that do not hide users IP(s)?
Thank you,
Julian
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/source-address-ip-spoofing-tp4667417.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Hi Amos,
Thank you for the direction provided.
If I understand right, with the right configuration that can delete the
source IP from the header... it can be done.
Thanks again,
Julian
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/source-address-ip
completely spoof source IP and become
transparent for the users?
Thank you for your help,
Julian
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/source-address-ip-spoofing-tp4667417p4667436.html
Sent from the Squid - Users mailing list archive at Nabble.com.
,
Julian
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/source-address-ip-spoofing-tp4667417p4667440.html
Sent from the Squid - Users mailing list archive at Nabble.com.
but keep the network design we use now.
Thank you for all the details and the help,
Julian
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/source-address-ip-spoofing-tp4667417p4667461.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Hello, how can I access to IMAP (gmail IMAP for example)servers trough squid, I
just add imap ports in squid.conf as Safe_port and SSL_port, but it does not
work.
Thanks
PROTECTED]
Cc: squid squid-users@squid-cache.org
Date: Wednesday, November 12, 2008, 6:02 AM
julian julian wrote:
Hello, how can I access to IMAP (gmail IMAP for
example)servers trough squid, I just add imap ports in
squid.conf as Safe_port and SSL_port, but it does not work.
IMAP protocol
, November 12, 2008, 6:13 AM
On 12.11.08 05:57, julian julian wrote:
Hello, how can I access to IMAP (gmail IMAP for
example)servers trough
squid, I just add imap ports in squid.conf as
Safe_port and SSL_port, but
it does not work.
why would you want to access IMAP through squid
PROTECTED]
Cc: squid squid-users@squid-cache.org
Date: Wednesday, November 12, 2008, 6:02 AM
julian julian wrote:
Hello, how can I access to IMAP (gmail IMAP for
example)servers trough squid, I just add imap ports in
squid.conf as Safe_port and SSL_port, but it does not work.
IMAP protocol
, November 12, 2008, 6:13 AM
On 12.11.08 05:57, julian julian wrote:
Hello, how can I access to IMAP (gmail IMAP for
example)servers trough
squid, I just add imap ports in squid.conf as
Safe_port and SSL_port, but
it does not work.
why would you want to access IMAP through squid
I use this config and works ok in producion.
Scenario:
AD Win2k3R2
CentOS: 4.4 and 5.1
SMB and winbind: 3.0.10 and 3.0.25b
Squid 2.5.STABLE14 AND 2.6STABLE6
Using NTLM authentication
#Define uthentications parameters
#auth_param digest nonce_max_count 50
auth_param ntlm program
I really never used squid on Windows plataform, but i
think it culd be run as good as in linux enviromet.
What user validation method are you implemented? a
missconfig squid.conf could be a cause. Check your
cache.log for validation erros.
--- Jeremy Kim [EMAIL PROTECTED] wrote:
Hello,
was being
swapped.
Which linux version do you use for your linux?
Also I am not running any user authentication right
now on my XP squid.
On Mon, 2008-03-31 at 10:56 -0700, julian julian
wrote:
I really never used squid on Windows plataform,
but i
think it culd be run as good as in linux
I never use squid on windows but I've use it a lot on
Linux. You can set the DNS server in two ways: a)
leaving commented the DNS setting in the squid.conf
and it will use the operating system DNS setting. b)
Setting DNS configuration into squid.conf file. The
second one works well in Linux.
Squid have some limitations for manage ftp traffic. If
you whant use Web browser for non-anonymous ftp
access, you will find many troubles. Instead that I
recomend use a real FTP clients (cuteFTP, FTPzilla,
etc), combined with a FTP proxy (frox
http://frox.sourceforge.net/) it works very well. I
Squid, as other linux software use a daemon knows as
logrotate who is the responsable of many log
rotations.
You should modify the logrotate.conf or
./logrotate.d/squid specify logrotate config for
squid.
