And another one:
5) If you are using a deny_info configuration for a specific acl and you are
redirecting to a url instead of squid inernal error page you can add some query
term that will be used as a marker to the acl.
Example of usage:
acl blacklist-acl dstdomain block-test.org
deny_info http
On 03/13/2018 06:08 PM, Amos Jeffries wrote:
> On 14/03/18 05:46, Eduardo Carneiro wrote:
>> Hello everyone!
>>
>> Is there any way to display, in my custom error pages, the acl that denied
>> access?
>
> Two things:
>
> 1) There is no single ACL that denied Access. There is always an entire
> s
On 14/03/18 05:46, Eduardo Carneiro wrote:
> Hello everyone!
>
> Is there any way to display, in my custom error pages, the acl that denied
> access?
Two things:
1) There is no single ACL that denied Access. There is always an entire
sequence of checks.
2) The error page template code has not
Thank Yuri!!
I believe that this post is milestone in for the SSL-BUMP feature.
Now the only thing left regarding weird memory leaks is to compare with these
technical details:
3.5.27
4.0.24
5.0.0_alpha\head
I cannot test and compare it myself due to the lack of time and CPU but I
believe that
As practical experience shows, it is counterproductive to swear. :)
Especially when you need to solve the problem;)
It's just that sometimes a bad character wins :)
14.03.2018 03:30, Alex Rousskov пишет:
> Yuri,
>
> The quality of many of your recent mailing list posts was
> exceptionally hig
Yuri,
The quality of many of your recent mailing list posts was
exceptionally high: to-the-point, with a healthy level of technical
detail, cool triage, actionable advice, and no distractions (up to the
footer:-). Your new approach resulted in a much more enjoyable
experience for me personally
Thanks Yuri. That helps. As for the "sslproxy_flags
DONT_VERIFY_PEER", yes I understand the risks. In my specific case,
where my "users" are actually a bunch of automated web clients doing
some web crawling it's the right thing to do.
--
Aaron Turner
https://synfin.net/ Twitter: @synfina
FInally,
just take a look:
This is SSL Bump-aware setup. Seems no memory leaks, yes? Normal memory
distribution.
Let's see on overall OS memory:
No leaks.
13.03.2018 23:44, Yuri пишет:
>
> AFAIK,
>
> SSL bump subsystem uses OpenSSL memory routines. So, first of all,
> most probably leaks (if a
AFAIK,
SSL bump subsystem uses OpenSSL memory routines. So, first of all, most
probably leaks (if any) can be OpenSSL-related, but not squid itself.
Now let's see your config snippets.
13.03.2018 23:00, Aaron Turner пишет:
> "Usually misconfiguration leads to memory overhead."
>
> This may be tr
"Usually misconfiguration leads to memory overhead."
This may be true, but if you look in the list archives a few months
ago I basically chased my tail in circles and nobody could tell me
what I was doing wrong and so many of the docs are so old that they're
worse then useless, they seem to sugges
I've used it on all versions starting from 3.4.
Now I'm using Squid 5.0.0.
I'm afraid, my config is completely useless, because of it contains tons
of optimizations/tweaks/tricks and designed for customized Squid 5.0.0,
with different memory allocator for custom infrastructure.
You can't just ta
Hello everyone!
Is there any way to display, in my custom error pages, the acl that denied
access?
Eduardo Carneiro
--
Sent from:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
___
squid-users mailing list
squid-users@
What version are you using Yuri? Can you share your config?
Everytime I use ssl bump, I have massive memory leaks. It's been
effectively unusable for me.
--
Aaron Turner
https://synfin.net/ Twitter: @synfinatic
My father once told me that respect for the truth comes close to being
the bas
Moreover,
SSL Bump combines with interception/explicit proxy in one setup.
And works perfectly.
13.03.2018 21:14, Marcus Kool пишет:
> "SSL bump" is the name of a complex Squid feature.
> With ssl_bump ACLs one can decide which domains can be 'spliced' (go
> through the proxy untouched) or can
"SSL bump" is the name of a complex Squid feature.
With ssl_bump ACLs one can decide which domains can be 'spliced' (go through
the proxy untouched) or can be 'bumped' (decrypted).
Interception is not a requirement for SSL bump.
Marcus
On 13/03/18 11:44, Danilo V wrote:
I mean SSL bump in exp
I mean SSL bump in explicit mode.
So intercept is a essencial requirement for running SSL bump?
Em ter, 13 de mar de 2018 às 11:10, Matus UHLAR - fantomas <
uh...@fantomas.sk> escreveu:
> On 13.03.18 13:44, Danilo V wrote:
> >Is it possible/feasible to configure squid in explicit mode with ssl
>
On 13.03.18 13:44, Danilo V wrote:
Is it possible/feasible to configure squid in explicit mode with ssl
intercept?
explicit is not intercept, intercept is not explicit.
explicit is where browser is configured (manually or automatically via WPAD)
to use the proxy.
intercept is where network de
Is it possible/feasible to configure squid in explicit mode with ssl
intercept?
Due to architecture of my network it is not possible to implement
transparent proxy.
What would be the behavior of applications that dont support proxy - i.e.
dont forward requests to proxy?
Any guides?
Danilo
Hello Antonio,
Sorry no pfsense tutorials for now, but these two are *proved* to be working
just fine.
https://docs.diladele.com/tutorials/policy_based_routing_squid/index.html
https://docs.diladele.com/tutorials/mikrotik_transparent_squid/index.html
Hope it helps.
Best regards,
Rafael Akchuri
Hi guys.
This is my last attempt before going to authenticated mode.
I searched all over the internet for a way to set up a "transparent squid"
but until then the most I can get is an exhausted timeout when I go to an
http.
My environment is as follows.
- Box squid 3.5.20
- pfSense as the defau
On 13.03.18 20:37, Al Grant wrote:
I have been told it would be good practice to respect users privacy when
it comes to banking and health websites.
I am not sure whether this means not logging those websites, not caching
them or something else?
On Tue, Mar 13, 2018 at 9:06 PM, Matus UHLAR - f
Hello, I finally found the solution to the TCP_MISS_ABORTED/000 problem,
result that the network manager person, give me a tplink load balance
router with some filters setting inside them, he forgot that setting.
This setting are in the filters setting, setting some words like porno,
sex, and simil
On Tue, Mar 13, 2018 at 9:06 PM, Matus UHLAR - fantomas
wrote:
> On 13.03.18 20:37, Al Grant wrote:
>
>> I have been told it would be good practice to respect users privacy when
>> it
>> comes to banking and health websites.
>>
>
> it's good practice respect users privacy when it comes to all web
On 13.03.18 20:37, Al Grant wrote:
I have been told it would be good practice to respect users privacy when it
comes to banking and health websites.
it's good practice respect users privacy when it comes to all websites.
I am not sure whether this means not logging those websites, not caching
Hi,
I have been told it would be good practice to respect users privacy when it
comes to banking and health websites.
I am not sure whether this means not logging those websites, not caching
them or something else?
Can someone please elaborate, and perhaps how it would be achieved? I am
currentl
25 matches
Mail list logo