Re: [squid-users] Crash: every 1-2 hour: kernel: Out of memory: Kill process (squid)

2016-12-14 Thread Amos Jeffries
On 15/12/2016 6:24 a.m., n...@forceline.net wrote: > Eliezer, thanks for your reply. Guides: > http://wiki.squid-cache.org/Features/SslBump > http://wiki.squid-cache.org/Features/SslPeekAndSplice > https://habrahabr.ru/post/267851/ <-- Russian lang > https://habrahabr.ru/post/272733/ <-- Russian

Re: [squid-users] unknown source IP in access.log

2016-12-14 Thread Amos Jeffries
On 15/12/2016 8:58 a.m., Sameh Onaissi wrote: > Hey Antony, all… > > The file is where is should be: /etc/squid/squid.conf > > > squid -k parse returns nothing strange. > To make sure, I followed your instructions of writing deny wrong (in > /etc/squid/squid.conf) and ran "squid -k parse”

Re: [squid-users] Setup wccp2 with squid3 and cisco switch 4507

2016-12-14 Thread André Bolinhas
Hi, In this case, using L2 I don’t need to create a GRE tunnel? Also need to use HTTP_PORT 3128 intercept ? Wish iptables I need to create? Best regards From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of Yuri Voinov Sent: quarta-feira, 14 de dezembro de 2016

Re: [squid-users] unknown source IP in access.log

2016-12-14 Thread Sameh Onaissi
Hey Antony, all… The file is where is should be: /etc/squid/squid.conf squid -k parse returns nothing strange. To make sure, I followed your instructions of writing deny wrong (in /etc/squid/squid.conf) and ran "squid -k parse” again, and it complained: 2016/12/14 14:45:15| Processing:

Re: [squid-users] unknown source IP in access.log

2016-12-14 Thread Antony Stone
On Wednesday 14 December 2016 at 17:26:34, Sameh Onaissi wrote: > Thanks for your reply. > > Here’s the config file: http://pastebin.com/DNDacy6M Where is this file located on your system? The answer to this question is needed further down my reply. I've skipped some bits to make my reply

Re: [squid-users] Crash: every 1-2 hour: kernel: Out of memory: Kill process (squid)

2016-12-14 Thread noc
Eliezer, thanks for your reply. Guides: http://wiki.squid-cache.org/Features/SslBump http://wiki.squid-cache.org/Features/SslPeekAndSplice https://habrahabr.ru/post/267851/ <-- Russian lang https://habrahabr.ru/post/272733/ <-- Russian lang >First goes first change this: 13130: Done, nothing

Re: [squid-users] unknown source IP in access.log

2016-12-14 Thread Sameh Onaissi
Thanks for your reply. Here’s the config file: http://pastebin.com/DNDacy6M Dovecot used its default ports: 110: pop 143: imap 995: pop3s 993: maps Postfix SMTP 587 Kind regards, Sam [cid:2FD1C3AB-E45C-49F0-84AB-0F8AC658BD11@routerb408e2.com]Piensa en el medio ambiente antes de imprimir

Re: [squid-users] Cisco ASA with transparent Squid with HTTP/HTTPS filtering

2016-12-14 Thread Yuri Voinov
14.12.2016 21:59, Yuri Voinov пишет: > > > > 14.12.2016 21:08, Rafael Akchurin пишет: >> >> Hello everyone, >> >> >> >> After pulling all my hair out and reading every possible howto on the >> Internet for Cisco ASA integration with Squid using WCCP I have >> decided to write my own. The how

Re: [squid-users] Cisco ASA with transparent Squid with HTTP/HTTPS filtering

2016-12-14 Thread Yuri Voinov
14.12.2016 21:59, Yuri Voinov пишет: > > > > 14.12.2016 21:08, Rafael Akchurin пишет: >> >> Hello everyone, >> >> >> >> After pulling all my hair out and reading every possible howto on the >> Internet for Cisco ASA integration with Squid using WCCP I have >> decided to write my own. The how

Re: [squid-users] Cisco ASA with transparent Squid with HTTP/HTTPS filtering

2016-12-14 Thread Yuri Voinov
14.12.2016 21:08, Rafael Akchurin пишет: > > Hello everyone, > > > > After pulling all my hair out and reading every possible howto on the > Internet for Cisco ASA integration with Squid using WCCP I have > decided to write my own. The how to is at >

[squid-users] Setup wccp2 with squid3 and cisco switch 4507

2016-12-14 Thread André Bolinhas
Hi, I need to setup wccp2 between my Squid3 box and my cisco switch 4507 Since my 4507 don't support GRE on forward methoding I need to configure the the wccp with L2. My squid.conf http_port 3129 intercept wccp2_router $IP-OF-ROUTER wccp2_forwarding_method l2 wccp2_return_method l2

Re: [squid-users] unknown source IP in access.log

2016-12-14 Thread Antony Stone
On Wednesday 14 December 2016 at 16:16:17, Sameh Onaissi wrote: > Looking at access.log, to find the Skype IPs, I noticed a LOT of unknown > source IPs. All those IPs seem to be originated from China. In my config > file I deny all but local net IPs 10.0.0.0/24. I suggest you show us your

[squid-users] unknown source IP in access.log

2016-12-14 Thread Sameh Onaissi
Hello, I have a functional transparent squid with ssl-bump on Ubuntu 16.04 With Eliezer’s great help, I added a bypass pool to bypass Skype for Business IPs and allow the Skype for Business client to log in successfully. I notices that personal Skype is not logging in however, so I wanted to

[squid-users] Cisco ASA with transparent Squid with HTTP/HTTPS filtering

2016-12-14 Thread Rafael Akchurin
Hello everyone, After pulling all my hair out and reading every possible howto on the Internet for Cisco ASA integration with Squid using WCCP I have decided to write my own. The how to is at https://docs.diladele.com/tutorials/web_filter_https_squid_cisco_wccp/index.html. Please note it is

Re: [squid-users] Antw: RE: Antw: RE: squid-3.3.8-26.el7_2.4.x86_64 using Novell eDirectory with /usr/lib64/squid/digest_edirectory_auth

2016-12-14 Thread Eliezer Croitoru
What have you tried to test the helpers by themselves? Let say you run from the command line the command which squid runs and like in the example in the mailing list which I attached, What happens? Eliezer Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email:

Re: [squid-users] Crash: every 1-2 hour: kernel: Out of memory: Kill process (squid)

2016-12-14 Thread Eliezer Croitoru
First goes first change this: https_port 192.168.253.10:3130 intercept ssl-bump options=ALL:NO_SSLv3:NO_SSLv2 connection-auth=off cert=/etc/squid/squidCA.pem into: http_port 192.168.253.10:13130 intercept ssl-bump options=ALL:NO_SSLv3:NO_SSLv2 connection-auth=off cert=/etc/squid/squidCA.pem and

[squid-users] Antw: RE: Antw: RE: squid-3.3.8-26.el7_2.4.x86_64 using Novell eDirectory with /usr/lib64/squid/digest_edirectory_auth

2016-12-14 Thread bjoern wahl
I would like to use a group, but i would be happy if anything with ldap would be working. Just in case, i did a tcpdump an i can see that the server communicates with the ldap-server, and that the squid gets an answer. >>> Eliezer Croitoru 13.12.16 14.37 Uhr >>> Which of

Re: [squid-users] Squid 3.5.21 ssl bump and x-forward

2016-12-14 Thread FredB
If really needed, there is a patch here http://bugs.squid-cache.org/show_bug.cgi?id=3792 But as Amos said this patch is incomplete the CONNECT XFF header contents should also be added to the bumped request Fred ___ squid-users mailing list