--- Ramiro Sabastta [EMAIL PROTECTED] wrote:
Hi,
I installed squid on a Debian box.
I´ve experience with Windows 2003 ADS (also Windows NT
domain) and Squid 2.5/2.6. I read windows group and
manage it with several ACLs. It works without problem.
Enviroment:
SO: CentOS 4.4/5.1
Samba: 3.0xx
Squid: 2.5/2.6
By the way, I've been suffering BC for many years and
I hate it.
--- Arno
You should choose one of the several validation option
than offers by Squid (LDAP,ADS,SAMBA,NTLM local users,
etc.)
If you have many proxys I suggest try to integrate
them with your actual user validation repository
--- Anil Saini [EMAIL PROTECTED] wrote:
how to stop anonymous browsing
Jorge: have you set the network properly? Are you
using 192.168.x.x net. The network parameter must be
wrote in
../ifcfg-eth0 and ../ifcfg-eth1 file (because I
suspect that you have two nics). The route command
shows some aspect of your network configuration.
Julián
--- Jorge Bastos [EMAIL
in
/etc/network/interfaces.
-Original Message-
From: julian julian [mailto:[EMAIL PROTECTED]
Sent: quinta-feira, 10 de Abril de 2008 15:47
To: Jorge Bastos
Cc: squid
Subject: RE: [squid-users] client ip's
Jorge: have you set the network properly? Are you
using
I suggest to use a log analizer like webalizer o sarg, this is a bit more
complete for user behavior analisys.
Julián
--- On Wed, 6/11/08, Steven Engebretson [EMAIL PROTECTED] wrote:
From: Steven Engebretson [EMAIL PROTECTED]
Subject: [squid-users] Searching squid logs for pornographic
You could probably use a set of static routes made by route command, where
you can specify static gateway for each network. Defining as gateway each of
yours public IP.
--- On Mon, 6/23/08, Ramiro Sabastta [EMAIL PROTECTED] wrote:
From: Ramiro Sabastta [EMAIL PROTECTED]
Subject:
I want to deny access to IM services by web pages like
www.meebo.com. I can block these domains but im
looking for a bit more general solution. Any
suggeestion? Thanks
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
After check the cache.log and your squid.conf, and if
its looks ok, delete these two files:
/var/spool/squid/swap.state and swap.??clean (do not
remember the exact name of the second file, but start
whit swap)
saludos
Julián
__
Do You Yahoo!?
After check the cache.log and your squid.conf, and if
its looks ok, delete these two files:
/var/spool/squid/swap.state and swap.??clean (do not
remember the exact name of the second file, but start
whit swap)
saludos
Julián
--- Angela Williams [EMAIL PROTECTED] wrote:
Hi!
On Wednesday 07
Hello, I need to connec cuteftp client through squid,
any suggestion?
thanks
Get easy, one-click access to your favorites.
Make Yahoo! your homepage.
http://www.yahoo.com/r/hs
the host value? The request from
squid should be sent as:
GET /
HOST www.google.co.uk
Many Thanks,
Julian Gilbert
www.google.co.uk
Is this a security risk? The RFCs state that a web server MUST use
http://66.102.9.147/ and ignore www.google.co.uk but as far as I can see a
proxy is not required to ignore www.google.co.uk.
Regards,
Julian
- Original Message -
From: Amos Jeffries [EMAIL PROTECTED
regards
Julian
--
Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
?
Tahnks for help
Julian
--
Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
Julian Pawlowski
--
Virtual-Planet Group GmbH
Julian Pawlowski
Systemingenieur Broadcast IT
Domagkstraße 34 · 80807 München
Tel. +49 89 41200 -7245 · Fax +49 89 41200 -7120
mailto:[EMAIL PROTECTED]
http://www.vp-tecmedia.de
This email (and any attachments) is confidential and may
exactly those but more development
stuff.
