[squid-users] Re: source address ip spoofing
Hi Amos, Thank you for the direction provided. If I understand right, with the right configuration that can delete the source IP from the header... it can be done. Thanks again, Julian -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/source-address-ip-spoofing-tp4667417p4667419.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] RE: YouTube Resolution Locker
Hi All, New version 1.10 including YouTube, Vevo and DailyMotion videos. https://sourceforge.net/projects/youtuberesolutionlocker/ Have fun Questions and/or comments are welcome... Bye Fred -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Video-Resolution-Locker-tp4667042p4667420.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] squid yum install
Hello Experts, How to install squid-3.4.7 using yum? Regards Santosh
[squid-users] Fresh Freebsd 10 and squid 2.7.9 Try to set MAKE_JOBS_UNSAFE error
I´m trying to install squid 2.7.9 in a fresh new freebsd 10 amd64 and make install show this error. Any idea? (i´m not finding in the net the solution...) Try to set MAKE_JOBS_UNSAFE=yes and rebuild before reporting the failure to the maintainer. ___ Complete error post: make[5]: stopped in /usr/ports/www/squid/work/squid-2.7.STABLE9/src --- errorpage.o --- mv -f .deps/errorpage.Tpo .deps/errorpage.Po --- external_acl.o --- mv -f .deps/external_acl.Tpo .deps/external_acl.Po --- fqdncache.o --- mv -f .deps/fqdncache.Tpo .deps/fqdncache.Po --- forward.o --- mv -f .deps/forward.Tpo .deps/forward.Po --- gopher.o --- mv -f .deps/gopher.Tpo .deps/gopher.Po --- helper.o --- mv -f .deps/helper.Tpo .deps/helper.Po --- ftp.o --- mv -f .deps/ftp.Tpo .deps/ftp.Po 1 error make[5]: stopped in /usr/ports/www/squid/work/squid-2.7.STABLE9/src *** [all-recursive] Error code 1 make[4]: stopped in /usr/ports/www/squid/work/squid-2.7.STABLE9/src 1 error make[4]: stopped in /usr/ports/www/squid/work/squid-2.7.STABLE9/src *** [all] Error code 2 make[3]: stopped in /usr/ports/www/squid/work/squid-2.7.STABLE9/src 1 error make[3]: stopped in /usr/ports/www/squid/work/squid-2.7.STABLE9/src *** [all-recursive] Error code 1 make[2]: stopped in /usr/ports/www/squid/work/squid-2.7.STABLE9 1 error make[2]: stopped in /usr/ports/www/squid/work/squid-2.7.STABLE9 === Compilation failed unexpectedly. Try to set MAKE_JOBS_UNSAFE=yes and rebuild before reporting the failure to the maintainer. *** Error code 1 Stop. make[1]: stopped in /usr/ports/www/squid *** Error code 1 Stop. make: stopped in /usr/ports/www/squid --- Este mensaje no contiene virus ni malware porque la protección de avast! Antivirus está activa. http://www.avast.com
Re: [squid-users] Fresh Freebsd 10 and squid 2.7.9 Try to set MAKE_JOBS_UNSAFE error
Yes: don't use www/squid. It's marked as deprecated and will be removed in september. http://www.freshports.org/www/squid Use www/squid33 instead, which is 3.3.13 right now. 2014-08-28 17:02 GMT+04:00 Soporte Técnico sopo...