-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/30/2014 05:11 AM, Victor Sudakov wrote:
Can you share the basic cache manager requests statistics and the
up time for the service? (mgr:info)
This would give us a basic idea of the load\requests needed to
reproduce it.
I am not Steve
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey Alejandro,
Can I ask where in the site have you taken this code from?
Using php as a helper is not such a good choice due to couple issues
it has with squid stdin\stdout emulation.
You'd better use perl\python\ruby\other then php unless you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Indeed using SSL-BUMP it's possible but(a bit but)..
It will not be able to handle non http\https traffic just like that.
It will require more then just squid setup and it might be a better
idea to find a better solution for you rather then using
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/30/2014 08:30 PM, Leonardo Rodrigues wrote:
Other protocols, SMTP, IMAP, POP3, etc etc etc, cannot be handled
by squid.
They cannot be interpreted but can be handled with a none rule for
ssl bump.
Eliezer
-BEGIN PGP SIGNATURE-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/08/2014 06:29 AM, Victor Sudakov wrote:
Markus,
I could find the said script neither in the source nor in the
binary package. However I think I can guess what could be inside.
Could you look below if that makes sense?
Or you can just look
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/22/2014 12:38 PM, Yassin CHOUCHANE wrote:
i have added on my squid.conf this ACL :
acl NoCachedSites dstdomain srv-java.e.t acl our_servers src
2.10.3.1
i have added the ip of server and the dstdomain, but squid continue
to block
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey,
What is the network load? how many users?
Have you been using workers at all in the past?
Can you see the avg requests per second on the cache manager page?
Eliezer
On 10/22/2014 09:02 AM, Eugene M. Zheganin wrote:
Hi.
I was using the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/23/2014 02:40 AM, Amos Jeffries wrote:
If you are seeing this old content constantly or round-robin style
between page loads you can use west.squid-cache.org temporarily in
the URLs instead of www.
Amos
It's the same issue for me:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/05/2014 11:56 AM, Odhiambo Washington wrote:
Hi Eliezer,
That link should be fine, although my system is actually PC-BSD.
The version is the same though an old version. My exact version
is:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Two things,
- - What cisco device? what IOS?
- - What docs in cisco have you tried to use?
Eliezer
On 11/08/2014 10:18 PM, Ahmed Allzaeem wrote:
Hi ,
Im trying to implemnte wccp/tproxy between squid cisco
I have :
wccp2HandleUdp: fatal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Can you send all ssl_bump related settings?
There are some missing parts in the settings.
If there is a bug\error the full details are needed to analyze the
subject.
I need:
- - OS details
- - machine details
- - network topology
- - cache logs
- -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey,
Your configuration seems to not include any iptables and other
relevant details.
What is this machine details?
Eliezer
On 11/11/2014 04:20 PM, Job wrote:
Hello,
i initialize correctly SSL Bump with Squid 3.4.4, following some
guides. In
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey Frank,
To understand the issue better I am missing couple things.
I filtered the squid.conf (which is a basic thing to do) and the
content can be seen here:
http://www1.ngtech.co.il/paste/1216/
It seems like you do not understand what and how.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/18/2014 12:09 AM, Eliezer Croitoru wrote:
HTML version at: http://www1.ngtech.co.il/repo/release-3.4.9.html I
am happy to release the new RPMs of squid 3.4.9 and 3.5.0.2 beta
for Centos 6.6 64bit.
All The Bests, Eliezer Croitoru
Addition
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I do know that pac files contains some form of JS and in the past I
have seen couple complex PAC files but unsure about the options.
I want to know if a PAC file can be used for
Authentication\Authorization, maybe even working against another
external
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/24/2014 03:24 PM, Kinkie wrote:
But what if multiple users share the same IP (e.g. Citrix, X11)?
This is another situation which requires authentication...
Two users can use the same pac files and be authorized as another
user(a regular forward
research about it.
All The Bests,
Eliezer Croitoru
On 11/24/2014 10:42 PM, James Harper wrote:
Seems like the sort of thing you could test with a minimum of
effort...
James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQEcBAEBAgAGBQJUc7NcAAoJENxnfXtQ8ZQUb0AH/j1b5RjHNRDVWrLyaItl0Xh0
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/24/2014 10:06 PM, Jason Haar wrote:
I think you are confusing proxy authentication with WPAD/PAC files.
