Re: [squid-users] MITM the MITM

FYI people, When Squid On 7/01/22 06:33, Grant Taylor wrote: On 1/4/22 2:35 AM, Will BMD wrote: HTTP proxy limitation The system cannot decrypt traffic if an HTTP proxy is positioned between a client and your managed device, and the client and server establish a tunneled TLS/SSL connection

Re: [squid-users] squid affected by log4j vulnerability?

On 5/01/22 05:41, Michael Engelmann wrote: Hi all, since I can't find any information on the web about whether the squid proxy is affected by the log4j vulnerability, I want to ask that question here. We are running Squid version 4.6 under Debian 4.19. Squid is not written in Java. So it is

Re: [squid-users] Logging in Squid external helpers in Docker?

On 28/12/21 19:01, roee klinger wrote: stdout of the helper is the channel to respond to Squid requests. Do not send other information there. Helper debug info etc should go to the helper stderr which Squid will deliver to cache.log. Thank you, Amos. I am glad there is a

Re: [squid-users] Logging in Squid external helpers in Docker?

On 28/12/21 18:32, roee klinger wrote: Hey, I am running Squid inside a Docker container, and I am using an external helper, I am trying to get the logs from the external helper to go to Docker logs (stdout). Currently, I am writing the logs to a file, which works, but I would like to get

Re: [squid-users] Many new ERROR lines in cache.log after upgrade

On 22/12/21 06:04, Truniger Othmar wrote: Hi Amos, thank you very much for your reply. It already helped me a lot. I understand it's related to basic helpers. Since ever we use the original basic_ldap_auth and ext_ldap_group_acl and never experienced any problems with them. Also cachemgr now

Re: [squid-users] Significant memory leak with version 5.x (not with 4.17)

If possible can one of you run a Squid to get this behaviour, then stop new clients connecting to it before lack of memory issues occur and see if the memory usage disappears or reduces after a 24-48hr wait. A series of regular mempools report dumps from across the test may help Alex or

Re: [squid-users] Significant memory leak with version 5.x (not with 4.17)

On 25/12/21 01:24, Lukáš Loučanský wrote: Sorry - maybe I'll post something irrelevant - but my Squid5.3 is running for 3 days now. As it seems the number of user's requests declined (xmas holliday) - the memory consuption stabilized and is not increasing (seemingly - I check only by mrtg

Re: [squid-users] Many new ERROR lines in cache.log after upgrade

On 22/12/21 00:42, Truniger Othmar wrote: Hi we have been successfully running Squid for authentication and authorization for almost two decades. We don't cache and no SSL-bumping, just many access rules. Last weekend I migrated from self-compiled 3.5.x on RHEL7 to RHEL8 with official RPM

Re: [squid-users] IPcache and mixed case domain names

On 16/12/21 07:08, Alex Rousskov wrote: On 12/15/21 11:56 AM, Binoy Fernandez wrote: Assuming the IPcache at all times contains lower case domain names then I think a change might be needed to the ipcache_get function to lower case It sounds like you found a bug. Indeed. Please report it

Re: [squid-users] process_name macro usage

On 7/12/21 18:10, senor wrote: Hi All, I'm attempting to use the process_name macro in include file names to isolate the worker-specific directives from the disker and coordinator. I have not found any references to directives that are required by those 2 processes. I'm currently doing a

Re: [squid-users] TLS whitelist traffic based on URL_REGEX

On 7/12/21 03:13, Baptista, Paulo wrote: Hello, Is it possible to create ACL, using URL_REGEX, for SQUID when using SSLBUMP for HTTPS sites? If so, is there a guide I can follow? url_regex ACL works the same way for SSL-Bump'ed HTTPS and it does for HTTP. Once the TLS is decrypted what

Re: [squid-users] Changing cache_log format

On 3/12/21 02:13, Kirschner, Sebastian (A-GTSI-DDP) wrote: Hi all, is it possible to change log_format of cache_log? We would like to add also timezone information to this kind of log by specifying local time: 2021/11/23 09:56:17| Logfile: opening log stdio:/var/log/squid/netdb.state No. TZ