@nodoalem.com.ar: I´m trying to install squid 2.7.9 in a fresh new freebsd 10 amd64 and make install show this error. Any idea? (i´m not finding in the net the solution...) Try to set MAKE_JOBS_UNSAFE=yes and rebuild before reporting the failure to the maintainer. ___ Complete error post: make[5]: stopped in /usr/ports/www/squid/work/squid-2.7.STABLE9/src --- errorpage.o --- mv -f .deps/errorpage.Tpo .deps/errorpage.Po --- external_acl.o --- mv -f .deps/external_acl.Tpo .deps/external_acl.Po --- fqdncache.o --- mv -f .deps/fqdncache.Tpo .deps/fqdncache.Po --- forward.o --- mv -f .deps/forward.Tpo .deps/forward.Po --- gopher.o --- mv -f .deps/gopher.Tpo .deps/gopher.Po --- helper.o --- mv -f .deps/helper.Tpo .deps/helper.Po --- ftp.o --- mv -f .deps/ftp.Tpo .deps/ftp.Po 1 error make[5]: stopped in /usr/ports/www/squid/work/squid-2.7.STABLE9/src *** [all-recursive] Error code 1 make[4]: stopped in /usr/ports/www/squid/work/squid-2.7.STABLE9/src 1 error make[4]: stopped in /usr/ports/www/squid/work/squid-2.7.STABLE9/src *** [all] Error code 2 make[3]: stopped in /usr/ports/www/squid/work/squid-2.7.STABLE9/src 1 error make[3]: stopped in /usr/ports/www/squid/work/squid-2.7.STABLE9/src *** [all-recursive] Error code 1 make[2]: stopped in /usr/ports/www/squid/work/squid-2.7.STABLE9 1 error make[2]: stopped in /usr/ports/www/squid/work/squid-2.7.STABLE9 === Compilation failed unexpectedly. Try to set MAKE_JOBS_UNSAFE=yes and rebuild before reporting the failure to the maintainer. *** Error code 1 Stop. make[1]: stopped in /usr/ports/www/squid *** Error code 1 Stop. make: stopped in /usr/ports/www/squid --- Este mensaje no contiene virus ni malware porque la protección de avast! Antivirus está activa. http://www.avast.com
RE: [squid-users] squid yum install
Hi, You can use the rpm as can be found in http://www1.ngtech.co.il/rpm/centos/6/x86_64/ BR Farooq -Original Message- From: Santosh Bhabal [mailto:sant...@antfarm.in] Sent: Thursday, August 28, 2014 6:02 PM To: squid-users@squid-cache.org Subject: [squid-users] squid yum install Hello Experts, How to install squid-3.4.7 using yum? Regards Santosh --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com
Re: [squid-users] Fresh Freebsd 10 and squid 2.7.9 Try to set MAKE_JOBS_UNSAFE error
Or, wait for squid 3.4.7 in ports. There is a PR for that. 2014-08-28 17:14 GMT+04:00 Pavel Timofeev tim...@gmail.com: Yes: don't use www/squid. It's marked as deprecated and will be removed in september. http://www.freshports.org/www/squid Use www/squid33 instead, which is 3.3.13 right now. 2014-08-28 17:02 GMT+04:00 Soporte Técnico sopo...@nodoalem.com.ar: I´m trying to install squid 2.7.9 in a fresh new freebsd 10 amd64 and make install show this error. Any idea? (i´m not finding in the net the solution...) Try to set MAKE_JOBS_UNSAFE=yes and rebuild before reporting the failure to the maintainer. ___ Complete error post: make[5]: stopped in /usr/ports/www/squid/work/squid-2.7.STABLE9/src --- errorpage.o --- mv -f .deps/errorpage.Tpo .deps/errorpage.Po --- external_acl.o --- mv -f .deps/external_acl.Tpo .deps/external_acl.Po --- fqdncache.o --- mv -f .deps/fqdncache.Tpo .deps/fqdncache.Po --- forward.o --- mv -f .deps/forward.Tpo .deps/forward.Po --- gopher.o --- mv -f .deps/gopher.Tpo .deps/gopher.Po --- helper.o --- mv -f .deps/helper.Tpo .deps/helper.Po --- ftp.o --- mv -f .deps/ftp.Tpo .deps/ftp.Po 1 error make[5]: stopped in /usr/ports/www/squid/work/squid-2.7.STABLE9/src *** [all-recursive] Error code 1 make[4]: stopped in /usr/ports/www/squid/work/squid-2.7.STABLE9/src 1 error make[4]: stopped in /usr/ports/www/squid/work/squid-2.7.STABLE9/src *** [all] Error code 2 make[3]: stopped in /usr/ports/www/squid/work/squid-2.7.STABLE9/src 1 error make[3]: stopped in /usr/ports/www/squid/work/squid-2.7.STABLE9/src *** [all-recursive] Error code 1 make[2]: stopped in /usr/ports/www/squid/work/squid-2.7.STABLE9 1 error make[2]: stopped in /usr/ports/www/squid/work/squid-2.7.STABLE9 === Compilation failed unexpectedly. Try to set MAKE_JOBS_UNSAFE=yes and rebuild before reporting the failure to the maintainer. *** Error code 1 Stop. make[1]: stopped in /usr/ports/www/squid *** Error code 1 Stop. make: stopped in /usr/ports/www/squid --- Este mensaje no contiene virus ni malware porque la protección de avast! Antivirus está activa. http://www.avast.com
