Re: [squid-users] Trusted CA Certificate with ssl_bump

15.11.2016 20:22, Sergio Belkin пишет: > Hi, > > When using something like that: > > http_port 8080 intercept ssl-bump generate-host-certificates=on > dynamic_cert_mem_cache_size=4MB > cert=/home/proxy/ssl_cert/example.com.cert > key=/home/proxy/ssl_cert/example.com.private > > > Is possible to u

Re: [squid-users] Trusted CA Certificate with ssl_bump

15.11.2016 20:43, Alex Crow пишет: > > > On 15/11/16 14:28, Yuri Voinov wrote: >> >> >> So, you can't do SSL bump without users notification. > > You can if you have control over the clients, ie install your CA into > the browser/OS. ... and this can be

Re: [squid-users] Trusted CA Certificate with ssl_bump

15.11.2016 22:28, Alex Crow пишет: > On 15/11/16 16:22, Yuri Voinov wrote: >> >>> You can if you have control over the clients, ie install your CA into >>> the browser/OS. >> ... and this can be illegal ;) >> > > YMMV (depending on where you li

Re: [squid-users] caching videos over https?

http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit http://wiki.squid-cache.org/Features/StoreID http://wiki.squid-cache.org/Features/StoreID/DB http://wiki.squid-cache.org/ConfigExamples/DynamicContent http://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube/Discussio

Re: [squid-users] caching videos over https?

This is fake. 19.11.2016 20:56, Bakhtiyor Homidov пишет: > thanks, yuri, > > just found https://cachevideos.com/, what do you think about this? > > > > > On Sat, Nov 19, 2016 at 7:16 PM, Yuri Voinov <mailto:yvoi...@gmail.com>> wrote: > > http://wiki.s

Re: [squid-users] caching videos over https?

19.11.2016 21:35, Amos Jeffries пишет: >> 19.11.2016 20:56, Bakhtiyor Homidov пишет: >>> thanks, yuri, >>> >>> just found https://cachevideos.com/, what do you think about this? >>> > On 20/11/2016 4:17 a.m., Yuri Voinov wrote: >> This is fake.

Re: [squid-users] caching videos over https?

HTTPS is not a problem, if not a problem to install the proxy certificate to the clients. The problem in combating caching YT by Google. 19.11.2016 21:41, Yuri Voinov пишет: > > > > 19.11.2016 21:35, Amos Jeffries пишет: >>> 19.11.2016 20:56, Bakhtiyor Homidov пиш

Re: [squid-users] caching videos over https?

ile: +972-5-28704261 > Email: elie...@ngtech.co.il > > > From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On > Behalf Of Yuri Voinov > Sent: Saturday, November 19, 2016 17:54 > To: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] caching vi

Re: [squid-users] caching videos over https?

t; Cheers, > Eliezer > > > Eliezer Croitoru > Linux System Administrator > Mobile: +972-5-28704261 > Email: elie...@ngtech.co.il > > > -Original Message- > From: Yuri Voinov [mailto:yvoi...@gmail.com] > Sent: Saturday, November 19, 2016 23:08 > To:

Re: [squid-users] caching videos over https?

tion. I clearly express my thoughts? 20.11.2016 12:00, Garri Djavadyan пишет: > On 2016-11-20 03:18, Yuri Voinov wrote: >> That's why I said that the development of the Indian - fake. > > Yuri, first of all, your comment is outright _lie_ without > justifications. Second, th

Re: [squid-users] caching videos over https?

ince it's >> not based on StoreID but on other concepts. >> >> Eliezer >> >> >> Eliezer Croitoru >> Linux System Administrator >> Mobile: +972-5-28704261 >> Email: elie...@ngtech.co.il >> >> >> -Original Message- >

Re: [squid-users] caching videos over https?

; what i mean here is the simplicity …..im not in the development level … i > talk about the normal squid users . > > cheers > >> On Nov 20, 2016, at 1:47 PM, Yuri Voinov wrote: >> >> And no need to invent anything. Everything has already been invented. >> And

Re: [squid-users] caching videos over https?

> On Nov 20, 2016, at 2:03 PM, Yuri Voinov > <mailto:yvoi...@gmail.com>> wrote: >> >> Store-ID is not quite cached. This deduplication and this is just what >> you need for dynamic content, which is the majority of the video. Do not >> forget about the volume of

Re: [squid-users] URL too large??

