Re: [squid-users] 'Intercept' option on Windows

He is talking about NAT *.h files on Windows. This is exactly required. 07.05.2017 22:05, Tobias Tromm пишет: > > I don't know what exactly you need to make it work. > > > I found these APIs > (https://msdn.microsoft.com/pt-br/library/windows/desktop/aa366278.aspx > , >

Re: [squid-users] 'Intercept' option on Windows

If this has not been done yet, it is impossible or not necessary. PS. You always can setup VirtualBox (www.virtualbox.org) on your Windows box, set up Linux/*BSD/Solaris inside and make all you want in guest OS. 07.05.2017 3:08, Tobias Tromm пишет: > > Hi Guys, > > > I am using squid on Windows

Re: [squid-users] Squid Cache to Users at Full Bandwidth

http://wiki.squid-cache.org/ 05.05.2017 21:18, christian brendan пишет: > Squid Version 3.5.20 > Cento 7 > Mikrotik RouterBoard v 6.39.1 > Users IP: 192.168.1.0/24 > Squid ip: 192.168.2.1 > > Traffic to squid is routed > > i would like users to have full LAN bandwidth

Re: [squid-users] Huge memory required for squid 3.5

>> *From:* squid-users <squid-users-boun...@lists.squid-cache.org> on >> behalf of Alex Rousskov <rouss...@measurement-factory.com> >> *Sent:* Wednesday, April 26, 2017 7:37 PM >> *To:* squid-users@lists.squid-cache.org >> *Subject:* Re: [squid-users] Hu

Re: [squid-users] URL sometimes reurns empty response

Hm. See no issue from my side: root @ khorne /patch # wget -S http://www.msftconnecttest.com/ncsi.txt --2017-05-02 19:16:11-- http://www.msftconnecttest.com/ncsi.txt Connecting to 127.0.0.1:3128... connected. Proxy request sent, awaiting response... HTTP/1.1 200 OK Cache-Control:

Re: [squid-users] URL sometimes reurns empty response

If you add this URL to cache deny rule - problem still exists? 02.05.2017 17:59, Ralf Hildebrandt пишет: > In some cases, our proxies (got 4 of them) return a empty result when > querying "http://www.msftconnecttest.com/ncsi.txt; (whcih is used by > Microsoft Brwosers to check if they're

Re: [squid-users] squid 4.0.19 error with certificates

Check this. It seems this is the issue: http://bugs.squid-cache.org/show_bug.cgi?id=4711 30.04.2017 12:02, snable snable пишет: > hello > > i am using squid on a external box. > i forward all traffic from my openwrt router to it > htto works fine > https with youtube app doesnt work > i get: >

Re: [squid-users] squid 4.0.19 bin question

30.04.2017 11:59, snable snable пишет: > hallo, > > I see the the following works for my site > > ssl_bump server-first mysite_acl > > whether > ssl_bump bump mysite_acl > gives me a corrupted site. Details. "Corrupted site" is about nothing. > > any idea? i see that server-first shouldnt be

Re: [squid-users] 3.5.25: (71) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

ting is so bad.. > > Raf > > -Original Message- > From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On > Behalf Of David Touzeau > Sent: Friday, April 28, 2017 10:14 AM > To: 'Yuri Voinov'; squid-users@lists.squid-cache.org > Subject: Re:

Re: [squid-users] concurrency with ecap

Alex, is it possible to get comprehensive example? Adapter sample is non-obvious, not complete (non-obvious where to put mutex locking) and contains C-style rudiments (like external call, pthread.h etc.). I think, this will be actual in 2017, with CMT world around. WBR, Yuri. 28.04.2017

Re: [squid-users] 3.5.25: (71) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

not reconfigure. Keep in mind, that SSL bump critical important for success. For example, AFAIK stare often opposite to bump (in most cases). Read wiki article, but also remember this functionality still evolving, and can changed without notices. So, experiment. > > Best regards > > -M

Re: [squid-users] 3.5.25: (71) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

Symantec intermediate certificate > Squid is installed as default... > Any howto ? > > > -Message d'origine- > De : squid-users [mailto:squid-users-boun...@lists.squid-cache.org] De la > part de Yuri Voinov > Envoyé : jeudi 27 avril 2017 22:09 > À : squid-users@lists.

