On Thu, 2014-10-30 at 13:57 +1300, Amos Jeffries wrote:
On 30/10/2014 1:48 p.m., James Lay wrote:
Hey all,
I'm currently running Squid Cache: Version 3.HEAD-BZR. I was
wondering what the status was of this...if there have been later
releases with improvements. Thank you.
Peek
A weird questionI guess I need to find out exactly what I'm wanting
before going further with trying to get peek to work. So here's a small
example of what I currently have. From my .conf file:
acl broken_sites dst 23.192.0.0/11
http_access allow broken_sites
ssl_bump splice broken_sites
On Mon, 2014-11-03 at 17:22 +1300, Amos Jeffries wrote:
On 3/11/2014 11:12 a.m., James Lay wrote:
A weird questionI guess I need to find out exactly what I'm
wanting before going further with trying to get peek to work. So
here's a small example of what I currently have. From my .conf
On Wed, 2014-11-05 at 12:24 +0200, Christos Tsantilas wrote:
On 11/04/2014 02:26 PM, James Lay wrote:
Thanks a bunch Christos,
That list of IP's is things like apple.com, textnow.me, and windows
updates...IP's that simply don't bump well. My setup is a linux box
that's a router...one
Hey all,
Today I switched my setup from:
ssl_bump splice broken_sites
ssl_bump bump all
to
ssl_bump splice all
ssl_bump bump all
and this appears to be working (broken sites were ones that just would
not bump. Now in my squid logs I see:
Mar 14 05:45:50 gateway (squid-1): 192.168.1.110 - -
Hey all.
Topic says itI'm running squid-3.5.3-20150420-r13802 and wanted to
see if there's anything glaring that I'm missing/have misconfigured. My
setup is squid is running on a router, one nic external, one nic
internal. This is running as a transparent proxy with iptables doing a
On Thu, 2015-04-23 at 17:18 +0930, Michael Hendrie wrote:
On 23 Apr 2015, at 4:28 pm, Michael Hendrie mich...@hendrie.id.au
wrote:
On 23 Apr 2015, at 4:21 pm, Amos Jeffries squ...@treenet.co.nz
wrote:
On 23/04/2015 6:29 p.m., Michael Hendrie wrote:
Hi
All,
I'm looking for a command line app like wget or curl that I can use to
test TLS. I'm trying to find out how to send a get request without
sending the SNI. Any pointers would be appreciated. Thank you.
James
___
squid-users mailing list
On Sat, 2015-06-06 at 13:49 +1200, Amos Jeffries wrote:
On 6/06/2015 12:35 p.m., James Lay wrote:
All,
I'm looking for a command line app like wget or curl that I can use to
test TLS. I'm trying to find out how to send a get request without
sending the SNI. Any pointers would
On Tue, 2015-06-09 at 21:39 +0200, Klavs Klavsen wrote:
Amos Jeffries wrote on 2015-06-09 17:10:
[CUT]
You have to first configure ssl_bump in a way that lets Squid receive
the clientHello message (step1 - peek) AND the serverHello message
(step2 - peek). Then you can use those cert
it), it seems to simply
allow ALL https without doing any filtering whatsoever.
Thanks for the response.
-Tom Mowbray
_tmowbray@dalabs.com_
_703-829-6694_
On Wed, Jun 24, 2015 at 1:31 PM, James Lay j...@slave-tothe-box.net
wrote:
On 2015-06-24 09:41 AM, Tom
On 2015-06-24 09:41 AM, Tom Mowbray wrote:
Squid 3.5.5
I seem to have some confusion about how acl lists are processed in
squid.conf regarding the handling of SSL (HTTPS) traffic, attempting
to use ssl_bump directives with transparent proxy.