Re: [squid-users] squid yum install
Hello Farooq, I am unable to find squid 3.4.7 rpm in the URL which you have given. Regards Santosh On Thu, Aug 28, 2014 at 6:51 PM, Farooq Bhatti far...@n4networks.net wrote: Hi, You can use the rpm as can be found in http://www1.ngtech.co.il/rpm/centos/6/x86_64/ BR Farooq -Original Message- From: Santosh Bhabal [mailto:sant...@antfarm.in] Sent: Thursday, August 28, 2014 6:02 PM To: squid-users@squid-cache.org Subject: [squid-users] squid yum install Hello Experts, How to install squid-3.4.7 using yum? Regards Santosh --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com
RE: [squid-users] squid yum install
Yes the last version is 3.4.5 on the link; And for yum check out this http://wiki.squid-cache.org/SquidFaq/BinaryPackages [squid] name=Squid repo for CentOS Linux 6 - $basearch #IL mirror baseurl=http://www1.ngtech.co.il/rpm/centos/6/$basearch/beta failovermethod=priority enabled=1 gpgcheck=0 Install Procedure: yum update yum install squid Seems required to wait until it is being uploaded to http://www1.ngtech.co.il/rpm/centos/6/x86_64/; Or if any other option do let me know as well as SRPM is also of 3.4.5 version yet. BR Farooq -Original Message- From: Santosh Bhabal [mailto:sant...@antfarm.in] Sent: Thursday, August 28, 2014 6:28 PM To: Farooq Bhatti Cc: squid-users@squid-cache.org Subject: Re: [squid-users] squid yum install Hello Farooq, I am unable to find squid 3.4.7 rpm in the URL which you have given. Regards Santosh On Thu, Aug 28, 2014 at 6:51 PM, Farooq Bhatti far...@n4networks.net wrote: Hi, You can use the rpm as can be found in http://www1.ngtech.co.il/rpm/centos/6/x86_64/ BR Farooq -Original Message- From: Santosh Bhabal [mailto:sant...@antfarm.in] Sent: Thursday, August 28, 2014 6:02 PM To: squid-users@squid-cache.org Subject: [squid-users] squid yum install Hello Experts, How to install squid-3.4.7 using yum? Regards Santosh --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com
Re: [squid-users] Fresh Freebsd 10 and squid 2.7.9 Try to set MAKE_JOBS_UNSAFE error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 29/08/2014 1:02 a.m., Soporte Técnico wrote: I´m trying to install squid 2.7.9 in a fresh new freebsd 10 amd64 and make install show this error. Any idea? Contact the FreeBSD package maintainers? Also, you could try installing a newer Squid release. 3.3 is available in FreeBSD ports. Amos -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJT/zQLAAoJELJo5wb/XPRj8XoIANIVES+IGX9M3Oc4GCsZqU1D zCFFrTDQ6tybLBn1oyyTPSHfQ2kq7L3RxrAFGN4DTSkN7LHVUFpCwEDfAl5ic6WS UN7cIsNJ5WTFOdhRYjL19FGpLwkKk/cqclrrkKVxoivWHPKPLhgGYvHDK+7Udf40 oLjVnZQDqwsHvbQpFDwCrcNn5/ITf5IOIwfMNfyquR6CQdThKKaPppswiTyQ5TYj SQCc4/vZQwORV1aq+3pd3XZmmGAa+ej9PFtLYgjS+2cC5CbSNu3ip1+fplEMHCpN kZoYnSklgGaDzYkRJ4eONq/bdVxTB8GjwB7FI9SI3+Bxv2Nr884PHIyO0lIeF28= =D4gQ -END PGP SIGNATURE-
Re: [squid-users] squid yum install
Hi, The latest release there is 3.4.5-2 built July []s, Fernando Lozano You can use the rpm as can be found in http://www1.ngtech.co.il/rpm/centos/6/x86_64/ How to install squid-3.4.7 using yum?
