Re: [squid-users] problem in configuring squid

On 5/10/2016 4:42 a.m., Shark wrote: > Sorry for my bad english, > > I want to make a anonymous https & http proxy that pass through any > requests without decrypting or change them, > only change ip address from client ip to my server ip address and define ip > address of my websites that i want

Re: [squid-users] Whitelist domain ignored?

On 10/04/2016 05:16 PM, Jok Thuau wrote: > On Tue, Oct 4, 2016 at 1:41 PM, Jose Torres-Berrocal wrote: >> I have some clients that use a program that tries to connect to: >> https://neodecksoftware.com/NeoMedOnline/NeoMedOnlineService.svc >> /var/squid/acl/whitelist.acl: >>

Re: [squid-users] Introducing delay to HTTP 407 responses

On 10/04/2016 06:20 AM, Amos Jeffries wrote: > On 5/10/2016 12:47 a.m., squid-users wrote: >> I set this up as you suggested, then triggered a 407 response from >> the cache. It seems that way; I couldn't see aclMatchHTTPStatus or >> http-response-407 in the log > Strange. I was sure Alex did

Re: [squid-users] Whitelist domain ignored?

On Tue, Oct 4, 2016 at 1:41 PM, Jose Torres-Berrocal < jetsystemservi...@gmail.com> wrote: > I do not know the correct terms to the problem I have. > > I have some clients that use a program that tries to connect to: > https://neodecksoftware.com/NeoMedOnline/NeoMedOnlineService.svc > > note

Re: [squid-users] Introducing delay to HTTP 407 responses

> > I set this up as you suggested, then triggered a 407 response from the > cache. It seems that way; I couldn't see aclMatchHTTPStatus or http- > response-407 in the log: > > > > Strange. I was sure Alex did some tests recently and proved that even > internally generated responses get

Re: [squid-users] Whitelist domain ignored?

Yes we can see your messages to the group.. While im responding, this doesnt adress you problem, but we have a free whitelist that we maintain you may or may not be interested in, but its quite a bit larger. No adult, and no torrent sites.

Re: [squid-users] Whitelist domain ignored?

Just to confirm that I sent the email Jose E Torres 939-777-4030 JET System Services On Tue, Oct 4, 2016 at 4:41 PM, Jose Torres-Berrocal wrote: > I do not know the correct terms to the problem I have. > > I have some clients that use a program that tries to

[squid-users] Whitelist domain ignored?

I do not know the correct terms to the problem I have. I have some clients that use a program that tries to connect to: https://neodecksoftware.com/NeoMedOnline/NeoMedOnlineService.svc Went to the access.log and found the neodecksoftware.com is being denied even that I have it in a whitelist

Re: [squid-users] Kerberos Ne

so... any advice about this?? Thanks! -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Kerberos-appropriate-log-file-tp4679740p4679901.html Sent from the Squid - Users mailing list archive at Nabble.com. ___

Re: [squid-users] Squid - AD kerberos auth and Linux Server proxy access not working

Hi Amos; Ok, we can discussed the issue in Two part 1. For Windows AD Authentication & SSO and 2. Linux server unable to access via squid proxy. For First point- Requirement to have SSO for accessing internet via squid proxy and based on user's AD group membership allow access to specific

Re: [squid-users] Problem with Squid3 Caches

On Tuesday 04 October 2016 at 19:43:21, KR wrote: > > On Oct 4, 2016, at 11:45 AM, Antony Stone wrote: > > > > On Tuesday 04 October 2016 at 17:00:24, KR wrote: > >> Hello Anthony, Yuri, > >> > >> It seems every line is commented out in the config? > > > > Impossible - otherwise it couldn't

Re: [squid-users] Problem with Squid3 Caches

I uncommented that line and now I get Initializing the Squid cache with the command squid3 -f /etc/squid/squid.conf -z .. FATAL: Bungled /etc/squid/squid.conf line 3410: cache_dir rock /hdd1 ... min-size=10 Squid Cache (Version 3.5.12): Terminated abnormally. CPU Usage: 0.008 seconds =

Re: [squid-users] Squid crash - 3.5.21

On Mon, 2016-10-03 at 11:33 -0600, Alex Rousskov wrote: On 10/03/2016 04:50 AM, Jasper Van Der Westhuizen wrote: This morning I had some problems with some of our proxies. 2 Proxies in cluster A crashed with the below errors. The shortly afterwards 4 in cluster B did the same. Both clusters

Re: [squid-users] Squid-3.5.21: filter FTP content or FTP commands

Thank you very much. It's my fault - wrote wrong ACL . That'll do it! Yahooo! LIST , C.?D blocked ok. 2016-10-04 17:55 GMT+03:00 Alex Rousskov : > On 10/04/2016 06:24 AM, oleg gv wrote: > > > Then I try to block FTP-Command and nothing happen. Some from my

