Re: [squid-users] Unable to access internal resources via hostname

cess deny all # if no other ACL applies, allow http_reply_access allow all This is it. I commented out all other ACL's for allow/deny we had in place for our custom rules. Still unable to browse local via hostname, IP works fine again. -Original Message- From: squid-users On Behalf

[squid-dev] RFC: Removal of ESI Support from Squid

unused mechanisms in Squid. As such this is a callout to see how much use there is for this feature. DO you need ESI in Squid? Yes or No. Speak Now, or face regrets at upgrade time. Thank You Amos ___ squid-dev mailing list squid-dev

[squid-users] RFC: Removal of ESI Support from Squid

unused mechanisms in Squid. As such this is a callout to see how much use there is for this feature. DO you need ESI in Squid? Yes or No. Speak Now, or face regrets at upgrade time. Thank You Amos ___ squid-users mailing list squid-users

Re: [squid-users] Unable to access internal resources via hostname

On 6/09/24 03:56, Piana, Josh wrote: Hello Amos, While the comments did say that it was just the 10.46.11.0 range, I don't think there's any other ACL forcing that. I tried adding the the two internal sites that are being blocked by their IP, restarted Squid, and tested. Still bei

Re: [squid-users] Unable to access internal resources via hostname

ect. 2) The CONNECT request has zero dots in the "domain" name. Which means the /etc/resolv.conf settings other than nameserver apply to the hostname during lookup. ==> Please supply your /etc/resolv.conf contents. HTH Amos ___ squid-us

Re: [squid-users] squid 6.10 - Debian 12 undefined reference to `EVP_MD_type' in ssl-crtd

Might be worth checking if you still need to custom build. Debian now provides a "squid-openssl" package. Amos On 22/08/24 01:37, David Touzeau wrote: Configure: ./configure --prefix=/usr --build=x86_64-linux-gnu --includedir=/include --mandir=/share/man --infodir=/

Re: [elixir-core:11858] [Proposal] Add `then/3` that allows for conditionally calling function

I rarely use ‘then’ for anything other than reordering arguments for a pipeline. I find that I end up having the same code that is in the ‘then’ in multiple place and leads me to create a function, with an intention revealing name, instead of using ‘then.’The new functions lead to more readable and

Re: [squid-users] Squid with PV6 Tunnel Broker

ng port 80 and port 443 to the right one. IIRC, your IPv6 NAT rule may need changing. Cheers Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid 5.7 - HOWTO Transparent SSL-Bump

Debian/12 (aka "Bookworm") provides the package "squid-openssl" with the SSL-Bump feature enabled. It is a drop-in replacement for the "squid" package. Cheers Amos On 31/07/24 03:11, John Mok wrote: Hi Nishant, Yes, I did rebuild the package with --with-

Re: [squid-users] Squid with PV6 Tunnel Broker

On 30/07/24 08:47, Jonathan Lee wrote: I did not know that I had the option set to disable Squid ICMP pinger pinger helper is not releted. What I meant was that you need to ensure ICMPv6 protocol is enabled and working on your network. That is usually a firewall issue. If it is blocked, th

Re: [squid-users] Squid with PV6 Tunnel Broker

tunnels are used. Also, check the MSS and MTU values. Cheers Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid "make check" error

vant squid_*.deb package (except some few essential OS packages which should exist everywhere). libcppunit-dev has been listed as a squid dependency for many years. So I would not be surprised if some ancient Ubuntu (circa 2010 or such) showed this behaviour, but certainly not the one you have

Re: [squid-users] Squid Version squid-5.7-150400.3.6.1.x86_64 -- Squid is crashing continusly

any. It is not clear which (or another) is happening for you. Please be aware that Squid-5 are no longer supported and has quite a number of security issues that have been fixed in later releases. Current Squid release is v6.10. If you are able to upgrade, please

Re: Request to make ContinuousFileReaderOperator public

23 at 1:30 PM Darin Amos wrote: > Hi All! > > I posted on the community slack channel and was referred to this mailing > list. I think it would be helpful if the ContinuousFileReaderOperator was > made a public class and not removed in Flink 2.0 (or to have an equivalent > crea

Re: [squid-users] Prefer or force ipv6 usage on dual stack interface

ot;(3) Destination Unreachable" packet. Cheers Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Rewriting HTTP to HTTPS for generic package proxy

