Re: [squid-users] Squid Problem - Google

[Eliezer Croitoru]

Is it possible that dns_v4_first will help in this scenario?

http://www.squid-cache.org/Doc/config/dns_v4_first/

by default it's off and changing to on might help in this scenario.

Can you try?


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il


-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf 
Of Amos Jeffries
Sent: Monday, November 7, 2016 16:41
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid Problem - Google

On 7/11/2016 10:59 p.m., Antony Stone wrote:
> On Monday 07 November 2016 at 10:53:14, Bilal Mohamed wrote:
> 
>> Hi,
>>
>> I am getting following error while accessing google. Rest all 
>> websites are ok. There is no ACL to block google.com

The message is not "Access Denied" (ACLs).

It is "Network is unreachable" (routing).

>>
>> The following error was encountered while trying to retrieve the URL:
>> http://www.google.com/
>>
>> *Connection to 2a00:1450:4009:803::2004 failed.*
>>
>> The system returned: *(101) Network is unreachable*
>>

Note that error page displays the *last* IP address that was attempted and 
failed. All previous IPs it tried also failed. That includes all
IPv4 possibilities.


You have a problem with the network routes on the machine running Squid.

Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] SSL bump not working w/some sites.

[Linda W]

Amos Jeffries wrote:

It should be safe enough to check that your system CA set is up to date.
There were changes as recently as a week ago.
  

---
   My "system CA" -- when I searched for linux CA updating, it
said on linux there were many possible CA locations, but going
with the top choice for opensuse 13.2, I found
that "/var/lib/ca-certificates/pem/" is owned by RPM
  ca-certificates-1_201403302107-8.1.2.src.rpm
(which doesn't sound very up-to-date).

Following it's internal source URL, and it pointed me to
  https://github.com/openSUSE/ca-certificates
which was last updated Nov 10, 2015.

Still doesn't sound very current.


:-(...

Seems like someone doesn't want to make this easy.  I'll go ask
on my distro list, but for "recent" updates, I might have to
wait a while...  Like said -- distro-list... ;-)

thanks,
-l

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid Problem

[Antony Stone]

On Tuesday 08 November 2016 at 13:47:25, Jose Joaquin Ruiz Silva wrote:

> Good morning I am Cuban I have mounted squid 2.7 on debian wheezy

Why?

Debian Wheezy contains version 3.1.20 and Wheezy-backports contains the 
version 3.4.8

Installing 2.7 in 2016 (that version is 8 years old and has not been updated 
in 6 years - see http://www.squid-cache.org/Versions/ ) is a dead end.

> and it works fine but I am looking for a page that will allow users to
> change the password

What password?

> see their quota

What quota?

> the user expire after 1 year, the password expire in 2 months

Please tell us what you are talking about - Squid has no password expiry 
mechanism.

> but That an email arrives to him on the last 10 days telling him that he has
> 10 days to change the password.

1. Where does this email come from?

2. What does this password provide access to?

I strongly suspect your question is not to do with Squid (LDAP, perhaps?), but 
give us some more information and we'll see if we can help.


Antony.

-- 
It is also possible that putting the birds in a laboratory setting 
inadvertently renders them relatively incompetent.

 - Daniel C Dennett

   Please reply to the list;
 please *don't* CC me.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Squid Problem

[Jose Joaquin Ruiz Silva]

Good morning I am Cuban I have mounted squid 2.7 on debian wheezy and
it works fine but I am looking for a page that will allow users to
change the password, see their quota, the user expire after 1 year,
the password expire in 2 months but That an email arrives to him on
the last 10 days telling him that he has 10 days to change the
password.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] No valid signing SSL certificate configured for HTTPS_port

[konradka]

Hi Amos,

This could be the problem. I built another VM based on Debian and ended up
creating my own CA / PKI.

Self-signed certificates worked and I was able to move on at last.

Great learning experience to see how SSL / openssl works.

Now I am stuck with Windows client unable to connect to reverse-proxyfied
Exchange.

When I connect via NAT/PAT, I can get to OWA/ECP.

When squid is acting as reverse-proxy, connection is timing out.

Looks like my Exchange SSL is not working but I will deal with this later.

Thanks a lot for your help.

Cheers

Konrad




On Tue, Nov 8, 2016 at 6:18 AM, Amos Jeffries [via Squid Web Proxy Cache] <
ml-node+s1019090n468045...@n4.nabble.com> wrote:

> On 6/11/2016 7:52 a.m., Garri Djavadyan wrote:
>
> > On 2016-11-05 23:10, konradka wrote:
> >> Hi Garri,
> >>
> >> Thanks for your responses mate !
> >>
> >> I did not realize that the squid was compiled with proxy user. Well
> >> spotted
> >> !
> >>
> >> It looks like permission's issue but squid error message is not giving
> >> away
> >> any more details.
> >>
> >> I will configure debug_options to see what is failing exactly.
> >>
> >> The modulus check is a good idea too so I will get this checked and
> >> post the
> >> results.
> >
> > Actually, there should not be problems with DAC rights for user 'proxy',
> > I found that Squid reads the keys as root. But there may be problems
> > with MAC rights for Squid, if any enabled by default. As you use Ubuntu,
> > you should check AppArmor logs for problems indication.
> >
> > The same error may appear, if path or filename is misspelled.
> >
>
> Or if the key= parameter is listed before the cert= parameter. I have
> just made that case a different (and FATAL) error on config loading.
>
> After loading the cert and key from the relevant files, Squid verifies
> that they are a matching pair. This message is output if for any reason
> that check fails, or the loading fails.
>
> Amos
>
> ___
> squid-users mailing list
> [hidden email] 
> http://lists.squid-cache.org/listinfo/squid-users
>
>
> --
> If you reply to this email, your message will be added to the discussion
> below:
> http://squid-web-proxy-cache.1019090.n4.nabble.com/No-
> valid-signing-SSL-certificate-configured-for-HTTPS-port-
> tp4680434p4680457.html
> To unsubscribe from No valid signing SSL certificate configured for
> HTTPS_port, click here
> 
> .
> NAML
> 
>




--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/No-valid-signing-SSL-certificate-configured-for-HTTPS-port-tp4680434p4680459.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Login/Pass from squid to Squid

[FredB]

> 
> I have my ACLs based off what group an individual belongs to in a
> LDAP
> tree.
> 
> Perhaps something like that would be helpful in your setup.
> 
> -Dan
> ___

Thank you

If you have an example, I would be happy to look into

Fred
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users