Based on available documentation, I believe my
On 2015-06-10 10:22 AM, Amos Jeffries wrote:
On 10/06/2015 4:46 p.m., dkandle wrote:
I would like to be able to inspect traffic from my android device. I
have a
transparent squid proxy working with SSL bump (using WiFi to get
traffic
through my proxy server). Everything works fine as long as I
Resending this with photobucket links instead of including images:
http://i290.photobucket.com/albums/ll269/DigiDemon/allowed.png
http://i290.photobucket.com/albums/ll269/DigiDemon/terminate.png
Hey All,
Sohere's what I have for filtering http and https in the same
instance. This is using
All,
From the docs at:
http://wiki.squid-cache.org/Features/SslPeekAndSplice
peek
step1, step2
Receive SNI and client
certificate (step1), or
server certificate
(step2) while preserving
the possibility of
splicing the connection.
Peeking at the server
certificate usually
precludes future
So I took the advice of those here to get explicit working first, so
here's my first attempt. My test environment is Ubuntu 15.04 Server as
the squid server with virtualbox running on it with Kali linux as the
client. Here's my Squid 3.5.4 configure line:
/configure --prefix=/opt
On 2015-05-29 08:57 AM, Nathan Hoad wrote:
Yes, I have it working on about a dozen deployments so far, using an
external ACL to make bumping decisions based on the SNI server name
and a few other things. No complaints from me, it Just Works.
On 29/05/2015 5:50 pm, sp_ ap...@yandex.ru wrote:
So this has been REALLY good! The tl;dr: ssl-bumping is pretty easy
even with intercept, ssl-bumping with access control is a little more
difficult...jump to the config to skip the chit chat.
My goal has always been to a content filter based on url regex. This
works just fine for http traffic,
On Mon, 2015-06-01 at 13:00 +1200, Amos Jeffries wrote:
On 1/06/2015 11:56 a.m., James Lay wrote:
So this has been REALLY good! The tl;dr: ssl-bumping is pretty easy
even with intercept, ssl-bumping with access control is a little more
difficult...jump to the config to skip the chit chat
)
else:
sys.stdout.write('%s ERR\n' % concurrency_id)
line = sys.stdin.read()
Hope that helps,
Nathan.
On 30 May 2015 at 01:14, James Lay j...@slave-tothe-box.net wrote:
On 2015-05-29 08:57 AM, Nathan Hoad wrote:
Yes, I have it working on about a dozen deployments so far
On 2015-05-27 09:45 AM, Stephen Borrill wrote:
I have:
Squid Cache: Version 3.5.4
Service Name: squid
configure options: '--sysconfdir=/usr/pkg/etc/squid'
'--localstatedir=/var/squid' '--datarootdir=/usr/pkg/share/squid'
'--disable-strict-error-checking' '--enable-auth'
Per the docs:
# Conditional configuration
#
# If-statements can be used to make configuration directives
# depend on conditions:
#
# if CONDITION
# ... regular configuration directives ...
# [else
# ... regular configuration directives
On Sun, 2015-05-31 at 08:45 +1200, Amos Jeffries wrote:
On 31/05/2015 4:48 a.m., James Lay wrote:
Per the docs:
# Conditional configuration
#
# If-statements can be used to make configuration directives
# depend on conditions:
#
# if CONDITION
On Sat, 2015-05-30 at 16:24 -0600, James Lay wrote:
On Sun, 2015-05-31 at 08:45 +1200, Amos Jeffries wrote:
On 31/05/2015 4:48 a.m., James Lay wrote:
Per the docs:
# Conditional configuration
#
# If-statements can be used to make configuration directives
On Sun, 2015-05-31 at 08:45 +1200, Amos Jeffries wrote:
On 31/05/2015 4:48 a.m., James Lay wrote:
Per the docs:
# Conditional configuration
#
# If-statements can be used to make configuration directives
# depend on conditions:
#
# if CONDITION
Thanks for this AmosI will try and do more experimenting this week
with more results.
