[squid-users] How to setup a secure(!) squid proxy

Hello I need to setup a squid 3 proxy with https bumping. Unfortunately I'm not very familiar with squid and https in general. I already perfomed the following steps: *1.) compile from source* ./configure --with-openssl --enable-ssl-crtd make make install *2.) configuration (http)* I used

Re: [squid-users] Compile install Squid, configure default options.

So the problem is: Why configure not detect out my system missing g++ until I run make, it told me `g++: command not found' ? Yuri Voinov writes: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Squid now completely written on C++ ;) > > 13.01.16 1:34, Billy.Zheng (zw963) пишет: >>

Re: [squid-users] Compile install Squid, configure default options.

BTW, it must not detect and explain, this is your responsibility ;) 13.01.16 15:40, Billy.Zheng (zw963) пишет: Why configure not detect ot my gcc-c++ package missing? sure if i install gcc-c++, it worked now. maybe we need update Wiki document here

Re: [squid-users] Compile install Squid, configure default options.

I will investigate your's config options carefully, Thank! Mike writes: > When I used CentOS 7 (a variation of it), this is what I had to use: > > > • yum -y install perl gcc gcc-c++ autoconf automake make > > • yum -y install epel-release > > □ (has a few packages we need below) > >

Re: [squid-users] How to setup a secure(!) squid proxy

On 13/01/2016 10:16 p.m., startrekfan wrote: > Hello > > I need to setup a squid 3 proxy with https bumping. Unfortunately I'm not > very familiar with squid and https in general. > > I already perfomed the following steps: > > *1.) compile from source* > ./configure --with-openssl

Re: [squid-users] Compile install Squid, configure default options.

If g++ installed, it can be not visible via PATH environment variable. 13.01.16 15:36, Billy.Zheng (zw963) пишет: So the problem is: Why configure not detect out my system missing g++ until I run make, it told me `g++: command not found' ? Yuri Voinov writes: -BEGIN PGP SIGNED

Re: [squid-users] Compile install Squid, configure default options.

Why configure not detect ot my gcc-c++ package missing? sure if i install gcc-c++, it worked now. maybe we need update Wiki document here http://wiki.squid-cache.org/SquidFaq/CompilingSquid to add new gcc-c++ package as dependency. Yuri Voinov writes: > -BEGIN PGP SIGNED MESSAGE- >

Re: [squid-users] Compile install Squid, configure default options.

surely, I can resolved this problem with Google, although I hope WIKI can told me gcc-c++ is needed on CentOS. Thanks. Yuri Voinov writes: > BTW, it must not detect and explain, this is your responsibility ;) > > 13.01.16 15:40, Billy.Zheng (zw963) пишет: >> Why configure not detect ot my

Re: [squid-users] kerberos authentication with a machine account doesn't work

Hi All, i want to terminate a previous job did by ex colleague is changed company. Now there is a cluster of 2 nodes of squid with NTLM transparent authentication and one spare node i'm using as test and configured with kerberos instead. Reading a lot of info i understood kerberos is more stable

Re: [squid-users] Compile install Squid, configure default options.

On 13/01/2016 10:43 p.m., Yuri Voinov wrote: > BTW, it must not detect and explain, this is your responsibility ;) > > 13.01.16 15:40, Billy.Zheng (zw963) пишет: >> Why configure not detect ot my gcc-c++ package missing? >> >> sure if i install gcc-c++, it worked now. >> >> maybe we need update

Re: [squid-users] Compile install Squid, configure default options.

