Hi
I followed
http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory
I can see the cache.log the the client is authenticating with a Kerberos ticket
however for every connection get a TCP/DENIED 407 and then the connection is
made. Is this not what NTLM does? I
Hi Amos
I'm trying to install squid-3.1.19-20120306-r10434, with all other versions
I can install it with --enable-ssl options but with this one I have errors
on make all command relative to SSL ...
--- ERRORS OF MAKE ALL
In file included from
- Mail original -
De: Amos Jeffries squ...@treenet.co.nz
À: squid-users@squid-cache.org
Envoyé: Jeudi 8 Mars 2012 03:11:40
Objet: Re: [squid-users] Squid 3.2: segfault at 0 ip (null) sp bfa8e03c
using iptables + transparent mode
On 08.03.2012 12:51, David Touzeau wrote:
Dear,
Ok just ignore this message, I had to install libssl-dev !
-Message d'origine-
De : Clem [mailto:clemf...@free.fr]
Envoyé : jeudi 8 mars 2012 09:52
À : squid-users@squid-cache.org
Objet : TR: [squid-users] https analyze, squid rpc proxy to rpc proxy ii6
exchange2007 with ntlm
Hi Amos
De: Alex Rousskov rouss...@measurement-factory.com
I had reported some problems with rock store but maybe it can be
consider like an experimental feature for the moment ?
It is experimental until there has been at least one stable cycle
of
wide use to wrinkle out any minor bugs
Amos Jeffries wrote:
On 08.03.2012 06:35, Alex Rousskov wrote:
On 03/05/2012 03:15 PM, Amos Jeffries wrote:
The LDAP special-characters and escaping bugs for instance, just need
someone with a real LDAP server (not a test script) to configure a dummy
account and see if login works now. A
On 8/03/2012 10:38 p.m., Jose-Marcio Martins da Cruz wrote:
Amos Jeffries wrote:
On 08.03.2012 06:35, Alex Rousskov wrote:
On 03/05/2012 03:15 PM, Amos Jeffries wrote:
The LDAP special-characters and escaping bugs for instance, just need
someone with a real LDAP server (not a test script)
cache_peer ip.of.server1 parent 80 0 no-query originserver name=server_1
cache_peer_domain server_1 www.a.com .b.com
cache_peer ip.of.server2 parent 80 0 no-query originserver name=server_2
cache_peer_domain server_2 www.b.com .a.com
If configure like this,www.b.com will be forwarded to the
On 8/03/2012 8:18 p.m., kimi ge(巍俊葛) wrote:
Hi,
Can someone take a look at it the following issue which I ran into?
Here is the details:
Outline: squid 2.6 as the reverse-proxy for IIS (SharePoint) site.
IIS uses the NTLM authentication.
Regarding the squid document, squid 2.6+ or squid 3.1+
On 8/03/2012 8:34 p.m., Marcus Zoller wrote:
Hello guys,
I am running squid as an reverse proxy and can't find a way to disable the
support for client initiated renegotiation. I have tested this using
echo R | openssl s_client -connect :443
which returns
RENEGOTIATING
.
snip
I have
On 8/03/2012 11:35 p.m., tangyi wrote:
cache_peer ip.of.server1 parent 80 0 no-query originserver name=server_1
cache_peer_domain server_1 www.a.com .b.com
cache_peer ip.of.server2 parent 80 0 no-query originserver name=server_2
cache_peer_domain server_2 www.b.com .a.com
If configure like
Hi Amos,
Many thanks for your fast answer. Did I understand you correctly... all it
takes is initializing options with 0 instead of SSL_OP_ALL? Wouldn't this be
the same as setting options=!ALL on the https_port config (doing this had no
effect)?
Marcus
-Ursprüngliche Nachricht-
Von:
On 8/03/2012 9:17 p.m., JC Putter wrote:
Hi
I followed
http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory
I can see the cache.log the the client is authenticating with a Kerberos ticket
however for every connection get a TCP/DENIED 407 and then the connection is
Good afternoon,
is it able to detect somehow (and disable) tunneling http regular
web thru proxy web sites ? For example porn web site thru
hidemyass.com. There are a lot of web proxies, couldn't locate
everyone and disable it :). How do you solve it ?
