Hi,
My project makes user-initiated requests to a selection of HTTPS API, I'm
using squid 5.7 as a forward proxy with SSL bumping to aggressively cache
results, and it's working great for that.
One of the API (let's call it 'foobar.org') has a strict 1 request per second
limit. I would like
this
...
On Mon, Sep 27, 2021 at 9:23 AM Alex Rousskov <
rouss...@measurement-factory.com> wrote:
> On 9/27/21 8:44 AM, Mike Yates wrote:
>
> > Sorry Alex but if using postman I just post to the internal URL with no
> > certificates and everything works fine. All
, 2021 at 5:59 PM Grant Taylor
wrote:
> On 9/24/21 3:26 PM, Mike Yates wrote:
> > Ok so let's say the new server outside the dmz has a different name.
>
> Are you going to re-configure the clients to use the new / different
> name? Or do you need to re-configure either the
uss...@measurement-factory.com> wrote:
> On 9/25/21 5:23 AM, Mike Yates wrote:
> > There are no certificates to worry about, the api is expecting a token
> > to be included in the payload of the call. So all squid needs to do is
> > accept the post from the interna
, 18:01 Alex Rousskov
wrote:
> On 9/24/21 5:26 PM, Mike Yates wrote:
> > Ok so let's say the new server outside the dmz has a different name. I
> > need a squid server configuration that will just forward the api calls
> > to an external address. So my internal servers wil
) and will then
forward the requests to the new server I have in the cloud. Long story
short I just need a pass through squid server.
On Fri, Sep 24, 2021, 17:18 Alex Rousskov
wrote:
> On 9/24/21 5:09 PM, Mike Yates wrote:
> > I have a bunch of internal machines that do not have internet access and
&g
various ways to configure this in squid and I’m afraid I’m a
little lost on how my conf file should look..
Any suggestions would be very very welcome ..
Thanks in advance ..
Mike
___
squid-users mailing list
squid-users@lists.squid-ca
.
Thanks,
Mike Rumph
On Thu, Oct 1, 2020 at 2:45 AM Rafał Stanilewicz wrote:
> Hi Gabriel,
>
> thank you very much, I confirm I downloaded successfully the document, and
> I'm going to read it carefully, although it will take me some time.
>
> Still, my second question rem
8:36:19 +1200
> From: Amos Jeffries
> To: squid-users@lists.squid-cache.org
> Subject: Re: [squid-users] Bypassing SSL Man In the Middle Filtering
> For Certain LAN IP's
> Message-ID: <6e721121-1569-4b6c-21f0-6429d763c...@treenet.co.nz>
> Content-Type: text/plain; charset
Hi All,
I've setup a squid proxy server on my PFSense router, is there any way of
bypassing HTTPS/SSL filtering for certain LAN IP's. I have IP addresses
192.168.1.0-192.168.1.200 allocated through DHCP and I want these devices
to bypass SSL interception but not the standard HTTP proxy.
Since
peek step2 tls_servers
ssl_bump splice step3 tls_servers
ssl_bump stare step2
ssl_bump bump step3
ssl_bump terminate step2 all
# debug_options ALL,1 80,5
debug_options ALL,1 33,4
---
Thanks, Mike Quentel
On Tue, 11 Dec 2018 at 18:08, w=
rote:
>
> Send squid-users mailing list submi
ssl_bump stare step2
ssl_bump bump step3
ssl_bump terminate step2 all
# debug_options ALL,1 80,5
debug_options ALL,1 33,4
---
Thanks, Mike Quentel
On Tue, 11 Dec 2018 at 18:08, wrote:
>
> Send squid-users mailing list submissions to
> squid-users@lists.squid-cache.org
>
&g
Hi, I have been unsuccessfully trying to get Squid-4.1-5 in AWS
(Amazon 1 Linux) to allow transparent proxy of certain domains, as
well as IPs associated with those domains, whilst rejecting everything
else.
I have been referencing documentation at
I hung onto CentOS 6 for a while but it’s no longer secure enough. You really
ought to move versions.
I would prefer to see Eliezer efforts used to make 4.2 available in the stable
repo.
Thanks
Mike
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of Eliezer
I am sure Amos wont mind me saying but nginx is the right tool for that
scenario.
Squid is a great forward proxy and I use it for our network but form incoming
connections nginx is more flexible and designed for the job.
-Original Message-
From: squid-users
Hi Eliezer
I have been using your repos on CentOS for many years thank you for your hard
work.
Are you planning a stable repo for v4 now it's out.
Many Thanks
Mike
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid
Just to say I have been using Eliezers centos repo for a few years as the
centos/rhel repos are always slow to react to new versions.
I think Eliezers repos are well respected out there.
Regards
Mike
-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org
HTTP and
HTTPS traffic, not FTP. trying to use it as a FTP proxy will need a
different configuration than the standard HTTP/Secure proxy.