Re: [squid-users] Fresh Freebsd 10 and squid 2.7.9 Try to set MAKE_JOBS_UNSAFE error
On Thu, 2014-08-28 at 10:02 -0300, Soporte Técnico wrote: I´m trying to install squid 2.7.9 in a fresh new freebsd 10 amd64 and make install show this error. Why? 2.7 is no longer supported. 3.3.13 is in the ports and there is a pending port for 3.4.7. Any idea? (i´m not finding in the net the solution...) Try to set MAKE_JOBS_UNSAFE=yes and rebuild before reporting the failure to the maintainer. ___ Complete error post: make[5]: stopped in /usr/ports/www/squid/work/squid-2.7.STABLE9/src --- errorpage.o --- mv -f .deps/errorpage.Tpo .deps/errorpage.Po --- external_acl.o --- mv -f .deps/external_acl.Tpo .deps/external_acl.Po --- fqdncache.o --- mv -f .deps/fqdncache.Tpo .deps/fqdncache.Po --- forward.o --- mv -f .deps/forward.Tpo .deps/forward.Po --- gopher.o --- mv -f .deps/gopher.Tpo .deps/gopher.Po --- helper.o --- mv -f .deps/helper.Tpo .deps/helper.Po --- ftp.o --- mv -f .deps/ftp.Tpo .deps/ftp.Po 1 error make[5]: stopped in /usr/ports/www/squid/work/squid-2.7.STABLE9/src *** [all-recursive] Error code 1 make[4]: stopped in /usr/ports/www/squid/work/squid-2.7.STABLE9/src 1 error make[4]: stopped in /usr/ports/www/squid/work/squid-2.7.STABLE9/src *** [all] Error code 2 make[3]: stopped in /usr/ports/www/squid/work/squid-2.7.STABLE9/src 1 error make[3]: stopped in /usr/ports/www/squid/work/squid-2.7.STABLE9/src *** [all-recursive] Error code 1 make[2]: stopped in /usr/ports/www/squid/work/squid-2.7.STABLE9 1 error make[2]: stopped in /usr/ports/www/squid/work/squid-2.7.STABLE9 === Compilation failed unexpectedly. Try to set MAKE_JOBS_UNSAFE=yes and rebuild before reporting the failure to the maintainer. *** Error code 1 Stop. make[1]: stopped in /usr/ports/www/squid *** Error code 1 Stop. make: stopped in /usr/ports/www/squid --- Este mensaje no contiene virus ni malware porque la protección de avast! Antivirus está activa. http://www.avast.com
[squid-users] Whether we can redirect video traffic to squid 2.7 via porting mirror
Hi , i have a switch , and i hope to redirect video traffic to Cache via
using Port mirroring feature , and monitoring network traffic that
involves forwarding a copy of
each packet from one network switch.
Whether Squid 2.7 can listen and identify mirroring data packet ?
if Squid 2.7 can identify , i hope to match video part and send 302 http
packet to end user via url_rewrite_access and redirect the user's
request to Cache
Whether my thought is correct way ?
Or Whether we can realize the goal via dansguardian + squid or
squidguard + squid or icap +squid ?
if possible , please help me .
***
url_rewrite_program /cache/video_operation
url_rewrite_children 10
acl location_rewrite_video url_regex -i
^http://[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\/video\/.*\.(m4v|flv|mp4|wmv|rm|ram|mov|avi|mp3)\?nk=
url_rewrite_access allow location_rewrite_video
这是part program of video_operation
int video(string *domain, string *urlf)
{
if(regexMatch(^http://[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\/video/;,
*urlf)){
if(regexMatch(\\.(flv|mp4)$,*urlf) ||
regexMatch(\\.(flv|mp4)\\?start=, *urlf)){
*urlf = http://192.168.2.6/video/; + get_foldername(*urlf, 1) + / +
get_filename(*urlf);
} else if (regexMatch(\\.(flv|mp4)\\?special=true$,*urlf)) {
//redirect sphotos and photos-[a-z] to the same url
*urlf = *domain +/ + .video/ + get_foldername(*urlf, 1) + / +
get_filename(*urlf) + ?special=true;
}
else if (regexMatch(\\.(flv|mp4)\\?nk=,*urlf)) { //redirect sphotos
and photos-[a-z] to the same url
*urlf = 302:http://192.168.2.6/video/; + get_foldername(*urlf, 1) + /
+ get_filename(*urlf);
}
return 1;
}
return 0;
}
[squid-users] Whether we can redirect video traffic to squid 2.7 via porting mirror
于 2014年08月28日 23:51, johnzeng 写道:
Hi , i have a switch , and i hope to redirect video traffic to Cache via
using Port mirroring feature , and monitoring network traffic that
involves forwarding a copy of
each packet from one network switch.