Re: [squid-users] security_file_certgen I/O

On 2/12/21 07:55, Jason Spashett wrote: On Wed, 1 Dec 2021 at 18:29, Alex Rousskov wrote: On 12/1/21 12:06 PM, David Touzeau wrote: Hi We used Squid 5.2 and we see that security_file_certgen consume I/O Is there any way to put the ssldb in memory without need to mount a tmpfs ? Yes,

Re: [squid-users] How to make tcp_outgoing_address forward to IP:port

On 27/11/21 15:48, Graminsta wrote: Hi, I have multiple customers that must to be forwarded to different routes. More than 100 routes per VM. It is already working for years that way. But now I need that Squid forwards each tcp_outgoing_address to a different IP and port, because each of

Re: [squid-users] ipcacheParse No Address records in response to 'DNS address'

On 23/11/21 21:02, Sándor Szabolcs [Budapest Környéki Törvényszék] wrote: Hi! I need some help, because I have got stucked. I recieved ther next two errors in cache log: ipcacheParse No Address records in response to 'DNS address' The domain(s) mentioned has misconfigured CNAME response

Re: [squid-users] cannot open site

On 18/11/21 20:08, Majed Zouhairy wrote: using squid 5.2, does it support TLS1.3? It does.     Failed to establish a secure connection to [unknown] The system returned:     [No Error] (TLS code: SQUID_TLS_ERR_CONNECT+TLS_IO_ERR=1) That is an I/O error. Unable to read or write some

Re: [squid-users] Rotate squid log files

On 12/11/21 00:05, Omar Salem - KSACO IT Manager wrote: hi all, I have ran the command (c:\squid\sbin\squid -n squid -k rotate)  to rotate log files (Cache,store and access) but only cache and store logs were rotated. I need to rotate access.log too because it reached 4GB. Also how to see

Re: [squid-users] squid 5.2: ntlm_fake_auth refuse to valid credentials

On 11/11/21 14:12, David Touzeau wrote: Hi, i would like to use ntlm_fake_auth but it seems Squid refuse to switch to authenticated user and return a 407 to the browser and squid never accept  credentials. What i missing ? Configuration seems simple: auth_param ntlm program

Re: [squid-users] Squid very slow with kerberos auth and LDAP Group Search(AD)

On 9/11/21 01:19, heimarbeit123...@web.de wrote: Hello all, I finaly got a squid proxy with kerberos authentification and LDAP group check to work! With a small amount of clients(1-10) everything works as it should and the squid is fast(no noticeable waiting time for websites to open). Users

Re: [squid-users] acl / format code evaluation

On 5/11/21 04:14, Jason Spashett wrote: Hello, I am using squid 5, and after reading the following I have attempted to link the connect requests to the other requests within a TLS tunnel. Can anyone tell me why this isn't working, and or when the log format codes get evaluated. The logformat

Re: [squid-users] Squid upgrade failure support questions

On 25/10/21 6:33 am, Yuen, John wrote: http_port 3128 The ‘Squid for Windows’ service is set to ‘Automatic’ startup type and shows the ‘Running’ status. So it can’t be that. I can telnet to port 3128 on the new working Squid v4.14 server. But I can’t telnet to the same port 3128 on the

Re: [squid-users] Squid Proxy - One subnet recognised

On 16/10/21 12:33 am, Ryan Absolom wrote: Hi All Wondering if anyone can help - we've recently added a new subnet to squid.conf (exactly the same layout / variables used as previous subnets) however this doesn't get recognised. What do you mean by "added" ? With a default squid.conf it

Re: [squid-users] [SPAM] [ext] Squid 5.1 memory usage

On 16/10/21 5:13 am, Steve Hill wrote: On 12/10/2021 09:34, Ralf Hildebrandt wrote: Quite sure, since I've been testing Squid-5-HEAD before it became 5.2 But to be sure, I'm deplyoing it right now. Yep, squid-5.2 is also leaking. :( I'm now reasonably sure that mine is a recurrence of:  

Re: [squid-users] Kerberos authentication with multiple squids

On 14/10/21 8:48 am, Markus Moeller wrote: The problem lies more in the way how Kerberos proxy authentication works. The client uses the proxy name to create a ticket and in this case it would be the name of the first proxy e.g. proxy1.internal.  The first proxy will pass it through to the

Re: [squid-users] Kerberos authentication with multiple squids

On 12/10/21 9:33 pm, 森 隆聡 wrote: I made Single Sign On environment with AD+Squid and it worked fine. [It works] Client(Windows) -> Squid(CentOS) -> Internet * Client is joined the domain and Squid configured Kerberos Authentication with AD. But after add another squid, it didn't work. ...

