[squid-users] Acl to deny all sites, and allow some sites

2016-08-30 Thread hibandx
So, i have an squid configured and ok with ad 2012, but the acl Proxy_restrito is not working... This acl is for any solution? This is my conf is for deny all sites, and allow just some sites on file proxy_restrito_whitelist... follow: #Porta padrão do proxy http_port 3128 #Endereco de

[squid-users] Transparent Proxy on OSX Yosemite

2016-08-30 Thread Shively, Gregory
I'm attempting to get a squid working as a transparent proxy on OSX Yosemite. Every attempt ended with a "Forward loop detected". I initially started with the version from homebrew and moved to just compiling myself to see if I could figure out what was going on. Being new to both pf network

Re: [squid-users] Limit Bandwith for youtube....

2016-08-30 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I did not say it would be easy, right? :) 31.08.2016 2:51, Yuri Voinov пишет: > > And, to limit faceboot video, > you require to utilize akamaihd\.net\/v\/(.*\.mp4)\? regex in conjunction with delay-pool + SSL bump. :) > > 31.08.2016 2:48, Yuri

Re: [squid-users] Limit Bandwith for youtube....

2016-08-30 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 And, to limit faceboot video, you require to utilize akamaihd\.net\/v\/(.*\.mp4)\? regex in conjunction with delay-pool + SSL bump. :) 31.08.2016 2:48, Yuri Voinov пишет: > > To cache streaming video, you require to utilize Store-ID feature: > >

Re: [squid-users] Limit Bandwith for youtube....

2016-08-30 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 To cache streaming video, you require to utilize Store-ID feature: http://wiki.squid-cache.org/Features/StoreID 31.08.2016 2:16, erdosain9 пишет: > By the way... > I have this on log > >

Re: [squid-users] SQUID3 FreeRADIUS

2016-08-30 Thread Craddock, Tommy
Hello, The name of the helper was changed some time ago: 2.5 Helper Name Changes To improve the understanding of what each helper does and where it should be used the helper binaries which are bundled with Squid have undergone a naming change in this release. Below is a list of the old

Re: [squid-users] Limit Bandwith for youtube....

2016-08-30 Thread erdosain9
By the way... I have this on log https://fbcdn-video-k-a.akamaihd.net/hvideo-ak-xat1/v/t42.1790-2/12094265_992502374146158_1776024195_n.mp4? - HIER_DIRECT/204.2.178.146 - i do not know how to use https://regex101.com/ it will be like akamaihd\.net\/v\/(.*\.mp4)\? Thanks. -- View this

Re: [squid-users] Limit Bandwith for youtube....

2016-08-30 Thread erdosain9
Thanks. But... I'm misunderstanding ? Tx , is not the download? I think it works this way in the mikrotik . That is, the transmission would be the " download " -- View this message in context:

[squid-users] SQUID3 FreeRADIUS

2016-08-30 Thread Janis Heller
How to use freeradius in squid3? The wiki information I found is very outdated: http://wiki.squid-cache.org/ConfigExamples/Authenticate/Radius The path: "/usr/local/squid/libexec/squid_radius_auth -f /etc/radius_config“ doesn’t exist anymore on SQUID3. All the best;

Re: [squid-users] More host header forgery pain with peek/splice

2016-08-30 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 And this one: http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv15Wccp2 of course. 30.08.2016 23:25, Marcus Kool пишет: > Do I understand it correctly that Squid in normal proxy mode > allows malware to do a CONNECT to any

Re: [squid-users] More host header forgery pain with peek/splice

2016-08-30 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 31.08.2016 1:24, Yuri Voinov пишет: > > > > 30.08.2016 23:25, Marcus Kool пишет: > > Do I understand it correctly that Squid in normal proxy mode > > allows malware to do a CONNECT to any destination, while in > > transparent proxy mode does

Re: [squid-users] More host header forgery pain with peek/splice

2016-08-30 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 30.08.2016 23:25, Marcus Kool пишет: > Do I understand it correctly that Squid in normal proxy mode > allows malware to do a CONNECT to any destination, while in > transparent proxy mode does extra security checks which causes > some regular

Re: [squid-users] More host header forgery pain with peek/splice

2016-08-30 Thread Marcus Kool
Do I understand it correctly that Squid in normal proxy mode allows malware to do a CONNECT to any destination, while in transparent proxy mode does extra security checks which causes some regular (non-malware) clients to fail? And philosophical questions: is Squid the right tool to stop

Re: [squid-users] Too many AD group and squid kerberos auth problem

2016-08-30 Thread Jok Thuau
On Tue, Aug 30, 2016 at 4:05 AM, alberto wrote: > Hi all, > I have a squid3 installation with kerberos ldap groups authentication. > Everything works like a charm except for one of my user that belongs to > too many groups (more than 50): this user can not browse any

Re: [squid-users] More host header forgery pain with peek/splice

2016-08-30 Thread Amos Jeffries
On 26/08/2016 4:17 a.m., Steve Hill wrote: > > This one just seems to keep coming up and I'm wondering how other people > are dealing with it: > > When you peek and splice a transparently proxied connection, the SNI > goes through the host validation phase. Squid does a DNS lookup for the >

Re: [squid-users] More host header forgery pain with peek/splice

2016-08-30 Thread Amos Jeffries
On 26/08/2016 6:34 a.m., reinerotto wrote: > Hack the code. Because it is even worse, as firefox for example does not obey > to the TTL. > It is not that simple. The checks are there for very good reason(s) related to security of the network using the proxy. The Host forgery issue being

Re: [squid-users] Shared Caching with Authorization

2016-08-30 Thread Amos Jeffries
On 27/08/2016 12:10 a.m., LIJO C J wrote: > Hi, I have a resource representation in a REST service. The response > content is same for allusers. But the response should be accessed > only by authorizedInventoryAuditors. > > > > 1. How should be the response headers set to leveragecaching

Re: [squid-users] Too many AD group and squid kerberos auth problem

2016-08-30 Thread Amos Jeffries
On 30/08/2016 11:05 p.m., alberto wrote: > Hi all, > I have a squid3 installation with kerberos ldap groups authentication. > Everything works like a charm except for one of my user that belongs to too > many groups (more than 50): this user can not browse any site because of > authentication

Re: [squid-users] Limit Bandwith for youtube....

2016-08-30 Thread Amos Jeffries
On 30/08/2016 8:13 a.m., erdosain9 wrote: > Ok,thanks! > But something is wrong with my config > I dont have almost no users... (because is proxy testing) and i have too > many download avg. > > Look , this is Torch to the ip of proxy, to see whats going on... > > >

[squid-users] Too many AD group and squid kerberos auth problem

2016-08-30 Thread alberto
Hi all, I have a squid3 installation with kerberos ldap groups authentication. Everything works like a charm except for one of my user that belongs to too many groups (more than 50): this user can not browse any site because of authentication problem. I always see TCP_DENIED/407 in the squid log