Whether Squid 2.7 can listen and identify mirroring data packet ?
if Squid 2.7 can identify , i hope to match video part and send 302 http
packet to end user via url_rewrite_access and redirect the user's
request to Cache
Whether my thought is correct way ?
Or Whether we can realize the goal via dansguardian + squid or
squidguard + squid or icap +squid ?
if possible , please help me .
***
url_rewrite_program /cache/video_operation
url_rewrite_children 10
acl location_rewrite_video url_regex -i
^http://[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\/video\/.*\.(m4v|flv|mp4|wmv|rm|ram|mov|avi|mp3)\?nk=
url_rewrite_access allow location_rewrite_video
这是part program of video_operation
int video(string *domain, string *urlf)
{
if(regexMatch(^http://[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\/video/;,
*urlf)){
if(regexMatch(\\.(flv|mp4)$,*urlf) ||
regexMatch(\\.(flv|mp4)\\?start=, *urlf)){
*urlf = http://192.168.2.6/video/; + get_foldername(*urlf, 1) + / +
get_filename(*urlf);
} else if (regexMatch(\\.(flv|mp4)\\?special=true$,*urlf)) {
//redirect sphotos and photos-[a-z] to the same url
*urlf = *domain +/ + .video/ + get_foldername(*urlf, 1) + / +
get_filename(*urlf) + ?special=true;
}
else if (regexMatch(\\.(flv|mp4)\\?nk=,*urlf)) { //redirect sphotos
and photos-[a-z] to the same url
*urlf = 302:http://192.168.2.6/video/; + get_foldername(*urlf, 1) + /
+ get_filename(*urlf);
}
return 1;
}
return 0;
}
Re: [squid-users] Whether we can redirect video traffic to squid 2.7 via porting mirror
On Thursday 28 August 2014 at 17:51:04 (EU time), johnzeng wrote: Hi , i have a switch , and i hope to redirect video traffic to Cache via using Port mirroring feature Whether Squid 2.7 can listen and identify mirroring data packet ? You can't just feed traffic in to Squid - it has to request it, otherwise it won't have a clue what to do with it. if Squid 2.7 can identify , i hope to match video part and send 302 http packet to end user via url_rewrite_access and redirect the user's request to Cache Why not just tell the client to use Squid as a proxy? Then: - Squid will make the requests and know what to do with the response traffic it gets back - you don't need to send a 302 redirect to the client; it'll just get the cached content automatically - clients will get the benefits of caching for everything else, as well as the video In other words, why not just set up Squid normally? Antony. -- Pavlov is in the pub enjoying a pint. The barman rings for last orders, and Pavlov jumps up exclaiming Damn! I forgot to feed the dog! Please reply to the list; please *don't* CC me.
Re: [squid-users] Whether we can redirect video traffic to squid 2.7 via porting mirror
I see , but it will be normal way , we can redirect full http traffic via route-map or Wccp , but if we redirect part video traffic only , porting mirror + 302 http packet will be safe way . On Thursday 28 August 2014 at 17:51:04 (EU time), johnzeng wrote: Hi , i have a switch , and i hope to redirect video traffic to Cache via using Port mirroring feature Whether Squid 2.7 can listen and identify mirroring data packet ? You can't just feed traffic in to Squid - it has to request it, otherwise it won't have a clue what to do with it. if Squid 2.7 can identify , i hope to match video part and send 302 http packet to end user via url_rewrite_access and redirect the user's request to Cache Why not just tell the client to use Squid as a proxy? Then: - Squid will make the requests and know what to do with the response traffic it gets back - you don't need to send a 302 redirect to the client; it'll just get the cached content automatically - clients will get the benefits of caching for everything else, as well as the video In other words, why not just set up Squid normally? Antony.
