[squid-users] 1Gb limit on https downloads

2015-12-18 Thread Ilya
Hi When download big files (>1Gb) by httpS protocol connection stalled on 1Gb mark and after some time dropped. In access and cache logs no any errors or warnings about dropped connections. Tested on Win 7 Firefox and Chrome browsers with Squid 3.1.23 running on FreeBSD 8/64 without https

Re: [squid-users] 1Gb limit on https downloads

2015-12-18 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 There is no and may not be any limit in Squid. Check your ISP. 18.12.15 17:42, Ilya пишет: > Hi > > When download big files (>1Gb) by httpS protocol connection stalled on 1Gb mark and after some time dropped. > In access and cache logs no any

Re: [squid-users] SSTP_DUPLEX_POST method

2015-12-18 Thread Amos Jeffries
On 17/12/2015 4:57 p.m., Wayne Gillan wrote: > Yes SSTP is a type of SSL VPN. Why behind a reverse proxy? Well just like > other SSL services I need to share port 443 with one public IP address. > Port 443 is not a generic SSL port. It is the registered port for HTTPS. Any protocol using that

Re: [squid-users] Time for cache synchronization between siblings

2015-12-18 Thread Sreenath BH
Hi Amos, It was definitely ignorance of the tools on my part. I am using curl for testing my setup. I was using different URLs (different host/IP address as part of URL) when issuing request to to Squid. That caused the problem I observed. I read about Curl tool and found out that I can set Host

Re: [squid-users] Slow App through Proxy

2015-12-18 Thread Kinkie
Hi, Do you see anything denied in the squid logs? From what you say it could be related to a failing attempt to validate a certificate. On Dec 18, 2015 17:25, "Patrick Flaherty" wrote: > Hello, > > > > We have an app configured to use Squid Proxy (3.5.11). The client

[squid-users] Slow App through Proxy

2015-12-18 Thread Patrick Flaherty
Hello, We have an app configured to use Squid Proxy (3.5.11). The client machine does not have access to the internet except for the whitelisted domains in Squid. The app launches painfully slow. It seems to be SSL Certificate related. I found a way to fix it but don't know why it fixes it.

Re: [squid-users] CVE-2009-0801

2015-12-18 Thread dc
Thank you very much for this detailed explanation! I have a setup where squid doesn't know about the original destination IP address, so I tried to enforce using DNS responses as destination addresses for any request, without success. Looking at the relevant code I found the limitation (and CVE)

Re: [squid-users] CVE-2009-0801

2015-12-18 Thread Amos Jeffries
On 19/12/2015 8:52 a.m., dc wrote: > Hello, > > please help me to understand the issue of CVE-2009-0801. Description of > the CVE: > > "Squid, when transparent interception mode is enabled, uses the HTTP > Host header to determine the remote endpoint, which allows remote > attackers to bypass

Re: [squid-users] Slow App through Proxy

2015-12-18 Thread Amos Jeffries
On 19/12/2015 6:51 a.m., Kinkie wrote: > Hi, > Do you see anything denied in the squid logs? From what you say it could > be related to a failing attempt to validate a certificate. > On Dec 18, 2015 17:25, "Patrick Flaherty" wrote: > >> Hello, >> >> >> >> We have an app configured to use Squid