On 2016-02-09 7:38 am, sebastien.boulia...@cpu.ca wrote:
Hi,
I did a SSL test and I have some questions.
The SSL test notified me that POODLE (SSLv3), RC4 are enable or/and
vulnerable.
Is it a way to block that with Squid ?
How can I disable thosed protocols ? Server side or Squid side ?
On 2016-02-08 10:07 am, sebastien.boulia...@cpu.ca wrote:
> Hi Yuri,
>
> Thanks for your support.
>
> I use Squid on a Oracle Linux 7.
>
> date
>
> Mon Feb 8 09:51:27 EST 2016
>
> My timezone look ok with the date command.
>
> Sébastien
>
> DE : squid-users
On 2015-12-10 10:29 pm, Alex Samad wrote:
Hi
I did the change over today.
Tested with Window 7 + exchange 2010 and it wouldn't connect whilst
there was no tls1 !
interesting IE worked against the web site so ..
Did you come across this issues ?
On 11 December 2015 at 11:09, dweimer
at 23:44, dweimer <dwei...@dweimer.net> wrote:
https_port 10.50.20.12:443 accel defaultsite=mail.mydomain.com \
cert=/certs/wildcard.certificate.crt \
key=/certs/wildcard.certificate.key \
options=NO_SSLv2:NO_SSLv3:NO_TLSv1:SINGLE_DH_USE:CIPHER_SERVER_PREFERENCE
\
dhparams=/usr/loc
On 2015-12-09 11:29 pm, Alex Samad wrote:
Hi
config
https_port 22.4.2.5:443 accel
cert=/etc/httpd/conf.d/office.abc.com.crt
key=/etc/httpd/conf.d/office.abc.com.key defaultsite=office.abc.com
options=NO_SSLv2,NO_SSLv3
dhparams=/etc/squid/squid-office-dhparams.pem
On 2015-08-13 10:18 am, Amos Jeffries wrote:
On 14/08/2015 2:40 a.m., Julianne Bielski wrote:
But does this mean that ECDHE isn't supported by Squid?
Correct. ECDHE is not supported by 3.5 and older.
EECDHE and ECDHE are coming in Squid-4.
If you really need it you are welcome to download
On 07/08/2015 9:33 am, Paulo Matias wrote:
Hi,
On 07-07-2015 11:05, Amos Jeffries wrote:
On 8/07/2015 1:37 a.m., dweimer wrote:
System is Running on FreeBSD 10.1-RELEASE-p14, using OpenSSL included
in
base FreeBSD.
No, the change is automatic for all Squid built against an OpenSSL
library
I just updated to Squid 3.5.6 and after running QualSYS SSL Labs test it
still lists my server as supporting Secure Client-Initiated
Renegotiation and potentially being vulnerable to CVE-2009-3555 which
the patch
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13849.patch
I upgraded our Reverse proxy from 3.4.12 to 3.5.3 via the FreeBSD ports
last night. It has broken our Outlook RPC over HTTPS. OWA and Phones are
still connecting with Active Sync, its just the RPC for Outlook anywhere
that is broken.
Did anyone else have any issues when upgrading from 3.4
On 04/23/2015 9:24 am, dweimer wrote:
I upgraded our Reverse proxy from 3.4.12 to 3.5.3 via the FreeBSD
ports last night. It has broken our Outlook RPC over HTTPS. OWA and
Phones are still connecting with Active Sync, its just the RPC for
Outlook anywhere that is broken.
Did anyone else have
My Squid Process seems to be working fine, but I noticed an unusual
message when testing the squid configuration
squid: environment corrupt; missing value for https_pr
Any Ideas? Its a forward only proxy not doing reverse proxy or anything.
Its running on FreeBSD 10.1-RELEASE-p8, installed
On 03/12/2015 10:31 am, dweimer wrote:
On 01/23/2013 10:39 pm, Amos Jeffries wrote:
On 24/01/2013 4:13 a.m., dweimer wrote:
On 2013-01-23 08:40, dweimer wrote:
On 2013-01-22 23:30, Amos Jeffries wrote:
On 23/01/2013 5:34 a.m., dweimer wrote:
I just upgraded my reverse proxy server last night
via off
On 11 March 2015 at 15:42, dweimer dwei...@dweimer.net wrote:
We have setup Squid as a reverse proxy to Exchange 2010 OWA server we
thought everything was working OK, but found out that any file
attachments
over 2MB cause a timeout after 5 minutes. I remembered having this
issue
On 10/17/2014 7:23 am, daniel.rie...@gmx.net wrote:
Hello,
I've testet with Squid 3.3.8 and here it is working as expected...