Thanks and best regards
J.K.
Amos,
Thank you for the reply.
Sorry I meant 3.0 STABLE 19. The Zimbra Desktop client connects via port 443
and I have the standard ACL;
http_access deny !Safe_ports
http_access deny !SSL_ports
however when I change the ACL to (very insecure)
http_access allow CONNECT (without the exception
On 9/03/2012 12:47 a.m., Marcus Zoller wrote:
Hi Amos,
Many thanks for your fast answer. Did I understand you correctly... all it
takes is initializing options with 0 instead of SSL_OP_ALL? Wouldn't this be
the same as setting options=!ALL on the https_port config (doing this had no
effect)?
Back to send my feed back after testing proxy rpc via ntlm and squid 3.1.19,
the main problem is I can't force sauid to use http1.1, in https analyzer I
can see squid is http1.0.
How can I force squid 3.1.19 to use http1.1 ?
-Message d'origine-
De : Clem [mailto:clemf...@free.fr]
Envoyé
On 9/03/2012 1:01 a.m., Josef Karliak wrote:
Good afternoon,
is it able to detect somehow (and disable) tunneling http regular
web thru proxy web sites ? For example porn web site thru
hidemyass.com. There are a lot of web proxies, couldn't locate
everyone and disable it :). How do you
On 9/03/2012 1:07 a.m., JC Putter wrote:
Amos,
Thank you for the reply.
Sorry I meant 3.0 STABLE 19.
Please at minimum upgrade to 3.0.STABLE26 then, if possible 3.1.19.
There are a handful of major security vulnerabilities in between.
The Zimbra Desktop client connects via port 443 and
Hallo, Josef,
Du meintest am 08.03.12:
is it able to detect somehow (and disable) tunneling http regular
web thru proxy web sites ? For example porn web site thru
hidemyass.com. There are a lot of web proxies, couldn't locate
everyone and disable it :). How do you solve it ?
I use
On 9/03/2012 1:21 a.m., Clem wrote:
Back to send my feed back after testing proxy rpc via ntlm and squid 3.1.19,
the main problem is I can't force sauid to use http1.1, in https analyzer I
can see squid is http1.0.
How can I force squid 3.1.19 to use http1.1 ?
3.1 series still sends HTTP/1.0
Ok Amos so we go back to same issues, as I said you I have tested all I
could with the latest 3.2 beta versions before.
So I'm going back to the type-1 ntlm message issue (see my last messages
with this subject)
And my last question was :
I think the link SQUID - IIS6 RPC PROXY is represented
Thank you Amos, will upgrade to 3.1.19
auth_param negotiate program /usr/local/bin/negotiate_wrapper -d --ntlm
/usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp
--domain=EXAMPLE --kerberos /usr/lib/squid3/squid_kerb_auth -d
auth_param negotiate children 10
auth_param
Hi ,
This is Liley ,,,
can anyone tell me what
requests per second can squid3 serves ,
especially if we run it on the top of a hardware with OCZ RevoDrive 3
X2 (200,000 Random Write 4K IOPS)
Thanks in advance .
I use squidGuard with its database p.e. for porn and/or proxies. It's
simple to use it under squid.
Also if you believe ICAP is the way to follow I'd recomment qlproxy (as
ICAP companion server for Squid).
Best regards,
sich
On Thu, Mar 08, 2012 at 10:37:01AM +1030, Brett Lymn wrote:
1) The credentials being passed to the upstream are not rewritten - if I
decode the basic auth it has my real password going to the upstream.
And scratch this one too... if I use:
cache_peer upstream.proxy parent 8080 7
Original-Nachricht
Datum: Wed, 07 Mar 2012 07:24:53 +0100
Betreff: access.log issues with squid 3.2.0.15
I had access_log stdio:/Applications/oss/logs/access.log squid which
worked fine.
Today, I switched to:
logformat customfmt %tl
access_log
Back on OS X 10.4.11, squid-3.2.0.16-20120308-r11536 fails to compile with
either gcc 4.0.1 or 4.2.1, but squid-3.2.0.16 from March 6th compiles fine with
the same ./configure flags:
./configure --prefix=/usr/local/squid --build
=i686-apple-darwin --mandir=/usr/local/share/man --with-large
28 matches
Mail list logo