WPAD knows nothing about proxy authentication: browsers do
ie you use WPAD to tell browsers where/if they need to use a proxy
and under
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey Glenn,
I noticed that in the mean while you have upgraded the system to
latest 3.4.9 stable.
As Amos mentioned there are couple options about the tunneling issues.
I am unsure about the issue since in my environment squid seems to not
have any
for the public list.
Eliezer Croitoru
On 12/08/2014 01:30 PM, Stakres wrote:
Hi All,
New build 2.05
https://sourceforge.net/projects/squidvideosbooster
- New option -g to enable the Global Generic Patterns acting
with not-yet identified websites. This option will do its best to
de-duplicate all
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The answer to your question can be answered by ldd
##START
$ ldd ut-squidbooster
linux-vdso.so.1 = (0x7fffc5e0)
libdl.so.2 = /lib/x86_64-linux-gnu/libdl.so.2 (0x7f176d3f)
libm.so.6 =
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey Glen,
Since openssls_client is showing you this error I assume squid
received the same response.
We do need to verify why the connection is being hangs.
For now it seems like not 100% squid related issue.
Eliezer
On 12/09/2014 01:57 AM,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/10/2014 09:25 PM, HaxNobody wrote:
The proxy runs on Linux (Ubuntu, I believe), and I'm doing my
testing from multiple browsers on Windows 8.1. I have been unable
to find a way to use openssl s_client via a proxy, although I was
able to run
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
If you have access to the apache server it's very simple to remove the
headers.
I do have a question about the docs:
http://www.squid-cache.org/Versions/v3/3.4/cfgman/reply_header_access.html
Will the reply_header_access will affect the stored cache
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
If you have access to the apache server it's very simple to remove the
headers.
I do have a question about the docs:
http://www.squid-cache.org/Versions/v3/3.4/cfgman/reply_header_access.html
Will the reply_header_access will affect the stored cache
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/11/2014 05:41 PM, Siva Prakash wrote:
Squid configuration - For authentication, it is integrated with AD
and lots of ACLs(1000) to block sites.
Hey,
The acls should not be too much of an effect unless they are binded to
an external helper.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey Derek,
To verify that these boxes has the same settings I would start running
the basic_data.sh script at:
http://www1.ngtech.co.il/squid/basic_data.sh
This script will might find the culprit with the issue pretty fast.
I assume you have used
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/23/2014 12:26 AM, Derek Cole wrote:
Hello,
Yes it is true I am using the RPM repository to do the install. I
have downloaded your script and I will see if I can find any
differences that may be the culprit. In the meantime I thought I
may
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/23/2014 12:49 AM, Derek Cole wrote:
Ok - thanks for saving me from chasing that issue down.
I am not currently using selinux:
Then make sure that selinux is on not on enforced mode and if so the
issue might be because of a missing directory
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OK Amos gave you a suggestion which will cover everything but from
reading the squid.conf I would first try to understand:
What do you want squid to do for you?
You need to remove the all acl line and change the http_port from
what it is to the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey Alex,
I am not sure what you mean by your question.
I am using latest 6.6 as a build node and am trying to use the most
up-to-date CentOS version and libs.
Downsides? If someone has a 6.5 or older 6 branch system without
enough updates to work
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/24/2014 02:42 AM, HackXBack wrote:
so now we have 2 bug 1st one : when upgrading from 3.4.x to 3.5.0.4
squid crash and always restart automatically 2nd one : browsing on
https slow = packet dropped and stop loading until refresh in 3.4.x
and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/24/2014 01:52 PM, HackXBack wrote:
the problem is not from my squid.conf because i try minimal
squid.conf with https and the same problems
Hey,
A minimal squid and https interception or bumping doesn't stand in the
same place.
A minimal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/26/2014 02:22 PM, HackXBack wrote:
Hello squid , after using 3.5.0.4 on fresh debian system i see many
errors in cache.log
Hey There,
(leaving aside these errors)
As a part of a cache proxy integration I am generally recommending to
do it in
Hey Omid,
I do not have benchmarks.
I was actually in the past looking at GlusterFS and NFS for couple purposes.
The Gigabit and 10Gb have their difference.
The main big thing is that a simple SATA\SAS jack\connector\port
supports up to 6Gb and in most cases the machine will not utilize even
Hey Steve,
On what OS are you running squid? is it self compiled one?
