On 14/10/2015 7:07 a.m., James White wrote:
> Hi all,
>
> I operate a squid box which has two http_port setups:
>
> http_port 3128
> http_port 3129 TPROXY
>
> I have implemented TPROXY to replace my NAT setup on a CentOS 7 Squid
> 3.3 box. Currently the IPv4 connectivity is working great, the
On 14/10/15 16:08, Dan Charlesworth wrote:
> I thought that fixed it for a second …
>
> But in reality ssl_bump peek step1 & ssl_bump bump step3 is actually splicing
> everything, it seems.
>
> Any other advice? :-)
Could this imply be a pinning issue? ie does Safari track the CAs used
by those
On 14/10/2015 1:13 p.m., Dan Charlesworth wrote:
> Throwing this out to the list in case anyone else might be trying to get SSL
> Bump to work with the latest version of Safari.
>
> Every other browser on OS X (and iOS) is happy with bumping for pretty much
> all HTTPS sites, so long as the
On 14/10/2015 11:46 a.m., Chico Venancio wrote:
> I have configured delay pools for a client that delays access to a few
> sites, including youtube and facebook.
> It seems to work for some clients, and has significantly reduced link
> congestion. However, some clients seem to be unaffected by the
I meant to say “forward secrecy”, which appears to be a list of specific
ciphers:
https://developer.apple.com/library/watchos/technotes/App-Transport-Security-Technote/index.html
Anyone know how to translate that list of ciphers to use in sslproxy_cipher in
squid.conf?
> On 14 Oct 2015, at
On 14/10/2015 1:43 p.m., SaRaVanAn wrote:
> Hi Amos,
> I have tested squid 3.5.10 in linux kernel 3.16 compiled for debian wheezy.
> But still I am seeing same kind of errors.
> What could be the issue? Is there anything else we need to change?
>
> *Linux version *
> uname -r
>
¯\_(ツ)_/¯
All I really have to go on is those errors com.apple.WebKit.Networking is
logging which apparently points to a specific thing it’s missing called
“forward transport security”. Only the peek@step1 seems to make it as far as
any of squid’s logs.
No other browsers affected that I can
I thought that fixed it for a second …
But in reality ssl_bump peek step1 & ssl_bump bump step3 is actually splicing
everything, it seems.
Any other advice? :-)
> On 14 Oct 2015, at 1:51 PM, Amos Jeffries wrote:
>
> On 14/10/2015 1:13 p.m., Dan Charlesworth wrote:
>>
On 14/10/2015 3:05 a.m., Nelson Manuel Marques wrote:
>
> Hi all,
>
> We have a squid running for quite a few years and with the increase of
> traffic we noticed a bit of I/O hammering on the squid server (local
> disks).
>
> For some testing, I've made a small 1.2GB tmpfs and pointed cache_dir
On 14/10/2015 5:03 p.m., Dan Charlesworth wrote:
> I meant to say “forward secrecy”, which appears to be a list of specific
> ciphers:
> https://developer.apple.com/library/watchos/technotes/App-Transport-Security-Technote/index.html
>
> Anyone know how to translate that list of ciphers to use
On 12/10/2015 6:51 p.m., Ambadas H wrote:
> Hi Amos,
>
> Thanks for responding
>
> *"You would be better off taking the first use of any domain by a client,*
>
> *then ignoring other requests for it until there is some long period*
> *between two of them. The opposite of what session helpers
On 13/10/2015 12:19 p.m., joe wrote:
> ok again i filter out most of the squid conf with this minimum config should
> i get any static img or anything as hit or not
> caus i dont get any
> i test on squid 3.5.8 and up same think
Please continue to use that later version. In absence of any
Hey Ambadas,
I was wondering if you want it to be something like a "live feed" or
just for logs analyzing?
Eliezer
On 09/10/2015 15:47, Ambadas H wrote:
Hi,
I am using below setup:
Squid proxy 3.5.4.
CentOS 7.1
I am trying to analyze the most used websites by the users via Squid proxy.
I
Hi all,
We have a squid running for quite a few years and with the increase of
traffic we noticed a bit of I/O hammering on the squid server (local
disks).
For some testing, I've made a small 1.2GB tmpfs and pointed cache_dir
to it so that our cache would be in the 'ramdrive'.
This did help a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Squid has its own in-memory cache, what's the point to put the disk
cache to the same ?!
13.10.15 20:05, Nelson Manuel Marques пишет:
>
> Hi all,
>
> We have a squid running for quite a few years and with the increase of
> traffic we noticed a
On Tue, 2015-10-13 at 20:22 +0600, Yuri Voinov wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Squid has its own in-memory cache, what's the point to put the disk
> cache to the same ?!
The problem here isn't the tmpfs, but instead Squid going 20% over the
max size defined
On Tuesday 13 October 2015 at 16:37:10, Nelson Manuel Marques wrote:
> On Tue, 2015-10-13 at 20:22 +0600, Yuri Voinov wrote:
> >
> > Squid has its own in-memory cache, what's the point to put the disk
> > cache to the same ?!
>
> The problem here isn't the tmpfs, but instead Squid going 20%
On 10/13/2015 10:17 AM, Nelson Manuel Marques wrote:
> Hi Antony,
>
> I had actually seen that document and it's "10%". That's why I've left
> 20% also taking in mind the space reserved for 'root'.
>
> I suppose we have to increase it and go on trial/error until we find a
> safe margin?
Hi all,
I operate a squid box which has two http_port setups:
http_port 3128
http_port 3129 TPROXY
I have implemented TPROXY to replace my NAT setup on a CentOS 7 Squid
3.3 box. Currently the IPv4 connectivity is working great, the IPv6
connectivity is broken when going through TPROXY. All IPv6
Hi,
I searched on the doc and on the web, I cant find what I want.
The primary site is http://ezproxyx.reseaubiblio.ca.
After the user is authentificated, he cans access many ressources / other sites.
In the access.log, I got an TCP_DENIED
TCP_DENIED/403 4524 GET
Throwing this out to the list in case anyone else might be trying to get SSL
Bump to work with the latest version of Safari.
Every other browser on OS X (and iOS) is happy with bumping for pretty much all
HTTPS sites, so long as the proxy’s CA is trusted.
However Safari throws generic “secure
Hi Amos,
I have tested squid 3.5.10 in linux kernel 3.16 compiled for debian wheezy.
But still I am seeing same kind of errors.
What could be the issue? Is there anything else we need to change?
*Linux version *
uname -r
3.16.7-ckt11-ram.custom-1.4
*Squid version*
/usr/sbin/squid -v
Squid
Em 13/10/15 18:14, sebastien.boulia...@cpu.ca escreveu:
cache_peer ezproxyx.reseaubiblio.ca parent 80 0 no-query
originserver name=ezproxycqlm
acl ezproxycqlmacl dstdomain ezproxycqlm.reseaubiblio.ca
http_access allow www80 ezproxycqlmacl
cache_peer_access ezproxycqlm allow www80
23 matches
Mail list logo