It means exactly what it said: URL too long. In Squid's defaults set 8k for URL size. This was reasonable maximum 10 years ago. Now it seems too small (at least 4 times) because of now Internet full of adware bullshit (referrals/trackers/counters etc.) which is often more 8k. You can easy fix it

Re: [squid-users] URL too large??

Email: elie...@ngtech.co.il > > > From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On > Behalf Of Yuri Voinov > Sent: Tuesday, December 13, 2016 9:46 PM > To: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] URL too large?? > > It means exa

Re: [squid-users] URL too large??

> Email: elie...@ngtech.co.il > > > -Original Message- > From: Yuri Voinov [mailto:yvoi...@gmail.com] > Sent: Tuesday, December 13, 2016 10:09 PM > To: Eliezer Croitoru ; squid-users@lists.squid-cache.org > Subject: Re: [squid-users] URL too large?? > > 14.12.2016 2:05, Eliezer

Re: [squid-users] Cisco ASA with transparent Squid with HTTP/HTTPS filtering

14.12.2016 21:08, Rafael Akchurin пишет: > > Hello everyone, > > > > After pulling all my hair out and reading every possible howto on the > Internet for Cisco ASA integration with Squid using WCCP I have > decided to write my own. The how to is at > https://docs.diladele.com/tutorials/web_filt

Re: [squid-users] Setup wccp2 with squid3 and cisco switch 4507

May be, this could help you: http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv15Wccp2 14.12.2016 21:46, André Bolinhas пишет: > > Hi, > > I need to setup wccp2 between my Squid3 box and my cisco switch 4507 > > Since my 4507 don't support GRE on forward methoding I need to > configu

Re: [squid-users] Cisco ASA with transparent Squid with HTTP/HTTPS filtering

14.12.2016 21:59, Yuri Voinov пишет: > > > > 14.12.2016 21:08, Rafael Akchurin пишет: >> >> Hello everyone, >> >> >> >> After pulling all my hair out and reading every possible howto on the >> Internet for Cisco ASA integration with Squid

Re: [squid-users] Cisco ASA with transparent Squid with HTTP/HTTPS filtering

14.12.2016 21:59, Yuri Voinov пишет: > > > > 14.12.2016 21:08, Rafael Akchurin пишет: >> >> Hello everyone, >> >> >> >> After pulling all my hair out and reading every possible howto on the >> Internet for Cisco ASA integration with Squid

Re: [squid-users] Squid Forward Proxy for LDAP

15.12.2016 20:29, Bryan Peters пишет: > My Google-fu seems to be coming up short. > > We have an application that ties into our users SSO/LDAP servers. We, > don't run an LDAP server of our own, we're just making outbound calls > to their LDAP servers. > > I would like to proxy all outbound LDAP

Re: [squid-users] Missing cache files

Man, this question has been answered a million times. Use the search. 17.12.2016 16:41, Odhiambo Washington пишет: > Hi, > > I keep seeing something that I think is odd. Squid has been exiting on > signal 6, and I keep seeing this: > > root@gw:/usr/local/openssl # tail -f /opt/squid-3.5/var/logs/

Re: [squid-users] Bypassed Proxy

23.12.2016 23:30, Sameh Onaissi пишет: > Thank you all for the suggestions. > > I will try to read up on iptables and add the necessary rules, as well as try > to add norhtghost IPs to the blacklist. AFAIK not IPs, but network ranges. And you require to regullarry update it, to keep up-to-date,

Re: [squid-users] Problem with ssl_crtd

Try to upgrade to 3.5.23. It seems like partially fixed bug. 28.12.2016 23:16, Eduardo Carneiro пишет: > Hi everyone. > > I have a strange issue with my squid 3.5.19. When I enable ssl-bump and > url_rewrite in order to make dynamic content cache, I've got, sporadically, > this error in my cache.

Re: [squid-users] Squid 3.3.8 is available

05.01.2017 22:43, vinay пишет: > Hi am using Squid 3.3.8 on Ubuntu 14.04. I have default configuration of > Squid config file . The request is passing via Squid but its not caching the > contents/images/css , everytime am getting TCP_MISS/200 for each request > getting logged in access logs. > >

Re: [squid-users] Is it possible to modify cached object?