Eliezer
On 02/02/2015 14:09, Steve Hill wrote:
I'm pretty sure this is incorrect - I'm running Squid 3.4 without
ssl_crtd, configured to bump server-first. The cert= parameter to the
http_port line points at a CA
Hey Stefano,
Can you get some access.log output from the time the issue appears\happens?
Eliezer
On 06/02/2015 15:01, Stefano Ansaloni wrote:
Tested with icap disabled: the issue still there.
___
squid-users mailing list
Hey Rich,
I am yet unsure about the issue you are having and even if squid 3.3.8
is not the latest most of these sites should work fine for you throw squid.
I believe that this is the place where we can take a look at the squid
access.log output while surfing to understand the issue better.
If
Hey Omid,
Before buying any NAS or SAN solution you will need to take in account
couple things.
Squid has an in memory objects index which requires ram and reduces the
amount of in memory objects you can store.
You will need to first verify that your current machine memory usage can
allow you
Hey Anton,
If you use https_port with ssl certificate it will be for one of two
options:
- interception of ssl traffic
- reverse proxy with ssl
For both cases the connection between the server and the client in the
end will be encrypted while non of them is in a forward proxy mode and
there
On 03/02/2015 17:14, Anton Radkevich wrote:
so just to be clear the connection flow will look like:
browser Encrypted Tunnel Server HTTP or HTTPS connection Destination
where Encrypted Tunnel is probably some form of HTTPS connection for
support with the browser PAC
Hey Anton,
Squid do not
On 21/01/2015 11:21, Steve Hill wrote:
but not using ssl_crtd
What are using if not ssl_crtd?
Eliezer
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Hey Christopher,
The email looks a bit messy and so I and I assume others couldn't
understand it.
You can paste the config file content at:
http://pastie.org/
And please first describe the issue and later add more technical data
such as config and dumps.
All The Bests,
Eliezer
On
On 19/01/2015 15:56, HackXBack wrote:
after upgrading to 3.5.1 i have bug
BUG 3279: HTTP reply without Date
how to solve it ??
To make sure I understand the issue:
Is it crashing squid? or just shows a warning in the logs?
Thanks,
Eliezer
___
On 20/01/2015 21:39, Odhiambo Washington wrote:
I know this. I was just mentioning. I think I believe Yuri that IPFilter
isn't in FreeBSD.
I think I am going to have to suck it in, because I am happy with it in
many servers, working nicely with Squid.
Hey,
From the FreeBSD handbook a list of
Hey Anna,
Thanks for the links and the detailed comments and thoughts.
In most cases I am not a friend of countering others if not really needed.
I have yet to implement VARNISH or ATS in production and the blame for
this is strictly on me since I am a bit spoiled and a learning curve is
not
Hey Yuri,
I would try first ps -aux just to find out if this is the right way to
use ps in solaris.
If it works show me the details first and we will see what to do next.
Eliezer
On 16/02/2015 18:37, Yuri Voinov wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yes.
root @ cthulhu /
On 16/02/2015 17:27, Yuri Voinov wrote:
root @ cthulhu / # top -n 1 -b
last pid: 43244; load avg: 0.06, 0.07, 0.07; up 7+22:16:44
21:27:15
62 processes: 61 sleeping, 1 on cpu
CPU states: 99.3% idle, 0.5% user, 0.2% kernel, 0.0% iowait, 0.0% swap
Kernel: 510 ctxsw, 4 trap, 754 intr,
On 16/02/2015 21:10, Yuri Voinov wrote:
root @ cthulhu / # ps -e
Yuri,
Can you find the right ps command that will include user and memory
usage by each process?
Thanks,
Eliezer
___
squid-users mailing list
squid-users@lists.squid-cache.org
Hey Yuri,
I looked eventually at Solaris 11 man pages at:
http://docs.oracle.com/cd/E26502_01/html/E29030/ps-1.html#scrolltoc
Just to be sure the next command would run:
ps -e
There is no subject to the discussion yet since the issue is yet to be
defined as an issue.
You mentioned Android
Hey Yuri,
You missed the whole point.
I didn't wanted you to grep any output.
I wanted to see the whole server process list as a whole to understand
the issue you see.
If you see the server only with grep you might missing something since I
have yet to see your server do any swap what so ever
Hey,
Squid and any other HTTP proxy cannot support basic authentication when
it is being used as an intercept proxy.
The only options to do such a thing is to use some kind of a captive
portal or an external network system which will identify the user
directly in a webserver or another way
Hey Yuri,
There are couple sides and side-effects to the issue you describe.