Re: [squid-users] Portal Splash Page - exceptions

On 4/10/21 9:53 pm, MATYAS, Tibor wrote: Hello List, I have the following situation: Squid 4 is working in non-transparent mode, with Portal Splash Page https://wiki.squid-cache.org/ConfigExamples/Portal/Splash configured. This is a nice feature, the users must regularly accept the internet

Re: [squid-users] Squid do not reply

On 5/10/21 2:37 pm, Alex Rousskov wrote: On 10/4/21 5:18 PM, Henning Svane wrote: I search more on the problem and it shows that Squid as default only use IPv6 I really doubt that. Your access.log records seem to confirm my belief that your Squid was listening on an IPv4 address (at least)

[squid-users] [squid-announce] [ADVISORY] SQUID-2021:6 Improper Certificate Validation in TLS

__ Squid Proxy Cache Security Update Advisory SQUID-2021:1 __ Advisory ID: | SQUID-2021:6 Date: | October 3, 2021 Summary: | Improper

[squid-users] [squid-announce] Squid 5.2 is available

/Download/mirrors.html If you encounter any issues with this release please file a bug report. https://bugs.squid-cache.org/ Amos Jeffries ___ squid-announce mailing list squid-annou...@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid

[squid-users] [squid-announce] Squid 4.17 is available

-cache.org/pub/archive/4/ or the mirrors. For a list of mirror sites see http://www.squid-cache.org/Download/http-mirrors.html http://www.squid-cache.org/Download/mirrors.html If you encounter any issues with this release please file a bug report. https://bugs.squid-cache.org/ Amos Jeffries

[squid-users] [squid-announce] [ADVISORY] SQUID-2020:12 Out-Of-Bounds memory access in WCCPv2

to the mailing list. It's a closed list (though anyone can post) and security related bug reports are treated in confidence until the impact has been established. __ Credits: This vulnerability was discovered by Lyu worki

[squid-users] [squid-announce] Squid 5.1 is available

For a list of mirror sites see http://www.squid-cache.org/Download/http-mirrors.html http://www.squid-cache.org/Download/mirrors.html If you encounter any issues with this release please file a bug report. https://bugs.squid-cache.org/ Amos Jeffries

Re: [squid-users] Upgradation of squid version 3.5.27 on ubuntu 18.04

On 30/09/21 1:26 am, sheik abdul wrote: Hellow TEam, Hope you're doing well! I have installed Ubuntu 18.04 (Bionic) with the squid version of 3.5.27 (maybe that's that latest version) . That is the squid version shipped by Ubuntu 18.04 LTS. I'm always getting in the Vulnerability list and

Re: [squid-users] squid 5.1: Kerberos: Unable to switch to basic auth with Edge - IE - Chrome

On 21/09/21 11:49 am, David Touzeau wrote: When edge, chrome and IE try to establish a session, Squid claim 2021/09/21 01:17:27 kid1| ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: received type 1 NTLM token; }} This let us understanding that these 3

Re: [squid-users] Squid 5.1 for Debian Bullseye (amd64/i386/sources)

On 21/09/21 1:03 am, L.P.H. van Belle wrote: And i have the Debian Bullseye packages also online. My changelog compaired to the Debian Unstable. squid (5.1-1.1bullseye1) bullseye; urgency=medium * Non-maintainer upload. * Used sources from squid-cache.org build :

Re: [squid-users] About Squid 4, AD, Kerberos and AD group auth.

On 20/09/21 5:32 am, Hernan Saltiel wrote:     If you know about this, and can point me out to some URL I'm not seeing, I'll thank you. Please see the FAQ written by that helpers author Amos

Re: [squid-users] hostHeaderVerify with SNI in interception environments

On 18/09/21 8:14 am, Alex Rousskov wrote: On 9/17/21 3:29 PM, Andreas Weigel wrote: If splicing at step3, however, hostHeaderVerify is not called again with the SNI I assume that the above statement would still be true if I remove the word "again" from it. This is how I interpreted it (i.e.