Re: [squid-users] 3.5.25: (71) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

Look. It can be intermediate certificates issue. Does Squid have Symantec intermediate certificates? 27.04.2017 22:47, David Touzeau пишет: > Hi, > I'm unable to access to https://www.boutique.afnor.org website. > I would like to know if this issue cannot be fixed and must deny bump > website

Re: [squid-users] 3.5.25: (71) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

This one? http://i.imgur.com/kI9SxiN.png It's works under bump. 27.04.2017 22:47, David Touzeau пишет: > Hi, > I'm unable to access to https://www.boutique.afnor.org website. > I would like to know if this issue cannot be fixed and must deny bump > website to fix it. > Without Squid the

Re: [squid-users] ssl bump and chrome 58

r-first > all" should work. > > William Lima > > - Original Message - > From: "Flashdown" <flashd...@data-core.org> > To: "Yuri Voinov" <yvoi...@gmail.com> > Cc: squid-users@lists.squid-cache.org > Sent: Thursday, April 27, 2017

Re: [squid-users] Huge memory required for squid 3.5

26.04.2017 21:47, Amos Jeffries пишет: > On 27/04/17 03:35, Yuri Voinov wrote: >> Amos, stupid question. >> >> Why sessions can't share CA's data cached in memory? shared_ptr invented >> already. >> >> This is openssl issue or squid's? > > It

Re: [squid-users] Huge memory required for squid 3.5

Ok, but how NO_DEFAULT_CA should help with this? 26.04.2017 4:29, Amos Jeffries пишет: > On 26/04/17 09:58, Yuri Voinov wrote: >> >> Seriously? 2 Gb RAM for default CA?! >> >> > > 600 (number of default CAs) x 2048 (minimum size of CA cert) -> ~1 MB > &g

Re: [squid-users] Huge memory required for squid 3.5

Ah, shi (goes to set flag) 26.04.2017 4:29, Amos Jeffries пишет: > On 26/04/17 09:58, Yuri Voinov wrote: >> >> Seriously? 2 Gb RAM for default CA?! >> >> > > 600 (number of default CAs) x 2048 (minimum size of CA cert) -> ~1 MB > > All it w

Re: [squid-users] ssl bump and chrome 58

I see no problem with it on all five SSL Bump-aware servers with new Chrome. So fare so good. 21.04.2017 18:29, Marko Cupać пишет: > Hi, > > I have squid setup with ssl bump which worked fine, but since I updated > chrome to 58 it won't display any https sites, throwing >

Re: [squid-users] HTTPS woes

orking which is all we need. How often do these > certificates refresh? Would they need updating every month or so? > > oli...@lennox-it.uk > lennox-it.uk <http://lennox-it.uk/> > tel: 07900 648 252 > > > ------

Re: [squid-users] HTTPS woes

You talked about two different things. 1. root CA usually built-in in clients. For standalone use, root CA (from Mozilla) usually distributes with openssl distributions. If you need (or your openssl distribution does not contains root CAs), you can find separately distributed Mozilla CA's by

Re: [squid-users] HTTPS woes

13.04.2017 22:57, Olly Lennox пишет: > Hi There, > > I've been battling for the last few days on a little project to setup a > Raspberry PI device as a small parental blocking server. I've managed to > configure the device to work as a transparent proxy using squid which is > assigned as the

Re: [squid-users] [squid-dev] [RFC] Changes to http_access defaults

13.04.2017 21:14, Dan Purgert пишет: > Quoting Alex Rousskov : > >> On 04/12/2017 12:16 PM, Amos Jeffries wrote: >> >>> Changes to http_access defaults >> >> Clearly stating what you are trying to accomplish with these changes may >> help others evaluate your

Re: [squid-users] Howto fix X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY Squid error

;-) No problem, Raf. This is really much better solution ;-) 07.04.2017 22:44, Rafael Akchurin пишет: > Hello Yuri, > > Yes this is much better solution! > > Best regards, > Rafael Akchurin > > Op 7 apr. 2017 om 18:20 heeft Yuri Voinov <yvoi...@gmail.com > &

Re: [squid-users] Howto fix X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY Squid error

# TAG: sslproxy_foreign_intermediate_certs #Many origin servers fail to send their full server certificate #chain for verification, assuming the client already has or can #easily locate any missing intermediate certificates. # #Squid uses the certificates from the specified file

Re: [squid-users] Howto fix X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY Squid error

I would not install intermediate certificates in the system store. They have a much shorter validity period - this time, and two - there is a SQUID functionality that supports adding missing intermediate certificates from a separate file. For security reasons, intermediate certificates require

Re: [squid-users] Google Captcha, can something be done to help it with squid?

d-users-boun...@lists.squid-cache.org] On > Behalf Of Yuri Voinov > Sent: Monday, April 3, 2017 10:51 PM > To: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] Google Captcha, can something be done to help it > with squid? > > I guess an issue r

Re: [squid-users] Google Captcha, can something be done to help it with squid?