On 12/07/24 10:10, Alex Rousskov wrote: On 2024-07-11 17:03, Amos Jeffries wrote: On 11/07/24 00:49, Alex Rousskov wrote: On 2024-07-09 18:25, Fiehe, Christoph wrote: I hope that somebody has an idea, what I am doing wrong. AFAICT from the debugging log, it is your parent proxy that

Re: [squid-users] squidclient -h 127.0.0.1 -p 3128 mgr:info shows access denined

On 13/07/24 04:16, Jonathan Lee wrote: tested with removal of IP and port failed If I leave port I get this 2024/07/12 09:15:17| Processing: http_port :3128 intercept No ":" before thr port number. Amos ___ squid-users mailing list s

Re: [squid-users] cachemgr.cgi isn't mgr:info ?

nfiguration of the web server running it. And, Then tool requests to Squid are restricted by your http_access rules for what requests can be made of the proxy. And, Then the access to individual manager reports is controlled by cachemgr_passwd directive in Squid. Cheers Amos __

Re: [squid-users] TCP_MISS_ABORTED/502

Squid. Please share HTTP headers of the response in question. FYI, those can be obtained by configuring squid.conf with debug_options 11,2 Cheers Amos 2. TCP_MISS_ABORTED/502 errors may delete a being-cached response. These can be bogus errors (essentially Squid logging bugs) or real

Re: [squid-users] squidclient -h 127.0.0.1 -p 3128 mgr:info shows access denined

W for the port range 3128-3129 worries me. AFAIK that should only be for 3128 and a separate rule somewhere else to drop the intercepted port 3129 traffic pre-NAT. HTH Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.

Re: [squid-users] squidclient -h 127.0.0.1 -p 3128 mgr:info shows access denined

icular is the "mangle" table rule. Cheers Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] TCP_MISS_ABORTED/502

may (or not) have side-effects on storage of the response. But still no problem exactly - clients can do what they want. Cheers Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Rewriting HTTP to HTTPS for generic package proxy

onfiguring your child Squid to use that instead. HTH, Alex. P.S. Unlike Amos, I do not see serious conceptual problems with rewriting request target scheme (as a temporary compatibility measure). It may not always work, for various reasons, but it does not necessarily make things worse (an

Re: [squid-users] Squid 6.6 error clientProcessHit: Vary object loop!

les/css/fox-news/article-new.rs.css9; 'accept-encoding="gzip,%20deflate,%20br,%20zstd"' 11.07.2024 11:36:49 clientProcessHit: Vary object loop! 11.07.2024 11:36:49 varyEvaluateMatch: Oops. Not a Vary match on second attempt, 'https://static.foxnews.com/static/str

Re: [squid-users] squidclient -h 127.0.0.1 -p 3128 mgr:info shows access denined

ss lines: http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager see <https://wiki.squid-cache.org/Releases/Squid-5> for the ACL details if you need them too. Amos __

Re: [squid-users] squidclient -h 127.0.0.1 -p 3128 mgr:info shows access denined

On 12/07/24 05:27, Jonathan Lee wrote: Thanks what about the password is it set with@ or -p where would I place that? Neither. It is set with -W . Amos Sent from my iPhone On Jul 11, 2024, at 10:17, Amos Jeffries wrote: It is very relevant. As Matus already mentioned, both -U and -W

Re: [squid-users] squidclient -h 127.0.0.1 -p 3128 mgr:info shows access denined

nt: squidclient/6.10 Accept: */* Authorization: Basic YWRtaW46Y2FjaGVtZ3JfcGFzc3dvcmQ= Connection: close Cheers Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Rewriting HTTP to HTTPS for generic package proxy

: You can direct all the archive traffic to a cache_peer with port 443 and "originserver tls" flags. YMMV, caveat emptor. Cheers Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Unable to explain 407 Proxy Authentication Required

basic_ncsa_auth /etc/squid/passwords HTH Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Rewriting HTTP to HTTPS for generic package proxy

ors acl HTTP proto HTTP deny_info 302:https://%>rd%rp HTTP http_access deny HTTP http_access allow src_networks ... HTH Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] ICMP and QUIC

tps://github.com/squid-cache/squid/pull/919> github.com <https://github.com/squid-cache/squid/pull/919> As of this writing, that work is a Draft for design review. It still needs a lot of protocol support added before it can be used for more than debugging experiments

Re: [squid-users] Upgrade path from squid 4.15 to 6.x

On 14/06/24 20:43, NgTech LTD wrote: Hey Amis, Ok, so with the tools we have available, can we take this case and maybe write a brief summary of changes between the squid features versions? That what the Release Notes are. Cheers Amos ___ squid