On 13/01/2016 11:36, Billy.Zheng (zw963) wrote: So the problem is: Why configure not detect out my system missing g++ until I run make, it told me `g++: command not found' ? There might be something wrong in the configure script as far as I can tell since your configure shows the next:

Re: [squid-users] V3.5.12 SSL Bumping Issue with one Website

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I seen the same - just no lough! - with https://instagram.com :) Yes, I know, selfie is evil :) 13.01.16 23:10, sq...@data-core.org пишет: > > Hello together, > > I am using Squid 3.5.12 with Kerberos Authentication only and ClamAV on Debian

Re: [squid-users] Squid config is failing to cache data

On 14/01/2016 6:16 a.m., Hardik Dangar wrote: > Hi all, > > I handle small network and we have 40 systems ( most having Ubuntu 14.04 > and couple of system have windows ). We use squid to cache. Due to the > country where i live there is huge data charges so i am using squid to > cache things

Re: [squid-users] Squid config is failing to cache data

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 13.01.16 23:16, Hardik Dangar пишет: > Hi all, > > I handle small network and we have 40 systems ( most having Ubuntu 14.04 > and couple of system have windows ). We use squid to cache. Due to the > country where i live there is huge data

Re: [squid-users] Authorization in a different way

On 14/01/2016 6:50 a.m., Christian Kunkel wrote: > hey amos, > > maybe my english is too bad or maybe i am just not getting it. i can > not use any kind of ip as authentication or authorization. first of > all because of nat and second would be that the ip of a user changes > regarding his

Re: [squid-users] Authorization in a different way

I do not know if an old idea of mine will be good for you but... I will write it anyway. The basic way to do what you want is to use some kind of authentication in the session level and not the IP but.. You can use some "keep-alive" page which will use some JS to re-authenticate every couple

Re: [squid-users] kerberos authentication with a machine account doesn't work

On Wed, Jan 13, 2016 at 09:30:46AM +0100, Fabio Bucci wrote: > Hi All, > i want to terminate a previous job did by ex colleague is changed > company. Now there is a cluster of 2 nodes of squid with NTLM > transparent authentication and one spare node i'm using as test and > configured with

Re: [squid-users] How to setup a secure(!) squid proxy

It's a debian. But an ubuntu howto will also work with debian. Here is the broken link: I combined this two instructions: http://wiki.squid-cache.org/Features/SslBump http://wiki.squid-cache.org/Features/DynamicSslCert (The latest stable squid on ubuntu is 3.4) Message: 5 > Date: Wed, 13 Jan

[squid-users] Testing Kerberos and LDAP connections

Is there a way to test the following lines from my squid.conf file to make sure the connections are working correctly? ### negotiate kerberos and ntlm authentication auth_param negotiate program /usr/local/bin/negotiate_wrapper -d --ntlm /usr/lib/squid3/ntlm_smb_lm_auth --diagnostics

Re: [squid-users] Squid-4.0.4 on FreeBSD

[root@mail /usr/home/wash/ILI/Squid/4.x/squid-4.0.4]# make Making all in compat depbase=`echo eui64_aton.lo | sed 's|[^/]*$|.deps/&|;s|\.lo$||'`; /bin/sh ../libtool --tag=CC--mode=compile gcc -DHAVE_CONFIG_H-I.. -I../include -I../lib -I../src -I../include -I/usr/include -I/usr/include

Re: [squid-users] Squid-4.0.4 on FreeBSD

Hi, I see that there is no -I/usr/local/include option to the compiler. Add that as a CPPLAGS when calling configure (e.g. CPPFLAGS=-I/usr/local/include ./configure ) this should fix the build for you. On Wed, Jan 13, 2016 at 4:25 PM, Odhiambo Washington wrote: > I am

Re: [squid-users] Squid MAC address ACL is not worked, and how to get the MAC address Squid see?

It seem like i missing so many reply, Sorry for all. I try to reproduce everything about what I did in this reply. Currently, I use newer compile version Squid (3.5.12), see wiki, it should support arp acl originally, following is copy from WIKI. > The arp ACL requires the special configure

[squid-users] Squid-4.0.4 on FreeBSD

I am trying to compile on FreeBSD 10.1-RELEASE-amd64 /bin/sh ../libtool --tag=CC --mode=compile clang -DHAVE_CONFIG_H -I.. -I../include -I../lib -I../src -I../include -I/usr/include -I/usr/include -I../libltdl -I/usr/include -I/usr/local/include/libxml2 -Werror -Qunused-arguments

Re: [squid-users] Squid MAC address ACL is not worked, and how to get the MAC address Squid see?