Mike
On 5/25/2017 14:07 PM, Walter H. wrote:
On 25.05.2017 12:50, Amos Jeffries wrote:
On 25/05/17 20:19, Walter H. wrote:
Hello
what is the essential
Message-
From: Amos Jeffries [mailto:squ...@treenet.co.nz]
Sent: 16 March 2017 10:54
To: Mike Surcouf; squid-users@lists.squid-cache.org
Subject: Re: [squid-users] kerb auth groups KV note acl config
On 16/03/2017 11:12 p.m., Mike Surcouf wrote:
> @Amos
>
> Thanks for this
>
&
-users@lists.squid-cache.org
Subject: Re: [squid-users] kerb auth groups KV note acl config
On 15/03/2017 10:18 p.m., Mike Surcouf wrote:
> This is bulleted as a new feature for v4.
> Yet there is no way to test this without a quick reply letting me know the
> basic usage.
> Anyone g
This is bulleted as a new feature for v4.
Yet there is no way to test this without a quick reply letting me know the
basic usage.
Anyone got a snippet on how this is setup
-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of Mike Surcouf
s-boun...@lists.squid-cache.org] Im
> Auftrag von Mike Surcouf
> Gesendet: Donnerstag, 9. März 2017 18:58
> An: 'Rafael Akchurin'; Amos Jeffries;
> squid-users@lists.squid-cache.org
> Betreff: Re: [squid-users] microsoft edge and proxy auth not working
>
> Hi Rafael
>
> Is there
Ah OK sorry
I am curious why you have a reason to use NTLM over Kerberos? :-)
-Original Message-
From: Rafael Akchurin [mailto:rafael.akchu...@diladele.com]
Sent: 09 March 2017 18:01
To: Mike Surcouf
Cc: Amos Jeffries; squid-users@lists.squid-cache.org
Subject: Re: [squid-users
@Markus
I would really like to give this a go.
Good to get some people using this stuff
-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of Mike Surcouf
Sent: 07 March 2017 15:21
To: 'squid-users@lists.squid-cache.org'
Subject: [squid
to the DOCS although I am only
a git user and bazaar would be new to me so I may just post my experience in
this thread.
From what I can see I need to setup a note acl but I am unsure of the key names
etc.
A short example would be great.
Thanks
Mike
These are code words, they're looking to setup proxies to bypass
filters, corporate networks, school blocks, and other setups designed to
restrict their use (which they agreed to by using these limited
networks). Another possibility is scammer/spammer using a virus with a
proxy to reroute all
be appreciated.
Mike
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
We have a situation where we need to filter compressed HTTP traffic through
an ICAP service, logging failures (4xx) or passing the original compressed
payload to it's target destination on 2xx.
Something like this:
- Incoming compressed HTTP
- Decompress and forward to ICAP service
-
Thanks Alex.
You are correct, the message bodies are compressed (gzip). For reasons
unknown the ICAP service can't or won't deal with compressed data. Also
correct, the ICAP service is a black box for us.
Much thanks for the response, it gives us a place to start.
--Mike
On Thu, Mar 17, 2016
won't accepted
compressed data".
I suspect once we overcome all of the 'objections' the real issue will
surface.
--Mike
On Thu, Mar 17, 2016 at 3:09 PM, Eliezer Croitoru <elie...@ngtech.co.il>
wrote:
> Hey Mike,
>
> What do you mean by black box to us? who is us?
>
>
then mean I suffer the security problems associated with old
versions !, so wondered if this one rule could be modelled. So far I've
worked out how to totally block PATCH requests, but that's not really good
enough.
Any help welcome !
Mike
___
squid-users
with no problems
using this setup.
Mike
On 1/12/2016 13:34 PM, Billy.Zheng(zw963) wrote:
Or, just tell me, this worked, it is fine, and I will very happy to use.
btw: When I first install, ./configure is passed, but make is failed.
because I am not install gcc-c++. I have to install gcc-c
.
I've found that entry does not work well in Windows, but it should in
linux. Also with my company we moved away from Win Server because of
similar and other unrelated issues, so now are linux only (except for
one out of hundreds of servers).
Mike
On 12/10/2015 19:16 PM, Patrick Flaherty
errors, permission problems, and/or doesn't have all the compile
options CentOS and Scientific Linux wants.
Mike
On 11/26/2015 17:00 PM, Alex Samad wrote:
Hi
I am trying to upgrade from the centos squid to the squid one
rpm -qa | grep squid
squid-3.1.23-9.el6.x86_64
rpm -Uvh squid-3.5.11-1.el6
at the powerdns groups and mailing list
for more details on this.
Mike
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Also noticed the typo in my backend config
http_port 127.0.01:400${process_number}
should have been
http_port 127.0.0.1:400${process_number}
However this change did not help with getting cached results, still goes
direct.
Mike Hodgkinson
Internal Support Engineer
Mobile +64 21 754 339
Phone
=8a3b73eff46a9cf1a91829c0b9d0016a
Cheers
Mike Hodgkinson
Internal Support Engineer
Mobile +64 21 754 339
Phone +64 4 462 5064
Email mike.hodgkin...@solnet.co.nz
Solnet Solutions Limited
Level 12, Solnet House
70 The Terrace, Wellington 6011
PO Box 397, Wellington 6140
www.solnet.co.nz
From
IER_DIRECT/69.73.181.160
image/jpeg
1446163681.498 3059 10.1.209.33 TCP_MISS/200 756224 GET
http://asylum-inc.net/WoT/2013-03-03_6.jpg - HIER_DIRECT/69.73.181.160
image/jpeg
Any assistance is appreciated.