Re: [squid-users] Whether we can redirect video traffic to squid 2.7 via porting mirror
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 29/08/2014 4:17 a.m., johnzeng wrote: I see , but it will be normal way , we can redirect full http traffic via route-map or Wccp , but if we redirect part video traffic only , porting mirror + 302 http packet will be safe way . No, port mirroring is most unsafe way to configure and not possible with HTTP agents. HTTP is designed to work with proxy intermediaries like Squid as part of the messaging system. Perhapse you need to read http://tools.ietf.org/html/rfc7230#section-2.3, which documents how HTTP works with Squid. Maybe also http://tools.ietf.org/html/rfc7230#section-2.3 which documents how caches operate in HTTP. Amos -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJT/1uWAAoJELJo5wb/XPRjyxAH/R9Osq5ljHnkEfqh7C84ol5m 7RpX/QL0zE7N8qikhCZbj3cmGz5OTiQIU7cPCj4cWMrU6Ge0txy4g4UoHk7yjW9/ 6+SC8PtibkGKE8nqkDXa7TaAvYfsSIz/wxGXRhPsgQ8GbPv/Fkg6cw/fYae3n2xd xOKWf4wCBrjBt2qwBZvvYnxsHUVts4L57mk/JpB5L33ANk4yJpdAW5MUg5xHKWBw dA0vFOTbFvUsqRnpnFEac419moGFksqXwUL83b0330vos1OSks0F6aooqbhfSHyc JhYA+RfQXHNPwDML9x4nlQbrV8wihsJG3agwJ0P2Ur77BSdv/SwnmWzQ7b2UbdY= =Q5Yd -END PGP SIGNATURE-
[squid-users] Re: source address ip spoofing
Hi Amos, We turned off X-Forwarded-For/Via headers and the effect was quite opposite we expected :( Now if a host checks What is my IP? against any online website it shows only the IP address of the Proxy Server. What we want is exactly the opposite. When a host checks their IP we want them to see their own IP with no show of the Proxy Server IP. This way we don't have to log the hosts access because they will identify to any Internet Server with their own IP. We don't want our users to hide behind Proxy IP. Would this be possible when using wpad redirection? Is there a way to make Squid completely spoof source IP and become transparent for the users? Thank you for your help, Julian -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/source-address-ip-spoofing-tp4667417p4667436.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Re: kerberos_ldap_group stopped working with subdomains
Yes it looks like a typo.
Markus
Pavel Timofeev wrote in message
news:CAAoTqftnGm9+iUxxnSCyRcRhKAQyJ-dkWLqQqR3YaL=wawe...@mail.gmail.com...
Thanks!
I think I've noticed a typo in squid 3.4.7
# diff -u helpers/external_acl/kerberos_ldap_group/support_ldap.cc.orig
helpers/external_acl/kerberos_ldap_group/support_ldap.cc
--- helpers/external_acl/kerberos_ldap_group/support_ldap.cc.orig
2014-08-27 21:37:01.0 +0400
+++ helpers/external_acl/kerberos_ldap_group/support_ldap.cc
2014-08-27 21:37:15.0 +0400
@@ -811,7 +811,7 @@
#endif
}
-if (kc (!margs-lurl || !margs-luser | !margs-lpass)) {
+if (kc (!margs-lurl || !margs-luser || !margs-lpass)) {
/*
* If Kerberos fails and no url given exit here
*/
True?
2014-08-27 18:20 GMT+04:00 Amos Jeffries squ...@treenet.co.nz:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 26/08/2014 7:44 a.m., Markus Moeller wrote:
Hi Pavel,
Can you remove line 263 from support_krb5.cc and recompile ? It is
fixed in the trunk for 3.5.
The line is safe_free(principal_name);
Regards Markus
For the record, this fix is now in 3.4.7.