Re: [squid-users] squid 5.1: external_acl_type: Get public remote address

On 17/09/21 2:42 am, David Touzeau wrote: Thanks Amos for quick answer. Can you take away any hope of a workaround with Squid ? This makes me plan having to develop a function that has to perform DNS resolution inside the helper with the performance consequences that this will impose. I

Re: [squid-users] SOLVED - compiling squid 5.1

Interesting. Okay, I'm currently using this patch for Debian to avoid having to depend on make at all. Seems like I'm going to have to bring it upstream for the 5.2 release.

Re: [squid-users] squid 5.1: external_acl_type: Get public remote address

On 16/09/21 10:09 pm, David Touzeau wrote: Hi comunity, Squid fans I would like to use an external acl process for Geoip processing i have tried to setup squid to send the remote peer address using %code but it always reply with a "-" external_acl_type MyGeopip ttl=3600 negative_ttl=3600

Re: [squid-users] SOLVED - compiling squid 5.1

On 17/09/21 1:38 am, Meike Stone wrote: Hello Amos, thanks for answering! Am Mi., 8. Sept. 2021 um 11:26 Uhr schrieb Amos Jeffries: This hack only works if you are building manually from source code, in the same directory you expanded the sources. Which is not he case for anyone building

Re: [squid-users] Compile/Rebuilding on debian bullseye (or buster)

On 15/09/21 10:28 pm, L.P.H. van Belle wrote: Hai Amos, Thanks on the reply, ive missed the change from db to tdb, thanks on that. What i notice in the builds is, I see this one.. config.status: creating test-suite/Makefile And then i see these, then it failes. cp ../../src/tes

Re: [squid-users] SSL Terminating Reverse Proxy with Referral Tracking

On 15/09/21 1:21 pm, Grant Taylor wrote: On 9/14/21 6:09 PM, Amos Jeffries wrote: b) If those upstream servers are embedding URLs for clients to directly contact the XaaS services. Then your desire is not possible without redesigning the upstream service(s) such that they stop exposing

Re: [squid-users] SSL Terminating Reverse Proxy with Referral Tracking

On 13/09/21 4:16 pm, Mehrdad Fatemi wrote: Hi Everyone, I'm looking for an elegant technology option to have telcos zero-rate all of the traffic to a set of online destinations. Can you clarify what you mean exactly by "zero rate" ? What does it have to do with actions the proxy is

Re: [squid-users] logformat odd values

On 15/09/21 7:04 am, Moti Berger wrote: Hi I have the followings in squid.conf: logformat metrics %icap::tt %adapt::all_trs %adapt::sum_trs %{service_req_a}adapt::sum_trs %{service_resp_a}adapt::sum_trs %{service_req_b}adapt::sum_trs %{service_resp_b}adapt::sum_trs access_log

Re: [squid-users] Compile/Rebuilding on debian bullseye (or buster)

On 14/09/21 9:22 pm, L.P.H. van Belle wrote: Hai Amos, Im attempting to make a squid 5.1 build based on the bullseye squid/debian folder. ( ps. Im building with sbuilder ) Now, this "normaly" worked since squid 3.2 for me, copy the debian folder, make minor adjustments if needed, Just with

Re: [squid-users] Squid inside docker

On 9/09/21 3:55 am, Graham Wharton wrote: If you run squid as user squid (or whoever your cache_effective_user), it does not change user, and the squid user has full access to write to stdout, so ... 2021-09-08T16:49:15.065+01:00 2021/09/08 16:49:15| WARNING: no_suid: setuid(0): (1)

Re: [squid-users] SOLVED - compiling squid 5.1

This hack only works if you are building manually from source code, in the same directory you expanded the sources. Which is not he case for anyone building with automated tools or CI systems. The earlier provided ./configure parameter change works just as well without manual changes to the

Re: [squid-users] New line in logformat

On 5/09/21 9:39 pm, Moti Berger wrote: Is there a performance hit by using a logformat per metric? Let's say I need 5-10 metrics. There will be some of course. But I expect it to be trivial compared to the rest of the transaction processing. Amos

Re: [squid-users] Fwd: Getting a squid clients list

nd sadly installing it is not possible either. Without going into the details too much, its a machine with a legacy environment where yum and some other tools are broken and people who knew about the configs are long gone. On Monday, August 30, 2021, 01:29:47 PM GMT+3, Amos Jeff