If it's OK with you I will for a sec look aside squid and the helpers
code to another issue in Computer Science.
Let say we are running some server\software which it's purpose is to
calculate the distance from point
Hey Yuri,
OK I have seen something...
Now we might need also the virtual memory which might be vsz.
And the cachemgr output is not from squidview..
The last image I have seen from cachemgr was much helpful(with 10 helpers).
From what I have seen until now squidGuard uses about 13 MB of ram
On 16/02/2015 15:23, Yuri Voinov wrote:
http://i58.tinypic.com/rsqwxh.png
0 shutting down. Always.
During nights and weekends.
Are you talking about these 10? I am unsure I understand the issue
yet..(I need to understand a bit more), is this the situation which
stays forever?
Eliezer
Hey,
There are couple things to consider while using multiple IPs for the
same network\user.
It is possible to do what you want in the OS level and in a way using squid.
You should consider first what is the exact effect you want\need and if
it can meet reality in usability level.
It is not
Hey Dan,
The basic rule of thumb in programming lands is script vs compiled code.
Where compiled code can be considered very reliable and in most cases
tested much more then scripts.
I am fearing that there is some race between all sorts of things on
runtime which might lead to this failed
the
result twice to alter the EXT_LOG and then have the result cached against the
altered EXT_LOG.
Cheers
Dan
On 11 Feb 2015, at 11:09 pm, Eliezer Croitoru elie...@ngtech.co.il wrote:
Hey Dan,
First I must admit that this squid.conf is quite complicated but kind of self
explanatory.
I have
On 19/02/2015 11:49, Odhiambo Washington wrote:
I have been hoping that 3.5.2 would possibly help address my problems with
ACLs, but alas!
Sorry for hijacking the thread but the wiki freebsd buildfarm node
install page:
http://wiki.squid-cache.org/BuildFarm/FreeBsdInstall
Doesn't include
Hey,
There are couple ways to look at authentication and some would sometimes
trade authorization to authentication and vise versa.
In some environments there is a mix of both terms which is required to
build a logical service unit.
I do not have all my archives but I remember that someone
Hey Daniel,
If it was not mentioned anywhere else then this thread is the place:
CentOS 7 packages are in the Testing phase and will might not be stable
enough for production.
If you may look at the RPMs my packaging of squid is a bit different
then the mainstream.
One of the main differences
Hey Dan,
Just to get around the environment, can you share your
squid.conf?(censuring confidential data)
Thanks,
Eliezer
On 02/02/2015 01:14, Dan Charlesworth wrote:
Bumping this one for the new year 'cause I still don't understand squid
traces and because it's still happening with v3.4.11.
Hey Raju,
For how many users?
Eliezer
On 02/02/2015 06:27, Raju M K wrote:
Need squid Authentication syntax for local users in Windows 7/8 workgroup
Presently using squid 2.7 stable 8
-- Regards, M K Raju.
___
squid-users mailing list
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/05/2015 05:18 PM, Yuri Voinov wrote:
We haven't filtering non_HTTP over port-443. Just recognize and
pass.
So let's separate security which is one of the goals of squid and
which some like and other don't.
For now squid 3.4 is stable and 3.5
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey Steve,
Can you share the squid -v output and the OS you are using?
Eliezer
On 01/05/2015 06:29 PM, Steve Hill wrote:
On 10.12.14 17:09, Amos Jeffries wrote:
I'm looking for advice on figuring out what is causing
intermittent high CPU
Can you try to use openssl s_client?
an exapmple:
openssl s_client -connect facebook.com:443
Eliezer
On 12/01/2015 11:41, HackXBack wrote:
hello,
according to this chapter
http://wiki.squid-cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate
i bought signed certificate
but no one
Are you using the command with facebook.com???
You should use your own server...
Eliezer
On 12/01/2015 13:02, HackXBack wrote:
openssl s_client -connect facebook.com:443 -CApath /var/squid/ssl_db/certs
CONNECTED(0003)
depth=2 C = US, O = DigiCert Inc, OU =www.digicert.com, CN = DigiCert
Just to make sure I understand it right.
The certificate is for a reverse proxy?
Eliezer
On 12/01/2015 11:41, HackXBack wrote:
hello,
according to this chapter
http://wiki.squid-cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate
i bought signed certificate
but no one accept rsa:1024
Hey,
This is not a reverse proxy...
It's a ssl-bump server and which you cannot use any bought certificate
for it.
