Re: [squid-users] Caching Vimeo Videos

2018-12-29 Thread Eliezer Croitoru 
For what OS?

Eliezer


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il



-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf 
Of M K Raju
Sent: Tuesday, December 25, 2018 12:50
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Caching Vimeo Videos

Thanks Eliezer,

Our videos are streaming with HLS Dash only.
Please give me examples with SSL-BUMP and Store ID helper.

Regards.



--
Sent from: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid 4.4 security_file_certgen helpers crashing

2018-12-29 Thread Eliezer Croitoru 
Hey Alex,

I didn't had the time to sit and compose a STDINT/OUT input and output that can 
be used to test the security_file_certgen.
Can you or anyone of the related developers post in the wiki a simple "example" 
input that can be sent over STDIN to debug this type of issues?
I can just load the software as squid or proxy user but...
Another option is to point us towards the debug options that will give the 
testing admins(or me) an option to copy and paste the data that squid is 
sending to the helper.

Thanks,
Eliezer


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il


-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf 
Of Alex Rousskov
Sent: Friday, December 28, 2018 05:29
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid 4.4 security_file_certgen helpers crashing

On 12/27/18 2:30 PM, johnr wrote:

> I find the following in the cache log:

> 2018/12/27 21:15:40 kid1| WARNING:
> /usr/local/squid/libexec/security_file_certgen -s
> /usr/local/squid/var/cache/squid/ssl_db -M 4MB #Hlpr1 exited

We need to figure out why the helper is exiting. If there are no error
messages in cache.log, then your system log may have additional
information such as the process signal that killed the helper. If it was
a crash, then your core dump directory should have the corresponding
core dump (make sure you enable core dumps!) that you can examine with gdb.


> I ran the security_gen_helper under GDB and it seems to be crashing here:
> https://github.com/squid-cache/squid/blob/master/src/ssl/gadgets.cc#L218

If you can reproduce helper crash while it has gdb attached, please post
the stack trace.


> I saw a commit supporting a newer version of openssl, I wonder if
> that may have mistakenly broken support for older versions of
> openssl?

Sure, it may have. Most likely, the changes are not tested in an
environment matching yours, and the bug may be environment-driven.


If you get more details such as a backtrace, please consider filing a
bug report with all the details.


Thank you,

Alex.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Whitelisting youtube

2018-12-29 Thread Eliezer Croitoru 
Sorry Marcus I totally forgot about this.

I was not talking about this issue but something about the init and other 
scripts that are being installed.

I will test it in the next weeks and will have a better overview and send it to 
you privately.

 

Thank,

Eliezer

 



  Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il



 

From: Marcus Kool [mailto:marcus.k...@urlfilterdb.com] 
Sent: Saturday, December 29, 2018 22:51
To: elie...@ngtech.co.il; squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Whitelisting youtube

 

Hi Eliezer,

If you mean compiler errors on debian 9 which has OpenSSL 1.1 ...  

We will release ufdbGuard 1.34 soon which supports OpenSSL 1.1 since OpenSSL 
1.1 is not compatible with OpenSSL 1.0.

Marcus

 

On 29/12/2018 15:22, elie...@ngtech.co.il   wrote:

Markus,

 

Does ufdbGuard have a Debian package or build instructions?
The last time I tried to compile it on both Debian and Ubuntu I have 
encountered couple issues.

 

Thanks,

Eliezer

 

 



  Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email:   elie...@ngtech.co.il



 

From: squid-users   
 On Behalf Of Marcus Kool
Sent: Friday, December 28, 2018 12:14
To: squid-users@lists.squid-cache.org 
 
Subject: Re: [squid-users] Whitelisting youtube

 

Wolfgang, why don't you stop using squidguard which has no support for 5+ years 
and switch to ufdbGuard?

ufdbGuard is regularly maintained and has a Reference Manual that explains what 
and how to whitelist domains.

Marcus

 

On 28/12/2018 07:18, Wolfgang Paul Rauchholz wrote:

Problem staqtement: can't whitelist youtube.com  

 

I run squid 3.5 and squiguard on a CENTOS 7 home linux server.

The blacklist database is created by a publicly available script called 
getlists.sh. This script downloads and compiles blacklists  from several sites 
(e.g. squidguard website)

To whitelist youtube which is blocked too,  I created the directory 'white' 
within 'blacklist'. The squidguard config looks like this:

 

dest white {

domainlist  white/domains

urllist white/urls

}

 

acl {

default {

passwhite !adv !porn !warez all

redirect http://localhost/block.html

}

}

 

the domaon file withi nwhite has these entries:

.2mdn.net:443  

.accounts.google.com  

.accounts.youtube.com  

.dnld.googlevideo.com  

.gmail.com:443-

.googleads4.g.doubleclick.net  

.googlevideo.com  

.i.ytimg.com  

.nek.googlevideo.com  

.play.google.com  

.sb.scorecardresearch.com  

.s.ytimg.com  

.youtube.com  

.ytimg.com  

 

The entry I find in access.lof file reads like this:

1545988674.026  0 10.5.2.96 TAG_NONE/503 0 CONNECT www.youtube.com:443 
  - HIER_NONE/- -

 

 

I still cannot unblock youtube.

I'd appreciate your help in resolving this.

 

Wolfgang

 

 

 






___
squid-users mailing list
squid-users@lists.squid-cache.org  
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid4 with GnuTLS - specify ciphers or disable protocols

2018-12-29 Thread Amos Jeffries 
I think I have managed to track this down. It seems to be a side effect
of the session management being designed for OpenSSL where the context
implicitly shares details in the library between sessions linked to that
context. Under GnuTLS the sessions generated by clients connecting are
not inheriting details from the listening context+session state, where
they do under OpenSSL.