Thanks Amos!
squid.conf:
http_port 3128
http_access allow all
never_direct allow all
cache_peer 10.0.0.101 parent 3128 0 name=TEST1
cache_peer 10.0.0.102 parent 3128 0
On 06/09/2014 10:31 am, Eliezer Croitoru wrote:
Hey Roberto,
Yes but with limitations.
Squid can use only one certificate per ip:port pair.
This leaves you with the only option of using squid with one
certificate that overlaps multiple domains in the form of
*.domain.com which will include all
I have written a log daemon application using Python to write data into
PostgreSQL, however it periodically errors with
Invalid byte sequence for encoding UTF8: 0xe2 0x3f 0x27
obviously it's receiving some data that it can't encode to UTF8 and
write to the database, but I can't figure out a
On 10/25/2013 7:32 am, Martin Rieß wrote:
Hi everyone.
I’m trying to set up squid3 on pfSense to work as reverse proxy.
I plan to have several servers behind squid/pfsense and I want to set
up the
reverse proxy the following way:
http://FQDN/owa -- http://ms-server/owa
http://FQDN/webshop -
On 10/24/2013 7:11 am, Timothy Makobu wrote:
That was it. Changed from diskd to aufs and now its blazing fast.
It was hanging about a minute after starting.
The FS looks like this
/dev/mfisyspd0s1d on /squid (ufs, local, soft-updates)
I disabled journaling suspecting it would make it faster.
On 10/23/2013 9:25 am, Timothy Makobu wrote:
Hello,
Squid is a transparent proxy receiving redirects via PF.
cache.log shows this before squid freezes: http://sprunge.us/MGQA
Here is my squid.conf: http://sprunge.us/FeAR
How do I fix this?
regards,
Tim
Is this an issue at start up? Or
I know I have brought this up in the past, but I still haven't fixed
it. I have duplicated the problem in FreeBSD 9.1, 9.0, 8.3 with Squid
3.1.23, 3.2.6, 3.2.7. With such consistency, that I can't successfully
create a working setup without the problem. I have gone down to as
basic of a
.dweimer.local
# Port 443 HTTPS traffic
sslproxy_options NO_SSLv2:NO_TLSv1:CIPHER_SERVER_PREFERENCE
sslproxy_cipher RC4:!MD5:!aNULL:!EDH
https_port 192.168.5.30:443 accel defaultsite=revproxy.dweimer.local \
cert=/usr/local/etc/squid/certs/dweimer-bundle.crt \
key=/usr/local/etc/squid/certs
If your asking yourself why is Logging and HTTPS posts a problem. I
have no idea either, but turns out two of my recent posts are related.
somehow, in that the fix for the logging issue caused the HTTPS post
issue.
Logging issue:
On 2013-01-22 23:30, Amos Jeffries wrote:
On 23/01/2013 5:34 a.m., dweimer wrote:
I just upgraded my reverse proxy server last night from 3.1.20 to
3.2.6, all is working well except one of my log rules, and I can't
figure out why.
Please run squid -k parse and resolve the WARNING or ERROR
On 2013-01-23 08:40, dweimer wrote:
On 2013-01-22 23:30, Amos Jeffries wrote:
On 23/01/2013 5:34 a.m., dweimer wrote:
I just upgraded my reverse proxy server last night from 3.1.20 to
3.2.6, all is working well except one of my log rules, and I can't
figure out why.
Please run squid -k
We are having an issue with a web based employment application form
after upgrading our reverse proxy from 3.1.20 to 3.2.6. The proxy logs
the following:
1358969527.735 300778 75.91.238.15 TCP_MISS/400 459 POST https://...
Some do go through but very slowly, any ideas what would cause this?
On 2013-01-23 13:48, dweimer wrote:
We are having an issue with a web based employment application form
after upgrading our reverse proxy from 3.1.20 to 3.2.6. The proxy
logs the following:
1358969527.735 300778 75.91.238.15 TCP_MISS/400 459 POST https://...