On 14/01/2016 3:29 a.m., Billy.Zheng (zw963) wrote: > > It seem like i missing so many reply, Sorry for all. > > I try to reproduce everything about what I did in this reply. > > Currently, I use newer compile version Squid (3.5.12), see wiki, it > should support arp acl originally, following

[squid-users] Authorization in a different way

Hey guys, i need a way to autheticate or authorize users to my squid server so i can create some kind of a session and drop users after x hours they have been using my proxy. important thing would be to create only one session per user. i do not have access to users network. they are

Re: [squid-users] Squid-4.0.4 on FreeBSD

On 14/01/2016 4:28 a.m., Kinkie wrote: > Hi, >I see that there is no -I/usr/local/include option to the compiler. > > Add that as a CPPLAGS when calling configure > (e.g. > CPPFLAGS=-I/usr/local/include ./configure > ) > this should fix the build for you. ITYM:

Re: [squid-users] Squid-4.0.4 on FreeBSD

On 14/01/2016 5:23 a.m., Odhiambo Washington wrote: > [root@mail /usr/home/wash/ILI/Squid/4.x/squid-4.0.4]# make > Making all in compat > depbase=`echo eui64_aton.lo | sed 's|[^/]*$|.deps/&|;s|\.lo$||'`; /bin/sh > ../libtool --tag=CC--mode=compile gcc -DHAVE_CONFIG_H-I.. > -I../include

Re: [squid-users] Testing Kerberos and LDAP connections

On 14/01/2016 4:36 a.m., dol...@ihcrc.org wrote: > Is there a way to test the following lines from my squid.conf file to make > sure the connections are working correctly? > > ### negotiate kerberos and ntlm authentication > auth_param negotiate program /usr/local/bin/negotiate_wrapper -d --ntlm

[squid-users] Squid config is failing to cache data

Hi all, I handle small network and we have 40 systems ( most having Ubuntu 14.04 and couple of system have windows ). We use squid to cache. Due to the country where i live there is huge data charges so i am using squid to cache things like Ubuntu updates and certain applications. Issue i have

Re: [squid-users] Authorization in a different way

On 14/01/2016 5:35 a.m., Christian Kunkel wrote: > Hey guys, > > i need a way to autheticate or authorize users to my squid server so > i can create some kind of a session and drop users after x hours they > have been using my proxy. important thing would be to create only one > session per user.

Re: [squid-users] Testing Kerberos and LDAP connections

If I remove the NTLM and Kerberos authentication, is there a way to test the basic LDAP authentication in the script from the command line? -Original Message- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of Amos Jeffries Sent: Wednesday, January 13,

[squid-users] V3.5.12 SSL Bumping Issue with one Website

Hello together, I am using Squid 3.5.12 with Kerberos Authentication only and ClamAV on Debian Jessie. My Proxy is working very nice, but now I've found an issue with just one SSL Website. It would be nice to know if others can reproduce this Issue. Target website is:

Re: [squid-users] How to setup a secure(!) squid proxy

On 14/01/2016 5:10 a.m., startrekfan wrote: > It's a debian. But an ubuntu howto will also work with debian. > Here is the broken link: > > I combined this two instructions: > http://wiki.squid-cache.org/Features/SslBump > http://wiki.squid-cache.org/Features/DynamicSslCert > > (The latest

Re: [squid-users] Testing Kerberos and LDAP connections

On 14/01/2016 6:11 a.m., dolson wrote: > If I remove the NTLM and Kerberos authentication, is there a way to test the > basic LDAP authentication in the script from the command line? > Huh? none of these are scripts. Amos ___ squid-users mailing

Re: [squid-users] Authorization in a different way

hey amos, maybe my english is too bad or maybe i am just not getting it. i can not use any kind of ip as authentication or authorization. first of all because of nat and second would be that the ip of a user changes regarding his location (mobile network). my understanding of ext_session_acl