Thanks Alex, Dieter & Eliezer
I've been trying to prevent the CONNECT request being processed by
ICAP and the following configuration in Squid 3.5.9 alongside a
standard SSL peek and splice config appears to work:
acl CONNECT method CONNECT
http_access deny CONNECT !SSL_ports
adaptation_access
.
-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of Paul Carew
Sent: Tuesday, October 6, 2015 10:21 PM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] ICAP and HTTPS
Thanks Alex, Dieter & Eliezer
I've been trying to pre
ssage is not shown in simple words.
Best regards,
Rafael Akchurin
Diladele B.V.
-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of Paul Carew
Sent: Tuesday, October 6, 2015 10:21 PM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-
On 10/06/2015 06:50 PM, Marcus Kool wrote:
> The 2b) option a.k.a "simply always allow the CONNECT www.example.com and
> later block GET https://www.example.com/index.html; _only_ works for
> correctly SSL-bumped sites and does not work sites that do not use
> SSL+HTTP.
If you want the user to
On 10/06/2015 10:14 AM, Paul Carew wrote:
> when accessing a blocked site over HTTPS the following ICAP
> response is received:
>
> ICAP/1.0 200 OK
> ISTAG: "PRODUCTNAME"
> Attribute: Blocked Sites
> Encapsulated: res-hdr=0, null-body=533
>
> HTTP/1.0 403 Blocked
> Content-Type: text/html
>
Hey Paul,
From what I have seen until now I believe that the ICAP service
response is for a CONNECT request.
From security reasons browsers are not allowing or rather then not
implanting support for a direct HTTP response to a CONNECT(tunnel) requests.
This is why you see this reaction from
Hi
Just a quick question regarding SSL bump and ICAP.
I have integrated Squid 3.5.9 with a commercial product that provides
an ICAP service. It works fine for HTTP.
Upon recieving an ICAP query for a blocked HTTP site the following
ICAP response is returned.
ICAP/1.0 200 OK
ISTAG:
Hi There
Is anyone able to confirm that https requests to squid proxy will be sent on to
the icap service? I am able to get normal http requests into icap which
displays a banner on the page.
I have tried the whole transparent ssl-bump route as well.
Thanks
Garth
.
From: squid-users squid-users-boun...@lists.squid-cache.org on behalf of
Garth Lancaster gar...@dcdata.co.za
Sent: Thursday, November 13, 2014 11:29 AM
To: squid-users@lists.squid-cache.org
Subject: [squid-users] Icap Squid Https/Http
Hi There
Is anyone able to confirm
?I do not pay a cent, I do it myself :)
From: Sergey Tsabolov ( aka linuxman ) serg...@greeklug.gr
Sent: Thursday, November 13, 2014 2:50 PM
To: Rafael Akchurin; Garth Lancaster; squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Icap Squid Https/Http
10 matches
Mail list logo