Regards
Julian Pawlowski
day when Squid 3 stable has been released, I guess about a
change... :-)
Regards
Julian
Askar wrote:
cache_peer some_cache_net sibling 3128 3130 proxy-only
Thanks, I already use this kind of config :-)
servers and don't
seem to be able to help much. Is there any way I can bypass the
authentication or is this implied by the access rule.
Thanks,
Julian PB
Julian Pilfold-Bagwell wrote:
Amos Jeffries wrote:
Julian Pilfold-Bagwell wrote:
Hi all,
i have a squid proxy server (v2.6.STABLE21-3.el5) running on CentOS
5.4. It's set up for NTLM authentication for use with Windows XP
and it works perfectly.However, I have a piece of software
?
Thanks.
Julian
Hi All,
I've been having some problems with Squid and Dansguardian for a while
now and despite lots of time on Google, haven't found a solution.
The problem started a week or so back when I noticed that squid was
slowing. A quick look through the logs showed it was running out of
file
Hi All,
I have an NTLM authenticated squid proxy and an trying to get to Windows
Update. Up until about 3 weeks ago it worked OK but then stopped and I
haven't been able to get it going since. I have microsoft.com and
windowsupdate.com in an always_direct acl and have used proxycfg to set
Henrik Nordstrom wrote:
tor 2007-06-21 klockan 14:22 +0100 skrev Julian Pilfold-Bagwell:
If I am to guess you might need to allow access to the windows
update
servers without using authentication.
Is it possible to do that while retaining authentication for users
otherwise.
Don't know what Microsoft have done to Windows Update but it now has to
go back to http_allow.
Thanks again, much appreciated,
All the best,
Julian Pilfold-Bagwell
Monday
but I'll check the mail as soon as I can for a reply.
Many thanks,
Julian PB
>> https_port 3130 intercept ssl-bump \
>> cert=/etc/squid/ssl_cert/squidCA.pem \
>> key=/etc/squid/ssl_cert/squidCA.pem \
>> generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
>> tls-dh=/etc/squid/ssl_cert/dhparam.pem
>
>These DH parameters are for old DH not for ECDHE (missing
Hello community, I am new to the list and, I hope everyone is well.
I have running a squid server on debian 7.
My squid version is 3.5.27 manually compiled with LibreSSL 2.6.0 due to
problems with Dropbox. After compiling squid with LibreSSL, the error
"unknown cipher returned" has disappeared
Googling i foind this cfg lines:
acl SSLERR ssl_error X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
sslproxy_cert_error allow SSLERR
sslproxy_cert_error deny all
The error " certificate verify failed has deissappeared, I refer to this error:
> have you tried -servername option for setting SNI extension?
How can i do this?
Well, debbuging cache.log i found this:
2018/06/18 08:22:08.822 kid1| 83,5| support.cc(300) ssl_verify_cb: Self signed
certificate in certificate chain: /CN=courier.push.apple.com/O=Apple
>Interesting.
>
>The main issue was that you configured only params for the Diffi-Helman (DH
>and DHE) ciphers - no >curve name. That meant your specified EEC* ciphers were
>disabled since they require a curve name as >well.
>
>Removing this option completely disables both DH and ECDH cipher
Hi all,
Problem solved.
With squid 4 openssl 1.1
I realized that WhatsApp use the following ports:
5223, 5228, 4244, 5242, and 5222 in addition to 443, 80.
So I opened that ports on the firewall and everythhing worked.
Also I changed the cipher suite in squid.conf like this: (for the dropbox
Hi all,
I have installed squid 4.1 on debian 9 with openssl 1.1.0f on transparent
mode.