I guess an issue relevant to BlueCoat, not to Squid. AFAIK BlueCoat ignores RFC. Squid - not. 04.04.2017 1:45, Eliezer Croitoru пишет: > Hey List, > > I got couple complains from couple sysadmins about google forcing their > clients to verify that they are indeed humans in some very horrible

Re: [squid-users] hsc-dynamic-cache: relied on storeID rules? Removed in 3.5.20?

29.03.2017 5:55, L A Walsh пишет: > Eliezer Croitoru wrote: >> Hey Linda, >> >> As the pathcer\author of StoreID I will try to clarify what might >> seems odd. >> StoreID is a "static" rule which is one of the squid cache fundamentals. >> The feature is the option to tweak this internal cache

Re: [squid-users] hsc-dynamic-cache: relied on storeID rules? Removed in 3.5.20?

28.03.2017 1:26, L A Walsh пишет: > This caught my attention as my housemate tends to watch alot of > youtube videos, and caching some of them might speed up their > access, so was trying to understand what was meant in your post: > > Yuri Voinov wrote: >> Things a

Re: [squid-users] Free Squid helper for dynamic content caching

I'm afraid that rewriting the rules is a big job. I strongly doubt that someone will lay it out in public open access for free. Saving traffic is money. Here's what I want to say. There are no really effective helpers in the public domain. As I know. 22.03.2017 21:38, Eduardo Carneiro пишет: >

Re: [squid-users] Free Squid helper for dynamic content caching

Things are changed in the web on regular basis. Nothing permanent in the world. So, store ID rules lost relevance and no longer work. You can fix it yourself, the code is open. 22.03.2017 20:35, Eduardo Carneiro пишет: > I have been using this helper for a while. It works very well. >

Re: [squid-users] URL list from a URL

regex for all mirrors, yes. > Regards, > > j > > > - Original Message - > From: "Yuri Voinov" <yvoi...@gmail.com> > To: squid-users@lists.squid-cache.org > Sent: Tuesday, March 21, 2017 1:19:43 PM > Subject: Re: [squid-users] URL list from a URL &

Re: [squid-users] Assistance with WCCPv2 Setup with Cisco Router

PS. You configured GRE tunnel, as I can see. Check it defined on both sides: on router and on your proxy box. Also note, GRE will process on router CPU, instead of L2 redirection, which is runs on control plane and hardware accelerated. 22.03.2017 1:04, Waldon, Cooper пишет: > > Hello All, > >

Re: [squid-users] Assistance with WCCPv2 Setup with Cisco Router

Ah, forgot about this: http://wiki.squid-cache.org/ConfigExamples/Intercept 22.03.2017 1:04, Waldon, Cooper пишет: > > Hello All, > > > > I’m trying to set up a transparent proxy for http and https using > Cisco Routers and Squid. I have followed the configuration examples > that are listed

Re: [squid-users] Assistance with WCCPv2 Setup with Cisco Router

22.03.2017 1:04, Waldon, Cooper пишет: > > Hello All, > > > > I’m trying to set up a transparent proxy for http and https using > Cisco Routers and Squid. I have followed the configuration examples > that are listed under the wccp2 overview section >

Re: [squid-users] URL list from a URL

Yes. Functionality you required is: http://wiki.squid-cache.org/Features/StoreID 21.03.2017 21:52, Jason B. Nance пишет: > Hello, > > I'm using Squid 3.5.20 and wonder if it is possible to define an ACL which > retrieves the list of URLs from another URL (similar to pointing to a file). >

Re: [squid-users] Data usage reported in log files

che.org] On > Behalf Of Antony Stone > Sent: Friday, March 10, 2017 4:31 PM > To: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] Data usage reported in log files > > On Friday 10 March 2017 at 22:22:59, Yuri Voinov wrote: > >> Of course, there is no stream vi

Re: [squid-users] Data usage reported in log files

11.03.2017 3:43, Antony Stone пишет: > On Friday 10 March 2017 at 22:33:44, Yuri Voinov wrote: > >> We have not seen the network topology and the full configuration of >> network devices - what are we arguing about and guessing about? > Nobody is arguing, and we are gues