James
On Tue, 2015-05-26 at 19:46 +1200, Amos Jeffries wrote:
On 26/05/2015 4:26 a.m., James Lay wrote:
So following advice and instructions on this page:
http://wiki.squid-cache.org/Features
Config first:
acl localnet src 192.168.1.0/24
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 443
acl CONNECT method CONNECT
acl step1 at_step SslBump1
acl step2 at_step SslBump2
ssl_bump peek step1 all
Hey all,
SoI'm sure those on the list have seen my posts a number of times,
usually all questions (sorry I'm not very helpful). That being said,
whenever there is something I can't get to work right, or don't
understand as well as I think I should, I do kind of a deep dive into it
for about
So following advice and instructions on this page:
http://wiki.squid-cache.org/Features/DynamicSslCert
I have set up my lab with explicit proxy by exporting http_proxy and
https_proxy. After creating the self-signed root CA certificate above
and creating the .der file for the client, here are
On Fri, 2015-08-21 at 19:28 +1200, Amos Jeffries wrote:
Hi all,
Christos has managed (we think) to resolve a fairly major design issue
that has been plaguing the 3.5 series peek-and-splice feature so far.
(http://wiki.squid-cache.org/Features/SslPeekAndSplice)
The problem was that
On Fri, 2015-08-21 at 05:26 -0600, James Lay wrote:
On Fri, 2015-08-21 at 19:28 +1200, Amos Jeffries wrote:
Hi all,
Christos has managed (we think) to resolve a fairly major design issue
that has been plaguing the 3.5 series peek-and-splice feature so far.
(http://wiki.squid
On 2015-06-30 12:21 PM, Chris Greene wrote:
I’ve had Squid running on Ubuntu for a few weeks. I’d configured the
proxy settings in the browsers. Everything has been working well and
I've been pleased with the results. But now I need to make this a
transparent proxy and I’m running into
On Fri, 2015-07-24 at 19:15 -0500, Stanford Prescott wrote:
Thanks for that. Any ideas why I am experiencing that?
Stan
On Fri, Jul 24, 2015 at 7:07 PM, James Lay j...@slave-tothe-box.net
wrote:
On Fri, 2015-07-24 at 17:25 -0500, Stanford Prescott wrote
On 2015-10-27 09:06 AM, Amos Jeffries wrote:
On 28/10/2015 2:29 a.m., Elvis Altherr wrote:
Hello Admins of the List
Seems there some problems with the list.. i receive strange Mails from
different users watch example below
Thanks. We had a spam run that looks like it was from one of the
On Thu, 2015-11-12 at 09:37 +0300, Ahmad Alzaeem wrote:
> Sorry , didn’t understand , could you explain more ??
>
> cheers
>
> -Original Message-
> From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On
> Behalf Of James Lay
> Sent: Thursday, No
On 2015-11-11 12:23, Ahmad Alzaeem wrote:
Hi guys
I want to ask a question
Assume I have a dns server that resolve all the names to the ip of
squid
So we will have all websites go to squid
The question is being asked here is :
If I used squid in intercept mode
Will I be able to handle
On 2015-09-08 01:54 PM, Alex Rousskov wrote:
On 09/07/2015 11:36 PM, Dan Charlesworth wrote:
First, here’s my config (shout out to James Lay):
acl client_hello_peeked at_step SslBump2
ssl_bump splice client_hello_peeked bump_bypass_domains
ssl_bump bump client_hello_peeked
Just in case
On 2015-09-08 02:32 PM, Alex Rousskov wrote:
On 09/08/2015 02:18 PM, James Lay wrote:
I'm currently having great success with 3.5.8 and this
peek/splice only method using transparent intercept:
###
acl step1 at_step SslBump1
acl step2 at_step SslBump2
acl step3
On 2015-09-09 08:29 PM, Alex Rousskov wrote:
On 09/09/2015 07:06 PM, Dan Charlesworth wrote:
if I change ssl_bump peek step1 to ssl_bump peek all, I get this
assertion failure:
PeerConnector.cc:747: "!callback"
Please see http://bugs.squid-cache.org/show_bug.cgi?id=4303
Alex.
On Thu, 2015-10-01 at 13:26 +0200, Job wrote:
> Hello,
>
> by reading the 3.5 Squid verson "Peek and splice" features:
> http://wiki.squid-cache.org/Features/SslPeekAndSplice
>
> i would like to ask you two questions, please:
>
> 1. in this implementations, i have to install the selfmade
ported.
>
> This time only exists unsupported patch from CloudFlare. And, as
> alternative, LibreSSL. Which is not available for all platforms.
