Re: [squid-users] Squid 3.5.21 ssl bump and x-forward

2016-12-14 Thread FredB 
If really needed, there is a patch here 
http://bugs.squid-cache.org/show_bug.cgi?id=3792
But as Amos said this patch is incomplete the CONNECT XFF header contents 
should also be added to the bumped request

Fred
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid 3.5.21 ssl bump and x-forward

2016-11-30 Thread FredB 

> 
> I have the same issue and racked my brain trying to find a solution.
> Now, I
> see there is no solution for this yet.
> 
> I would appreciate so much if this feature were made available in the
> future.
> 
> Eduardo Carneiro
> 
> 

Yes http://bugs.squid-cache.org/show_bug.cgi?id=4607
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid 3.5.21 ssl bump and x-forward

2016-11-29 Thread Eduardo Carneiro 
Amos Jeffries wrote
>>>
>> 
>> 
>> Ok thank you, there is a plan to add this ? Without identification we are
>> in the fog all bumped requests are only recorded with 127.0.0.1
>> 
> 
> Eventually, yes. I'm not aware of anyone actually working on it at
> present though.
> 
> Amos
> 
> ___
> squid-users mailing list

> squid-users@.squid-cache

> http://lists.squid-cache.org/listinfo/squid-users

I have the same issue and racked my brain trying to find a solution. Now, I
see there is no solution for this yet. 

I would appreciate so much if this feature were made available in the
future. 

Eduardo Carneiro




--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-3-5-21-ssl-bump-and-x-forward-tp4679521p4680697.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid 3.5.21 ssl bump and x-forward

2016-09-15 Thread Amos Jeffries 
On 15/09/2016 10:54 p.m., FredB wrote:
> 
>>
>> Above are bumped requests sent inside the tunnel. Proxy #1 did not
>> interact with them, so it has no way to add XFF headers.
>>
>> The SSL-Bump logic does not yet store some things like indirect
>> client
>> IP and associate them with the bumped requests.
>>
>> Amos
>>
> 
> 
> Ok thank you, there is a plan to add this ? Without identification we are in 
> the fog all bumped requests are only recorded with 127.0.0.1
> 

Eventually, yes. I'm not aware of anyone actually working on it at
present though.

Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid 3.5.21 ssl bump and x-forward

2016-09-15 Thread FredB 

> 
> Above are bumped requests sent inside the tunnel. Proxy #1 did not
> interact with them, so it has no way to add XFF headers.
> 
> The SSL-Bump logic does not yet store some things like indirect
> client
> IP and associate them with the bumped requests.
> 
> Amos
> 


Ok thank you, there is a plan to add this ? Without identification we are in 
the fog all bumped requests are only recorded with 127.0.0.1

Fred
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid 3.5.21 ssl bump and x-forward

2016-09-15 Thread Amos Jeffries 
On 15/09/2016 8:53 p.m., FredB wrote:
> Hello,
> 
> I'm testing SSlBump and it works good, however I'm seeing something strange 
> with two proxies and x-forwarded enabled to the first, some requests are 
> wrote with the first proxy address. 
> 
> user -> squid (fowarded_for on) -> squid (follow_x_forwarded_for allow all) 
> -> Net 
> 
> Here log from the second squids, on same server, (same result when there are 
> separate 127.0.0.1 = IP FIRST SQUID) 
> 
> 10.x.x.x.x - myaccount [15/Sep/2016:09:40:07 +0200] "CONNECT 
> www.google.fr:443 HTTP/1.0" 200 0 440 TAG_NONE:HIER_NONE "Mozilla/5.0 
> (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0" 
> 10.x.x.x.x - myaccount [15/Sep/2016:09:40:07 +0200] "GET 
> http://www.google.fr/ HTTP/1.0" 302 643 1575 TCP_MISS:HIER_DIRECT 
> "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0" 
> 10.x.x.x.x - myaccount [15/Sep/2016:09:40:07 +0200] "CONNECT 
> www.google.fr:443 HTTP/1.0" 200 0 440 TAG_NONE:HIER_NONE "Mozilla/5.0 
> (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0" 

Above are HTTP requests sent from proxy #1 to proxy #2.