Re: [squid-users] Data usage reported in log files

? 11.03.2017 3:27, Yuri Voinov пишет: > Think of one simple thing. Squid does not see and can not see protocols > that do not support. What do you expect from it? Does it work on L1/L2? > No? Then what is the discussion about? > > > 11.03.2017 3:22, Yuri Voinov пишет: >> Of course,

Re: [squid-users] Data usage reported in log files

Think of one simple thing. Squid does not see and can not see protocols that do not support. What do you expect from it? Does it work on L1/L2? No? Then what is the discussion about? 11.03.2017 3:22, Yuri Voinov пишет: > Of course, there is no stream video from security cams, no voice

Re: [squid-users] Data usage reported in log files

Of course, there is no stream video from security cams, no voice IP, no SIP, no torrents, no RDP, no other protocol. They simple does not exists and we're all believe that's all not above over 1% of overall traffic. Yes. Sure. Really. Only web-surfing :) Sure :) 11.03.2017 3:19, Yuri Voinov

Re: [squid-users] Data usage reported in log files

11.03.2017 2:57, Antony Stone пишет: > On Friday 10 March 2017 at 21:50:19, Yuri Voinov wrote: > >> Gentlemen, and it never occurred to you that there are other types of >> traffic besides HTTP / HTTPS, right? >> >> DNS, ICMP, other protocols? > I'm assuming

Re: [squid-users] Data usage reported in log files

Gentlemen, and it never occurred to you that there are other types of traffic besides HTTP / HTTPS, right? DNS, ICMP, other protocols? 11.03.2017 2:44, Yosi Greenfield пишет: > Aha! That could be it. I use sslbump, but not for all users. I'll > check that out, although I think that it's a

Re: [squid-users] Squid with SSL-Bump on Debian testing: SSL_ERROR_RX_RECORD_TOO_LONG

04.03.2017 3:29, C. L. Martinez пишет: > Hi all, > > After installing Squid 3.5.24 in my Debian testing (many thanks Amos for > your help), I am trying to configure Squid as https intercept proxy. My > config actually is: > > http_port 127.0.0.1:8080 > http_port 127.0.0.1:8081 intercept >

Re: [squid-users] squid 3.5.2==> HTTPS FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

very 24 hours . Cron is not the best solution. Logsurf will be better. > > thank you guys all of you . > thanks amos , thanks eliezer , thanks yuri > > kind regards >> On Mar 3, 2017, at 1:37 PM, Yuri Voinov <yvoi...@gmail.com >> <mailto:yvoi...@gmail.com>>

Re: [squid-users] squid 3.5.2==> HTTPS FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

nyway, watchdog is good backup to preventing manual interventions by SA. > > Eliezer > > > http://ngtech.co.il/lmgtfy/ > Linux System Administrator > Mobile: +972-5-28704261 > Email: elie...@ngtech.co.il > > > From: squid-users [mailto:squid-users-boun...@lists.s

Re: [squid-users] squid-users Digest, Vol 31, Issue 9

ine so it is more specific > than "Re: Contents of squid-users digest..." > > > Today's Topics: > >1. Re: squid 3.5.2==> HTTPS FATAL: The ssl_crtd helpers are > crashing too rapidly, need help! (Yuri Voinov) > > > -----

Re: [squid-users] squid 3.5.2==> HTTPS FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

restart automatically. In some installations, this problem does not occur over the years. In other - almost daily. I have no desire to find out why this is happening exactly. For me it was easier to make the watchdog, which will follow up on this. 03.03.2017 3:40, Yuri Voinov пишет: > > On

Re: [squid-users] squid 3.5.2==> HTTPS FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

exec "/usr/local/bin/crtd_create.sh -r >/dev/null 2>&1" 'Cannot add certificate to db.' - - - 0exec "/usr/local/bin/crtd_create.sh -r >/dev/null 2>&1" PS. This is from logsurfer.conf. 03.03.2017 3:34, Yuri Voinov пишет: > > This error is usually precede

Re: [squid-users] squid 3.5.2==> HTTPS FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

This error is usually preceded by another error in cache.log associated with the certificates. I will show you the direction. Then go himself. This software will useful for you to solve: http://www.crypt.gen.nz/logsurfer/ HTH, Yuri 03.03.2017 2:47, --Ahmad-- пишет: > hey folks . > i have a