Cheers
Mike Hodgkinson
Internal Support Engineer
Mobile +64 21 754 339
Phone +64 4 462
Hey!
New message, please read <http://www.autler-kfz.at/thinking.php?hs8c>
Mike Marchywka
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Hey!
New message, please read <http://kitchendesignvirginia.com/meaning.php?5wcs>
Mike Marchywka
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
On 7/27/2015 17:25 PM, Amos Jeffries wrote:
On 28/07/2015 8:38 a.m., Mike wrote:
Running into an issue, using the squid.conf entry
dns_nameservers 72.x.x.x 72.x.y.y
These are different servers (under our control) for the purpose of
filtering than listed in resolv.conf (which are out of our
On 7/30/2015 16:30 PM, Amos Jeffries wrote:
On 31/07/2015 3:48 a.m., Mike wrote:
On 7/27/2015 17:25 PM, Amos Jeffries wrote:
On 28/07/2015 8:38 a.m., Mike wrote:
Running into an issue, using the squid.conf entry
dns_nameservers 72.x.x.x 72.x.y.y
These are different servers (under our control
Mike
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
. The bypass local network means any IP connection attempt to a local
network IP will not use the proxy. This goes back to the 2 different IP
subsets. One option is to enter a proxy exception as 10.*.*.* (if the
websense server is using 10.x.x.x IP address).
Mike
On 7/24/2015 10:35 AM, Jagannath Naidu
We have a DNS guru on staff and editing the resolv.conf in this manner
does not work (we tested it to make sure). Looks like we are using an
older desktop to setup a basic DNS server and then point squid to redirect.
Mike
On 7/2/2015 2:06 AM, Stuart Henderson wrote:
On 2015-07-01, Mike
Rafael, We're trying to keep the setups lean, and primarily just deal
with google and youtube, not all websites. ICAP processes deal with a
whole new layer of complexity and usually cover all websites, no just
the few.
On 6/30/2015 16:17 PM, Rafael Akchurin wrote:
Hello Mike,
May
to redirect in squid should be the better route for us
since DNS is not an option
Essentially www.google.com -- forcesafesearch.google.com
Mike
On 7/1/2015 11:11 AM, Marcus Kool wrote:
The article does not say to change from a proxy to a DNS server.
Instead, it says to add an entry for google
a black list)?
Another option I thought of is since the meta content in the code
including title is passed along, so is there a way to have it can the
header or title content as part of the acl content scan process?
Thanks
Mike
On 6/26/2015 13:29 PM, Mike wrote:
Nevermind... I found another
Yes we already have that version installed, that is the version having
these issues.
[root@Server1 ~]# e2guardian -v
e2guardian 3.0.4
On 6/26/2015 3:40 AM, FredB wrote:
Mike, you can also to try the dev branch
https://github.com/e2guardian/e2guardian/tree/develop
SSLMITM works now
, but before now
never needed to.
Thank you so much for the help!
Mike
On 6/26/2015 0:29 AM, Amos Jeffries wrote:
On 26/06/2015 2:36 a.m., Mike wrote:
Amos, thanks for info.
The primary settings being used in squid.conf:
http_port 8080
# this port is what will be used for SSL Proxy
, but that is an
issue we can live with.
On 6/26/2015 5:12 AM, Amos Jeffries wrote:
On 26/06/2015 8:40 p.m., FredB wrote:
Mike, you can also to try the dev branch
https://github.com/e2guardian/e2guardian/tree/develop
SSLMITM works now. The request from the client is intercepted, a spoofed
.
cache_dir aufs /var/cache/squid 1 32 512
-
Let me know anything else you may need or suggestions.
Mike
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Stanford Prescott stan.prescott at gmail.com writes:
Never mind. I figured the acl out. I was using someone else's
instructions who accidentally left out the double :: ssl::server_name
using just a single :.
I am getting the same thing as you except I don't have the mistake you
did. I
?
Mike
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
succeeds and the executables run properly.
I run configure with --with-krb5-config=no --without-mit-krb5
--without-heimdal-krb5 --without-gnutls
But it still tries linking in the krb libraries and the com_err library.
Any suggestions?
Mike Mitchell
___
squid
'.
Has anyone else seen this problem?
I've found one reference to it in my searches,
http://nerdanswer.com/answer.php?q=336233
Mike Mitchell
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
, but this at least covers RedHat based OS's with
selinux. I documented all of this since our servers ran into the same
issue due to selinux, and this was how we resolved it.
Mike
On 1/22/2015 6:17 AM, HackXBack wrote:
hello,
every day i found this error and my cache stop
then i remove the ssl database
spanning across the entire US.
Mike
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
also handle some
SSL urls via blacklisting (as long as squid is also setup with ssl-bump
in 3.4.x).
Otherwise within squid itself, the dstdomain and regex_dstdomain acls
are an option, but that does not provide much for filtering content of
the websites themselves.
Mike
59 matches
Mail list logo