Eliezer
On 12/01/2015 13:20, HackXBack wrote:
https_port 3127 intercept ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/CA.pem
Hey hack,
From the comments in the past I am unsure what you are after...
If you are using ssl-bump you should first learn about how ssl works and
about the differences between encrypted traffic to verification of a
public key.
I must admit that these topic are not marked as an easy one.
Hey,
Did you had the chance to see this page:
http://findproxyforurl.com/example-pac-file/
Eliezer
On 13/01/2015 06:22, Simon Dcunha wrote:
Dear Sarfraz,
appreciate your immediate reply
Heres attached is my pac file
i am accessing the 10.101.101.10 server
regards
simon
Hey,
Since you provided the pac file I had the chance to convert it into a
more suitable format to my flavor.
Can you try the wpad file at:
http://www1.ngtech.co.il/tests/wpad.dat
Eliezer
On 13/01/2015 06:22, Simon Dcunha wrote:
Dear Sarfraz,
appreciate your immediate reply
Heres attached
On 11/02/2015 12:17, Yuri Voinov wrote:
Fred, this is no matter. Millions of files can remove with one piped
command:
*find . |xargs rm
:)
*
And it should be used wisely!
Any recommendation to run rm should take in account that the rm can in a
way wipe out files which you might not
On 05/02/2015 11:17, FredB wrote:
Squid Cache: Version 3.5.1-20150201-r13744
Service Name: squid
configure options: '--build=x86_64-linux-gnu' '--prefix=/'
'--includedir=${prefix}/include' '--mandir=${prefix}/share/man'
'--infodir=${prefix}/share/info' '--sysconfdir=/etc'
Hey Dan,
First I must admit that this squid.conf is quite complicated but kind of
self explanatory.
I have tried to understand the next lines:
# File size (download) restrictions
acl response_size_100 external response_size_type 100 192.168.0.10
http_access allow response_size_100
On 08/02/2015 01:32, Alfredo Rezinovsky wrote:
Specially in servers with 6 workers and 6 cache discs (Each worker has a
cache_dir in each disc for IO balancing)
What cache_dir settings are you using there?
Eliezer
___
squid-users mailing list
On 15/02/2015 23:36, Alan Palmer wrote:
I'm trying to get squid 3.4.11 on openbsd 5.6 to act as a transparent
ssl proxy.
I've rebuilt squid with --enable-ssl-crtd, generated my own self signed
cert (ala http://www.akadia.com/services/ssh_test_certificate.html) and
have the following config
Is it happening on all websites? or a specific one?
I am using 3.4.11 for most of my daily uses now.
In order to reproduce it I will need the OS and version, and if I assume
it is a self compiled so the squid -v details.
Eliezer
On 04/02/2015 12:22, FredB wrote:
I have some issue with
Hey Steve,
First of all thanks for all the notes.
You made it possible to look at the bug before I understood how to
reproduce it.
I would like for the record to make sure we can reproduce it just for
the tests list that I will add later to newer releases.
Can you give me the details about
Hey (Is it Jerome? or Vernet?),
Is there a chance you can test it with a newer version of squid?
What OS are you using?
Can you share your squid.conf?
Eliezer
On 06/01/2015 14:38, Vernet Jerome wrote:
Hi,
Since yesterday, my Squid cache.log grow very fast, about 250Mb per hour. Lot
of
it as the source.
If you can add the new details about the issue in the bug report it
will help a lot.
Eliezer
On 01/05/2015 07:48 PM, Steve Hill wrote:
On 05.01.15 16:35, Eliezer Croitoru wrote:
Can you share the squid -v output and the OS you are using?
Scientific Linux 6.6, see below for the squid -v
but... a NFQUEUE helper that can verify if to
FORWARD or BUMP the connection would be a better suited solution to my
opinion.
All The Bests,
Eliezer Croitoru
On 01/05/2015 03:07 AM, Douglas Davenport wrote:
Seems to me it would be more useful as an external ACL so that a
decision could be made based
Hey Samuel,
Not related to your post at squid-cache, I have tried to access your
site from my testing grounds and I do not seem to be able to access it.
Not even an ICMP echo ping.
It is maybe something in the route between my client to your server but
I was wondering if I should contact my
Hey Dan and John,
If indeed this bug is only for UFS\AUFS cache_dir then I would try to
make sure that large-rock will not sustain the same issue.
I have not seen in any of the bug reports anything that would reproduce
the issue.
