Re: [squid-users] Problem with certificates and SSLBump

2016-06-25 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 25.06.2016 23:47, C. L. Martinez пишет: > On Sun 26.Jun'16 at 5:22:31 +1200, Amos Jeffries wrote: >> On 26/06/2016 4:46 a.m., C. L. Martinez wrote: >>> On Sat 25.Jun'16 at 22:33:56 +0600, Yuri Voinov wrote: -BEGIN PGP SIGNED

Re: [squid-users] Problem with certificates and SSLBump

2016-06-25 Thread C. L. Martinez
On Sun 26.Jun'16 at 5:22:31 +1200, Amos Jeffries wrote: > On 26/06/2016 4:46 a.m., C. L. Martinez wrote: > > On Sat 25.Jun'16 at 22:33:56 +0600, Yuri Voinov wrote: > >> > >> -BEGIN PGP SIGNED MESSAGE- > >> Hash: SHA256 > >> > >> Use search. > >> > >> Some days agi I've played around

Re: [squid-users] Problem with certificates and SSLBump

2016-06-25 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 25.06.2016 23:22, Amos Jeffries пишет: > On 26/06/2016 4:46 a.m., C. L. Martinez wrote: >> On Sat 25.Jun'16 at 22:33:56 +0600, Yuri Voinov wrote: >>> >>> -BEGIN PGP SIGNED MESSAGE- >>> Hash: SHA256 >>> >>> Use search. >>> >>> Some days

Re: [squid-users] Skype Issues

2016-06-25 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 25.06.2016 23:09, Amos Jeffries пишет: > On 26/06/2016 4:32 a.m., Yuri Voinov wrote: >> >> Amos, you are a wrong. >> >> No Squid-4. It's unstable and not ready for production. Whenever it's >> features. > > So some beta software has bugs

Re: [squid-users] Problem with certificates and SSLBump

2016-06-25 Thread Amos Jeffries
On 26/06/2016 4:46 a.m., C. L. Martinez wrote: > On Sat 25.Jun'16 at 22:33:56 +0600, Yuri Voinov wrote: >> >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA256 >> >> Use search. >> >> Some days agi I've played around with ECDSA certs and drop it due to >> extremal incompatibility with clients.

Re: [squid-users] Skype Issues

2016-06-25 Thread Renato Jop
Thanks both for you help. I'll try to make this changes and see if this solves my issues. Renato Jop On Sat, Jun 25, 2016 at 10:32 AM, Yuri Voinov wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Amos, you are a wrong. > > No Squid-4. It's unstable and not

Re: [squid-users] Problem with certificates and SSLBump

2016-06-25 Thread C. L. Martinez
On Sat 25.Jun'16 at 22:33:56 +0600, Yuri Voinov wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Use search. > > Some days agi I've played around with ECDSA certs and drop it due to > extremal incompatibility with clients. Here was this thread. > > Is this the thread:

Re: [squid-users] Problem with certificates and SSLBump

2016-06-25 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Use search. Some days agi I've played around with ECDSA certs and drop it due to extremal incompatibility with clients. Here was this thread. 25.06.2016 22:10, C. L. Martinez пишет: > Hi all, > > I have some problems with my squid config when

Re: [squid-users] Skype Issues

2016-06-25 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Amos, you are a wrong. No Squid-4. It's unstable and not ready for production. Whenever it's features. Some time ago I have the same issue and know what happens exactly. Skype initial connection site uses RC4 cipher. Which is disabled in most

[squid-users] Problem with certificates and SSLBump

2016-06-25 Thread C. L. Martinez
Hi all, I have some problems with my squid config when I use certificates generated with my internal CA. First, my ssl-bump config: acl DiscoverSNIHost at_step SslBump1 acl NoSSLIntercept ssl::server_name_regex -i "/etc/squid/acls/domains.nobump" ssl_bump peek DiscoverSNIHost ssl_bump splice

Re: [squid-users] Skype Issues

2016-06-25 Thread Amos Jeffries
On 26/06/2016 1:19 a.m., Renato Jop wrote: > Hello, > I've configured squid to filter both HTTP and HTTPS traffic and for the > most part the squid server is working correctly, however, I am always > unable to login with skype. Skype does send all the requests through the > suid server, but

[squid-users] Skype Issues

2016-06-25 Thread Renato Jop
Hello, I've configured squid to filter both HTTP and HTTPS traffic and for the most part the squid server is working correctly, however, I am always unable to login with skype. Skype does send all the requests through the suid server, but looking into the cache.log I always get a Error

Re: [squid-users] ecap adaper

2016-06-25 Thread joe
ok tks -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/ecap-adaper-tp4678171p4678191.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list

Re: [squid-users] flickr.com redirect error

2016-06-25 Thread Amos Jeffries
On 25/06/2016 6:14 p.m., Rafael Akchurin wrote: > Hello Amos, > > The Via from mine is: > > Via:"http/1.1 fts110.flickr.bf1.yahoo.com (ApacheTrafficServer [cMs f ]), > http/1.1 r02.ycpi.ams.yahoo.net (ApacheTrafficServer [cMsSf ]), 1.1 qlproxy > (squid/3.3.8)" > > Might it be the error when

Re: [squid-users] ecap adaper

2016-06-25 Thread joe
thank for the debug option without deny the POST i dont see any POST packet lol!!and it supose to to go trough ecap right ?? since all acl HTTP_STATUS_OK http_status 200 without any restriction should present POST or GET im right or missing something --- root@proxy:~# squid -v Squid Cache:

Re: [squid-users] Squid question with letsencrypt

2016-06-25 Thread Amos Jeffries
On 25/06/2016 4:48 a.m., Bidwell, Christopher wrote: > Hi all, > > I'm very new to squid and we are wanting to implement letsencrypt for our > ssl certificates. > > Here's the scenario: > > We've got several frontend servers running squid that are caching from the > backend systems. Ok, > >

Re: [squid-users] ecap adaper

2016-06-25 Thread Amos Jeffries
On 25/06/2016 12:31 a.m., joe wrote: > hi wen using ecap adapter > ecap_enable on > acl HTTP_STATUS_OK http_status 200 > loadable_modules /usr/local/lib/ecap_adapter_gzip.so > ecap_service gzip_service respmod_precache ecap://www.vigos.com/ecap_gzip > bypass=off > adaptation_access gzip_service

Re: [squid-users] flickr.com redirect error

2016-06-25 Thread Rafael Akchurin
Hello Amos, The Via from mine is: Via:"http/1.1 fts110.flickr.bf1.yahoo.com (ApacheTrafficServer [cMs f ]), http/1.1 r02.ycpi.ams.yahoo.net (ApacheTrafficServer [cMsSf ]), 1.1 qlproxy (squid/3.3.8)" Might it be the error when constructing via contents in squid? As it starts with 1.1 while

Re: [squid-users] flickr.com redirect error

2016-06-25 Thread Amos Jeffries
On 25/06/2016 4:02 a.m., Yuri Voinov wrote: > > Be careful, guys. Via is reauired to HTTP by RFC. > As of RFC 7230 et al, it is officially now optional. Yay! As of Squid-3.2 emitting HTTP/1.1, its use in preventing 1.1<->1.0 translation errors is greatly reduced. Yay! It is still important to

Re: [squid-users] flickr.com redirect error

2016-06-25 Thread Amos Jeffries
On 25/06/2016 3:40 a.m., Ozgur Batur wrote: > Hi Rafael, Yuri, > > Thank you very much, "via off" did the trick. It is probably a server > specific issue as you said. > Hmm. What was the Via header emitted by your proxy? There are some common misconfigurations that can lead to a broken Via