Re: [squid-users] New line in logformat

On 3/09/21 12:07 am, Moti Berger wrote: Hi I want to send metrics to statsd, so I tried doing the following: logformat metrics_statsd my_service_latency:%{my_service}adapt::sum_trs|ms\nicap_total:%icap::tt|ms access_log tcp://1.2.3.4:8125

Re: [squid-users] Transparent proxy http 3xx status issues

On 2/09/21 10:43 pm, Ben Goz wrote: By the help of God. I configured squid to be transparent proxy with ssl bump I saw that when the users trying to access next.co.il or pinterest.com They observed squid errors sometimes it's connection refused sometimes connection timed out But when I bypass

Re: [squid-users] Getting a squid clients list

On 30/08/21 10:18 pm, U Zee wrote: Thanks Amos. I don't think the clientdb features you mentioned are enabled, I'm getting a command not found. Also I don't see anything configured for logging in squid.conf (I don't know if there is any other place for it) bash-3.00# ps -ef|grep squid root   

Re: [squid-users] Hi, i need some help about squid for windows

On 30/08/21 9:31 pm, Momir Milekic wrote: We finally uninstall squid for windows 2.7 and install 4.14.. we have no time to reedit squid.conf and i tried just to overwrite 4.14 squid.conf with 2.7  (it worked with those settings. It had minor bugs, mentioned in my first message here but it

Re: [squid-users] Getting a squid clients list

On 30/08/21 6:35 pm, U Zee wrote: I've inherited an old machine running squid 2.6 and planning to refresh it. There are many clients in our environment and I'd like to put together a list of those so that they can be updated if the IP/hostname changes. Looking at the docs, I see cache.log and

Re: [squid-users] Setting Squid to work with a remote DB?

On 30/08/21 1:25 am, roee klinger wrote: Thanks, I know, I have already set that up, I am asking about the possibility of not using replication, and just setting up high ttl times for credentials, to simplify things. You told us you had a requirement to set TTL at 15sec. What you have been

Re: [squid-users] Hi, i need some help about squid for windows

On 28/08/21 12:12 pm, Momir Milekic wrote: Hi, Until recently I used squid proxy 2.72 32bit on windows xp machine. We finally switched to 64-bit windows10. I copied the old squid proxy to windows10 with saved settings (just for test, we were short with time for new install). It basically

Re: [squid-users] Squid v4.45

FYI, there is no such version as Squid 4.45. What is the output when you run "squid -v" ? On 19/08/21 4:12 am, Periko Support wrote: Hello guys. I have been searching the issue I have with windows 10 and the ugly job he do to put the NIC "Internet access" and went we have squid behind "no

Re: [squid-users] Two questions about cache for squid authentication

On 17/08/21 6:25 pm, 易铭 wrote: Dear all, I have two questions about cache for squid authentication. 1. Can I skip authentication for a certain period of time after I've authenticated once? When I do the following, the authentication screen appears. Start browser -> access site after

Re: [squid-users] no ssl intercept - question how it works

On 12/08/21 4:06 am, robert k Wild wrote: Great thanks Amos as always So shall I leave this ssl bump lines in ssl_bump splice NoSSLIntercept ssl_bump peek DiscoverSNIHost ssl_bump bump all And delete this one acl step1 at_step SslBump1 ssl_bump peek step1 ssl_bump bump all As your right

Re: [squid-users] Log to statsd

On 11/08/21 8:51 pm, Moti Berger wrote: Hi Is there a way to configure Squid to output the logs to statsd rather than a file? Squid can send log lines to any TCP or UDP receiver which is able to handle line-oriented records. AFAIK statsd is one such agent. Today I have this:

Re: [squid-users] no ssl intercept - question how it works

On 11/08/21 4:56 am, robert k Wild wrote: hi all, before i continue, so sorry for the stupid question but trying to learn basically heres my squid.conf #NO SSL Interception acl DiscoverSNIHost at_step SslBump1 acl NoSSLIntercept ssl::server_name "/usr/local/squid/etc/nointerceptssl.txt"

Re: [squid-users] Compile SQUID 5.1 on Debian 10

On 4/08/21 10:55 pm, Loučanský Lukáš wrote: Hello, I was going to run ./configure and make all for a freshly downloaded Squid 5.1 on my current Squid 4.x rig, which  so far goes all right with Squid 4.x. The configure script went without errors, but make all stops on the missing tests