Re: [squid-users] Problem with Squid3 Caches

On Tuesday 04 October 2016 at 17:00:24, KR wrote: > Hello Anthony, Yuri, > > It seems every line is commented out in the config? Impossible - otherwise it couldn't generate the error message "FATAL: Bungled /etc/squid/squid.conf line 3467: cache_dir rock /ssd3 ..." Thta is telling you that

Re: [squid-users] problem in configuring squid

Sorry for my bad english, I want to make a anonymous https & http proxy that pass through any requests without decrypting or change them, only change ip address from client ip to my server ip address and define ip address of my websites that i want to access them from my client in /etc/hosts, so

Re: [squid-users] Squid-3.5.21: filter FTP content or FTP commands

On 10/04/2016 06:24 AM, oleg gv wrote: > Then I try to block FTP-Command and nothing happen. Some from my config: > > acl rh req_header -i ^FTP-Command Wrong syntax. Please read req_header documentation carefully and try something like: acl rh req_header FTP-Command -i LIST I also recommend

Re: [squid-users] Introducing delay to HTTP 407 responses

On 10/04/2016 05:18 AM, Amos Jeffries wrote: > On 4/10/2016 11:53 p.m., squid-us...@filter.luko.org wrote: >> Would the developers be open to adding a configuration-based throttle to >> authentication responses > This helper is the mechanism that we accepted. Anything else would be > far less

Re: [squid-users] Caching http google deb files

Wow, i couldn't think about that. google might need tracking data that could be the reason they have blindly put vary * header. oh Irony, company which talks to all of us on how to deliver content is trying to do such thing. I have looked at your patch but how do i enable that ? do i need to

Re: [squid-users] IPv6 interception crash: Ip::Address::getInAddr : Cannot convert non-IPv4 to IPv4.

> Thanks for the testing and feedback. I've applied this as part-2 of the > bug 4302 updates. It will be in the next releases of 3.5 and 4.x. you are the hero of the day, thank you very much! -- Gergely EGERVARY ___ squid-users mailing list

Re: [squid-users] Caching http google deb files

On 5/10/2016 2:34 a.m., Hardik Dangar wrote: > Hey Amos, > > We have about 50 clients which downloads same google chrome update every 2 > or 3 days means 2.4 gb. although response says vary but requested file is > same and all is downloaded via apt update. > > Is there any option just like

Re: [squid-users] Caching http google deb files

Hey Amos, after referring to one of your old posts i found, we can use reply_header_replace to replace headers. Is it possible to replace vary * header with something appropriate? or i need to look at squid's source code to ignore vary header and recompile ? On Tue, Oct 4, 2016 at 7:04

Re: [squid-users] Squid - AD kerberos auth and Linux Server proxy access not working

Hi Amos; Ok, we can discussed the issue in Two part 1. For Windows AD Authentication & SSO and 2. Linux server unable to access via squid proxy. For First point- Requirement to have SSO for accessing internet via squid proxy and based on user's AD group membership allow access to specific

Re: [squid-users] Caching http google deb files

Hey Amos, We have about 50 clients which downloads same google chrome update every 2 or 3 days means 2.4 gb. although response says vary but requested file is same and all is downloaded via apt update. Is there any option just like ignore-no-store? I know i am asking for too much but it seems

Re: [squid-users] Caching http google deb files

On 5/10/2016 2:05 a.m., Hardik Dangar wrote: > Hello, > > I am trying to cache following deb files as its most requested file in > network. ( google chrome almost every few days many clients update it ). > > http://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb >

Re: [squid-users] IPv6 interception crash: Ip::Address::getInAddr : Cannot convert non-IPv4 to IPv4.

On 04/10/2016 14:10, Amos Jeffries wrote: > On 5/10/2016 1:16 a.m., Egerváry Gergely wrote: >>> Getting closer, but still not there... >> >> Hah, we need to apply the kern/50198 patch to ipnat_6.c too. >> >> --- ip_nat6.c.orig 2015-08-08 18:31:21.0 +0200 >> +++ ip_nat6.c 2016-10-04

Re: [squid-users] problem in configuring squid

On Tuesday 04 October 2016 at 14:51:13, Mehdi Yeganeh wrote: > Thanks for quick replay, > I need to use my server, i configure my ip address in some software like > antivirus and ... ... and what? I do not understand what antivirus software has to do with our discussion. Please give details,

Re: [squid-users] IPv6 interception crash: Ip::Address::getInAddr : Cannot convert non-IPv4 to IPv4.