To make sure the issue is understood and can or cannot be
Alberto,
What are the details of the machine?
Can you run the next script on the machine?
http://ngtech.co.il/squid/basic_data.sh
Eliezer
On 20/03/2015 05:37, Alberto Perez wrote:
Another one here not using SMP, and using aufs.
I stopped seen this issue frequently when I reduced my cache
infrastructure is designed and implemented and which I know
nobody planned to show me.
All The Bests,
Eliezer Croitoru
On 03/10/2013 13:26, Babelo Gmvsdm wrote:
Hi,
First of all Thx Amos for your enlightenment, even if I had to admit that it's
not yet
all clear for me, My knowledge of proxy is very light
Hey,
I was left in the dark and still unsure what the situation is??
Did you made it work fine?
Eliezer
On 11/03/2015 11:09, johnzeng wrote:
Hello Amos:
Ok, I see
Thanks again.
Have a good day with
On 13/03/2015 05:22, Daniel Greenwald wrote:
Ah that would be a clever way to implement pki authentication but i was
thinking of something more that browser natively support..
Hey Daniel,
What is the direction of what you are thinking about?
I do not know about a browser natively support
Hey Hack,
I wsa talking about radius server like free radius.
Which by the way dmasoftlab uses in their product\s.
Eliezer
On 12/03/2015 07:14, HackXBack wrote:
are you talking about radius server like free radius ?
or like dmasoftlab.com ?
___
Thanks Amos,
So NTLM has two steps authentication which means that there is a basic
negotiation over the http connection to the proxy which makes it less
secure then kerberos.
(speculating)
The main reason it's less secure then kerberos is that every part of the
password negotiation steps
wrong passwords should be considered a cracking trial?
If you have more ideas about the subject I would be happy to see them here.
Thanks In Advance,
Eliezer Croitoru
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org
and we are
here to help them and all the other humans that are on the plant in this
case that a mistake is happening.
Eliezer Croitoru
On 24/03/2015 23:46, Yuri Voinov wrote:
So far, this has not been done. You can be the first!;)
___
squid-users
Hey Eugene,
Since I do not have the full details about the issue and related areas I
cannot answer and I think later others will answer this better then me.
But as for the last question about squid being a DB.
Squid in a way is also a DB like any OS is a DB.
Due to the fact that squid is kind
confidential information)
All The Bests,
Eliezer Croitoru
On 28/02/2015 05:18, johnzeng wrote:
Hi all :
i meet a problem ,Squid cannot currently deal with such connections (
non-HTTP connections ) based 80 port , and We get some error ,
Unsupported Request Method and Protocol'' for https URLs
Hey Donny,
What OS are you using?
Eliezer
On 27/02/2015 06:41, Donny Vibianto wrote:
is there any change in 3.5.2 regarding basic ldap auth? i cant find ldap
helpder in my helper list.
Squid Cache: Version 3.5.2
Service Name: squid
configure options: '--enable-basic=LDAP'
Hey Fred,
It is unclear what doesn't work for you.
What would you expect to work and how it works or doesn't work from a
user perspective rather then an admin?
Is there any trouble from the user side about this issue?
Eliezer
On 04/03/2015 00:14, Stakres wrote:
Hi All,
Does someone know
Hey Yuri,
On 01/03/2015 20:17, Yuri Voinov wrote:
Normally you never use CONNECT method over HTTP ports. This is
prohibited by squid basic security requirements.
The above statement is true only if the proxy admin prohibit this.
A CONNECT method can be allowed and can be used for any purpose
Hey Alan,
I am unsure but is this SSL library headers files are compatible with
OpenSSL or it would require some existing OpenSSL APIs calls changes?
Eliezer
On 21/02/2015 17:00, Alan Palmer wrote:
[apalmer]:/data/src/squid-3.5.2# openssl version
LibreSSL 2.0
Alan Palmer
DO NOT SPAM
On 22/02/2015 02:47, maxt wrote:
Each tenant has a unique domain that has a trust relationship with our
management domain. They also have a unique IP address range so there is no
need for VLANS.
Hey Max,
You can use deny_info with a specific ip range or ip list and somehow
make acls that
On 22/02/2015 13:56, Amos Jeffries wrote:
The google page about forcing safesearch currently recommends hijacking
DNS. Which may also work for YouTube but its not clear.
I must mention also:
If only youtube is the issue, there is an idea to pre-identify these dns
requests and only ssl-bump
1 - 100 of 982 matches
Mail list logo