I need to know how to track this error: (debbuging options is almost
impossible i mean examine the FD, etc.)
kid1| Error negotiating SSL connection on FD 19:
error:0001:lib(0):func(0):reason(1)
> De: squid-users En nombre de
> Amos Jeffries
> Enviado el: viernes, 10 de agosto de 2018 02:41
> Para: squid-annou...@lists.squid-cache.org
> Asunto: [squid-users] [squid-announce] Squid 4.2 is available
>
> The Squid HTTP Proxy team is very pleased to announce the availability of the
>
> -Mensaje original-
> De: Alex Rousskov
> Enviado el: domingo, 12 de agosto de 2018 20:50
> Para: Julian Perconti ; squid-users@lists.squid-
> cache.org
> Asunto: Re: [squid-users] About SSL peek-n-splice/bump configurations
>
> On 08/12/2018 04:09 PM, Julian
Hi,
I would like to know which of these two cfg's are "better" or "more secure"
when a site/domain is spliced, bumped, etc.
Here the lines...
# mandatory lines:
acl noBumpSites ssl::server_name_regex -i "/etc/squid/url.nobump"
acl step1 at_step SslBump1
acl step2 at_step SslBump2
acl step3
> De: Alex Rousskov
> Enviado el: lunes, 13 de agosto de 2018 02:01
> Para: Julian Perconti ; squid-users@lists.squid-
> cache.org
> Asunto: Re: [squid-users] About SSL peek-n-splice/bump configurations
>
> On 08/12/2018 06:57 PM, Julian Perconti wrote:
> >> De:
> De: squid-users En nombre de
> Amos Jeffries
> Enviado el: viernes, 7 de septiembre de 2018 01:18
> Para: squid-users@lists.squid-cache.org
> Asunto: Re: [squid-users] About SSL peek-n-splice/bump configurations
>
> On 7/09/18 1:48 PM, Julian Perconti wrote:>
> >
> -Mensaje original-
> De: squid-users En nombre de
> Amos Jeffries
> Enviado el: viernes, 7 de septiembre de 2018 15:19
> Para: squid-users@lists.squid-cache.org
> Asunto: Re: [squid-users] About SSL peek-n-splice/bump configurations
>
> > So from
> -Mensaje original-
> De: squid-users En nombre de
> Amos Jeffries
> Enviado el: domingo, 9 de septiembre de 2018 02:35
> Para: squid-users@lists.squid-cache.org
> Asunto: Re: [squid-users] About SSL peek-n-splice/bump configurations
>
> On 9/09/18 5:45 A
> De: squid-users En nombre de
> Amos Jeffries
> Enviado el: jueves, 6 de septiembre de 2018 09:57
> Para: squid-users@lists.squid-cache.org
> Asunto: Re: [squid-users] Squid and DNS
>
> On 6/09/18 7:22 PM, Matus UHLAR - fantomas wrote:
> > On 06.09.18 0
> > So squid can not use one resolver for a local and public domains/addresses
> and other or a second resolver to only public domains/ip? Both recursive
> resolvers.
> >
>
> Correct.
Thank you for the clarification.
>
>
> Amos
> ___
> squid-users
> -Mensaje original-
> De: squid-users En nombre de
> Amos Jeffries
> Enviado el: lunes, 10 de septiembre de 2018 01:13
> Para: squid-users@lists.squid-cache.org
> Asunto: Re: [squid-users] About SSL peek-n-splice/bump configurations
>
> >
> > ...So that means that squid processes the
>>>> El miércoles, 4 de julio de 2018 01:21:12 -03, Amos
>>>>Jeffries escribió:
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 04/07/18 12:06, Julian Perconti wrote:
>
> De: Alex Rousskov [mailto:rouss...@measurement-factory.com]
> Enviado el: jueves, 12 de julio de 2018 20:31
> Para: Julian Perconti ; squid-users@lists.squid-
> cache.org
> Asunto: Re: [squid-users] Delay pools in squid4 not working with https
>
> On 07/12/2018 05:19 PM,
> -Mensaje original-
> De: Alex Rousskov [mailto:rouss...@measurement-factory.com]
> Enviado el: jueves, 12 de julio de 2018 21:20
> Para: Julian Perconti ; squid-users@lists.squid-
> cache.org
> Asunto: Re: [squid-users] Delay pools in squid4 not working with https
>
> -Mensaje original-
> De: Julian Perconti [mailto:vh1...@yahoo.com.ar]
> Enviado el: jueves, 12 de julio de 2018 21:24
> Para: 'squid-users@lists.squid-cache.org' cache.org>
> Asunto: RE: [squid-users] Delay pools in squid4 not working with https
>
> > -M
> -Mensaje original-
> De: Alex Rousskov [mailto:rouss...@measurement-factory.com]
> Enviado el: jueves, 12 de julio de 2018 21:03
> Para: Julian Perconti ; squid-users@lists.squid-
> cache.org
> Asunto: Re: [squid-users] Delay pools in squid4 not working with https
>
>>
>> El martes, 10 de julio de 2018 18:57:43 -03, Alex Rousskov
>> escribió:
>>
>>
>> On 07/10/2018 01:50 PM, Paolo Marzari wrote:
>>> My home server just updated from 3.5.27, everything is working fine, but
>>> delay pools seems broken to me.