Re: [squid-users] host_verify_strict is not working as expected

On 2/08/21 6:12 pm, Sachin Gupta wrote: Hi All I am using squid version 4.9. I did set host_verify_strict to on. As per documentation in link http://www.squid-cache.org/Doc/config/host_verify_strict The request should fail if host

[squid-users] [squid-announce] Squid 4.16 is available

/ or the mirrors. For a list of mirror sites see http://www.squid-cache.org/Download/http-mirrors.html http://www.squid-cache.org/Download/mirrors.html If you encounter any issues with this release please file a bug report. http://bugs.squid-cache.org/ Amos Jeffries

Re: [squid-users] Ubuntu 20.04 "apt update" issues behind a VPN and Squid proxy

On 16/07/21 4:38 pm, David Mills wrote: Hi Amos, sorry for the big delay here - I've had lots of other things to attend to. It turned on the logging you suggested. For a failed "apt update" attempt on the client I get the following attached access.log and cache.log. Are any of the lines

Re: [squid-users] Ubuntu 20.04 "apt update" issues behind a VPN and Squid proxy

On 8/07/21 5:17 pm, David Mills wrote: Hi Amos, You said The traffic from Squid to the AArnet server is apparently using IPv6. Is that routing setup properly too? The output of "ip address" shows both IPv4 and IPv6. What led you to make the above conclusion? The server IP

Re: [squid-users] Ubuntu 20.04 "apt update" issues behind a VPN and Squid proxy

On 8/07/21 11:44 am, David Mills wrote: Hi Eliezer, We have: /etc/apt/apt.conf: Acquire::http::proxy "http://vpn-proxy-d68aca8a8f7f81d6.elb.ap-southeast-2.amazonaws.com:3128/ "; Acquire::https::proxy

Re: [squid-users] UDP support for squid

On 6/07/21 8:43 pm, robert k Wild wrote: Thanks Amos much appreciated Is there a way of enabling socks udp at all or is this just not the case at all with squid Not until Squid is changed to support HTTP over UDP. That is coming with HTTP/3 but nowhere near an ETA on when it will be

Re: [squid-users] How to use request headers in external_acl_type

On 1/07/21 5:17 am, Yosi Greenfield wrote: Amos, As always, thank you for your dedication answering all our questions. Ok, turns out, as you noted, the browser is sending the correct request headers. However, on https requests the external acl program is not getting the custom header we're

Re: [squid-users] TPROXY Error

On 5/07/21 11:31 pm, Ben Goz wrote: By the help of God. Someone have an idea what's wrong with my configuration? The config you have shown does not contain any visible issues. The feature page has information minimum kernel and library requirements for TPROXY to work reasonably well. There

Re: [squid-users] UDP support for squid

On 23/06/21 9:06 pm, robert k Wild wrote: hi all, after reading this guide, is this for enabling squid for SOCKSv5 ie UDP - Well, yes and no. That is the guide for enabling SOCKS support. But for SOCKS/TCP connections, not UDP. https://wiki.squid-cache.org/Features/Socks export

Re: [squid-users] Passing Proxy Protocol Headers to external ACL

On 20/06/21 6:55 pm, Frida Safran wrote: As far as I understand the ecap service should be called for each step: * In step1 there is no SNI, and X-PMeta-Splice should be set in the ecap to 'no'. * In step2 there should be an SNI, and X-PMeta-Splice should be set to 'yes', and the

Re: [squid-users] cacheProtoClientHttpRequests OID

On 22/06/21 12:18 am, Moti Berger wrote: Hi, If I have the cache disabled: cache deny all Can we be sure the OID cacheProtoClientHttpRequests really counts the HTTP requests received by Squid (v4.15)? The caching feature has nothing to do with that OID. So yes you SHOULD despite

Re: [squid-users] Data not being cached

On 21/06/21 6:41 am, Darwin O'Connor wrote: I run a transit prediction web app . It connects to a variety of web APIs to collect the real time transit data it needs. The app's activities are split among many processes. They currently uses libcurl to connect to squid

Re: [squid-users] Usage of --enable-gnuregex on FreeBSD?

