[squid-users] very tricky problem
hello i was asked to trace (= to log using access log) all the url of a site: https://www.example.com visited by the dependents of a company. The issue is that this site is a https java application and in access.log there is only the first connect, then nothing at all. There is a form that ask userpasword to login to this java application, and i was asked to count the number of login, only. They don't need anything more, the number of login per-user. Of course the site https://www.example.com is out of our control and the very large company that handle this site has declared that we cannot do anything., sadly. They cannot provide us w/ any trace information. Is there a way to solve my issue? thnx -- m.
Re: [squid-users] very tricky problem
Or have you used example.com as an example for another domain whose name you don't want to tell? Yes, i have, i even don't remember the real url they use :) The problem is: how I can count the login per user to an applicaton ssl tunneled with http connect? http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol CONNECT Converts the request connection to a transparent TCP/IP tunnel, usually to facilitate SSL-encrypted communication (HTTPS) through an unencrypted HTTP proxy reading this what i can argue is that i cannot do anything, -- m. smime.p7s Description: S/MIME cryptographic signature
Re: [squid-users] internal website directly
On Thu, 6 Sep 2012 08:34:04 +0200 nicola gentile nicola.gentile...@gmail.com wrote: Is it possible? yes, I use wpad to do it, but maybe thare are ways -m smime.p7s Description: S/MIME cryptographic signature
[squid-users] unable to get java upgrade with ntlm authetication
CentOS 5.5 squid-2.6.STABLE21-6.el5 squid with ntlm authetication i am not able to upgrade java :( 1299844874.735379 192.168.20.130 TCP_MISS/302 381 GET http://java.sun.com/update/1.6.0/map-1.6.0.xml administrator DIRECT/192.9.162.55 - 1299844875.807228 192.168.20.130 TCP_MISS/200 4550 GET http://javadl-esd.sun.com/update/1.6.0/map-1.6.0.xml administrator DIRECT/72.246.30.18 application/xml 1299844876.034222 192.168.20.130 TCP_MISS/200 8316 GET http://javadl-esd.sun.com/update/1.6.0/au-descriptor-1.6.0_24-b71.xml administrator DIRECT/72.246.30.18 application/xml 1299844881.963 0 192.168.20.130 TCP_DENIED/407 448 HEAD http://javadl.sun.com/webapps/download/GetFile/1.6.0_24-b71/windows-i586/jre-6u24-windows-i586-iftw-rv.exe - NONE/- text/html googling i find: http://squid-web-proxy-cache.1019090.n4.nabble.com/Problem-with-certain-java-sites-td1037151.html and http://3sp.com/forum/viewtopic.php?f=9t=2470 but neither solves the issue can i configure squid to allow java to upgrade w/out ntlm authetication? best regards -- maurizio
Re: [squid-users] unable to get java upgrade with ntlm authetication
On Fri, 11 Mar 2011 13:08:34 +0100 Maurizio Marini mau...@datalogica.com wrote: can i configure squid to allow java to upgrade w/out ntlm authetication? sorry can i configure squid to allow java to upgrade with ntlm authetication? can i allow something before: acl ntlm proxy_auth REQUIRED http_access allow ntlm i mean, can i whitelist java before proxy_auth REQUIRED ?? acl allow_java_upgrade [.] http_access allow allow_java_upgrade acl ntlm proxy_auth REQUIRED http_access allow ntlm thnx
Re: [squid-users] squid and ntlm without winbind
Citando Kinkie gkin...@gmail.com: A domain controller is also a domain member ; the same configuration should apply. You may want to detail what you did, and what error messages you got - if any. instead of using this lines: idmap backend = ldap:ldap://fqdn/ idmap uid = 1-2 idmap gid = 1-2 winbind trusted domains only = Yes i tried to add only this line: idmap backend = ldap:ldap://fqdn/ without: idmap uid = 1-2 idmap gid = 1-2 winbind trusted domains only = Yes and it seems working fine... i haven't tested squid, but wbinfo -u does work thnx
Re: [squid-users] squid and ntlm without winbind
On Sat, 6 Nov 2010 10:25:43 +0100 Kinkie gkin...@gmail.com wrote: On Fri, Nov 5, 2010 at 3:26 PM, Maurizio Marini mau...@datalogica.com wrote: Hi there [...] samba is pdc with ldap backend Now i should authenticate squid with samba on the same server. I cannot use winbind (winbind should be used on samba domain member, isn'it), so following link: http://wiki.squid-cache.org/ConfigExamples/Authenticate/NtlmCentOS5 is not useful, or, better: i tried to configure winbind using this wiki with no success. A domain controller is also a domain member ; the same configuration should apply. You may want to detail what you did, and what error messages you got - if any. -- /kinkie i stil get this error ;( wbinfo -a user%password plaintext password authentication failed Could not authenticate user user%password with plaintext password challenge/response password authentication failed error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc0da) error messsage was: NT_STATUS_CANT_ACCESS_DOMAIN_INFO Could not authenticate user user with challenge/response wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc0da) Could not check secret should i join domain when client and server are on the same host? maybe it is better to post on samba lists, too thnx maurizio
[squid-users] squid and ntlm without winbind
Hi there my case is very simple but i dunno how should setup it, i feel very lame ;( I have CentOS 5.5 with squid-2.6.STABLE21-6.el5 samba3x-3.3.8-0.52.el5_5.2 samba is pdc with ldap backend Now i should authenticate squid with samba on the same server. I cannot use winbind (winbind should be used on samba domain member, isn'it), so following link: http://wiki.squid-cache.org/ConfigExamples/Authenticate/NtlmCentOS5 is not useful, or, better: i tried to configure winbind using this wiki with no success. Any suggestion will be very very welcome :) m.