08.01.2017 20:49, boruc пишет: > Thank you for your answer. > > Actually I managed to do what I want by simply editing that file and > changing content length if necessary. I don't know why sometimes I need to > restart Squid or reopen browser to see changed version of page. Sometimes > it works

Re: [squid-users] Squid memory leak on ubuntu 14.04

10.01.2017 19:34, vinay пишет: > Thanks Amos , for your timely help. > > As mentioned by you, I have configured squid conf file n able to get TCP_HIT > in access logs. Thanks a lot. > My new issue is, my app has 3 types of users. Normal, Editor n Business user > , The contents are getting catche

Re: [squid-users] Help with Certificate validation

Put your regression server to SSL Bump splice rule. 18.01.2017 1:27, Mustafa Mohammad пишет: > I’m using squid proxy to connect to our regression server. When our > configuration file is doing a CRLCheck, I’m unable to connect to the > server. I have tried SSL bump and ssl_proxy option but was u

Re: [squid-users] A bunch of SSL errors I am not sure why

18.01.2017 23:40, Eliezer Croitoru пишет: > Thanks for the detail Amos, > > I noticed that couple major Root CA certificates was revoked so it could be > one thing. > And can you give some more details on how to fetch the certificated using the > openssl tools? > (Maybe redirect towards an arti

Re: [squid-users] Squid 4.x: Intermediate certificates downloader

23.01.2017 23:31, Alex Rousskov пишет: > On 01/23/2017 04:28 AM, Yuri wrote: > >> 1. How does it work? > My response below and the following commit message might answer some of > your questions: > > http://bazaar.launchpad.net/~squid/squid/5/revision/14769 > >> I.e., where downloaded certs s

Re: [squid-users] Squid 4.x: Intermediate certificates downloader

24.01.2017 0:06, Alex Rousskov пишет: > On 01/23/2017 10:41 AM, Yuri Voinov wrote: >> 23.01.2017 23:31, Alex Rousskov пишет: >>> On 01/23/2017 04:28 AM, Yuri wrote: >>>> I.e., where downloaded certs stored, how it >>>> handles, does it saves anywhere to

Re: [squid-users] Squid 4.x: Intermediate certificates downloader

24.01.2017 0:06, Marcus Kool пишет: > > > On 23/01/17 15:31, Alex Rousskov wrote: >> On 01/23/2017 04:28 AM, Yuri wrote: >> >>> 1. How does it work? >> >> My response below and the following commit message might answer some of >> your questions: >> >> http://bazaar.launchpad.net/~squid/squid/

Re: [squid-users] Squid 4.x: Intermediate certificates downloader

24.01.2017 2:25, Marcus Kool пишет: > > > On 23/01/17 17:23, Yuri Voinov wrote: > [snip] > >>> I created bug report http://bugs.squid-cache.org/show_bug.cgi?id=4659 >>> a week ago but there has not been any activity. >>> Is there someone who has sslproxy

Re: [squid-users] Squid 3.5.23 little fixes

teh TCP :-D teh drama :-D Nice shoot :-D 24.01.2017 14:26, FredB пишет: > Hello, > > FI, I'm reading some parts of code and I found two little spelling errors > > FredB > > --- > > --- src/client_side.cc2016-10-09 21:58:01.0

Re: [squid-users] Squid 4.x: Intermediate certificates downloader

Hm. Another question. It seems 4.0.17 tries to download certs: 1485279884.648 0 - TCP_DENIED/403 3574 GET http://repository.certum.pl/ca.cer - HIER_NONE/- text/html;charset=utf-8 but gives deny somewhere. However, same URL with wget via same proxy works: root @ khorne /patch # wget -S htt

Re: [squid-users] Squid 4.x: Intermediate certificates downloader

lhost, right? So, it should work. Either from localnet, or from localhost download occurs. 25.01.2017 0:16, Alex Rousskov пишет: > On 01/24/2017 10:48 AM, Yuri Voinov wrote: > >> It seems 4.0.17 tries to download certs but gives deny somewhere. >> However, same URL with wget

Re: [squid-users] Squid 4.x: Intermediate certificates downloader

May be, this feature is mutually exclusive with sslproxy_foreign_intermediate_certs option? 25.01.2017 0:19, Yuri Voinov пишет: > Mm, hardly. > > It is downloads directly via proxy from localhost: > > root @ khorne /patch # http_proxy=localhost:3128 curl > http://repositor

Re: [squid-users] Squid 4.x: Intermediate certificates downloader

ect to comment out this line. I have no idea, what can block access. 25.01.2017 0:27, Alex Rousskov пишет: > On 01/24/2017 11:19 AM, Yuri Voinov wrote: > >> It is downloads directly via proxy from localhost: >> As I understand, downloader also access via localhost, right? > Thi