On 13/06/21 12:37 am, Olivier W wrote: Hello, I use Squid on FreeBSD. In the past, with Squid 3.5.x and FreeBSD 11.x, I was able to use PCRE regexp without any problems. Now, on FreeBSD 13.0 and Squid 4.14, PCRE regexp don't work out of the box: I have to compile Squid with the option

Re: [squid-users] custom DNS resolver scripts? (was: Re: Is it possible to force some dstdomain to ipv4) protocol without define an outgoing ip address ?

On 10/06/21 11:42 am, Alex Rousskov wrote: On 6/9/21 6:16 PM, Ambrose Li wrote: On Wed, Jun 09, 2021 at 12:05:40PM -0400, Alex Rousskov wrote: Not that I know of. You can implement this logic inside a custom DNS resolver script, or you can reconfigure Squid whenever your outgoing addresses

Re: [squid-users] changing squid explicit mode to transparent mode

On 27/05/21 8:43 pm, simon ben wrote: Dear All, I have the below setup running perfectly for a couple of years Centos 8 X64 squid-4.11-3 configured in explicit mode so all client machines have the proxy IP configured in their browser Recently we have got a security cloud solution which

Re: [squid-users] How to forward squid access.log to a remote server

On 28/05/21 9:28 am, Ambrose Li wrote: On Thu, May 27, 2021 at 07:14:51PM +, simon ben wrote: I have the below working perfectly Centos 8 X64squid-4.11-3 I need to forward the squid access.log to a remote Log ServerAppreciate if some can help and advise. I'm not on squid4, but I believe

Re: [squid-users] Caching configuration for Squid on Windows

On 22/05/21 2:06 am, Odhiambo Washington wrote: Hello everyone, I installed this on my Windows 10 but gave up when I could not make it to cache anything. Squid by default uses a memory based cache these days. Unless your traffic is non-cacheable you should be seeing some things stored

[squid-users] [squid-announce] [ADVISORY] SQUID-2020:11 HTTP Request Smuggling

(though anyone can post) and security related bug reports are treated in confidence until the impact has been established. __ Credits: This vulnerability was discovered by Jianjun C

Re: [squid-users] Squid 5.0.4 crash

On 4/04/21 11:44 pm, Moti Berger wrote: Hi I noticed Squid sporadically crashes with the following error (taken from cache.log): 2021/04/01 21:58:03| FATAL: check failed: !request->pinnedConnection()     exception location: FwdState.cc(1055) connectStart  

Re: [squid-users] Bind user ext_file_userip_acl problem

On 4/04/21 10:21 pm, Andy Frad wrote: Hello, I'm currently running squid 4.6 trying to bind users to particular outgoing ips but it is not working. In my config: external_acl_type userip %MYADDR %LOGIN /usr/lib/squid/ext_file_userip_acl -f /etc/squid/userip.conf %MYADDR is Squid's IP

Re: [squid-users] compile squid with tumbleweed

On 4/04/21 5:09 pm, Majed Zouhairy wrote: the error is: Прокси-сервер отказывается принимать соединения translation: the proxy-server is refusing to accept connections.. That seems like the meaningless text modern Browsers like replacing real error with. Can you check the Squid logs to

Re: [squid-users] compile squid with tumbleweed

On 3/04/21 4:13 pm, Majed Zouhairy wrote: hmm, thank you both.. i regenerated new certificates using Eliazer's method and now squid restarted but it is refusing connections.. What is the error happening now? i normally configure port 8080 as the proxy port in the browser, and i am thinking

Re: [squid-users] compile squid with tumbleweed

On 1/04/21 11:41 pm, Majed Zouhairy wrote: to enable ssl bumping. specifically those commands: /usr/share/ssl/misc/CA.pl -newca /usr/share/ssl/misc/CA.pl -newreq /usr/share/ssl/misc/CA.pl -sign openssl x509 -in newcert.pem -outform DER -out squidTrusted.der sudo squid -z asks for

Re: [squid-users] icap adaptation chains with adaptation sets

On 1/04/21 3:02 am, Klaus Brandl wrote: Hi, is there a way to use more adaptation sets(for redundancy) combined in an adaptation chain? What we need is something like this: Have you tried configuring something like exactly what you posted? Amos