Re: [squid-users] Information Request: "Accept-Ranges" with use of SSL intercept and dynamic update caching

"infinite scrolling" for delivery. Accept-Ranges tells the server that it does not have to re-deliver the entire JSON dataset for the scrolling part in full, every few seconds. That header is defined by <https://www.rfc-editor.org/rfc/rfc9110#name-accept-ranges> HTH Amos On

Re: [squid-users] Upgrade path from squid 4.15 to 6.x

tified * run with new version ... look at all logged "NOTICE", "UPGRADE" etc, and the Release Notes new feature additions to work on operational improvements possible with the new version. HTH Amos On 10/06/24 19:43, ngtech1ltd wrote: @Alex and @Amos, can you try to he

Re: [squid-users] Samba DNS Invalid zone operation IsSigned

Hi Ronny, This is the Squid users mailing list. You would be better served contacting the Samba help channels for this problem. Cheers Amos On 8/06/24 23:05, Ronny Preiss wrote: Hi Everybody, Does someone know where this comes from and how to solve it? I've changed nothing for

Re: [squid-users] can't explain 403 denied for authenticated

e acl auth_users proxy_auth REQUIRED with http_access deny !auth_users before the second external_acl (for authenticated requests)? No. It is to ensure that "missing credentials" are treated differently than "bad credentials". Specifically that any auth challenge resp

Re: [squid-users] can't explain 403 denied for authenticated

"cache deny all" to prevent anything being stored. You should be able to remove the above line entirely. access_log daemon:/var/log/squid/useragent.log useragent visible_hostname proxy.abc.com cache deny all HTH Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] can't explain 403 denied for authenticated user

med. ... and after that, the external ACL that takes the username as well as the other info. HTH Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Validation of IP address for SSL spliced connections

IIRC there is at least one SSL-Bump permutation which does server name vs IP validation (in a way, not explicitly). But that particular code path is not always taken and the SSL-Bump logic does not go out of its way to lookup missing details. So likely y

Re: rustc_1.72.1+dfsg1-1+hurd.1_multi.changes ACCEPTED

On 29/05/24 21:09, Samuel Thibault wrote: Hello, It was becoming more and more a concern (gstreamer build-depends on rustc nowadays). At last, the rustc compiler becomes available :D Thanks to Vedant's GSoC work last summer, and then waiting for Debian to catch with upstream releases, eventuall

Re: [squid-users] log_referrer question

onfigure a log like this: access_log daemon:/var/log/squid/access.log referrer HTH Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users

[Bug 2059103] Re: ubuntu_ltp: fs testsuite causing tainted kernel

We sew this behavior too but at LTP's master branch (ff13d67503a0) and on top SUSE SLES OS. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059103 Title: ubuntu_ltp: fs testsuite causing tainted kern

Re: [squid-users] Tune Squid proxy to handle 90k connection

NTLM authenticated transaction. Then 15) locate a server that can be used 16) send the request on to the found server That is MUCH better for performance. HTH Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid

Re: [squid-users] deny_info URL not working

deny_info lines is the name of the one that is to be adjusted when it is used for a "deny" action by, for example, "http_access deny". acl authorized_ips src ... deny_info 307:http://example.com authorized_ips http_access d

Re: [squid-users] Dynamic ACL with local auth

to retrieve the «permissions» of the user and apply the ACL on squid. Please explain/clarify what **exactly** a "permission" is in your design? Cheers Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid

Re: [squid-users] Linux Noob - Squid Config

On 7/05/24 07:59, Piana, Josh wrote: Amos, You raise a good point about Kerberos! I was not aware that Squid supported this method. Yes - I think we would preferably use this method, especially because this looks like it's much easier to setup and still checks all the boxes we nee

Re: [squid-users] Linux Noob - Squid Config

[ please keep responses on-list to assist any others who encounter the same issues in future ] On 4/05/24 08:51, Piana, Josh wrote: Hey Amos, Thank you so much for getting back to me so quickly! To answer your question about NTLM, I meant to say NTLMv2. We're trying to become compliant

Re: [squid-users] Squid TCP_TUNNEL_ABORTED/200

ection was opened, to after it fails. At least several seconds before and after. Cheers Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users

[Freeipa-users] Questions regarding AD Forest integration

unts? I ask because I see IPA trying all the discovered domains and I know for a fact that those users/groups are not in those domains. Thanks, Amos -- ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to