>>
>>> Revert to 3.5.27 and
Hi all:
Finally I migrate everything to debian 9 with openssl 1.1 and squid 4 (june
22/18) reléase (the last one).
Everything seems to go very well.
However, the dropbox client logs this error in cache.log:
kid1| ERROR: negotiating TLS on FD 35: error:141710F8:SSL
Hi all,
Environment:
Squid Cache: Version 4.3-20181014-r17614d5
Service Name: squid
This binary uses OpenSSL 1.1.0f 25 May 2017. For legal restrictions on
distribution see https://www.openssl.org/source/license.html
configure options: '--prefix=/usr' '--build=x86_64-linux-gnu'
> >> assertion failed: http.cc:1530: "!Comm::MonitorsRead(serverConnection-
> >fd)"
> >
> >> Any idea?
> >
> > Without the stack trace, it is difficult to say much about this bug.
> > Please collect a stack trace from the crash and post it to Squid
> > bugzilla. If the stack trace looks similar to
> Hi Alex/Amos
>
> Since yesterday squid is running via this method in a cron script:
>
> trap "rm -f $$.gdb" 0
> cat <$$.gdb
> handle SIGPIPE pass nostop noprint
> handle SIGTERM pass nostop noprint
> handle SIGUSR1 pass nostop noprint
> handle SIGHUP pass
> handle SIGKILL pass
> handle
> > Program received signal SIGHUP, Hangup.
Yes, I did not realized that I have executed 'squid -k reconfigure', hence that
SIGHUP signal.
I don not know if the following is relevant but:
When the exception occurred, I had executed (earlier) 'squid -k reconfigure'.
Then, I made a full squid
> > 2018/11/07 12:41:45 kid1| assertion failed: http.cc:1530:
> > "!Comm::MonitorsRead(serverConnection->fd)"
>
> IIRC, there are relevant bug reports in bugzilla.
>
Hi,
See if this helps or its similar to your case:
https://bugs.squid-cache.org/show_bug.cgi?id=4896
If your squid's crash is
I reply to myself due to a bounce and I have to re-enable the membership to
list at least 3 times at month.
Maybe a problem with Yahoo.
>>> Alex: After a splice rule is applied, SslBump is over. No more rules are
>>> checked. No more loops are iterated. Squid simply "exits" the SslBump
>>>
>After a splice rule is applied, SslBump is over. No more rules are
>checked. No more loops are iterated. Squid simply "exits" the SslBump
>feature (and becomes a TCP tunnel).
How is that? What about the meaning of the ACL's at step1 when splice?
e.g.:
There only these two rules for ssl_bump
Hi all.
I will go (finally) with this sslBump config. Although I still have some
doubts...
I think that It´s time to finish this thread.
# TLS CFG
acl noBumpSites ssl::server_name_regex -i "/etc/squid/url.nobump"
# steps ACL
acl step1 at_step SslBump1
acl step2 at_step SslBump2
acl step3
> > # Second rule:
> > ssl_bump splice noBumpSites
> >
> > I think that this rule should implicity match only at step2.
