with 3.5.15, I have this config:
---8<---
https_port 8443 intercept ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=64MB \
cert=/etc/squid/ssl/proxy.pem \
key=/etc/squid/ssl/proxy.key \
cafile=/etc/squid/ssl/proxy.pem
--->8---
proxy.pem is the concatenation of both
On Mon, Apr 4, 2016 at 6:23 PM, Amos Jeffries wrote:
> >>>
> >>> If i remove *all* the http_access lines, then the behavior appears
> >> correct
> >>> (from a "splicing/bumping" standpoint).
> >>>
> >>
> >> Strange. Squid without any http_access lines should be denying
Thanks James! This is really close to what I need. Comparing this to my
existing config, it looks like i'm pretty close, except that i don't want
to "terminate" the sslbump, i need to send an error notification to the
end-user.
___
squid-users mailing
On Sun, Apr 3, 2016 at 9:59 PM, Amos Jeffries <squ...@treenet.co.nz> wrote:
> On 4/04/2016 4:18 p.m., Jok Thuau wrote:
> > I'm attempting to build a transparent proxy (policy based routing on
> > firewall to squid proxy) with the following behavior:
> >
> > 1) pro
I'm attempting to build a transparent proxy (policy based routing on
firewall to squid proxy) with the following behavior:
1) proxies http traffic for a given set of domains, provide an message
otherwise such "domain not allowed" or similar
2) proxies https traffic for a given set of domains
On Mon, Apr 25, 2016 at 7:33 AM, Hack Ensolo wrote:
> ### http_access rules
> http_access allow manager localhost
> http_access allow auth
> http_access deny !auth
> http_access allow kerbusers
> http_access allow localnet
> http_access deny manager
> http_access deny all
>
> On Jul 3, 2016, at 6:47 AM, james82 wrote:
>
> what do you mean? don't you see i use ubuntu 16.04 desktop? i installed
> webmin and virtualmin for easy control to use. i use OS on virtualbox. then
> I install by "sudo apt-get install squid". that it. Now what??
>
On Tue, Aug 30, 2016 at 4:05 AM, alberto wrote:
> Hi all,
> I have a squid3 installation with kerberos ldap groups authentication.
> Everything works like a charm except for one of my user that belongs to
> too many groups (more than 50): this user can not browse any
On Wed, Sep 7, 2016 at 3:05 PM, Marcus Kool
wrote:
>
> slightly off topic: what is the easiest way to install a cert on a
> smartphone?
> I looked for an app but did not find one.
>
>
Look for some MDM solutions. That's not really an option for one (personal)
phone,
On Tue, Oct 4, 2016 at 1:41 PM, Jose Torres-Berrocal <
jetsystemservi...@gmail.com> wrote:
> I do not know the correct terms to the problem I have.
>
> I have some clients that use a program that tries to connect to:
> https://neodecksoftware.com/NeoMedOnline/NeoMedOnlineService.svc
>
>
note
On Mon, Sep 19, 2016 at 10:39 AM, erdosain9 wrote:
> mm
> so...
> i think this is working for non take the certificate
>
> acl step1 at_step SslBump1
> acl excludeSSL ssl::server_name_regex web/.whatsapp/.com
>
wrong slashes... you want "\"
>
> ssl_bump peek
Be aware that youtube uses the QUIC protocol (
https://en.wikipedia.org/wiki/QUIC) with browsers that support it.
Unless you block and/or manage that specific condition with your firewall,
the actual downloading of the videos will not go through Squid...
Thanks,
Jok
On Thu, Aug 25, 2016 at 1:35
After being side-tracked with a few different project, I ended up with the
config below. It appears to do the right things, though the ACL
organization could use some cleanup...
(Browsing to authorized sites works, browsing to something else, i get a
denied page from squid)
However, even though
On Wed, Oct 26, 2016 at 11:45 AM, Yuri Voinov wrote:
>
>
> Jok,
>
> it can be DNS leak. Does you tested it? 8.8.8.8 can be poisoned (probably)
> or intercepted by ISP.
>
>
DNS is working fine and is not being poisoned/intercepted/messed with. The
records that come back from
14 matches
Mail list logo