Some do go through but very slowly
On 2013-01-23 13:59, dweimer wrote:
On 2013-01-23 13:48, dweimer wrote:
We are having an issue with a web based employment application form
after upgrading our reverse proxy from 3.1.20 to 3.2.6. The proxy
logs the following:
1358969527.735 300778 75.91.238.15 TCP_MISS/400 459 POST https
On 2013-01-23 17:05, dweimer wrote:
On 2013-01-23 13:59, dweimer wrote:
On 2013-01-23 13:48, dweimer wrote:
We are having an issue with a web based employment application form
after upgrading our reverse proxy from 3.1.20 to 3.2.6. The proxy
logs the following:
1358969527.735 300778
On 2013-01-23 20:28, dweimer wrote:
On 2013-01-23 17:05, dweimer wrote:
On 2013-01-23 13:59, dweimer wrote:
On 2013-01-23 13:48, dweimer wrote:
We are having an issue with a web based employment application
form
after upgrading our reverse proxy from 3.1.20 to 3.2.6. The proxy
logs
I just upgraded my reverse proxy server last night from 3.1.20 to
3.2.6, all is working well except one of my log rules, and I can't
figure out why.
I have a several sites behind the server, with dstdomain access rules
setup.
acl website1 dstdomain www.website1.com
acl website2 dstdomain
On 2013-01-21 10:11, Sébastien WENSKE wrote:
Hope this can help :)
http://www.sw-servers.net/how-to-pass-pci-tests-with-squid/
Best Regards,
Sebastien WENSKE
Wouldn't just compiling against OpenSSL build that has had zlib
compression disabled get the same end result, without requiring a
01-15-2013 12:24:34PM 0 10.20.146.43 NONE/400 388 HEAD / - NONE/-
text/html
01-15-2013 01:00:01PM 0 10.20.146.43 NONE/400 388 HEAD / - NONE/-
text/html
--
Thanks,
Dean E. Weimer
http://www.dweimer.net/
On 2013-01-15 13:44, Will Roberts wrote:
On Tue, Jan 15, 2013 at 2:39 PM, dweimer dwei...@dweimer.net wrote:
01-15-2013 12:24:34PM 0 10.20.146.43 NONE/400 388 HEAD / -
NONE/-
text/html
01-15-2013 01:00:01PM 0 10.20.146.43 NONE/400 388 HEAD / -
NONE/-
text/html
Someone's doing
On 2013-01-14 12:47, Loïc BLOT wrote:
You must set and append_domain for FQDN use:
# TAG: append_domain
# Appends local domain name to hostnames without any dots in
# them. append_domain must begin with a period.
#
# Be warned there are now Internet names with no dots in
#
On 2012-12-26 17:41, Amos Jeffries wrote:
On 27/12/2012 11:19 a.m., dweimer wrote:
I have ran into an issue using squid -k rotate with 3.2.4 on
FreeBSD, the issue is happening on all 4 server servers I have
upgraded from 3.1 to 3.2 one is running FreeBSD-9.1 and the others
running FreeBSD-9.0
We are having an issue with users behind our outbound proxy accessing
Citrix ICA through Citrix Secure Gateway. The users can get connected
OK, but they have random disconnects.
The Squid Server is currently running 3.1.20 on FreeBSD Release9.0-p4,
planning to get it upgraded to the latest
On 2012-10-02 19:57, Amos Jeffries wrote:
On 03.10.2012 03:09, dweimer wrote:
On 2012-09-30 05:12, Amos Jeffries wrote:
On 28/09/2012 7:11 a.m., E.S. Rosenberg wrote:
2012/9/27 dweimer :
Our help desk is trying to run the Microsoft Windows 7 Upgrade
Adviser, and
ran into an issue, the Squid
On 2012-09-30 05:12, Amos Jeffries wrote:
On 28/09/2012 7:11 a.m., E.S. Rosenberg wrote:
2012/9/27 dweimer :
Our help desk is trying to run the Microsoft Windows 7 Upgrade
Adviser, and
ran into an issue, the Squid server is logging a
TCP_DENIED_REPLY/403 2876
Response is denied
Our help desk is trying to run the Microsoft Windows 7 Upgrade Adviser,
and ran into an issue, the Squid server is logging a
TCP_DENIED_REPLY/403 2876 POST
http://aeos.microsoft.com/compatibilityexchange/compatibilityexchange.svc;
in the access log. I have done some searching and it appears
39 matches
Mail list logo