Re: [squid-users] [bug 4674] squid 4.0.18 delay_parameters for class 3 assertion failed

28.02.2017 1:39, Vitaly Lavrov пишет: > [bug 4674] Regression in squid 4.0.18 (4.0.17 does not have this error) > > OS: Slackware linux 14.2 / gcc 4.8.2 May be ancient compiler. 4.8.2 is not fully C++11 compatible AFAIK. Try at least 4.9.x. Or 5.4. > > Simple config: > > delay_pools 1 >

Re: [squid-users] squid-avira-update-cache

root @ khorne /patch # wget -S http://personal.avira-update.com/update/x_vdf_sigver/7.12.155.64_8.12.155.64/xbv00050.vdf.lz --2017-02-17 23:51:22-- http://personal.avira-update.com/update/x_vdf_sigver/7.12.155.64_8.12.155.64/xbv00050.vdf.lz Connecting to 127.0.0.1:3128... connected. Proxy request

Re: [squid-users] squid-avira-update-cache

Any logs? 17.02.2017 17:43, splice...@gmail.com пишет: > Hi all, I'm trying to cache "avira updates" with squid, but no luck... > > my conf: > acl aviraupdate dstdomain .avira-update.com > range_offset_limit -1 aviraupdate > refresh_pattern -i avira-update.com/.*\.* 4320 80% 43200

Re: [squid-users] The header: HTTP_VIA is present with the value:

via off 14.02.2017 0:00, --Ahmad-- пишет: > hi folks > I’m checking my proxy in > > whatismyproxy.com > > and it says : > > The header: HTTP_VIA is present with the value:HTTP/1.1 > vnnnz01msp2tser1.wnsnet.attws.com > . > >

Re: [squid-users] High utilization of CPU squid-3.5.23, squid-3.5.24

Yes, it is require to perform extended diagnostics. Including the system level. BTW, it can also network IO. And, it is possible that even a slow DNS. Have to search. 02.02.2017 3:34, Eliezer Croitoru пишет: > I believe that the squid manager info page should give some clue about the > number

Re: [squid-users] High utilization of CPU squid-3.5.23, squid-3.5.24

It seems as IO bottleneck at first look. 02.02.2017 2:55, Vitaly Lavrov пишет: > Periodically squid begins to linearly increase the use of the CPU. > Sometimes this process reaches 100%. At random moment of time the CPU usage > is reduced to 5-15%, > and in the presence of client requests can

Re: [squid-users] Buy Certificates for Squid 'man in the middle'

of users. In other words, users should be aware that there is a proxy hacking HTTPS in front of them. All other tricks are illegal, at least it is contrary to ethics. Forget about it. I'm seriously. 02.02.2017 3:10, Yuri Voinov пишет: > > > > 02.02.2017 2:58, angelv пишет: >> Hi,

Re: [squid-users] Buy Certificates for Squid 'man in the middle'

02.02.2017 2:58, angelv пишет: > Hi, > > I need your advice. > > I have a transparent proxy running with the self generated > certificates 'myCA.pem', as it is not signed by a valid entity then I > have to import the 'myCA.der' certificate in all web browsers ... > > I want to know where I can

Re: [squid-users] squid reverse proxy (accelerator) for MS Exchange OWA

I'm sorry to interrupt, gentlemen - but Microsoft does not use certificate pinning in OWA? 01.02.2017 22:19, Amos Jeffries пишет: > On 27/01/2017 9:31 p.m., Vieri wrote: >> >> >> >> - Original Message - From: Alex Rousskov >> >> It's interesting to

Re: [squid-users] Antivirus for squid

261 > Email: elie...@ngtech.co.il > > > -Original Message- > From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On > Behalf Of Yuri Voinov > Sent: Wednesday, February 1, 2017 5:52 PM > To: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] Antivi

Re: [squid-users] Not all html objects are being cached

You'r welcome. I do not understand what the hell you have clung to me. I have my own point of view on the problem. Tell tales of the guy who started this thread. I know the developer's position. So, let's stop useless discussion. This is wasted time only. 01.02.2017 21:48, Amos Jeffries пишет:

Re: [squid-users] QA Pilots

01.02.2017 3:49, Alex Rousskov пишет: > Hello, > > The Squid Software Foundation plans to hire a part-time remote QA > engineer to help us address systemic quality problems with Squid > releases and development snapshots. This position will be funded by your > donations to the Foundation.

Re: [squid-users] Is it possible to modify cached object?

