Re: [squid-users] custom DNS resolver scripts? (was: Re: Is it possible to force some dstdomain to ipv4) protocol without define an outgoing ip address ?

You could run unbound on the squid host (or elsewhere) and use this config to drop all requests. It utilises unbound's ability to include custom python scripts. https://github.com/berstend/unbound-no- Configure unbound to forward all other DNS requests to your existing nameservers and

Re: [squid-users] custom DNS resolver scripts? (was: Re: Is it possible to force some dstdomain to ipv4) protocol without define an outgoing ip address ?

On 10/06/21 11:42 am, Alex Rousskov wrote: On 6/9/21 6:16 PM, Ambrose Li wrote: On Wed, Jun 09, 2021 at 12:05:40PM -0400, Alex Rousskov wrote: Not that I know of. You can implement this logic inside a custom DNS resolver script, or you can reconfigure Squid whenever your outgoing addresses

Re: [squid-users] Squid spliced TLS handshake failing with chrome/ium fallback for certain servers

On 6/9/21 3:29 PM, Andreas Weigel wrote: > I stumbled upon a case of someone complaining about a site not being > reachable via squid. Squid was running as transparent proxy and splicing > TLS connections. > Squid reported a TLS handshake error to the client > (SQUID_ERR_SSL_HANDSHAKE; Handshake

Re: [squid-users] custom DNS resolver scripts? (was: Re: Is it possible to force some dstdomain to ipv4) protocol without define an outgoing ip address ?

On 6/9/21 6:16 PM, Ambrose Li wrote: > On Wed, Jun 09, 2021 at 12:05:40PM -0400, Alex Rousskov wrote: >> Not that I know of. You can implement this logic inside a custom DNS >> resolver script, or you can reconfigure Squid whenever your outgoing >> addresses change, but I understand that you are

[squid-users] Squid spliced TLS handshake failing with chrome/ium fallback for certain servers

Hi everyone, I stumbled upon a case of someone complaining about a site not being reachable via squid. Squid was running as transparent proxy and splicing TLS connections. Squid reported a TLS handshake error to the client (SQUID_ERR_SSL_HANDSHAKE; Handshake with SSL server failed:

[squid-users] custom DNS resolver scripts? (was: Re: Is it possible to force some dstdomain to ipv4) protocol without define an outgoing ip address ?

On Wed, Jun 09, 2021 at 12:05:40PM -0400, Alex Rousskov wrote: > > Not that I know of. You can implement this logic inside a custom DNS > resolver script, or you can reconfigure Squid whenever your outgoing > addresses change, but I understand that you are looking for a better > solution. What

[squid-users] Is it possible to force some dstdomain to ipv4 protocol without define an outgoing ip address ?

Hello, I use squid 4.15 and want to configure it to connect to some destinations via IPv4. I know about the tcp_outgoing_address option, but my outgoing ipv4 and ipv6 addresses changes every day. So is there an option like: acl myipv4onlydest dstdomain .example1.com .example2.com

Re: [squid-users] Is it possible to force some dstdomain to ipv4 protocol without define an outgoing ip address ?

On 6/9/21 8:25 AM, Dieter Bloms wrote: > Hello, > > I use squid 4.15 and want to configure it to connect to some destinations > via IPv4. > > I know about the tcp_outgoing_address option, but my outgoing ipv4 and > ipv6 addresses changes every day. > > So is there an option like: > > acl

Re: [squid-users] Issues with SSLBumped high traffic forward caching

On 6/9/21 10:04 AM, Matthias Saou wrote: > on a single squid 5.0.6 server. > assertion failed: Transients.cc:221: "old == e" This is a Squid bug. Please consider creating a Bugzilla entry and posting the corresponding backtrace there:

[squid-users] Issues with SSLBumped high traffic forward caching

Hi, We have a fairly simple (in theory) use case where we have a bunch of headless Chromium browsers connecting to websites on the Internet through various geo-specific proxies. To speed things up, we'd like to add a caching layer, since it's perfectly acceptable for us to honor all