Re: [squid-users] Sending intermediate certificate with SSL-Bumped Certificate. (V3.5.1516-3-2-r14000)

2016-04-07 Thread Jok Thuau
with 3.5.15, I have this config: ---8<--- https_port 8443 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=64MB \ cert=/etc/squid/ssl/proxy.pem \ key=/etc/squid/ssl/proxy.key \ cafile=/etc/squid/ssl/proxy.pem --->8--- proxy.pem is the concatenation of both

Re: [squid-users] filtering http(s) sites, transparently

2016-04-05 Thread Jok Thuau
On Mon, Apr 4, 2016 at 6:23 PM, Amos Jeffries wrote: > >>> > >>> If i remove *all* the http_access lines, then the behavior appears > >> correct > >>> (from a "splicing/bumping" standpoint). > >>> > >> > >> Strange. Squid without any http_access lines should be denying

Re: [squid-users] filtering http(s) sites, transparently

2016-04-04 Thread Jok Thuau
Thanks James! This is really close to what I need. Comparing this to my existing config, it looks like i'm pretty close, except that i don't want to "terminate" the sslbump, i need to send an error notification to the end-user. ​ ___ squid-users mailing

Re: [squid-users] filtering http(s) sites, transparently

2016-04-04 Thread Jok Thuau
On Sun, Apr 3, 2016 at 9:59 PM, Amos Jeffries <squ...@treenet.co.nz> wrote: > On 4/04/2016 4:18 p.m., Jok Thuau wrote: > > I'm attempting to build a transparent proxy (policy based routing on > > firewall to squid proxy) with the following behavior: > > > > 1) pro

[squid-users] filtering http(s) sites, transparently

2016-04-03 Thread Jok Thuau
I'm attempting to build a transparent proxy (policy based routing on firewall to squid proxy) with the following behavior: 1) proxies http traffic for a given set of domains, provide an message otherwise such "domain not allowed" or similar 2) proxies https traffic for a given set of domains

Re: [squid-users] Squid 3.4.8 helpers doesn't work how I want !

2016-04-25 Thread Jok Thuau
On Mon, Apr 25, 2016 at 7:33 AM, Hack Ensolo wrote: > ### http_access rules > http_access allow manager localhost > http_access allow auth > http_access deny !auth > http_access allow kerbusers > http_access allow localnet > http_access deny manager > http_access deny all >

Re: [squid-users] how to fix proxy squid on virtualmin (ubuntu 16, 04)?

2016-07-03 Thread Jok Thuau
> On Jul 3, 2016, at 6:47 AM, james82 wrote: > > what do you mean? don't you see i use ubuntu 16.04 desktop? i installed > webmin and virtualmin for easy control to use. i use OS on virtualbox. then > I install by "sudo apt-get install squid". that it. Now what?? >

Re: [squid-users] Too many AD group and squid kerberos auth problem

2016-08-30 Thread Jok Thuau
On Tue, Aug 30, 2016 at 4:05 AM, alberto wrote: > Hi all, > I have a squid3 installation with kerberos ldap groups authentication. > Everything works like a charm except for one of my user that belongs to > too many groups (more than 50): this user can not browse any

Re: [squid-users] ssl bump certificate question

2016-09-07 Thread Jok Thuau
On Wed, Sep 7, 2016 at 3:05 PM, Marcus Kool wrote: > > slightly off topic: what is the easiest way to install a cert on a > smartphone? > I looked for an app but did not find one. > > Look for some MDM solutions. That's not really an option for one (personal) phone,

Re: [squid-users] Whitelist domain ignored?

2016-10-04 Thread Jok Thuau
On Tue, Oct 4, 2016 at 1:41 PM, Jose Torres-Berrocal < jetsystemservi...@gmail.com> wrote: > I do not know the correct terms to the problem I have. > > I have some clients that use a program that tries to connect to: > https://neodecksoftware.com/NeoMedOnline/NeoMedOnlineService.svc > > note

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-19 Thread Jok Thuau
On Mon, Sep 19, 2016 at 10:39 AM, erdosain9 wrote: > mm > so... > i think this is working for non take the certificate > > acl step1 at_step SslBump1 > acl excludeSSL ssl::server_name_regex web/.whatsapp/.com > wrong slashes... you want "\" > > ssl_bump peek

Re: [squid-users] Limit Bandwith for youtube....

2016-08-25 Thread Jok Thuau
Be aware that youtube uses the QUIC protocol ( https://en.wikipedia.org/wiki/QUIC) with browsers that support it. Unless you block and/or manage that specific condition with your firewall, the actual downloading of the videos will not go through Squid... Thanks, Jok On Thu, Aug 25, 2016 at 1:35

Re: [squid-users] filtering http(s) sites, transparently

2016-10-26 Thread Jok Thuau
After being side-tracked with a few different project, I ended up with the config below. It appears to do the right things, though the ACL organization could use some cleanup... (Browsing to authorized sites works, browsing to something else, i get a denied page from squid) However, even though

Re: [squid-users] filtering http(s) sites, transparently

2016-10-26 Thread Jok Thuau
On Wed, Oct 26, 2016 at 11:45 AM, Yuri Voinov wrote: > > > Jok, > > it can be DNS leak. Does you tested it? 8.8.8.8 can be poisoned (probably) > or intercepted by ISP. > > DNS is working fine and is not being poisoned/intercepted/messed with. The records that come back from