Exactly, localhost system administrators can do what they want ;-) 01.02.2017 1:05, boruc пишет: > Well, basically I'm working on virtual machine with nothing special installed > on it so I don't have to worry about all of this. I wanted to give squid a > try, look how it works, learn something

Re: [squid-users] Is it possible to modify cached object?

01.02.2017 0:34, boruc пишет: > Thank you for your answers Antony. > > On packages.ubuntu.com I searched for "squid3" and here's what I've found: > 12.04LTS - 3.1.19 > 14.04LTS - 3.3.8 > 16.04LTS - 3.5.12 > > For now the best option would be to upgrade Ubuntu to 16.04, but I cannot do > it now.

Re: [squid-users] Not all html objects are being cached

27.01.2017 19:35, Garri Djavadyan пишет: > On Fri, 2017-01-27 at 17:58 +0600, Yuri wrote: >> 27.01.2017 17:54, Garri Djavadyan пишет: >>> On Fri, 2017-01-27 at 15:47 +0600, Yuri wrote: --2017-01-27 15:29:54-- https://www.microsoft.com/ru-kz/ Connecting to 127.0.0.1:3128... connected.

Re: [squid-users] Not all html objects are being cached

arameters: >>> >>> Cache-Control: no-cache, no-store, must-revalidate, post-check, >>> pre-check, >>> private, public, max-age, public >>> Pragma: no-cache > > On 26.01.17 02:44, Yuri Voinov wrote: >> If the webmaster has done this -

Re: [squid-users] Not all html objects are being cached

26.01.2017 2:22, boruc пишет: > After a little bit of analyzing requests and responses with WireShark I > noticed that many sites that weren't cached had different combination of > below parameters: > > Cache-Control: no-cache, no-store, must-revalidate, post-check, pre-check, > private, public,

Re: [squid-users] Antivirus for squid

26.01.2017 0:03, erdosain9 пишет: > Hi to all. > Im a little confuse about this... i just want "antivirus", i dont care block > some web, filter, etc. (at least no more that what i get with squid)... so, > just for antivirus, what recommend??? > clamav You thing you have a choise? All others AV

Re: [squid-users] Squid 4.x: Intermediate certificates downloader

25.01.2017 5:25, Alex Rousskov пишет: > On 01/24/2017 02:11 PM, Yuri Voinov wrote: >> 25.01.2017 2:50, Alex Rousskov пишет: >>> A short-term hack: I have seen folks successfully solving somewhat >>> similar problems using a localport ACL with an "impossibl

Re: [squid-users] Squid 4.x: Intermediate certificates downloader

25.01.2017 2:50, Alex Rousskov пишет: > On 01/24/2017 12:20 PM, Yuri Voinov wrote: >> 25.01.2017 1:10, Alex Rousskov пишет: >>> On 01/24/2017 11:33 AM, Yuri Voinov wrote: >>>> http_access deny to_localhost >>> Does not match. The destination is not localho

Re: [squid-users] Squid 4.x: Intermediate certificates downloader

index.html [ <=> ] 3.60K --.-KB/sin 0s 2017-01-25 02:37:54 (7.44 MB/s) - 'index.html' saved [3688] because intermediate certificates file is exists and configured. 25.01.2017 2:09, Yuri Voinov пишет: > This is mentioned debug for this transaction. > > I see

Re: [squid-users] Squid 4.x: Intermediate certificates downloader

: 0x4b781938 answer DENIED for match 2017/01/25 01:36:35.773 kid1| 28,3| Checklist.cc(163) checkCallback: ACLChecklist::checkCallback: 0x4b781938 answer=DENIED It seems like bug. 25.01.2017 1:10, Alex Rousskov пишет: > On 01/24/2017 11:33 AM, Yuri Voinov wrote: > >>> 1485279884.648

Re: [squid-users] Squid 4.x: Intermediate certificates downloader

25.01.2017 1:10, Alex Rousskov пишет: > On 01/24/2017 11:33 AM, Yuri Voinov wrote: > >>> 1485279884.648 0 - TCP_DENIED/403 3574 GET >>> http://repository.certum.pl/ca.cer - HIER_NONE/- text/html;charset=utf-8 > >> http_access deny !Safe_ports > Probably

Re: [squid-users] Squid 4.x: Intermediate certificates downloader

comment out this line. I have no idea, what can block access. 25.01.2017 0:27, Alex Rousskov пишет: > On 01/24/2017 11:19 AM, Yuri Voinov wrote: > >> It is downloads directly via proxy from localhost: >> As I understand, downloader also access via localhost, right? > This is incor