It may take a while to get that logic redesigned and the fix merged.

Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Whitelisting youtube

2018-12-29 Thread Marcus Kool 

Hi Eliezer,

If you mean compiler errors on debian 9 which has OpenSSL 1.1 ...

We will release ufdbGuard 1.34 soon which supports OpenSSL 1.1 since OpenSSL 
1.1 is not compatible with OpenSSL 1.0.

Marcus


On 29/12/2018 15:22, elie...@ngtech.co.il wrote:


Markus,

Does ufdbGuard have a Debian package or build instructions?
The last time I tried to compile it on both Debian and Ubuntu I have 
encountered couple issues.

Thanks,

Eliezer



Eliezer Croitoru 
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il 

cid:image001.png@01D2675E.DCF360D0

*From:* squid-users  *On Behalf Of 
*Marcus Kool
*Sent:* Friday, December 28, 2018 12:14
*To:* squid-users@lists.squid-cache.org
*Subject:* Re: [squid-users] Whitelisting youtube

Wolfgang, why don't you stop using squidguard which has no support for 5+ years 
and switch to ufdbGuard?

ufdbGuard is regularly maintained and has a Reference Manual that explains what 
and how to whitelist domains.

Marcus

On 28/12/2018 07:18, Wolfgang Paul Rauchholz wrote:

Problem staqtement: can't whitelist youtube.com 

I run squid 3.5 and squiguard on a CENTOS 7 home linux server.

The blacklist database is created by a publicly available script called 
getlists.sh. This script downloads and compiles blacklists  from several sites 
(e.g. squidguard website)

To whitelist youtube which is blocked too,  I created the directory 'white' 
within 'blacklist'. The squidguard config looks like this:

dest white {

      domainlist      white/domains

      urllist         white/urls

}

acl {

      default {

              pass    white !adv !porn !warez all

              redirect http://localhost/block.html

              }

}

the domaon file withi nwhite has these entries:

.2mdn.net:443 

.accounts.google.com 

.accounts.youtube.com 

.dnld.googlevideo.com 

.gmail.com:443-

.googleads4.g.doubleclick.net 

.googlevideo.com 

.i.ytimg.com 

.nek.googlevideo.com 

.play.google.com 

.sb.scorecardresearch.com 

.s.ytimg.com 

.youtube.com 

.ytimg.com 

The entry I find in access.lof file reads like this:

1545988674.026     0 10.5.2.96 TAG_NONE/503 0 CONNECT www.youtube.com:443 
 - HIER_NONE/- -

I still cannot unblock youtube.

I'd appreciate your help in resolving this.

Wolfgang



___

squid-users mailing list

squid-users@lists.squid-cache.org  


http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Whitelisting youtube

2018-12-29 Thread eliezer 
Markus,

 

Does ufdbGuard have a Debian package or build instructions?
The last time I tried to compile it on both Debian and Ubuntu I have 
encountered couple issues.

 

Thanks,

Eliezer

 

 



  Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email:   elie...@ngtech.co.il



 

From: squid-users  On Behalf Of 
Marcus Kool
Sent: Friday, December 28, 2018 12:14
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Whitelisting youtube

 

Wolfgang, why don't you stop using squidguard which has no support for 5+ years 
and switch to ufdbGuard?

ufdbGuard is regularly maintained and has a Reference Manual that explains what 
and how to whitelist domains.

Marcus

 

On 28/12/2018 07:18, Wolfgang Paul Rauchholz wrote:

Problem staqtement: can't whitelist youtube.com  

 

I run squid 3.5 and squiguard on a CENTOS 7 home linux server.

The blacklist database is created by a publicly available script called 
getlists.sh. This script downloads and compiles blacklists  from several sites 
(e.g. squidguard website)

To whitelist youtube which is blocked too,  I created the directory 'white' 
within 'blacklist'. The squidguard config looks like this:

 

dest white {

domainlist  white/domains

urllist white/urls

}

 

acl {

default {

passwhite !adv !porn !warez all

redirect http://localhost/block.html

}

}

 

the domaon file withi nwhite has these entries:

.2mdn.net:443  

.accounts.google.com  

.accounts.youtube.com  

.dnld.googlevideo.com  

.gmail.com:443-

.googleads4.g.doubleclick.net  

.googlevideo.com  

.i.ytimg.com  

.nek.googlevideo.com  

.play.google.com  

.sb.scorecardresearch.com  

.s.ytimg.com  

.youtube.com  

.ytimg.com  

 

The entry I find in access.lof file reads like this:

1545988674.026  0 10.5.2.96 TAG_NONE/503 0 CONNECT www.youtube.com:443 
  - HIER_NONE/- -

 

 

I still cannot unblock youtube.

I'd appreciate your help in resolving this.

 

Wolfgang

 

 

 





___
squid-users mailing list
squid-users@lists.squid-cache.org  
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Whitelisting youtube

2018-12-29 Thread Amos Jeffries 
On 28/12/18 10:18 pm, Wolfgang Paul Rauchholz wrote:
> Problem staqtement: can't whitelist youtube.com
> 
...
> The entry I find in access.lof file reads like this:
> 1545988674.026      0 10.5.2.96 TAG_NONE/503 0 CONNECT
> www.youtube.com:443 - HIER_NONE/- -
> 

You cannot redirect a CONNECT tunnel with SquidGuard. You should prevent
this methods being sent to the redirector entirely, like so:

 url_rewrite_access deny CONNECT


Also, this is a 503 (unable to connect) error, not a denial. So
whitelisting is pointless.

Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users