On 5/10/2016 1:16 a.m., Egerváry Gergely wrote: >> Getting closer, but still not there... > > Hah, we need to apply the kern/50198 patch to ipnat_6.c too. > > --- ip_nat6.c.orig 2015-08-08 18:31:21.0 +0200 > +++ ip_nat6.c 2016-10-04 14:04:21.0 +0200 > @@ -2470,8 +2469,8 @@

[squid-users] Caching http google deb files

Hello, I am trying to cache following deb files as its most requested file in network. ( google chrome almost every few days many clients update it ). http://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb

Re: [squid-users] problem in configuring squid

Thanks for quick replay, I need to use my server, i configure my ip address in some software like antivirus and ... So, I want all of that working with my server ip address and for this reason I cannot use torproxy or torproject. I need a proxy server (squid) on my server ... More details about

Re: [squid-users] Squid-3.5.21: filter FTP content or FTP commands

Finally I've managed to go on ftp.intel.com using FileZilla through my squid gateway in standart (proxy) mode. Squid conf: ftp_port x.x.x.x 2122 Then I try to block FTP-Command and nothing happen. Some from my config: acl rh req_header -i ^FTP-Command http_access deny rh http_access permit

Re: [squid-users] Introducing delay to HTTP 407 responses

On 5/10/2016 12:47 a.m., squid-users wrote: > Amos, > >> This helper is the mechanism that we accepted. Anything else would be far >> less useful. > > Makes sense. > >> I think the results you are getting show that the http_status ACL is not >> working properly. >> >> Can you get a

Re: [squid-users] IPv6 interception crash: Ip::Address::getInAddr : Cannot convert non-IPv4 to IPv4.

> Getting closer, but still not there... Hah, we need to apply the kern/50198 patch to ipnat_6.c too. --- ip_nat6.c.orig 2015-08-08 18:31:21.0 +0200 +++ ip_nat6.c 2016-10-04 14:04:21.0 +0200 @@ -2470,8 +2469,8 @@ } }

Re: [squid-users] FW: squid tproxy ssl-bump and Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

On 5/10/2016 12:07 a.m., Vieri wrote: > Hi, > >>> Whatever the reason, for an end-user like me it seems that the XP >>> client is able to negotiate TLS correctly with Google and >>> presumably using the cipher DES-CBC3-SHA (maybe after failing >>> with RC4-MD5 on a first attempt), whereas Squid

Re: [squid-users] Introducing delay to HTTP 407 responses

Amos, > This helper is the mechanism that we accepted. Anything else would be far > less useful. Makes sense. > I think the results you are getting show that the http_status ACL is not > working properly. > > Can you get a "debug_options 28,5" cache.log trace and see if > "aclMatchHTTPStatus"

Re: [squid-users] IPv6 interception crash: Ip::Address::getInAddr : Cannot convert non-IPv4 to IPv4.

> Aha. Damn macros. > > There are a few changes needed, for both v4/v6 inputs and 'realip' > processing. This attached patch should be what you need for Squid-3.5 to > work. Getting closer, but still not there... The browser client is 2001:738:7a00:a::a:d, the remote destination is

Re: [squid-users] Introducing delay to HTTP 407 responses

On 4/10/2016 11:53 p.m., squid-us...@filter.luko.org wrote: > Eliezer, > > Thankyou for your reply, I tried the following: > >> Hey Luke, >> >> Try to use the next line instead: >> external_acl_type delay ttl=1 negative_ttl=0 cache=0 %SRC %SRCPORT %URI >> /tmp/delay.pl >> >> And see what

Re: [squid-users] Squid - AD kerberos auth and Linux Server proxy access not working

On 4/10/2016 11:36 p.m., Antony Stone wrote: > On Tuesday 04 October 2016 at 12:28:44, Nilesh Gavali wrote: > >> Hello Antony; >> I have double checked the current working configuration of my squid.conf >> and it has same settings which I posted earlier. somehow it is working for >> us. > > I'm

Re: [squid-users] FW: squid tproxy ssl-bump and Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

Hi, >> Whatever the reason, >> for an end-user like me it seems that the XP client is able to >> negotiate TLS correctly with Google and presumably using the cipher >> DES-CBC3-SHA (maybe after failing with RC4-MD5 on a first attempt), >> whereas Squid immediately fails with RC4-MD5. It doesn't

Re: [squid-users] IPv6 interception crash: Ip::Address::getInAddr : Cannot convert non-IPv4 to IPv4.