Re: [squid-users] Squid 4.x: Intermediate certificates downloader

May be, this feature is mutually exclusive with sslproxy_foreign_intermediate_certs option? 25.01.2017 0:19, Yuri Voinov пишет: > Mm, hardly. > > It is downloads directly via proxy from localhost: > > root @ khorne /patch # http_proxy=localhost:3128 curl > http://repositor

Re: [squid-users] Squid 4.x: Intermediate certificates downloader

r from localnet, or from localhost download occurs. 25.01.2017 0:16, Alex Rousskov пишет: > On 01/24/2017 10:48 AM, Yuri Voinov wrote: > >> It seems 4.0.17 tries to download certs but gives deny somewhere. >> However, same URL with wget via same proxy works >> Why? > Most lik

Re: [squid-users] Squid 4.x: Intermediate certificates downloader

Hm. Another question. It seems 4.0.17 tries to download certs: 1485279884.648 0 - TCP_DENIED/403 3574 GET http://repository.certum.pl/ca.cer - HIER_NONE/- text/html;charset=utf-8 but gives deny somewhere. However, same URL with wget via same proxy works: root @ khorne /patch # wget -S

Re: [squid-users] Squid 3.5.23 little fixes

teh TCP :-D teh drama :-D Nice shoot :-D 24.01.2017 14:26, FredB пишет: > Hello, > > FI, I'm reading some parts of code and I found two little spelling errors > > FredB > > --- > > --- src/client_side.cc2016-10-09

Re: [squid-users] Squid 4.x: Intermediate certificates downloader

24.01.2017 2:25, Marcus Kool пишет: > > > On 23/01/17 17:23, Yuri Voinov wrote: > [snip] > >>> I created bug report http://bugs.squid-cache.org/show_bug.cgi?id=4659 >>> a week ago but there has not been any activity. >>> Is there someone who has sslpr

Re: [squid-users] Squid 4.x: Intermediate certificates downloader

24.01.2017 0:06, Marcus Kool пишет: > > > On 23/01/17 15:31, Alex Rousskov wrote: >> On 01/23/2017 04:28 AM, Yuri wrote: >> >>> 1. How does it work? >> >> My response below and the following commit message might answer some of >> your questions: >> >>

Re: [squid-users] Squid 4.x: Intermediate certificates downloader

24.01.2017 0:06, Alex Rousskov пишет: > On 01/23/2017 10:41 AM, Yuri Voinov wrote: >> 23.01.2017 23:31, Alex Rousskov пишет: >>> On 01/23/2017 04:28 AM, Yuri wrote: >>>> I.e., where downloaded certs stored, how it >>>> handles, does it saves anywhere to

Re: [squid-users] Squid 4.x: Intermediate certificates downloader

23.01.2017 23:31, Alex Rousskov пишет: > On 01/23/2017 04:28 AM, Yuri wrote: > >> 1. How does it work? > My response below and the following commit message might answer some of > your questions: > > http://bazaar.launchpad.net/~squid/squid/5/revision/14769 > >> I.e., where downloaded certs

Re: [squid-users] A bunch of SSL errors I am not sure why

18.01.2017 23:40, Eliezer Croitoru пишет: > Thanks for the detail Amos, > > I noticed that couple major Root CA certificates was revoked so it could be > one thing. > And can you give some more details on how to fetch the certificated using the > openssl tools? > (Maybe redirect towards an

Re: [squid-users] Help with Certificate validation

Put your regression server to SSL Bump splice rule. 18.01.2017 1:27, Mustafa Mohammad пишет: > I’m using squid proxy to connect to our regression server. When our > configuration file is doing a CRLCheck, I’m unable to connect to the > server. I have tried SSL bump and ssl_proxy option but was

Re: [squid-users] Squid memory leak on ubuntu 14.04

10.01.2017 19:34, vinay пишет: > Thanks Amos , for your timely help. > > As mentioned by you, I have configured squid conf file n able to get TCP_HIT > in access logs. Thanks a lot. > My new issue is, my app has 3 types of users. Normal, Editor n Business user > , The contents are getting

Re: [squid-users] Is it possible to modify cached object?