Re: [squid-users] Squid TCP_TUNNEL_ABORTED/200

On 4/05/24 09:48, Emre Oksum wrote: Hi Amos, >FTR, "debug_options ALL" alone is invalid syntax and will not change >from the default cache.log output Yes, you were right! I was surely missing on that one. I changed debug_options ALL to debug_options ALL 5 and now, I found th

Re: [squid-users] Squid TCP_TUNNEL_ABORTED/200

ns was ALL in my squid.conf. Sure, "ALL" sections. But what display level: 0 (critical only)? 1 (important)? 2 (protocol trace)? 3-6 (debugs)? 9 (raw I/O data traces)? FTR, "debug_options ALL" alone is invalid syntax and will not change from the defa

Re: [squid-users] Linux Noob - Squid Config

paste the output of "squid -v" run on both the old CentOS machine and on the new RHEL. Cheers Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid TCP_TUNNEL_ABORTED/200

ctivity is better than your IPv6 connectivity. Later Squid use various "Happy Eyeballs" implementations for the server selection. You can usually work around this by configuring the DNS server specified by dns_nameservers to only deliver IPv6 results when a mixed set are available. HTH A

Re: [squid-users] Best way to utilize time constraints with squid?

ady active connections. Only for new connections as they are setup. For example; CONNECT tunnel and/or HTTPS connections might start on Monday and stay open and used until Friday. HTH Amos On 30/04/24 04:54, Jonathan Lee wrote: Squid -k parse also does not fail with use of the time ACL Sent from

Re: [squid-users] Container Based Issues Lock Down Password and Terminate SSL

On 24/04/24 17:27, Jonathan Lee wrote: Hello fellow Squid users I wanted to ask a quick question for use with termination would http access for cache still work with this type of setup and custom refresh patterns? I think it would terminate all but the clients and if they use the cache it wou

Re: [squid-users] enctype aes256-cts found in keytab but cannot decrypt ticket

in keytab but cannot decrypt ticket; }} <https://wiki.articatech.com/proxy-service/troubleshooting/gss-cannot-decrypt-ticket> HTH Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] tls_key_log

and it logging is not the issue - Squid cannot log something it cannot see. TLS support has quieted down in recent times, but not stopped. Cheers Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/li

Re: [squid-users] Best way to utilize time constraints with squid?

ot enforced by 'time` ACL. Once a transaction is allowed to start, it can continue until completion - be that milliseconds or days later. HTH Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Container Based Issues Lock Down Password and Terminate SSL

access than the old URL based mechanism (which still exists, just deprecated). Cheers Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Warm cold times

d. The rest of your questions are about container management and Windows configuration. Which are kind of off-topic. Cheers Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR

OpenSSL is not verbose enough to explain the actual problem in an easily understood way. HTH Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid as a http/https transparent web proxy in 2024.... do I still have to build from source?

o allow that depending on what your desired TLS/SSL settings in squid.conf are. Cheers Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squidclient -h 127.0.0.1 -p 3128 mgr:info shows access denined

do have direct proxy (and thus manager) access via the 192.168.1.1:3128 so this URL should work: http://192.168.1.1:3128/squid-internal-mgr/menu .. or substitute the raw-IP for the visible_hostname setting **if** that hostname actually resolves to

Re: [squid-users] Squid cache questions

+aRSA+RC4" it would be a bit simpler/easier to read the config by removing that cipher and just relying on the "!RC4". HTH Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid cache questions

feature instead for those URLs. It does a better job of balancing the caching risk vs ratio gains, even though outwardly it can appear to have less HITs. HTH Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org

Re: [squid-users] Squid cache questions

onds ignore_unknown_nameservers on pipeline_prefetch 100 #acl SSLIntercept ssl::server_name_regex -i '/usr/local/pkg/url.bump' #ssl_bump bump SSLIntercept You already have an earlier "http_access deny all". The below lines do nothin

Re: [BVARC] APRS Question.

I had the same problem which I solved by putting up a digipeater which can be heard by IGate stations around the area. When I get close to the house, the digipeater takes over and relays my signal further out via that 50’ mast that is needed. Hihi Mike KG4NDS From: BVARC On Behalf Of K5BOU vi

Re: [squid-users] Chrome auto-HTTPS-upgrade - not falling to http

usable. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] BWS after chunk-size

patch to fix this issue. You need to fix or stop using the software which is adding BWS (bad whitespace) to the protocol syntax fixed. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] GCC optimizer is provably junk. Here is the evidence.