On 4/10/2016 10:52 p.m., Egerváry Gergely wrote: >> Is there another defined somewhere else? For some reason your Squid is >> managing to build with just "nl_inip" (no 'addr') in the field name. > > There's a copy in /usr/include/netinet, but it's the same: > > typedef struct natlookup {

Re: [squid-users] Introducing delay to HTTP 407 responses

Eliezer, Thankyou for your reply, I tried the following: > Hey Luke, > > Try to use the next line instead: > external_acl_type delay ttl=1 negative_ttl=0 cache=0 %SRC %SRCPORT %URI > /tmp/delay.pl > > And see what happens. But it's not introducing a delay into the response. Running strace

Re: [squid-users] Squid - AD kerberos auth and Linux Server proxy access not working

On Tuesday 04 October 2016 at 12:28:44, Nilesh Gavali wrote: > Hello Antony; > I have double checked the current working configuration of my squid.conf > and it has same settings which I posted earlier. somehow it is working for > us. I'm not saying the whole thing won't work; I'm saying there

Re: [squid-users] Squid - AD kerberos auth and Linux Server proxy access not working

-- next part -- An HTML attachment was scrubbed... URL: < http://lists.squid-cache.org/pipermail/squid-users/attachments/20161004/92d8b1fa/attachment-0001.html > -- Message: 6 Date: Tue, 4 Oct 2016 12:13:28 +0200 From: Antony Stone <antony.st...@sq

Re: [squid-users] Squid - AD kerberos auth and Linux Server proxy access not working

On Tuesday 04 October 2016 at 12:08:27, Nilesh Gavali wrote: > All; > > we have Squid proxy configured with Windows SSO with Kerberos which work > fine for WIndows AD users. > we have new requirement where one Linux application server need to access > Internet via squid proxy, we allowed Linux

[squid-users] Squid - AD kerberos auth and Linux Server proxy access not working

All; we have Squid proxy configured with Windows SSO with Kerberos which work fine for WIndows AD users. we have new requirement where one Linux application server need to access Internet via squid proxy, we allowed Linux host access via ACL but getting denied access error. below is the

Re: [squid-users] IPv6 interception crash: Ip::Address::getInAddr : Cannot convert non-IPv4 to IPv4.

> Is there another defined somewhere else? For some reason your Squid is > managing to build with just "nl_inip" (no 'addr') in the field name. There's a copy in /usr/include/netinet, but it's the same: typedef struct natlookup { i6addr_tnl_inipaddr; i6addr_t

Re: [squid-users] IPv6 interception crash: Ip::Address::getInAddr : Cannot convert non-IPv4 to IPv4.

On 4/10/2016 8:57 p.m., Egerváry Gergely wrote: >> Apparently the IPFilter 5.1 code defines an 32-bit IPv4-only structure >> for 64-bit IPv6 addresses to be placed into. That was supposed to be >> fixed in IPFilter 5.0.3. >> >> Can you look through your system for code header files that define >>

Re: [squid-users] IPv6 interception crash: Ip::Address::getInAddr : Cannot convert non-IPv4 to IPv4.

Apparently the IPFilter 5.1 code defines an 32-bit IPv4-only structure for 64-bit IPv6 addresses to be placed into. That was supposed to be fixed in IPFilter 5.0.3. Can you look through your system for code header files that define "struct natlookup" and show me what they contain? in

Re: [squid-users] intercept + IPv6 + IPFilter 5.1

On 01/10/2016 23:48, Egerváry Gergely wrote: > Hi, > > Should "intercept" work with IPv6 on NetBSD 7-STABLE and IPFilter 5.1? > > I have the patch applied for kern/50198, and it's working fine with > IPv4. I only get a connection reset by peer on IPv6. I found the IPv4 bug and that PR and patch

Re: [squid-users] IPv6 interception crash: Ip::Address::getInAddr : Cannot convert non-IPv4 to IPv4.

On 4/10/2016 7:25 p.m., Egerváry Gergely wrote: >>> 2016/10/03 17:08:03.233 kid1| Ip::Address::getInAddr : Cannot convert >>> non-IPv4 to IPv4. IPA=[2001:738:7a00:a::14]:3128 >> Okay your setup looks fine. Apparently the IPFilter 5.1 code defines an 32-bit IPv4-only structure for 64-bit IPv6

Re: [squid-users] IPv6 interception crash: Ip::Address::getInAddr : Cannot convert non-IPv4 to IPv4.

2016/10/03 17:08:03.233 kid1| Ip::Address::getInAddr : Cannot convert non-IPv4 to IPv4. IPA=[2001:738:7a00:a::14]:3128 And what are your squid.conf http_port line(s) ? http_port 127.0.0.1:8080 http_port [::1]:8080 http_port 172.28.0.20:3128 intercept http_port 172.28.0.20:8080 http_port