Re: [squid-users] Squid 4.x: Intermediate certificates downloader

25.01.2017 1:10, Alex Rousskov пишет: > On 01/24/2017 11:33 AM, Yuri Voinov wrote: > >>> 1485279884.648 0 - TCP_DENIED/403 3574 GET >>> http://repository.certum.pl/ca.cer - HIER_NONE/- text/html;charset=utf-8 > >> http_access deny !Safe_ports > Probably

Re: [squid-users] Squid 4.x: Intermediate certificates downloader

ccess#18 = 1 2017/01/25 01:36:35.773 kid1| 28,3| Acl.cc(290) matches: checked: http_access = 1 2017/01/25 01:36:35.773 kid1| 28,3| Checklist.cc(63) markFinished: 0x4b781938 answer DENIED for match 2017/01/25 01:36:35.773 kid1| 28,3| Checklist.cc(163) checkCallback: ACLChecklist::checkCallback: 0x4b78193

Re: [squid-users] Squid 4.x: Intermediate certificates downloader

iff Strict-Transport-Security: max-age=0; includeSubDomains X-Cache: MISS from khorne X-Cache-Lookup: HIT from khorne:3128 Transfer-Encoding: chunked Connection: keep-alive Length: unspecified [text/html] Saving to: 'index.html' index.html [ <=> ] 3.60K --.-

Re: [squid-users] Squid 4.x: Intermediate certificates downloader

25.01.2017 2:50, Alex Rousskov пишет: > On 01/24/2017 12:20 PM, Yuri Voinov wrote: >> 25.01.2017 1:10, Alex Rousskov пишет: >>> On 01/24/2017 11:33 AM, Yuri Voinov wrote: >>>> http_access deny to_localhost >>> Does not match. The destination is not localho

Re: [squid-users] Squid 4.x: Intermediate certificates downloader

25.01.2017 5:25, Alex Rousskov пишет: > On 01/24/2017 02:11 PM, Yuri Voinov wrote: >> 25.01.2017 2:50, Alex Rousskov пишет: >>> A short-term hack: I have seen folks successfully solving somewhat >>> similar problems using a localport ACL with an "impossible&quo

Re: [squid-users] Antivirus for squid

26.01.2017 0:03, erdosain9 пишет: > Hi to all. > Im a little confuse about this... i just want "antivirus", i dont care block > some web, filter, etc. (at least no more that what i get with squid)... so, > just for antivirus, what recommend??? > clamav You thing you have a choise? All others AV i

Re: [squid-users] Not all html objects are being cached

26.01.2017 2:22, boruc пишет: > After a little bit of analyzing requests and responses with WireShark I > noticed that many sites that weren't cached had different combination of > below parameters: > > Cache-Control: no-cache, no-store, must-revalidate, post-check, pre-check, > private, public,

Re: [squid-users] Not all html objects are being cached

parameters: >>> >>> Cache-Control: no-cache, no-store, must-revalidate, post-check, >>> pre-check, >>> private, public, max-age, public >>> Pragma: no-cache > > On 26.01.17 02:44, Yuri Voinov wrote: >> If the webmaster has done this - he had

Re: [squid-users] Not all html objects are being cached

27.01.2017 19:35, Garri Djavadyan пишет: > On Fri, 2017-01-27 at 17:58 +0600, Yuri wrote: >> 27.01.2017 17:54, Garri Djavadyan пишет: >>> On Fri, 2017-01-27 at 15:47 +0600, Yuri wrote: --2017-01-27 15:29:54-- https://www.microsoft.com/ru-kz/ Connecting to 127.0.0.1:3128... connected. >

Re: [squid-users] Is it possible to modify cached object?

01.02.2017 0:34, boruc пишет: > Thank you for your answers Antony. > > On packages.ubuntu.com I searched for "squid3" and here's what I've found: > 12.04LTS - 3.1.19 > 14.04LTS - 3.3.8 > 16.04LTS - 3.5.12 > > For now the best option would be to upgrade Ubuntu to 16.04, but I cannot do > it now. A

Re: [squid-users] Is it possible to modify cached object?