>
> 22.06.2016 22:48, Amos Jeffries пишет:
> >
> > On 23/06/2016 4:12 a.m., James Lay wrote:
> > >
> > > W
hoo!
James
On 2016-06-22 15:17, Yuri Voinov wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I suggest this will not solve your unknown cipher issue. :)
23.06.2016 3:12, James Lay пишет:
Had zero issues when compiling against libressl-2.4.1. I now have
ChaCha Poly cipher support...
On Thu, 2016-06-23 at 17:47 +1200, Amos Jeffries wrote:
> Yay that you got it going with LibreSSL.
>
> But I'm still interested in why you got the errors in the first place
> with OpenSSL. It is supposed to be the better supported one :-P
>
> So if you have the time to assist my edufication;
>
So yea...git pulled latest ssl, here's my results:
make[3]: Entering directory `/home/nobackup/build/squid-
3.5.19/src/anyp'
depbase=`echo PortCfg.lo | sed 's|[^/]*$|.deps/&|;s|\.lo$||'`;\
/bin/bash ../../libtool --tag=CXX --mode=compile g++
-DHAVE_CONFIG_H -I../.. -I../../include
On 2016-01-18 14:59, Antony Stone wrote:
Forwarding private reply back to the list...
-- Forwarded Message Starts --
Thanks for your answer.
Sorry for my poor english, I'll try to reword because I'm not looking
for a
log analyzer. In fact, I don't even need Squid itself
On 2016-01-26 15:59, Panda Admin wrote:
> Hello,
>
> I attempting to terminate https traffic based on ACLs using ssl_bumping
> WITHOUT de-crypting the traffic in intercept/transparent mode. Has anyone
> got this to work before? I have copied my configuration and what my iptables
> nat
That's the one.
James
On Mon, 2016-03-14 at 00:42 +0200, Eliezer Croitoru wrote:
> Are you referring to:
> http://thread.gmane.org/gmane.comp.web.squid.general/114384/focus=114389
>
> Eliezer
>
> On 12/03/2016 15:58, James Lay wrote:
> > On Sun, 2016-03-13 at 00:0
On Sun, 2016-03-13 at 00:09 +1100, Tim Bates wrote:
> Is it possible to do this:
>
> * Intercept HTTPS and send it via Squid?
> * Apply ACLs to the intercepted HTTPS traffic based on host/domain name?
> * Not change any configuration on clients?
>
> Should I keep researching how this peeking
On Sun, 2016-04-03 at 21:18 -0700, Jok Thuau wrote:
> I'm attempting to build a transparent proxy (policy based routing on
> firewall to squid proxy) with the following behavior:
>
>
>
> 1) proxies http traffic for a given set of domains, provide an message
> otherwise such "domain not allowed"
On 2016-05-18 08:14, s...@kpa.gr wrote:
Hello!
I am currently setting up a squid server, which should serve as a
transparent proxy in our network.
We mainly need it to do the following:
Allow and Block Domains on HTTP and HTTPS protocol (withOUT bumping
the traffic). We only want to allow
On Wed, 2016-06-29 at 19:33 -0600, James Lay wrote:
> Yugh...starting around 10:00 facebook no longer works via
> peek/splice. pcap contents show:
>
> 1QTV01...CHLOSNI.VERSscontent.xx.fbcdn.netQTV1
>
> after the threeway handshake and an instant reset.
On Fri, 2016-07-01 at 01:04 +1200, Amos Jeffries wrote:
> On 1/07/2016 12:43 a.m., James Lay wrote:
> >
> > On Wed, 2016-06-29 at 19:33 -0600, James Lay wrote:
> > >
> > > Yugh...starting around 10:00 facebook no longer works via
> > > peek/splice. pcap
Yugh...starting around 10:00 facebook no longer works via peek/splice.
pcap contents show:
1QTV01...CHLOSNI.VERSscontent.xx.fbcdn.netQTV1
after the threeway handshake and an instant reset. Anyone know what
this is? Cause I haven't a cluescreenshot of success after
bypassing
On Mon, 2017-01-23 at 19:54 -0700, Alex Rousskov wrote:
> On 01/23/2017 04:28 PM, David Touzeau wrote:
> >
> > ssl_bump peek ssl_step1
> > ssl_bump splice all
> >
> > sslproxy_flags DONT_VERIFY_PEER
> > sslproxy_cert_error allow all
>
> >
> > When connecting to mozilla.org using transparent,
On 2016-09-26 10:40, Alex Rousskov wrote:
On 09/26/2016 08:55 AM, James Lay wrote:
any recommended open source ICAP/eCAP services that squid works well
with?