Amos
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJT/elDAAoJELJo5wb/XPRjsk0H/irbDYvwbf8Asg/XWuxX1vK8
w0aiTACKtr/G3le2qpKz5eZLtG+6J5fznujN04wFDBdOmwfr4j+MWV8IcYO3Ij/y
SfdsGIu7oRljQrBUMWop5Leyxg3kqYcQc+8316mlAgr4SdLeQTFN+8H+jpv2Rdv3
Ftxaf0/eVnnujnwnnU5UijVXJ5pur/IMeXv+raByCzFdRVJm4ooHxJYMwe5vYzgI
ParSG9zlslZh3xR9Ae75Joo3R9S5PN6qnwiBTw4e73NP9m3aiDOyYHIOXIWEf2/Y
BD4hlTm7j9sJWumyBh0b0VD2D05cYV7eVlZzOkqoBWsiTkBNMf4z5kEpmvenjt0=
=RLho
-END PGP SIGNATURE-
Re: [squid-users] squid yum install
Hey There, Indeed there is not yet a 3.4.7 release due to the basic fact that it was released in the last 24 hours and it takes time to run a basic test and build the RPMS. I will probably build the 3.4.7 RPMS in the next week. The release will be for CentOS 6 and not yet 7. Indeed squid builds on CentOS 7 but from my point view it is not tested enough for production compared to ubuntu 14.04. I will release notes about it later. Eliezer On 08/28/2014 04:28 PM, Santosh Bhabal wrote: Hello Farooq, I am unable to find squid 3.4.7 rpm in the URL which you have given. Regards Santosh
Re: [squid-users] Re: source address ip spoofing
Hey Julian, I think you do not understand couple things. When you use a proxy in a Forward mode which is configured in the clients browser using wpad.dat, there is no means to SPOOF their IP. There is indeed a way to do it but it also depends on many factors which in your case I suspect you cannot meet. The IP address which sites shows is only depends on their own scripts and way to look at the requests. The basic way is to show only the src IP of the machine such as the proxy. There is a way to detect a x_forward_for header and to show this but nobody in the real world will use this header as a src IP in his tests if he is sane. For example if this LAN network(if I understood right) has a segment of 192.168.0.0/24 and the internet server will show the real client ip as 192.168.0.100(example) it is a lie from his point of view and from the internet point of view. Also in this case there is no way to spoof this address since it's a local network address space which do not exists on the internet. Hope it explained the basic issue. Eliezer On 08/28/2014 08:51 PM, Julian wrote: Hi Amos, We turned off X-Forwarded-For/Via headers and the effect was quite opposite we expected:( Now if a host checks What is my IP? against any online website it shows only the IP address of the Proxy Server. What we want is exactly the opposite. When a host checks their IP we want them to see their own IP with no show of the Proxy Server IP. This way we don't have to log the hosts access because they will identify to any Internet Server with their own IP. We don't want our users to hide behind Proxy IP. Would this be possible when using wpad redirection? Is there a way to make Squid completely spoof source IP and become transparent for the users? Thank you for your help, Julian
[squid-users] Re: source address ip spoofing
Hi Eliezer, I understand what you say, but we use external IPs for our network hosts (nothing in 192.168.x.x range). What I need is to direct the traffic to our proxy using the wpad mechanism (which works just fine for us) but to make our proxy completely transparent to external destinations. I think TPROXY Squid might be a way to do it, but we only use Squid 2.7 now. We want to keep running with our Proxy in the same deployment scenario, except that we need external Internet destinations to see the requests coming from our hosts IP(s) instead of our Proxy. Thank you for your insights, Julian -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/source-address-ip-spoofing-tp4667417p4667440.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] squid yum install
Hi Eliezer, For my part I appreciate very much your effort building and hosting those packages and understand it takes some time. Thanks a lot! PS: Most of my proposed changes (like SELinux policy for SMP) are already in Fedora. Have to check if they have moved to RHEL6/7 and so to CentOS. []s, Fernando Lozano Hey There, Indeed there is not yet a 3.4.7 release due to the basic fact that it was released in the last 24 hours and it takes time to run a basic test and build the RPMS. I will probably build the 3.4.7 RPMS in the next week. The release will be for CentOS 6 and not yet 7. Indeed squid builds on CentOS 7 but from my point view it is not tested enough for production compared to ubuntu 14.04. I will release notes about it later. Eliezer On 08/28/2014 04:28 PM, Santosh Bhabal wrote: Hello Farooq, I am unable to find squid 3.4.7 rpm in the URL which you have given. Regards Santosh