Exactly, localhost system administrators can do what they want ;-) 01.02.2017 1:05, boruc пишет: > Well, basically I'm working on virtual machine with nothing special installed > on it so I don't have to worry about all of this. I wanted to give squid a > try, look how it works, learn something n

Re: [squid-users] QA Pilots

01.02.2017 3:49, Alex Rousskov пишет: > Hello, > > The Squid Software Foundation plans to hire a part-time remote QA > engineer to help us address systemic quality problems with Squid > releases and development snapshots. This position will be funded by your > donations to the Foundation. Tha

Re: [squid-users] Antivirus for squid

Squid's wiki article contains all required points about performance and tuning. 01.02.2017 21:41, erdosain9 пишет: > Hi, again. > Well i installed squidclamav, c-icap, and clamav; and its working all fine, > but... the download is too slow, the download of a file. There is a way to > accelerate t

Re: [squid-users] Not all html objects are being cached

You'r welcome. I do not understand what the hell you have clung to me. I have my own point of view on the problem. Tell tales of the guy who started this thread. I know the developer's position. So, let's stop useless discussion. This is wasted time only. 01.02.2017 21:48, Amos Jeffries пишет: >

Re: [squid-users] Antivirus for squid

261 > Email: elie...@ngtech.co.il > > > -Original Message- > From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On > Behalf Of Yuri Voinov > Sent: Wednesday, February 1, 2017 5:52 PM > To: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] Antivi

Re: [squid-users] squid reverse proxy (accelerator) for MS Exchange OWA

I'm sorry to interrupt, gentlemen - but Microsoft does not use certificate pinning in OWA? 01.02.2017 22:19, Amos Jeffries пишет: > On 27/01/2017 9:31 p.m., Vieri wrote: >> >> >> >> - Original Message - From: Alex Rousskov >> >> It's interesting to note that the following actually D

Re: [squid-users] Buy Certificates for Squid 'man in the middle'

02.02.2017 2:58, angelv пишет: > Hi, > > I need your advice. > > I have a transparent proxy running with the self generated > certificates 'myCA.pem', as it is not signed by a valid entity then I > have to import the 'myCA.der' certificate in all web browsers ... > > I want to know where I can bu

Re: [squid-users] Buy Certificates for Squid 'man in the middle'

users. In other words, users should be aware that there is a proxy hacking HTTPS in front of them. All other tricks are illegal, at least it is contrary to ethics. Forget about it. I'm seriously. 02.02.2017 3:10, Yuri Voinov пишет: > > > > 02.02.2017 2:58, angelv пишет: >>

Re: [squid-users] High utilization of CPU squid-3.5.23, squid-3.5.24

It seems as IO bottleneck at first look. 02.02.2017 2:55, Vitaly Lavrov пишет: > Periodically squid begins to linearly increase the use of the CPU. > Sometimes this process reaches 100%. At random moment of time the CPU usage > is reduced to 5-15%, > and in the presence of client requests can aga

Re: [squid-users] High utilization of CPU squid-3.5.23, squid-3.5.24

Yes, it is require to perform extended diagnostics. Including the system level. BTW, it can also network IO. And, it is possible that even a slow DNS. Have to search. 02.02.2017 3:34, Eliezer Croitoru пишет: > I believe that the squid manager info page should give some clue about the > number o

Re: [squid-users] The header: HTTP_VIA is present with the value:

via off 14.02.2017 0:00, --Ahmad-- пишет: > hi folks > I’m checking my proxy in > > whatismyproxy.com > > and it says : > > The header: HTTP_VIA is present with the value:HTTP/1.1 > vnnnz01msp2tser1.wnsnet.attws.com > . > > is

Re: [squid-users] squid-avira-update-cache

Any logs? 17.02.2017 17:43, splice...@gmail.com пишет: > Hi all, I'm trying to cache "avira updates" with squid, but no luck... > > my conf: > acl aviraupdate dstdomain .avira-update.com > range_offset_limit -1 aviraupdate > refresh_pattern -i avira-update.com/.*\.* 4320 80% 43200 reload-into-ims

Re: [squid-users] squid-avira-update-cache

root @ khorne /patch # wget -S http://personal.avira-update.com/update/x_vdf_sigver/7.12.155.64_8.12.155.64/xbv00050.vdf.lz --2017-02-17 23:51:22-- http://personal.avira-update.com/update/x_vdf_sigver/7.12.155.64_8.12.155.64/xbv00050.vdf.lz Connecting to 127.0.0.1:3128... connected. Proxy request

Re: [squid-users] [bug 4674] squid 4.0.18 delay_parameters for class 3 assertion failed

28.02.2017 1:39, Vitaly Lavrov пишет: > [bug 4674] Regression in squid 4.0.18 (4.0.17 does not have this error) > > OS: Slackware linux 14.2 / gcc 4.8.2 May be ancient compiler. 4.8.2 is not fully C++11 compatible AFAIK. Try at least 4.9.x. Or 5.4. > > Simple config: > > delay_pools 1 > delay_cla