This inflammatory post is not relevant to Squid. Please do not followup to this thread. Cheers Amos Jeffries The Squid Software Foundation ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid

Re: [BVARC] How to HAM?

All of the below suggestions are VERY good. I would like to also add that you should turn on that radio, tune into a QSO and just listen for a bit. Then another and another... The idea is to get an idea of the lingo and pace of the conversation. That with the extra education you will get fro

Re: [squid-users] After upgrade from squid6.6 to 6.8 we have a lot of ICAP_ERR_OTHER and ICAP_ERR_GONE messages in icap logfiles

/O in particular. The behavioural changes from that might have impacted ICAP in some unexpected way. Also, if you are using SSL-Bump to enable virus scanning then <https://github.com/squid-cache/squid/commit/debf3f17be7761ea4992864a828f42ee773dfbaf> might also be

Re: [squid-users] Manipulating request headers

add Accept-Encoding gzip,deflate Is there a more gentle way of doing it? You could use q-value to prohibit it instead. Replace both the above lines with just this one: request_header_add Accept-Encoding br;q=0 HTH Amos ___ squid-users mailing list s

Re: [squid-users] Squid Proxy timing out 500/503 errors

c 20.20.30.0/21 acl parent_proxy_exclude dst 20.20.30.0/21 acl parent_proxy_exclude_ST0100 dst 20.20.30.222/22 always_direct allow parent_proxy_exclude_ST0100 acl servicenet dst 172.28.4.0/24 always_direct allow parent_proxy_exclude always_direct allow servicenet HTH Amos ___

[squid-users] [squid-announce] [ADVISORY] SQUID-2024:1 Denial of Service in HTTP Chunked Decoding

__ Squid Proxy Cache Security Update Advisory SQUID-2024:1 __ Advisory ID: | SQUID-2024:1 Date: | Mar 4, 2024 Summary: | Denial of Serv

[squid-users] [squid-announce] [ADVISORY] SQUID-2024:2 Denial of Service in HTTP Header parser

__ Squid Proxy Cache Security Update Advisory SQUID-2024:2 __ Advisory ID: | SQUID-2024:2 Date: | Feb 15, 2024 Summary: | Denial of Ser

[squid-announce] [ADVISORY] SQUID-2024:1 Denial of Service in HTTP Chunked Decoding

__ Squid Proxy Cache Security Update Advisory SQUID-2024:1 __ Advisory ID: | SQUID-2024:1 Date: | Mar 4, 2024 Summary: | Denial of Serv

[squid-users] [squid-announce] [ADVISORY] SQUID-2023:11 Denial of Service in Cache Manager

__ Squid Proxy Cache Security Update Advisory SQUID-2023:11 __ Advisory ID: | SQUID-2023:11 Date: | Jan 24, 2024 Summary: | Denial of Ser

[squid-users] [squid-announce] [ADVISORY] SQUID-2023:10 Denial of Service in HTTP Request parsing

__ Squid Proxy Cache Security Update Advisory SQUID-2023:10 __ Advisory ID: | SQUID-2023:10 Date: | Dec 10, 2023 Summary: | Denial of Ser

[squid-announce] [ADVISORY] SQUID-2024:2 Denial of Service in HTTP Header parser

__ Squid Proxy Cache Security Update Advisory SQUID-2024:2 __ Advisory ID: | SQUID-2024:2 Date: | Feb 15, 2024 Summary: | Denial of Ser

[squid-announce] [ADVISORY] SQUID-2023:11 Denial of Service in Cache Manager

__ Squid Proxy Cache Security Update Advisory SQUID-2023:11 __ Advisory ID: | SQUID-2023:11 Date: | Jan 24, 2024 Summary: | Denial of Ser

[squid-announce] [ADVISORY] SQUID-2023:10 Denial of Service in HTTP Request parsing

__ Squid Proxy Cache Security Update Advisory SQUID-2023:10 __ Advisory ID: | SQUID-2023:10 Date: | Dec 10, 2023 Summary: | Denial of Ser

Re: [squid-users] Missing IPv6 sockets in Squid 6.7 in some servers

These Squid are configured to listen like: http_port 3128 Ensure that the machine/server the 4th Squid is running on has its http(s)_port line matching the other three machines port value. At this point do not care about the "mode" or options later in the line. Your issue is solely