Re: [squid-users] Re: source address ip spoofing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 29/08/2014 11:09 a.m., Julian wrote: Hi Eliezer, I understand what you say, but we use external IPs for our network hosts (nothing in 192.168.x.x range). How is any of the software along the HTTP traffic route supposed to know that? What I need is to direct the traffic to our proxy using the wpad mechanism (which works just fine for us) but to make our proxy completely transparent to external destinations. I think TPROXY Squid might be a way to do it, but we only use Squid 2.7 now. The IP spoofed by TPROXY is the IP received on the TCP packets, it is not necessarily the end users IP. TPROXY is also incompatible with manual and WPAD configuration. TPROXY traffic has CVE-2009-0801 security checks applied to it, which on explicitly configured proxy traffic will lead to infinite forwarding loops as the proxy transparently relays to its own IP. Going back to your original post there are two incorrect statements which may be confusing you... 1) Proxy Auto-Discovery on our users browsers is able to get activated by a wpad.dat file which transparently redirects our users HTTP requests to our Proxy Server. WPAD is sometimes called transparent configuration. Emphasis on configuration. There is no redirect happening at all, anywhere. The client software is explicitly using Automatic Discovery (the __AD) to locate the proxy it is going to tranfer through without the user having to do anything. The way our Proxy Server works now is by hiding the IP address of users getting directed to our machine. What the proxy does is called Application Layer Gateway. From the outside it looks a bit like what NAT does, the TCP layer IP:port address changes to one for the gateway service (aka Squid) so that TCP reply packets are able to return to the proxy. What you want is just not possible at all with Squid-2.7 and unlikely to be possible with any newer release either. Consider what happens when the proxy generates a new connection: TCP SYN packets with the client IP on them ... the TCP SYN-ACK packets get sent straight back to that client IP ... then what? connection hangs. We want to keep running with our Proxy in the same deployment scenario, except that we need external Internet destinations to see the requests coming from our hosts IP(s) instead of our Proxy. HTTP is designed to operate with multiple intermediaries in similar ways to how SMTP and DNS operate with proxies/relays/recursive-resolver. The X-Forwarded-For header(**) is how HTTP relays details about the *sequence* of client IPs which are used to reach the origin server. http://tools.ietf.org/html/rfc7230#section-2.3 So, Why are you requesting this? what real problem are you trying to solve that makes you think about spoofing the client IP? Amos -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJT//kKAAoJELJo5wb/XPRjYwQIALlPG52K65lcke/cjBTbcGFI BCP+dP9GT5SaI2zW+QrV9i/wmw5g9YdHGvssbMblIn2HTuYdTXdjXgUCXTc1LjsI c7KU55apgyViVqgb6XWSPixTPOeaAXJu2RoqxoOD9IWxjbr93Ut5zw1O9dTqxYNX fJbGcKDHeJ8z0QMk3IKp89+GozUc2G0K1eVk+hREQWjt2J2KZmZIY3DonMfUAmqM i3BaBtJ2PFfATbkNQ1kJ1MwGFonrafmIakfDU1wp0MvUvjV9msKwA7e+S9xAqgD+ ivW7hKGJBQi0I7VJbWhhHcENrWa6nCQHGq1HJZ6vfObHCFGQ7knW4/QB+uTn/JI= =Teo/ -END PGP SIGNATURE-
RE: [squid-users] squid yum install
Does anyone know who builds the latest versions of squid RPMs for Opensuse? I would love to upgrade but can't. -Original Message- From: Eliezer Croitoru [mailto:elie...@ngtech.co.il] Sent: Thursday, August 28, 2014 3:40 PM To: squid-users@squid-cache.org Subject: Re: [squid-users] squid yum install Hey There, Indeed there is not yet a 3.4.7 release due to the basic fact that it was released in the last 24 hours and it takes time to run a basic test and build the RPMS. I will probably build the 3.4.7 RPMS in the next week. The release will be for CentOS 6 and not yet 7. Indeed squid builds on CentOS 7 but from my point view it is not tested enough for production compared to ubuntu 14.04. I will release notes about it later. Eliezer On 08/28/2014 04:28 PM, Santosh Bhabal wrote: Hello Farooq, I am unable to find squid 3.4.7 rpm in the URL which you have given. Regards Santosh
[squid-users] parent problem - TCP_MISS/403 from parent
Hello! I used havp with squid for several years, but now decided to drop havp to c-icap. So I had squid-havp-squid scheme. first squid listens on port 8090, havp on 8091, external squid on 8092. All of them are on the same host. Now I don't need havp, but I can't get external squid work as parent , I always get TCP_MISS/403 from it. 1409286793.325 0 127.0.0.1 TCP_MISS/403 5150 GET http://www.gismeteo.ru/city/daily/4508/ - HIER_NONE/- text/html If I connect to it directly- it works: 1409287034.615 72 192.168.22.229 TCP_MISS/200 16605 GET http://www.gismeteo.ru/city/daily/4508/ - HIER_DIRECT/212.24.42.230 text/html for havp I had : cache_peer 127.0.0.1 parent8091 0 no-query no-digest no-netdb-exchange default now I wrote cache_peer 127.0.0.1 parent8092 0 no-digest no-query default and it doesn't work. I can't understand what is wrong here :-( I currently run squid 3.4.7. Thank you!
