, uh
after 92 days.
and use logrotate config.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux - It's now safe to turn on your computer
.
On Thu, 16 Jun 2022, 10:22 Matus UHLAR - fantomas,
wrote:
On 16.06.22 09:53, robert k Wild wrote:
>All I know is I need to keep a record of up to 3 months, worth of logs,
due
>to gdpr, how would you say I go about this
keeping 3 months of log is very different from rotating each 3
of logs.
I believe centos squid package comes with logrotate configured, should be in
/etc/logrotate.d/squid
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek
log could help).
However, I'm afraid that the tunnelling at least of connections to
domains instagram uses is required for make it work.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto ad
.
2All: Please answer: does squid works with instagram (and twitter videos)
for anyone?!
we would know that already.
i maintain debian squid at a few customers who did not complain
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail
В Tue, 14 Jun 2022 16:57:05 +0200
Matus UHLAR - fantomas :
if a browser prohibits this, squid can't do anything with it.
Have you tried without proxy?
On 14.06.22 18:01, simwin wrote:
Yes, it works fine without squid proxy and with ssh-tunnel proxy from my
localhost, but with danted proxy I
esp service_resp
icap_access class_req allow all
icap_access class_resp allow all
then try without icap
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolve
quid issue, if it only happens with sftp.
it looks like your sftp client complaining, even without using proxy.
btw I use "connect-proxy" command instead of "nc"
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to th
Bookworm.
Is the version of Squid that I am using backported with security patches
nearly all debian versions of nearly all packages contain security patched
backported to installed versions.
you can check on https://security-tracker.debian.org/tracker/
--
Matus UHLAR - fantomas, uh
On 20.05.22 11:21, robert k Wild wrote:
So for SSL inspection, for squid to look into the URl headers, what's the
better one
Server name or
DST domain
I thought I have explained it:
dstdom_regex is from the request, not from the SSL data.
On Fri, 20 May 2022, 11:12 Matus UHLAR - fantomas
...
this one is the one provided in clients' request, where SSL requests usually
look like:
CONNECT www.google.com:443 HTTP/1.0
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem
rwarded to the child process(es), or otherwise architected so
death of the controlling process brings down the whole thing?
this discussion makes no sense.
if you don't like how squid works, try e.g. wwwoffle.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT
Hello,
I'm thinking about adding optional SSL parameters into logging, but not
within standard access.log, extra lines might be better.
does squid have any UUID to log so I can pair log lines?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish
UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I don't have lysdexia. The Dog wouldn't allow
and they completely equal at step 1?
- what's the difference between peek and splice that makes it impossible
(most of the time) to splice (stare) or bump (peek) the connection?
I guess I don't really need to know this one but I'm curious.
thanks for comments.
--
Matus UHLAR - fantomas, uh
sendmail.
Please add more concrete examples to the Wiki reference pages! Thank you.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I inte
if i do or dont need wccp
since you don't use wccp, this should not be needed
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux
of
your proxy?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
My mind is like a steel trap - rusty and illegal in 37 states
? or it was misconfigured in my environment?
most likely your environment. don't you have any content filter in front of
your proxy?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT
18:39, Graminsta wrote:
I I thought it was filtered by you guys before make it public.
Other sensitive content I sent was erased before it came in this list.
Its to bad.
Now I have to change the pw of about 200 VPSs, hell.
use ssh key authentication.
--
Matus UHLAR - fantomas, uh
t -nr|head
repeat for every on-disk filesystem (e.g. if you have separate /var)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
One OS to rul
ports, safe SSL ports etc.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Depression is merely anger without enthusiasm
ly squidclient should be enough.
squid-common and libecap3 should be pulled by squid-openssl and you only
need libecap3-dev if you are going to build it yourself.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this addres
try squid-openssl first.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Atheism is a non-prophet or
-only, mysql replication and querying local
servers could help that.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I just got lost
e saved: 0 entries, 0 msec
>
>I have enabled the following rule in the squid.conf:
>
>pinger_enable off
On Sat, Aug 14, 2021 at 12:43 PM Matus UHLAR - fantomas
wrote:
btw, why?
On 14.08.21 15:04, Nbd Spcl wrote:
That was just a "try and error" attempt, based on 10.5 secti
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Depression is merely anger without enthusiasm.
___
all
On Thu, 15 Jul 2021 at 13:43, robert k Wild wrote:
activation is an acl for ports, so
acl activation port 80 443 8090 9251 # office adobe web
On Thu, 15 Jul 2021 at 13:24, Matus UHLAR - fantomas
wrote:
On 15.07.21 13:08, robert k Wild wrote:
>#HTTP_HTTPS whitelist websites
>acl
t those to two lines, as all ACLs must match for http_access
line to match:
http_access allow activation whitelist
http_access allow activation whitelistreg
http_access deny all
I only can guess what "activation" means.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
k Wild wrote:
Thanks Amos, if I change to that acl, I imagine I will need to redo all my
whitelist files
Ie
.Google.com
Will be
.\google\.com
Is that correct?
yes, so I recommend you to avoid regexes as much as possible and better use
two access directives.
--
Matus UHLAR - fantomas, uh
.
It apparently does not do what you mean
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Your mouse has moved. Windows NT will now restart
/knoppix/squid3/4.15 directory
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Holmes, what kind of school did you study to be a de
anizations proxy - you are supposed to know that, not
us.
What line in the conf file specifies that?
each browser has its own way of proxy settings.
Many of them support "system proxy settings".
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish N
-cacheable you should be seeing some things stored there
>without any configuration.
On Wed, May 26, 2021 at 10:18 AM Matus UHLAR - fantomas
wrote:
The main problem is that most of web content it HTTPS, which means it's
hardly cacheable outside of web browsers.
with https, proxy only sees stream o
rder with when using DNSSES, DoT or DoH.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fighting for peace is like f
.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I intend to live forever - so far so good.
___
s
On 5/25/21, Matus UHLAR - fantomas wrote:
as first I'd like to note that squid is a HTTP/FTP proxy, not a port
forwarder (see Subject)
squid also does not actively distribute content.
It can fetch and cache it, but the rest is on you.
and according to your description, most of the work
t intercepting HTTPS (port 443) is much more work and issues than
port 80 (http).
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT a
to have squid compiled with SSL/TLS, configure https_port
there (different than http_port) and configure client to use https proxy.
CURL can to https proxy.
if not, explain what exactly you want to do.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish
as proxy.
use intercept on different ports, if needed.
From: squid-users on behalf of Matus
UHLAR - fantomas
Sent: Thursday, May 13, 2021 1:04 AM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] HTTPS request times out going through Squid proxy
On 12.05.21 23:22, Aniruddha
be no difference if your client software connects to squid on
your or other machine, unless there's anything in between that tries to
intercept those connections.
Such interception could explain your problems.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish
On 10.05.21 18:19, Aniruddha Gore wrote:
I am in PST. Yeah I dont see any error in that log. Do I need to do something
about ssl_bump, etc?
ssl_bump is only in effect if you decide to use it.
If you did, try turning it off and retry.
From: squid-users on behalf of Matus
UHLAR - fantomas
1 - 100 of 1496 matches
Mail list logo