[Etherlab-users] change in kernel links for ethercat-kmp-rt?

vious system. Regards, Amos -- Etherlab-users mailing list Etherlab-users@etherlab.org https://lists.etherlab.org/mailman/listinfo/etherlab-users

Re: [squid-users] ICAP response to avoid backend

been a while since I tested it, but IIRC with miss_access a "deny_info" line may be used to change the default 403 error status into another in the 200-599 status range. Which includes redirects, retry-after, empty responses, and template pages respon

Re: [squid-users] Can't verify the signature of squid-6.7.tar.gz

Excellent news. Thank you for the feedback on the solution. Cheers Amos On 22/02/24 10:14, Miha Miha wrote: Hi Amos, It took me some time to check and verify. I'm posting my findings here just to complete the thread. Regarding this one: On 8/02/24 02:19, Miha Miha wrote: Hi Fran

[blink-dev] Intent to Ship: CSSImportRule.styleSheet

Contact emailseui-sang@samsung.com ExplainerNone Specificationhttps://drafts.csswg.org/cssom/#the-cssimportrule-interface Summary Allow CSSImportRule.styleSheet to be nullable. The styleSheet attribute in CSSImportRule can be null if there is no associated CSS style sheet. Blink component

Re: [squid-users] Squid Segment Violation with authorization

On 16/02/24 15:30, Eternal Dreamer wrote: Hi! When I'm trying to send curl request with provided basic proxy-authorization credentials through my proxy I see Segment Violation error in my logs and empty reply from server. Command is: curl -v --proxy-basic --proxy-user login:password --proxy ht

Re: [squid-users] Error files removed from 6.7

langpack/> Cheers Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Anyone build Squid for on multiarch ie arm and arm64?

d to build the container as-needed. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Can't verify the signature of squid-6.7.tar.gz

g: key B268E706FF5CF463: 1 duplicate signature removed gpg: key B268E706FF5CF463: 4 signatures not checked due to missing keys gpg: /tmp/squid/trustdb.gpg: trustdb created gpg: key B268E706FF5CF463: public key "Amos Jeffries " imported gpg: key 4250AB432402F2F8: 1 signature not checked

Re: [squid-users] stale-if-error returning a 502

ag was set. Cheers Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users

Re: [GTALUG] free old tower computers

Hello Hugh, I would be interested in either system, provided that they also have a VGA Out. Otherwise, I'd be interested in the 780. Thank You, Amos Sent from my android device. -Original Message- From: "D. Hugh Redelmeier via talk" To: GTALUG Talk Cc: "D. Hu

Re: hurd-amd64 is missing from wanna-build graphs

won't be useful anyway :) better wait for the buildd to actually have started, rather than getting bad press because nothing seems to be happening. Samuel On that topic, how are things going with the buildd? Is there a TODO list we can track and try to assist with? Amos

Re: [squid-users] Is Squid 6 production ready?

On 1/02/24 11:22, Miha Miha wrote: On 10/01/24 12:18, Miha Miha wrote: Release note of latest Squid 6.6 says: "...not deemed ready for production use..." For comparison Squid 5.1 was 'ready'. When v6 is expected to be ready for prod systems? On Fri, Jan 12, 2024 at 3

Re: [squid-users] Security advisories are not accessible

Thanks for the notice. This appears to be a github issue that has been occuring to many other projects for at least 5hrs now. For now we can only hope that it gets resolved soon Cheers Amos On 30/01/24 01:50, Adam Majer wrote: Hi, http://www.squid-cache.org/Versions/v6/ lists security

Re: [squid-dev] Feature: Bearer Authentication - Status of deployment

. Work is needed to rebase the branch on current Squid and re-test it. Nobody is working on that at present, so no ETA is available. HTH Amos ___ squid-dev mailing list squid-dev@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-dev

Re: [squid-users] offline mode not working for me

erences in the response headers per-visitor. These cannot be cached, and Squid does not know how to correctly generate for those headers. So having Squid auto-respond is not a good idea. Cheers Amos ___ squid-users mailing list squid-users@lists.squid

Re: [squid-users] offline mode not working for me

.squid-cache.org/SquidFaq/BugReporting#full-debug-output). Be aware this list does not permit large posts so please provide a link to download in your reply not attachment. Cheers Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Is Squid 6 production ready?

it now. Squid 6 is production ready. Cheers Amos ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users

  1   2   3   4   5   6   7   8   9   10   >