Re: [squid-users] squid 3.5.2==> HTTPS FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

This error is usually preceded by another error in cache.log associated with the certificates. I will show you the direction. Then go himself. This software will useful for you to solve: http://www.crypt.gen.nz/logsurfer/ HTH, Yuri 03.03.2017 2:47, --Ahmad-- пишет: > hey folks . > i have a pr

Re: [squid-users] squid 3.5.2==> HTTPS FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

p!' - - - 0 exec "/usr/local/bin/crtd_create.sh -r >/dev/null 2>&1" 'Cannot add certificate to db.' - - - 0exec "/usr/local/bin/crtd_create.sh -r >/dev/null 2>&1" PS. This is from logsurfer.conf. 03.03.2017 3:34, Yuri Voinov пишет: > >

Re: [squid-users] squid 3.5.2==> HTTPS FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

restart automatically. In some installations, this problem does not occur over the years. In other - almost daily. I have no desire to find out why this is happening exactly. For me it was easier to make the watchdog, which will follow up on this. 03.03.2017 3:40, Yuri Voinov пишет: > > On

Re: [squid-users] squid-users Digest, Vol 31, Issue 9

quot;Re: Contents of squid-users digest..." > > > Today's Topics: > >1. Re: squid 3.5.2==> HTTPS FATAL: The ssl_crtd helpers are > crashing too rapidly, need help! (Yuri Voinov) > > > ---

Re: [squid-users] squid 3.5.2==> HTTPS FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

ww. Anyway, watchdog is good backup to preventing manual interventions by SA. > > Eliezer > > > http://ngtech.co.il/lmgtfy/ > Linux System Administrator > Mobile: +972-5-28704261 > Email: elie...@ngtech.co.il > > > From: squid-users [mailto:squid-users-boun.

Re: [squid-users] squid 3.5.2==> HTTPS FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

very 24 hours . Cron is not the best solution. Logsurf will be better. > > thank you guys all of you . > thanks amos , thanks eliezer , thanks yuri > > kind regards >> On Mar 3, 2017, at 1:37 PM, Yuri Voinov > <mailto:yvoi...@gmail.com>> wrote: >> >> >

Re: [squid-users] Squid with SSL-Bump on Debian testing: SSL_ERROR_RX_RECORD_TOO_LONG

04.03.2017 3:29, C. L. Martinez пишет: > Hi all, > > After installing Squid 3.5.24 in my Debian testing (many thanks Amos for > your help), I am trying to configure Squid as https intercept proxy. My > config actually is: > > http_port 127.0.0.1:8080 > http_port 127.0.0.1:8081 intercept > http

Re: [squid-users] Data usage reported in log files

Gentlemen, and it never occurred to you that there are other types of traffic besides HTTP / HTTPS, right? DNS, ICMP, other protocols? 11.03.2017 2:44, Yosi Greenfield пишет: > Aha! That could be it. I use sslbump, but not for all users. I'll > check that out, although I think that it's a proble

Re: [squid-users] Data usage reported in log files

11.03.2017 2:57, Antony Stone пишет: > On Friday 10 March 2017 at 21:50:19, Yuri Voinov wrote: > >> Gentlemen, and it never occurred to you that there are other types of >> traffic besides HTTP / HTTPS, right? >> >> DNS, ICMP, other protocols? > I'm ass

Re: [squid-users] Data usage reported in log files

Of course, there is no stream video from security cams, no voice IP, no SIP, no torrents, no RDP, no other protocol. They simple does not exists and we're all believe that's all not above over 1% of overall traffic. Yes. Sure. Really. Only web-surfing :) Sure :) 11.03.2017 3:19, Y

Re: [squid-users] Data usage reported in log files

Think of one simple thing. Squid does not see and can not see protocols that do not support. What do you expect from it? Does it work on L1/L2? No? Then what is the discussion about? 11.03.2017 3:22, Yuri Voinov пишет: > Of course, there is no stream video from security cams, no voice IP,

Re: [squid-users] Data usage reported in log files

about? 11.03.2017 3:27, Yuri Voinov пишет: > Think of one simple thing. Squid does not see and can not see protocols > that do not support. What do you expect from it? Does it work on L1/L2? > No? Then what is the discussion about? > > > 11.03.2017 3:22, Yuri Voinov пишет: >> Of cou

Re: [squid-users] Data usage reported in log files

11.03.2017 3:43, Antony Stone пишет: > On Friday 10 March 2017 at 22:33:44, Yuri Voinov wrote: > >> We have not seen the network topology and the full configuration of >> network devices - what are we arguing about and guessing about? > Nobody is arguing, and we are guessin

