Re: [squid-users] cache peer only forward http , not https !!!

Here is what I mean [2.2.2-RELEASE][r...@pfsense.mne]/root: tail -f /var/squid/logs/access.log 1447234509.328 9718 172.23.101.251 TCP_MISS/200 1448 CONNECT tiles-cloudfront.cdn.mozilla.net:443 - HIER_DIRECT/54.192.55.248 - 1447234514.482 9622 172.23.101.251 TCP_MISS/200 1448 CONNECT

Re: [squid-users] cache peer only forward http , not https !!!

And, BTW, code 503 means "Verboten/Forbidden" :) I.e., URL denied somewhere - may be on peer proxy. 11.11.15 14:39, Ahmad Alzaeem пишет: Here is what I mean [2.2.2-RELEASE][r...@pfsense.mne]/root: tail -f /var/squid/logs/access.log 1447234509.328 9718 172.23.101.251 TCP_MISS/200 1448

Re: [squid-users] cache peer problem with Https only !!

Yes, 3.4.x can't forward https. Upgrade to 3.5.x 10.11.15 15:08, Ahmad Alzaeem пишет: Hi im using pfsense with cache peer Squid version is 3.4.10 I have peer proxy on port 80 and I can use it with http and https Now if I use pfsense in the middle and let pfsense go to remote proxy

Re: [squid-users] cache peer only forward http , not https !!!

You are welcome :) 11.11.15 16:04, Ahmad Alzaeem пишет: Bro you were awsome ! Thank you it worked I appreciate your help a lot I wish there is feedback in mailing list to give you 5/5 stars J cheers *From:*Yuri Voinov [mailto:yvoi...@gmail.com] *Sent:* Wednesday, November 11, 2015 1:04

Re: [squid-users] cache peer only forward http , not https !!!

You need to locate URLs which must be forward to parent. If this is all URL's, config must looks like this: never_direct allow all cache_peer parent 0 no-query no-digest default cache_peer_access 127.0.0.1 allow all And, finally, you must use Squid 3.5.x. Thit will not be work on 3.4.x.

Re: [squid-users] Pass client DNS requests

On 11/11/2015 8:52 AM, Matus UHLAR - fantomas wrote: On 10.11.15 17:03, Patrick Flaherty wrote: Again I'm fairly new to Squid but loving it. We enforce only certain domains be accessible via the whitelist directive. Is there a way to pass DNS requests through the proxy for resolution? We are

[squid-users] sslBump somehow interferes with authentication

Hi. I have configured simple ssl peek/splice on squid 3.5.10 for some simple cases, but in my production, where configs are complicated, it doesn't work as expected - somehow it interferes with authentication. Suppose we have a config like: ===Cut=== acl freetime time MTWHF 18:00-24:00 acl foo

Re: [squid-users] logging to syslog

On 11/11/2015 9:11 p.m., Sebastian Kirschner wrote: > Hi Avraham, > > I think it wouldnt be a good idea to just create a symlink because squid (or > the user under which squid runs) then must have access to the syslog, > and if your squid instance get compromised the the syslog is open to read

Re: [squid-users] Pass client DNS requests

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 My 5 cents: http://unbound.net/ 11.11.15 22:07, Amos Jeffries пишет: > On 12/11/2015 3:52 a.m., Matus UHLAR - fantomas wrote: >> On 10.11.15 17:03, Patrick Flaherty wrote: >>> Again I'm fairly new to Squid but loving it. We enforce only certain

Re: [squid-users] Pass client DNS requests

On 12/11/2015 3:52 a.m., Matus UHLAR - fantomas wrote: > On 10.11.15 17:03, Patrick Flaherty wrote: >> Again I'm fairly new to Squid but loving it. We enforce only certain >> domains >> be accessible via the whitelist directive. Is there a way to pass DNS >> requests through the proxy for

Re: [squid-users] File rotation problem

On 11.11.15 09:25, Verónica Ovando wrote: I am using logrotate with this configuration in /etc/logrotate.d/squid3: /var/log/squid3/access.log { maxsize 50M daily compress delaycompress rotate 5 missingok notifempty create 0640

Re: [squid-users] Pass client DNS requests

On 10.11.15 17:03, Patrick Flaherty wrote: Again I'm fairly new to Squid but loving it. We enforce only certain domains be accessible via the whitelist directive. Is there a way to pass DNS requests through the proxy for resolution? We are currently using Windows host entries. L no. Squid is a

Re: [squid-users] redirect 206 content

On 11/11/2015 05:42 AM, HackXBack wrote: > is there a way to redirect 206 contents to acl ? I assume that by "206 contents" you mean "HTTP 206 response body". I am not sure what you mean by "redirect to ACL", but ACLs (including external ACLs) do not have access to message bodies, only to

Re: [squid-users] File rotation problem

Besides the advice the others have given about how to manage logrotate.d itself... What OS and version are you using? It looks like Debian or an derivative to me and the "squid3" naming is being deprecated there. All the "squid3" things you are checking may not actually exist anymore. Amos

Re: [squid-users] YouTube Resolution Locker Plugin for Squid Proxy Cache 3.5.x

On 11/11/2015 12:57 p.m., HackXBack wrote: > unveiltech can cache youtube html5 with full range 100% hit ? Best place to ask is Unveiltech. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org

Re: [squid-users] cache peer only forward http , not https !!!