>
> I do not know what "implicitly match" means here, but yes, the splice rule
> may only match at step2 in this configuration:
When I say "implicit" I want to mean that there
> > When I say "implicit" I want to mean that there is no any step specified in
> the rule.
>
> Understood. Please avoid that word usage. In this context, implicit means
> "without being configured" or "by default". One could say that "default rules
> implicitly match", or that "a rule without
> > I will go (finally) with this sslBump config. Although I still have some
> doubts...
> > I think that It´s time to finish this thread.
>
> I am confused because "you think it is time to finish this thread" but you are
> asking new questions. Please clarify, do you want answers to the
> I am afraid you do not. You are probably missing the fact that, at each step,
> the rules after the matching applicable rule are not checked.
> Also, you seem to insert some implicit peeking rules that are never there.
> Finally, there may be some confusion regarding how multiple ACLs on one
>
> > So, when squid reaches this first rule and line (there is no explicit
> > step) ...does Squid make a "bucle of steps" only along the first line
> > and go to next line only when the rule stop being
> > applicable/matchable?
>
> I hesitate answering that question with a simple "yes" or "no"
> > Example:
> >
> > ssl_bump splice noBumpSites # this will be totally ignored by Squid if a
> stare rule precedes this.
>
> No, this is incorrect. There are many cases were a previous stare rule will
> not
> have the effect you state it will. For example:
>
> # Squid may splice at step2
> > So, in a brief the confi is:
> >
> > ssl_bump peek step1 all
> > ssl_bump peek step2 noBumpSites
> > ssl_bump stare step2 all
>
> ... which should be equivalent to an even simpler config:
>
> ssl_bump peek step1
> ssl_bump peek noBumpSites
> ssl_bump stare all
Yes, i've tested and
> Both loops can finish "early" (i.e. before three steps and/or before all
> configured rules are evaluated).
Yes, maybe I would have should say at least: "Well in really, depend on the
rules.." Especially in the inner loop.
But I pointed to the maximum possibilities. (if exists)
> Just to
On 15.10.23 05:42, Alex Rousskov wrote:
On 2023-10-14 12:04, Julian Taylor wrote:
On 14.10.23 17:40, Alex Rousskov wrote:
On 2023-10-13 16:01, Julian Taylor wrote:
The reproducer uses as single request, the same very thing can be
observed on a very busy squid
If a busy Squid sends lots
case I noticed this the average object size in the cache was in the
megabyte range.
Currently without recompiling squid using the rock cache (the only one
supported for SMP) utilizing modern hardware with 10G or more network
and SSD disks does not seem feasible unless I missed some configura
On 14.10.23 17:40, Alex Rousskov wrote:
On 2023-10-13 16:01, Julian Taylor wrote:
When using squid for caching using the rock cache_dir setting the
performance is pretty poor with multiple workers.
The reason for this is due to the very high number of systemcalls
involved in the IPC between
] INFO: squidGuard ready for requests
(1433646524.286)
ERR
2015-06-07 00:08:44 [3359] INFO: squidGuard stopped (1433646524.287
...
is this what is expected for a passing request?
Can anyone do me a favor, do this and tell me what see?
Thank you very much in advance
Julian
?
thank you in advance
Julian
On 2015-06-07 10:24, Marcus Kool wrote:
The URL director interface was changed with Squid 3.4, see also
http://wiki.squid-cache.org/Features/Redirectors
The latest version of squidguard is 1.5 beta from 2010 and squidGuard
does not support the new interface of Squid
to test with a browser, it is a remote(ssh)
configuration and i need it on production by monday.
Thank you in advance
Julian
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
yesterday, and it does it good.
ERR from squidGuard means Do not change the URL, and let squid pass
the request.
Thank you for your time.
Julian
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid
yesterday, and it does it good.
ERR from squidGuard means Do not change the URL, and let squid pass
the request.
Thank you for your time.
Julian
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
90 matches
Mail list logo