You do not need an ICAP/eCAP service that Squid works well with. You
need an ICAP/eCAP service that integrates with your IDS. All
@ngtech.co.il
I am not sure...I am going by the below:
http://wiki.squid-cache.org/ConfigExamples/ContentAdaptation/C-ICAP
James
>
>
> From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On
> ] On
> Behalf Of James Lay
> Sent: Sunday, October 9, 2016 8:03 PM
> To
Trying to just get some content filtering working and I'm running into
the below:
WARNING: Squid is configured to use ICAP method REQMOD for service
icap://localhost:1344/srv_cfg_filter but OPTIONS response declares the
methods are RESPMOD
Here's the icap snippet from squid.conf:
icap_enable
On Tue, 2016-09-20 at 11:05 +0930, LYMN wrote:
> On Mon, Sep 19, 2016 at 07:20:14PM -0600, James Lay wrote:
> >
> >
> > Well last word on this...squid starts but dies with:
> > /squid: symbol lookup error: ./squid: undefined symbol:
> > SSL_set_alpn_protos
>
So I know I posted this a while ago...thought I'd give it a shot today,
but still no luck:
make[3]: Entering directory `/home/nobackup/build/squid-3.5.20/src/anyp'
depbase=`echo PortCfg.lo | sed 's|[^/]*$|.deps/&|;s|\.lo$||'`;\
/bin/bash ../../libtool --tag=CXX --mode=compile g++
On 2016-09-19 16:05, Alex Rousskov wrote:
On 09/19/2016 04:01 PM, James Lay wrote:
Openssl git latest commit version commit
e2562bbbe1e1c68ec5a3e02c1f151fd6149ee2ae.
Please see http://bugs.squid-cache.org/show_bug.cgi?id=4599
Thank you,
Alex.
And there you go...thanks Alex.
James
Ok so this is with the 1.0.2 branch of openssl:
make[3]: Entering directory `/home//nobackup/build/squid-
3.5.20/src/ssl'
/bin/bash ../../libtool --tag=CXX --mode=link g++ -Wall -Wpointer-
arith -Wwrite-strings -Wcomments -Wshadow -Woverloaded-virtual -Werror
-pipe -D_REENTRANT -m64 -g -O2
Thanks...off to git cloning the 1.0.1 branch...all this work for chacha
and poly...yugh 8-|
James
On Mon, 2016-09-19 at 18:37 -0600, Alex Rousskov wrote:
> On 09/19/2016 06:22 PM, James Lay wrote:
> >
> > Ok so this is with the 1.0.2 branch of openssl:
> >
> > dso_dlfc
On Tue, 2016-09-20 at 10:12 +0930, LYMN wrote:
> On Mon, Sep 19, 2016 at 06:37:44PM -0600, Alex Rousskov wrote:
> >
> > On 09/19/2016 06:22 PM, James Lay wrote:
> > >
> > > Ok so this is with the 1.0.2 branch of openssl:
> > >
> > > dso_d
On Tue, 2016-09-20 at 10:26 +0930, LYMN wrote:
> On Mon, Sep 19, 2016 at 06:44:38PM -0600, James Lay wrote:
> >
> > >
> > > >
> > > >
> > > At a guess add this to the libraries list after openssl: -ldl
> > >
>
On Mon, 2016-09-19 at 18:44 -0600, James Lay wrote:
> On Tue, 2016-09-20 at 10:12 +0930, LYMN wrote:
> > On Mon, Sep 19, 2016 at 06:37:44PM -0600, Alex Rousskov wrote:
> > >
> > > On 09/19/2016 06:22 PM, James Lay wrote:
> > > >
> > >
Hey all,
So I'm going to try and get some visibility into tls traffic. Not
concerned with the sslbumping of the traffic, but what I DON'T know
what to do is what to do with the traffic once it's decrypted. This
squid machine runs IDS software as well, so my hope was to have the IDS
software
On 2016-09-26 06:50, Amos Jeffries wrote:
On 27/09/2016 12:41 a.m., James Lay wrote:
Hey all,
So I'm going to try and get some visibility into tls traffic. Not
concerned with the sslbumping of the traffic, but what I DON'T know
what to do is what to do with the traffic once it's decrypted
On 2016-10-17 15:01, Alex Rousskov wrote:
On 10/17/2016 11:51 AM, James Lay wrote:
Here's what I'm wanting to accomplish and it's been proving a
challenge:
Detect keywords (think DLP maybe) in http/https flows. I've got ecap
and icap compiled in and working. My challenges:
a)with icap
with a tiny amount of sites,
> but I suppose its because of server-side misconfigurations that
> LibreSSL simply don't like.