Re: [squid-users] Data usage reported in log files

s.squid-cache.org] On > Behalf Of Antony Stone > Sent: Friday, March 10, 2017 4:31 PM > To: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] Data usage reported in log files > > On Friday 10 March 2017 at 22:22:59, Yuri Voinov wrote: > >> Of course, there is no

Re: [squid-users] Squid Transparent/intercept Issues

Did you tried our wiki: http://wiki.squid-cache.org/ConfigExamples/Intercept ? 20.03.2017 21:26, christian brendan пишет: > Hello Everyone, > > Squid Cache: Version 3.5.20 > OS: CentOS 7 > > I have used squid for quite some times non transparently and it works, > problem kicks in when: http_port

Re: [squid-users] URL list from a URL

Yes. Functionality you required is: http://wiki.squid-cache.org/Features/StoreID 21.03.2017 21:52, Jason B. Nance пишет: > Hello, > > I'm using Squid 3.5.20 and wonder if it is possible to define an ACL which > retrieves the list of URLs from another URL (similar to pointing to a file). > In

Re: [squid-users] Assistance with WCCPv2 Setup with Cisco Router

22.03.2017 1:04, Waldon, Cooper пишет: > > Hello All, > > > > I’m trying to set up a transparent proxy for http and https using > Cisco Routers and Squid. I have followed the configuration examples > that are listed under the wccp2 overview section > (http://wiki.squid-cache.org/Features/Wccp2

Re: [squid-users] Assistance with WCCPv2 Setup with Cisco Router

Ah, forgot about this: http://wiki.squid-cache.org/ConfigExamples/Intercept 22.03.2017 1:04, Waldon, Cooper пишет: > > Hello All, > > > > I’m trying to set up a transparent proxy for http and https using > Cisco Routers and Squid. I have followed the configuration examples > that are listed u

Re: [squid-users] Assistance with WCCPv2 Setup with Cisco Router

PS. You configured GRE tunnel, as I can see. Check it defined on both sides: on router and on your proxy box. Also note, GRE will process on router CPU, instead of L2 redirection, which is runs on control plane and hardware accelerated. 22.03.2017 1:04, Waldon, Cooper пишет: > > Hello All, > >

Re: [squid-users] URL list from a URL

an write common regex for all mirrors, yes. > Regards, > > j > > > - Original Message - > From: "Yuri Voinov" > To: squid-users@lists.squid-cache.org > Sent: Tuesday, March 21, 2017 1:19:43 PM > Subject: Re: [squid-users] URL list from a URL > > Ye

Re: [squid-users] Free Squid helper for dynamic content caching

Things are changed in the web on regular basis. Nothing permanent in the world. So, store ID rules lost relevance and no longer work. You can fix it yourself, the code is open. 22.03.2017 20:35, Eduardo Carneiro пишет: > I have been using this helper for a while. It works very well. > Congratul

Re: [squid-users] Free Squid helper for dynamic content caching

I'm afraid that rewriting the rules is a big job. I strongly doubt that someone will lay it out in public open access for free. Saving traffic is money. Here's what I want to say. There are no really effective helpers in the public domain. As I know. 22.03.2017 21:38, Eduardo Carneiro пишет: > Hi

Re: [squid-users] hsc-dynamic-cache: relied on storeID rules? Removed in 3.5.20?

28.03.2017 1:26, L A Walsh пишет: > This caught my attention as my housemate tends to watch alot of > youtube videos, and caching some of them might speed up their > access, so was trying to understand what was meant in your post: > > Yuri Voinov wrote: >> Things are

Re: [squid-users] hsc-dynamic-cache: relied on storeID rules? Removed in 3.5.20?

29.03.2017 5:55, L A Walsh пишет: > Eliezer Croitoru wrote: >> Hey Linda, >> >> As the pathcer\author of StoreID I will try to clarify what might >> seems odd. >> StoreID is a "static" rule which is one of the squid cache fundamentals. >> The feature is the option to tweak this internal cache obj

Re: [squid-users] Google Captcha, can something be done to help it with squid?