Re: [squid-users] PAC in Squid
On Sat, 9 Oct 2010 22:09:41 -0700 Edouard Zorrilla ezorri...@tsf.com.pe wrote: Any good link to set up pac files so that I can use it with Squid Proxy ?., http://findproxyforurl.com/
Re: FW: [squid-users] Youtube -An error occured, please try again later
On Fri, 28 May 2010 06:15:32 + GIGO . gi...@msn.com wrote: My store.logs are following A. Because people read from top to bottom. Q. Why should I not top post?
Re: [squid-users] parent with domain\user:password
On Tuesday 01 December 2009, Amos Jeffries wrote: I can only think maybe you need to \\ escape it. Amos thx for reply but things are not so easy. Scenario. 1. I have ipcop with squid and NTLM Proxy authentication between LAN and WAN. 2. I have a server CentOS that should be yum upadated. 3. CentOS server should authenticate with proxy. HTTP Proxy Authentication: http://davenport.sourceforge.net/ntlm.html The NTLM HTTP mechanism can also be used for HTTP proxy authentication. The process is similar, except: * The server uses the 407 response code (indicating proxy authentication required) rather than 401. * The client's Type 1 and 3 messages are sent in the Proxy-Authorization request header, rather than the Authorization header. * The server's Type 2 challenge is sent in the Proxy-Authenticate response header (instead of WWW-Authenticate). I am not able to configure squid to use HTTP proxy authentication with a parent. I assume that yum is not able to do it I assume that Squid should be able to handle it, but i am not able to configre it. Hopefully you can help me :) Tia Maurizio
[squid-users] parent with domain\user:password
very simple question: my parent is a windows proxy (i dunno which) and it request: domain \ user : password (i am in centos and i am trying to use this parent proxy to yum install some packages, but i am unable to config yum proxy configuration to use domain: http://www.centos.org/docs/5/html/yum/sn-yum-proxy-server.html # The proxy server - proxy server:port number proxy=http://mycache.mydomain.com:3128 # The account details for yum connections proxy_username=DOMAIN\yum-user proxy_password=yum-passsword doesn't work :( not i try to use squid to authenticate with DOMAIN\yum-user:yum-password cache_peer 10.10.10.10 parent 8080 3130 login=DOMAIN%5Cyum-user:yum-password i use %5C as \ urlencoded but i get always 503 how can solve? tia Maurizio
[squid-users] trouble with google
i do not want black google, in any way i get this on my logs 1255441841.057155 192.168.16.185 TCP_MISS/204 459 GET http://www.google.it/url? - DIRECT/209.85.129.104 text/html 1255441943.662 1635 192.168.16.185 TCP_MISS/200 4117 GET http://www.google.it/ - DIRECT/209.85.129.147 text/html 1255441943.781118 192.168.16.185 TCP_DENIED/403 1754 GET http://www.google.it/intl/it_it/images/logo.gif - NONE/- text/html 1255441943.819 0 192.168.16.185 TCP_DENIED/403 1742 GET http://www.google.it/images/nav_logo7.png - NONE/- text/html 1255441944.777897 192.168.16.185 TCP_DENIED/403 1914 GET http://www.google.it/extern_js/f/CgJpdBICaXQrMAo4OywrMA44BywrMBY4ECwrMBc4AywrMBg4BCwrMCU4yYgBLCsw JjgFLCswJzgCLA/q-yuc4QxqeE.js - DIRECT/209.85.129.147 text/html == this is my relevant piece of conf: acl block1 urlpath_regex -i \.mpg$ \.wmv$ \.gsz$ \.mpe$ \.yim$ \.avi$ \.flv$ \.pls$ \.mpeg$ acl block2 url_regex -i \.(aiff|asf|avi|dif|divx|flv|mov|movie|mp3|mpe?g?|mpv2|ogg|pls|ra?m|snd|qt|wav|wmf|wmv)$ acl reqmsn req_mime_type -i ^application/x-msn-messenger acl repmsn rep_mime_type -i ^application/x-msn-messenger # blocco estensioni, msn http_access deny block1 http_access deny block2 http_access deny reqmsn http_access deny repmsn === do u see any reason why google gets TCP_DENIED/403? tia -- Maurizio Marini
[squid-users] allow
I block all upload with: acl fileupload req_mime_type -i ^multipart/form-data$ http_reply_access deny fileupload Question: is there any tricks to allow upload to company managers and deny to all others? tia --m
Re: [squid-users] Disable file upload
On Tuesday 22 September 2009, Mario Remy Almeida wrote: Hi All Need to disable file upload with gmail how can I do this? acl fileupload req_mime_type -i ^multipart/form-data$ http_reply_access deny fileupload -m