[squid-users] cache_mem differs from output in mgr:config

My squid's cache_mem in squid.conf differs from output in mgr:config. [root@squid-cache ~]# /usr/local/squid/bin/squidclient -h 127.0.0.1 -p 80 -w aa mgr:config |grep cache_mem Sending HTTP request ... done. cache_mem 0 bytes [root@squid-cache ~]# /usr/local/squid/sbin/squid -v Squid

[squid-users] host header forgery false positives

Hi there I am finding squid-3.5.13 is false positive-ing on ssl-bump way too often. I'm just using "peek-and-splice" on intercepted port 443 to create better squid logfiles (ie I'm not actually bump-ing) but that enables enough of the code to cause the Host forgery code to kick in - but it

Re: [squid-users] kerberos authentication with a machine account doesn't work

On Mon, Jan 11, 2016 at 09:06:27PM +1300, Amos Jeffries wrote: > On 11/01/2016 2:48 p.m., LYMN wrote: > > > > I did manage to get this working, you did mention the correct solution > > right down the end of your message. > > > > Correct for you yes. That can happen when making half-blind guesses

Re: [squid-users] guideline on limiting users per IP

On 12/01/2016 7:54 a.m., 3 wrote: > > The version on Debian is 3.5.12 and but still max_user_ip does not work at > all and squid in verbose mode does not reject it but go through it > correctly, so I m bit confused. The authentication is against AD win 2008. > > I will send the more details

Re: [squid-users] Squid with NTLM auth behind netscaler

On 11/01/2016 9:34 p.m., Fabio Bucci wrote: > Hi, > could you help me in looking for what it's wrong? > The client / browser thinks the credentials are wrong for some reason. You need to run through all the troubleshooting checks to see if any reason shows up. The recent posts "kerberos

[squid-users] SSL-bump and Ciphersuite?

Hello, I'd restrict the client by using a less resource consuming TLS encryption; I though doing just this e.g. http_port 3128 ... cipher=3DES ... (for restricting clients connecting to 3DES) or what would be less resource consuming? AES128? but where can I see, which ciphersuite is really

Re: [squid-users] kerberos authentication with a machine account doesn't work

On 11/01/2016 2:48 p.m., LYMN wrote: > > I did manage to get this working, you did mention the correct solution > right down the end of your message. > Correct for you yes. That can happen when making half-blind guesses at what the problem actually is based on partial information. It might have

Re: [squid-users] SSLBUMP Issue

On 11/01/2016 10:54 a.m., Roman Gelfand wrote: > I am getting the following error. Would anyone know the reason? > > Error negotiating SSL connection on FD 37: error:1408F10B:SSL > routines:SSL3_GET_RECORD:wrong version number > Please supply the rquired details: * Squid version (squid -v

Re: [squid-users] Squid with NTLM auth behind netscaler

On 11/01/2016 11:26 p.m., Fabio Bucci wrote: > Yes of course. But i'm wondering if all the configuration are right. > The Squid part of it looks okay to me. The issue is somewhere in the AD, keytab or client setup I think. Amos ___ squid-users

Re: [squid-users] Squid with NTLM auth behind netscaler

Hi, could you help me in looking for what it's wrong? Regar,ds Fabio 2016-01-07 14:26 GMT+01:00 Fabio Bucci : > Hi Amos, > just configured squid.conf as: > > auth_param negotiate program /usr/lib64/squid/negotiate_kerberos_auth > -d -s HTTP/myproxy.domain > auth_param

Re: [squid-users] MS Update

Hi On 11 January 2016 at 18:54, Amos Jeffries wrote: >> guessing I have to bump up the 200M max to 800mb. > > Maybe. But IMHO use the ACLs tat range_offset_limit can take. your suggesting to limit the offset limit to just the windows update sites > >> are the other values

Re: [squid-users] SSL-bump and Ciphersuite?