Bro you were awsome ! Thank you it worked I appreciate your help a lot I wish there is feedback in mailing list to give you 5/5 stars :) cheers From: Yuri Voinov [mailto:yvoi...@gmail.com] Sent: Wednesday, November 11, 2015 1:04 PM To: Ahmad Alzaeem Cc:

[squid-users] File rotation problem

Hi. I need to set up correctly mi logfiles rotation. I am using logrotate with this configuration in /etc/logrotate.d/squid3: /var/log/squid3/access.log { maxsize 50M daily compress delaycompress rotate 5 missingok notifempty

Re: [squid-users] Subject: Re: authentication of every GET request from part of URL?

Hi, Thanks to everyone who have responded in such detail. I have done a proof of concept of the solution using external ACL helper and URL rewriter, and it does what I wanted. Regarding using a token in URL as a way to differentiate between different users, I now understand the implications on

Re: [squid-users] logging to syslog

I'm very very sorry for replying to your email directly, I didn't mention to, I just clicked reply on gmail I wanted squid to log to syslog, using the syslog module on ubuntu the socket path is /dev/log from there I have my rsyslog config that forwards it to logstash In any case my manager just

Re: [squid-users] File rotation problem

On Wednesday 11 November 2015 at 13:25:56, Verónica Ovando wrote: > Hi. I need to set up correctly my logfiles rotation. I think http://serverfault.com/questions/391538/logrotate-daily-and-size might help you. > I am using logrotate with this configuration in /etc/logrotate.d/squid3: > >

Re: [squid-users] logging to syslog

Also its a bit Off-Topic, I think it's a good idea that another user grep the information out of the access.log instead of let the access.log direct "write" in the syslog. In my eyes its more secure. Best Regards Sebastian ___ squid-users mailing

Re: [squid-users] Multicast WCCPv2 + Squid 3.3.8

I am interested in this topic. Would love to hear about your progress. The os that squid runs on must participate in a dynamic routing protocol such as ospf and needs to advertise a route to the multicast ip via itself. Generally this is done by adding a virtual interface to the loopback and

[squid-users] redirect 206 content

Hello, is there a way to redirect 206 contents to acl ? Thanks. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/redirect-206-content-tp4674501.html Sent from the Squid - Users mailing list archive at Nabble.com.

Re: [squid-users] logging to syslog

Hi Avraham, 1. Please do not contact me direct, use the Mailing List. I read the sentences you wrote to me again, do you really want that squid logs the things that would go in access.log to your /var/log/syslog (default debian path), or do you just want to see what is written in the

Re: [squid-users] YouTube Resolution Locker Plugin for Squid Proxy Cache 3.5.x

am just giving my test for you and its up to you to solve it or not, Thanks -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/YouTube-Resolution-Locker-Plugin-for-Squid-Proxy-Cache-3-5-x-tp4674463p4674500.html Sent from the Squid - Users mailing list archive

Re: [squid-users] squid http & https intercept based on DNS server

Sorry , didn’t understand , could you explain more ?? cheers -Original Message- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of James Lay Sent: Thursday, November 12, 2015 12:29 AM To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] squid

Re: [squid-users] sslBump somehow interferes with authentication

On 12/11/2015 7:12 a.m., Eugene M. Zheganin wrote: > > As soon as I add sslBump, everything that is bumped, starts to be > blocking by 'http_access deny unauthorized' (everything that's spliced > works as intended). And I completely cannot understand why. Yes, I can > remove this line, but this

Re: [squid-users] sslBump somehow interferes with authentication

Hi. On 11.11.2015 23:44, Amos Jeffries wrote: > Proxy-authentication cannot be performed on MITM'd traffic. That > includes SSL-bump decrypted messages. > > However, unlike the other methods SSL-bump CONNECT wrapper messages in > explicit-proxy traffic can be authenticated and their credentials >

Re: [squid-users] squid http & https intercept based on DNS server

On 12/11/2015 8:23 a.m., Ahmad Alzaeem wrote: > Hi guys > > I want to ask a question > > > > Assume I have a dns server that resolve all the names to the ip of squid > Please see the "Alternative Causes" section at the end of

Re: [squid-users] squid http & https intercept based on DNS server

On 2015-11-11 12:23, Ahmad Alzaeem wrote: Hi guys I want to ask a question Assume I have a dns server that resolve all the names to the ip of squid So we will have all websites go to squid The question is being asked here is : If I used squid in intercept mode Will I be able to handle

Re: [squid-users] sslBump somehow interferes with authentication

Hi. On 12.11.2015 0:06, Eugene M. Zheganin wrote: > So, the user starts it's browser and opens the URL 'https://someurl'. > And this URL matches both 'block' and 'blockssl' ACLs, one I created for > you know... usual matching and one - for sslBump, since dstdomain ACLs > cannot work there. So,

Re: [squid-users] squid http & https intercept based on DNS server

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 12.11.15 1:23, Ahmad Alzaeem пишет: > Hi guys > > I want to ask a question > > > > Assume I have a dns server that resolve all the names to the ip of squid > > > > So we will have all websites go to squid > > > > The question is being asked

[squid-users] Dansguardian Squid and HTTPS

Hi, i have a server auth by group in Active Directory, the dansguardian recive every connection in HTTP and HTTPS, and after analyze its sent request to squid. In log of dansguardian i saw the username OK, but in squid log i saw only the IP of listen dansguardian. First, there is a way to

Re: [squid-users] logging to syslog

Hi Avraham, I think it wouldnt be a good idea to just create a symlink because squid (or the user under which squid runs) then must have access to the syslog, and if your squid instance get compromised the the syslog is open to read for these one. Best Regards Sebastian