>
>
> On 21 October 2016 at 13:01, James Lay <j...@slave-tothe-box.net>
> wrote:
> >
> > On 2016-10-21 09:58, Leandro Barragan wrote:
obscure error.
Do you remember what version of squid and libressl you used? BTW I
tried with OpenSSL 1.0.2g applying the CloudFare ChaCha20 patch, but
it doesn't work either, same error (unknown cipher)
Thanks!
On 21 October 2016 at 10:55, James Lay <j...@slave-tothe-box.net>
wrote:
On 2016
On 2016-10-20 20:15, Leandro Barragan wrote:
Thanks for your time Alex! I modified my original config based on Amos
recommendations, so I think now I have a more consistent peek & splice
config:
acl TF ssl::server_name_regex -i facebook fbcdn twitter reddit
ssl_bump peek all
ssl_bump
On 2016-10-11 08:42, Alex Rousskov wrote:
On 10/11/2016 06:54 AM, James Lay wrote:
EXT_LIBECAP_CFLAGS="-I/opt/ecap/include"
EXT_LIBECAP_LIBS="-L/opt/ecap/lib" ./configure --prefix=/opt
--with-openssl=/opt/libressl --enable-ssl --enable-ssl-crtd
--enable-linux-netfilt
Pretty much topic..sorry for the wall of text here. Config'd with:
EXT_LIBECAP_CFLAGS="-I/opt/ecap/include" EXT_LIBECAP_LIBS="-
L/opt/ecap/lib" ./configure --prefix=/opt --with-openssl=/opt/libressl
--enable-ssl --enable-ssl-crtd --enable-linux-netfilter --enable-
follow-x-forwarded-for
On 2016-10-11 10:52, Alex Rousskov wrote:
On 10/11/2016 08:45 AM, James Lay wrote:
Can you point me in the right direction on where to tell squid that
libecap lives in /opt/ecap?
This is not my area of expertise, but if ./configure --enable-ecap does
not work "as is", then you may n
On Sun, 2016-10-09 at 12:43 -0600, Alex Rousskov wrote:
> On 10/09/2016 11:02 AM, James Lay wrote:
>
> >
> > WARNING: Squid is configured to use ICAP method REQMOD for service
> > icap://localhost:1344/srv_cfg_filter but OPTIONS response declares
> > the
>
Well this has been a pretty amazing bit of learning that's for sure.
Here's what I'm wanting to accomplish and it's been proving a challenge:
Detect keywords (think DLP maybe) in http/https flows. I've got ecap
and icap compiled in and working. My challenges:
a)with icap, it appears that
d_https_sites
> ssl_bump terminate all
Hrmm...wouldn't that negate the ability to read the cert on step2?
In layman's terms I'm thinking:
"peek at step1"
"splice acl allow matched sni's"
"peek at step2"
"splice acl allow'd matched certs"
"terminate th
I should add this is squid-3.5.27. Thank you.