Hello Amos, On Mon, January 11, 2016 11:13, Amos Jeffries wrote: > On 11/01/2016 10:50 p.m., Walter H. wrote: >> Hello, >> >> I'd restrict the client by using a less resource consuming TLS >> encryption; >> >> I though doing just this >> >> e.g. >> http_port 3128 ... cipher=3DES ... >> (for

Re: [squid-users] Squid with NTLM auth behind netscaler

Yes of course. But i'm wondering if all the configuration are right. Thanks, Fabio 2016-01-11 9:43 GMT+01:00 Amos Jeffries : > On 11/01/2016 9:34 p.m., Fabio Bucci wrote: >> Hi, >> could you help me in looking for what it's wrong? >> > > The client / browser thinks the

Re: [squid-users] Squid with NTLM auth behind netscaler

Yes of course. But i'm wondering if all the configuration are right. 2016-01-11 9:43 GMT+01:00 Amos Jeffries : > On 11/01/2016 9:34 p.m., Fabio Bucci wrote: >> Hi, >> could you help me in looking for what it's wrong? >> > > The client / browser thinks the credentials are

Re: [squid-users] SSL-bump and Ciphersuite?

On 11/01/2016 10:50 p.m., Walter H. wrote: > Hello, > > I'd restrict the client by using a less resource consuming TLS encryption; > > I though doing just this > > e.g. > http_port 3128 ... cipher=3DES ... > (for restricting clients connecting to 3DES) > > or what would be less resource

Re: [squid-users] Squid with NTLM auth behind netscaler

Could you kindly write me what i need to post in order to review? 2016-01-11 11:53 GMT+01:00 Amos Jeffries : > On 11/01/2016 11:26 p.m., Fabio Bucci wrote: >> Yes of course. But i'm wondering if all the configuration are right. >> > > The Squid part of it looks okay to me.

Re: [squid-users] Running configuration

On 10/01/2016 2:29 p.m., Roman Gelfand wrote: I accidentally deleted the squid.conf while squid has been running. The squid is still running. Is there a way to retrieve a running configuration? If you can remember the cachemgr passwrd: squidclient mgr:config On 10.01.16 18:10, Amos

Re: [squid-users] SSL-bump and Ciphersuite?

On 11/01/2016 11:51 p.m., Walter H. wrote: > > Ok, because the strange in connection with this: > > I had > > http_port 3128 ... dhparam=./dhparam.pem > > and before installing Kaspersky Anti-Virus there was not any error; but in > connection with the SSL-Interception of Kaspersky Anti-Virus,

Re: [squid-users] MS Update

On 11/01/2016 11:18 p.m., Alex Samad wrote: > Hi > > On 11 January 2016 at 18:54, Amos Jeffries wrote: >>> guessing I have to bump up the 200M max to 800mb. >> >> Maybe. But IMHO use the ACLs tat range_offset_limit can take. > > your suggesting to limit the offset limit to

[squid-users] NotePairs, SSL and Cert Validation memory leaks

Hi all, I have identified those memory leaks in the latest version of Squid 3.5: 128 (48 direct, 80 indirect) bytes in 1 blocks are definitely lost in loss record 1,875 of 3,225 at 0x4C267BB: calloc (vg_replace_malloc.c:593) by 0x642906: xcalloc (xalloc.cc:83) by 0x63CEB2:

[squid-users] 500 Unsupported "Surrogate-Capability" errors with ssl-bump.

I have tested couple times with couple sites and it seems that they don't like the "Surrogate-Capability" headers and specially in SSL, they return a 500 internal error. One url that I have tried to access is:

Re: [squid-users] NotePairs, SSL and Cert Validation memory leaks

On 12/01/2016 4:12 a.m., William Lima wrote: > Hi all, > > I have identified those memory leaks in the latest version of Squid 3.5: > ... > > Does anyone have a clue about the NotePairs leaks? This is a users list. squid-dev is where the developers hangs out. Amos

[squid-users] guideline on limiting users per IP

Dear all, I hope you all doing fine ! I know that this question has already been asked multiple times, and I already checked the logs (old mailing list) but I didn't find there my answers ... By the way, I am suspecting that this might have something to do with the squid version itself. In fact,