Re: [squid-users] Linking Squid Logs

On 1/04/21 6:59 am, Garbacik, Joe wrote: In my squid.conf, I have the following logformat which passes all the data from the client via the load balancer to the squid server as headers: ... This creates the two logs at the end of this message, What I am wondering is: 1. Why aren't all

Re: [squid-users] kswapd0 and memory usage

On 30/03/21 4:00 am, Vieri wrote: If this were to happen again (not sure when or if) what should I try to search for? Output of the "squidclient mgr:mem", "top" and "ps waux" commands would be good. Those will show how Squid is using the memory it has, what processes are using the most

Re: [squid-users] HTTPS caching is not working in squid with ssl-bump enabled

On 24/03/21 11:11 pm, Vignesh Ramessh wrote: Hi Alex, We have just started to integrate squid proxy in our project, thanks for your reply and support. Previously we were seeing TCP_TUNNEL for https://www.google.com . Now, we are able to see the TCP_MISS transactions

Re: [squid-users] Protecting squid

On 18/03/21 2:54 am, Ben Goz wrote: Hi Amos, Sounds interesting. Maybe I should modify the external_acl_type to talk with internal API inside my system. You do not need to modify any Squid code. You provide a helper process to translate between Squid APIs and some internal system API. see

Re: [squid-users] Protecting squid

On 15/03/21 2:26 am, Ben Goz wrote: Can I configure squid authentication TTL per only source IP and ignores other parameters so authentication will be requested only once in TTL for all the sessions? Not with just authentication. You will need to use a slightly more complicated system

Re: [squid-users] Protecting squid

On 12/03/21 3:56 am, Ben Goz wrote: On 11/03/2021 16:44, Amos Jeffries wrote: On 12/03/21 3:37 am, Ben Goz wrote: On 11/03/2021 15:50, Antony Stone wrote: On Thursday 11 March 2021 at 14:41:11, Ben Goz wrote: Tell about your network setup and what you are trying to achieve - we might

Re: [squid-users] Protecting squid

On 12/03/21 3:37 am, Ben Goz wrote: On 11/03/2021 15:50, Antony Stone wrote: On Thursday 11 March 2021 at 14:41:11, Ben Goz wrote: Tell about your network setup and what you are trying to achieve - we might be able to suggest solutions. End users machine using some client application

Re: [squid-users] a specific host generates a 503 ...

On 12/03/21 1:14 am, Eliezer Croitoru wrote: Hey Walter, It's sitting behind: DDoS protection by Cloudflare So it makes sense that you would not be able to download it using wget. The only option probably is using a web browser. I would suggest contacting clamav.net web/system admins to verify

Re: [squid-users] websocket with sslbump

On 10/03/21 8:41 pm, Niels Hofmans wrote: Hi Alex, Thank you for your response. I’ll be opening up a Bugzilla ticket for opaque messages through ICAP if it doesn’t exist already. Related to the squid 5.x, I’ve reached out to the debian package maintainer last week for a binary install in the

Re: [squid-users] How to completely blacklist a domain + subdomains, including HTTPS?

On 11/03/21 1:28 am, roee klinger wrote: Thanks, Amos. I tried implementing the configuration you suggested but I am getting an error message: FATAL: Invalid ACL type 'ssl::server_name' FATAL: Bungled /etc/squid/squid.conf line 36: acl server_blacklist ssl::server_name

Re: [squid-users] Squid Logs - TAG_NONE/503 errors

On 11/03/21 11:33 pm, Arjun K wrote: Hi Alex/Team The end user are receiving an error in the browser stating : "The site can't be reached"and " took long time to respond ". So can you assist me to include the custom log format which will provide further details. [Thu Mar 11 11:02:15

Re: [squid-users] How to completely blacklist a domain + subdomains, including HTTPS?

On 10/03/21 12:57 am, roee klinger wrote: Hey, I have found a lot of outdated or conflicting information about this online, and since this is a really important matter, I wanted to make sure I am doing this correctly. I am attempting to block some websites completely, including all HTTPS

Re: [squid-users] squid ssl-bump with icap returns 503

On 5/03/21 1:39 am, Niels Hofmans wrote: Hi Amos, Thank you for getting back to me. So if ssl-bump is required on the http(s)_port directive, I end up at: https_port simply means TLS is the transport protocol. The transport is terminated at the proxy. There are many permutations of what is

<    1   2   3   4   5   6   7   8   9   10   >