On Fri, 2017-11-24 at 12:30 -0700, James wrote:
> Topic says it...this setup has been working well for a long time, but
> now there are some sites that are failing the TLS handshake. Here's
> my setup:
>
> acl localnet src 192.168.1.0/24
> acl
Topic says it...this setup has been working well for a long time, but
now there are some sites that are failing the TLS handshake. Here's my
setup:
acl localnet src 192.168.1.0/24
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 443
acl CONNECT method CONNECT
acl
On Sat, 2017-11-25 at 23:48 +1300, Amos Jeffries wrote:
> On 25/11/17 08:30, James Lay wrote:
> >
> > Topic says it...this setup has been working well for a long time,
> > but
> > now there are some sites that are failing the TLS handshake.
> > Here's my
>
On Sun, 2017-11-26 at 01:33 +1300, Amos Jeffries wrote:
> On 26/11/17 00:52, James Lay wrote:
> >
> > On Sat, 2017-11-25 at 23:48 +1300, Amos Jeffries wrote:
> > >
> > > On 25/11/17 08:30, James Lay wrote:
> > > >
> > > > Topic says it..
On 2017-11-29 07:29, Amos Jeffries wrote:
On 28/11/17 03:50, James Lay wrote:
On Sun, 2017-11-26 at 09:50 +0200, Alex K wrote:
Perhaps an alternative is to peek only on step1:
acl step1 at_step SslBump1
ssl_bump peek step1
acl allowed_https_sites ssl::server_name_regex
"/opt/etc/
On Sun, 2018-06-10 at 19:55 +1200, Amos Jeffries wrote:
> On 10/06/18 02:23, James Lay wrote:
> On Sat, 2018-06-09 at 07:17 -0600, James Lay wrote:
> On Sun, 2018-06-10 at 01:13 +1200, Amos Jeffries wrote:
> On 10/06/18 01:02, James Lay wrote:
> So in my config file I have:
> ss
On Sat, 2018-06-09 at 07:17 -0600, James Lay wrote:
> On Sun, 2018-06-10 at 01:13 +1200, Amos Jeffries wrote:
> > On 10/06/18 01:02, James Lay wrote:
> >
> > So in my config file I have:
> > sslcrtd_program /opt/libexec/ssl_crtd -s /opt/var/ssl_db -M 4MB
> >
On Fri, 2018-06-08 at 09:36 -0600, James Lay wrote:
> On Sat, 2018-06-09 at 03:04 +1200, Amos Jeffries wrote:
> > On 09/06/18 02:33, James Lay wrote:
> > Hey all!
> > Topic says itI'm starting to look at doing an upgrade from 3 to
> > 4.Any glaring surprises? Doing
On Sun, 2018-06-10 at 01:13 +1200, Amos Jeffries wrote:
> On 10/06/18 01:02, James Lay wrote:
>
> So in my config file I have:
> sslcrtd_program /opt/libexec/ssl_crtd -s /opt/var/ssl_db -M 4MB
> However I do not see this after compiling and installing. Has this
> goneaway in 4?
Hey all!
Topic says itI'm starting to look at doing an upgrade from 3 to 4.
Any glaring surprises? Doing a transparent forward proxy with some
peek/splice for content filtering only (no decryption). Has anyone
gone through an upgrade, and how painful was it, if at all? Thank you.
On Sat, 2018-06-09 at 03:04 +1200, Amos Jeffries wrote:
> On 09/06/18 02:33, James Lay wrote:
> Hey all!
> Topic says itI'm starting to look at doing an upgrade from 3 to
> 4.Any glaring surprises? Doing a transparent forward proxy with
> somepeek/splice for content
WellI'll just say up front that systemd is not my friend. When
running squid via cli: sudo /opt/squid/sbin/squid it runs like a
champ. But using the service file at:
https://raw.githubusercontent.com/squid-cache/squid/master/tools/system
d/squid.service
it times out after a few:
06:20:11
vice file and in squid.conf are the same.
> Marcus
> On 13/06/18 09:27, James Lay wrote:
> WellI'll just say up front that systemd is not my friend. When
> running squid via cli: sudo /opt/squid/sbin/squid it runs like a
> champ. But using the service file at:
> https://raw.githubuserco
90 matches
Mail list logo