I guess an issue relevant to BlueCoat, not to Squid. AFAIK BlueCoat ignores RFC. Squid - not. 04.04.2017 1:45, Eliezer Croitoru пишет: > Hey List, > > I got couple complains from couple sysadmins about google forcing their > clients to verify that they are indeed humans in some very horrible way

Re: [squid-users] Google Captcha, can something be done to help it with squid?

ailto:squid-users-boun...@lists.squid-cache.org] On > Behalf Of Yuri Voinov > Sent: Monday, April 3, 2017 10:51 PM > To: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] Google Captcha, can something be done to help it > with squid? > > I guess an iss

Re: [squid-users] Howto fix X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY Squid error

I would not install intermediate certificates in the system store. They have a much shorter validity period - this time, and two - there is a SQUID functionality that supports adding missing intermediate certificates from a separate file. For security reasons, intermediate certificates require addi

Re: [squid-users] Howto fix X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY Squid error

# TAG: sslproxy_foreign_intermediate_certs #Many origin servers fail to send their full server certificate #chain for verification, assuming the client already has or can #easily locate any missing intermediate certificates. # #Squid uses the certificates from the specified file to

Re: [squid-users] Howto fix X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY Squid error

;-) No problem, Raf. This is really much better solution ;-) 07.04.2017 22:44, Rafael Akchurin пишет: > Hello Yuri, > > Yes this is much better solution! > > Best regards, > Rafael Akchurin > > Op 7 apr. 2017 om 18:20 heeft Yuri Voinov <mailto:yvoi...@gmail.co

Re: [squid-users] [squid-dev] [RFC] Changes to http_access defaults

13.04.2017 21:14, Dan Purgert пишет: > Quoting Alex Rousskov : > >> On 04/12/2017 12:16 PM, Amos Jeffries wrote: >> >>> Changes to http_access defaults >> >> Clearly stating what you are trying to accomplish with these changes may >> help others evaluate your proposal. Your initial email focuses

Re: [squid-users] HTTPS woes

13.04.2017 22:57, Olly Lennox пишет: > Hi There, > > I've been battling for the last few days on a little project to setup a > Raspberry PI device as a small parental blocking server. I've managed to > configure the device to work as a transparent proxy using squid which is > assigned as the d

Re: [squid-users] HTTPS woes

You talked about two different things. 1. root CA usually built-in in clients. For standalone use, root CA (from Mozilla) usually distributes with openssl distributions. If you need (or your openssl distribution does not contains root CAs), you can find separately distributed Mozilla CA's by short

Re: [squid-users] HTTPS woes

t; seem to be working which is all we need. How often do these > certificates refresh? Would they need updating every month or so? > > oli...@lennox-it.uk > lennox-it.uk <http://lennox-it.uk/> > tel: 07900 648 252 > > > ---

Re: [squid-users] ssl bump and chrome 58

I see no problem with it on all five SSL Bump-aware servers with new Chrome. So fare so good. 21.04.2017 18:29, Marko Cupać пишет: > Hi, > > I have squid setup with ssl bump which worked fine, but since I updated > chrome to 58 it won't display any https sites, throwing > NTT:ERR_CERT_COMMON_NAME

Re: [squid-users] Huge memory required for squid 3.5

Seriously? 2 Gb RAM for default CA?! 25.04.2017 20:45, Amos Jeffries пишет: > On 25/04/17 00:40, Nil Nik wrote: >> Hello, >> >> I am using squid 3.5.23, with heavy HTTPS load squid using almost 2GB >> of memory. I want to restrict this usages to maximum to 1 GB. This >> high usages seems due to s

Re: [squid-users] Huge memory required for squid 3.5

Ah, shi (goes to set flag) 26.04.2017 4:29, Amos Jeffries пишет: > On 26/04/17 09:58, Yuri Voinov wrote: >> >> Seriously? 2 Gb RAM for default CA?! >> >> > > 600 (number of default CAs) x 2048 (minimum size of CA cert) -> ~1 MB > > All it would

Re: [squid-users] Huge memory required for squid 3.5

Ok, but how NO_DEFAULT_CA should help with this? 26.04.2017 4:29, Amos Jeffries пишет: > On 26/04/17 09:58, Yuri Voinov wrote: >> >> Seriously? 2 Gb RAM for default CA?! >> >> > > 600 (number of default CAs) x 2048 (minimum size of CA cert) -> ~1 MB > &g

Re: [squid-users] Huge memory required for squid 3.5

Amos, stupid question. Why sessions can't share CA's data cached in memory? shared_ptr invented already. This is openssl issue or squid's? 26.04.2017 9:08, Amos Jeffries пишет: > On 26/04/17 10:53, Yuri Voinov wrote: >> Ok, but how NO_DEFAULT_CA should help with this?

  1   2   3   4   5   6   7   8   9   10   >