08.01.2017 20:49, boruc пишет: > Thank you for your answer. > > Actually I managed to do what I want by simply editing that file and > changing content length if necessary. I don't know why sometimes I need to > restart Squid or reopen browser to see changed version of page. Sometimes > it works

Re: [squid-users] Squid 3.3.8 is available

05.01.2017 22:43, vinay пишет: > Hi am using Squid 3.3.8 on Ubuntu 14.04. I have default configuration of > Squid config file . The request is passing via Squid but its not caching the > contents/images/css , everytime am getting TCP_MISS/200 for each request > getting logged in access logs. > >

Re: [squid-users] Missing cache files

Man, this question has been answered a million times. Use the search. 17.12.2016 16:41, Odhiambo Washington пишет: > Hi, > > I keep seeing something that I think is odd. Squid has been exiting on > signal 6, and I keep seeing this: > > root@gw:/usr/local/openssl # tail -f

Re: [squid-users] Squid Forward Proxy for LDAP

15.12.2016 20:29, Bryan Peters пишет: > My Google-fu seems to be coming up short. > > We have an application that ties into our users SSO/LDAP servers. We, > don't run an LDAP server of our own, we're just making outbound calls > to their LDAP servers. > > I would like to proxy all outbound

Re: [squid-users] Cisco ASA with transparent Squid with HTTP/HTTPS filtering

14.12.2016 21:59, Yuri Voinov пишет: > > > > 14.12.2016 21:08, Rafael Akchurin пишет: >> >> Hello everyone, >> >> >> >> After pulling all my hair out and reading every possible howto on the >> Internet for Cisco ASA integration with Squid

Re: [squid-users] Cisco ASA with transparent Squid with HTTP/HTTPS filtering

14.12.2016 21:59, Yuri Voinov пишет: > > > > 14.12.2016 21:08, Rafael Akchurin пишет: >> >> Hello everyone, >> >> >> >> After pulling all my hair out and reading every possible howto on the >> Internet for Cisco ASA integration with Squid

Re: [squid-users] Cisco ASA with transparent Squid with HTTP/HTTPS filtering

14.12.2016 21:08, Rafael Akchurin пишет: > > Hello everyone, > > > > After pulling all my hair out and reading every possible howto on the > Internet for Cisco ASA integration with Squid using WCCP I have > decided to write my own. The how to is at >

Re: [squid-users] URL too large??

It means exactly what it said: URL too long. In Squid's defaults set 8k for URL size. This was reasonable maximum 10 years ago. Now it seems too small (at least 4 times) because of now Internet full of adware bullshit (referrals/trackers/counters etc.) which is often more 8k. You can easy fix

Re: [squid-users] caching videos over https?

On Nov 20, 2016, at 2:03 PM, Yuri Voinov <yvoi...@gmail.com >> <mailto:yvoi...@gmail.com>> wrote: >> >> Store-ID is not quite cached. This deduplication and this is just what >> you need for dynamic content, which is the majority of the video. Do not >> forget

Re: [squid-users] caching videos over https?

od in their solution since it's >> not based on StoreID but on other concepts. >> >> Eliezer >> >> >> Eliezer Croitoru >> Linux System Administrator >> Mobile: +972-5-28704261 >> Email: elie...@ngtech.co.il >> >> >> -O

Re: [squid-users] caching videos over https?

> > > Eliezer Croitoru > Linux System Administrator > Mobile: +972-5-28704261 > Email: elie...@ngtech.co.il > > > -Original Message- > From: Yuri Voinov [mailto:yvoi...@gmail.com] > Sent: Saturday, November 19, 2016 23:08 > To: Eliezer Croitoru <

Re: [squid-users] caching videos over https?

Email: elie...@ngtech.co.il > > > From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On > Behalf Of Yuri Voinov > Sent: Saturday, November 19, 2016 17:54 > To: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] caching videos over https? > >

Re: [squid-users] caching videos over https?

HTTPS is not a problem, if not a problem to install the proxy certificate to the clients. The problem in combating caching YT by Google. 19.11.2016 21:41, Yuri Voinov пишет: > > > > 19.11.2016 21:35, Amos Jeffries пишет: >>> 19.11.2016 20:56, Bakhtiyor Homidov пиш

Re: [squid-users] caching videos over https?

19.11.2016 21:35, Amos Jeffries пишет: >> 19.11.2016 20:56, Bakhtiyor Homidov пишет: >>> thanks, yuri, >>> >>> just found https://cachevideos.com/, what do you think about this? >>> > On 20/11/2016 4:17 a.m., Yuri Voinov wrote: >> This

  1   2   3   4   5   6   7   8   9   10   >