> 127.0.0.1 - myaccount [15/Sep/2016:09:40:07 +0200] "POST 
> https://www.google.fr/gen_204?atyp=i&ct=slh&cad=&ei=EVDaV-rAOcS7adLmucAF&s=3&v=2&pv=0.19272099408438004&me=4:1473925301533,e,U&zx=1473925301536
>  HTTP/1.1" 204 401 1571 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; 
> rv:48.0) Gecko/20100101 Firefox/48.0" 
> 127.0.0.1 - myaccount [15/Sep/2016:09:40:08 +0200] "GET 
> https://www.google.fr/?gws_rd=ssl HTTP/1.1" 200 61953 1387 
> TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 
> Firefox/48.0" 
> 127.0.0.1 - myaccount [15/Sep/2016:09:40:08 +0200] "POST 
> https://www.google.fr/gen_204?atyp=i&ct=slh&cad=&ei=EVDaV-rAOcS7adLmucAF&s=4&v=2&pv=0.19272099408438004&me=5:1473925302218,e,H&zx=1473925302220
>  HTTP/1.1" 204 401 1571 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; 
> rv:48.0) Gecko/20100101 Firefox/48.0" 
> 127.0.0.1 - myaccount [15/Sep/2016:09:40:08 +0200] "GET 
> https://www.google.fr/complete/search?sclient=psy-ab&site=&source=hp&q=&oq=&gs_l=&pbx=1&bav=on.2,or.r_cp.&fp=1&biw=995&bih=554&dpr=1.25&pf=p&gs_rn=64&gs_ri=psy-ab&tok=yZHeL-_L5Be_JazeSm0Mtg&cp=0&gs_id=0&xhr=t&tch=1&ech=1&psi=tVDaV7_DMsXqauCygeAF.1473925302436.1
>  HTTP/1.1" 200 913 1618 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; 
> rv:48.0) Gecko/20100101 Firefox/48.0" 
> 127.0.0.1 - myaccount [15/Sep/2016:09:40:08 +0200] "GET 
> https://www.google.fr/gen_204?v=3&s=webhp&atyp=csi&ei=tVDaV7_DMsXqauCygeAF&imc=2&imn=2&imp=0&adh=&xjs=init.26.20.sb.18.p.3.jsa.1.abd.1.foot.1&ima=0&rt=xjsls.21,prt.41,iml.41,dcl.82,xjses.124,jraids.149,jraide.153,xjsee.185,xjs.185,ol.217,aft.41,wsrt.748,cst.1,dnst.0,rqst.522,rspt.533,rqstt.161,unt.143,cstt.144,dit.816
>  HTTP/1.1" 204 401 1616 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; 
> rv:48.0) Gecko/20100101 Firefox/48.0" 

Above are bumped requests sent inside the tunnel. Proxy #1 did not
interact with them, so it has no way to add XFF headers.

The SSL-Bump logic does not yet store some things like indirect client
IP and associate them with the bumped requests.

Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Squid 3.5.21 ssl bump and x-forward

2016-09-15 Thread FredB 
Hello,

I'm testing SSlBump and it works good, however I'm seeing something strange 
with two proxies and x-forwarded enabled to the first, some requests are wrote 
with the first proxy address. 

user -> squid (fowarded_for on) -> squid (follow_x_forwarded_for allow all) -> 
Net 

Here log from the second squids, on same server, (same result when there are 
separate 127.0.0.1 = IP FIRST SQUID) 

10.x.x.x.x - myaccount [15/Sep/2016:09:40:07 +0200] "CONNECT www.google.fr:443 
HTTP/1.0" 200 0 440 TAG_NONE:HIER_NONE "Mozilla/5.0 (Windows NT 6.1; rv:48.0) 
Gecko/20100101 Firefox/48.0" 
10.x.x.x.x - myaccount [15/Sep/2016:09:40:07 +0200] "GET http://www.google.fr/ 
HTTP/1.0" 302 643 1575 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; 
rv:48.0) Gecko/20100101 Firefox/48.0" 
10.x.x.x.x - myaccount [15/Sep/2016:09:40:07 +0200] "CONNECT www.google.fr:443 
HTTP/1.0" 200 0 440 TAG_NONE:HIER_NONE "Mozilla/5.0 (Windows NT 6.1; rv:48.0) 
Gecko/20100101 Firefox/48.0" 
127.0.0.1 - myaccount [15/Sep/2016:09:40:07 +0200] "POST 
https://www.google.fr/gen_204?atyp=i&ct=slh&cad=&ei=EVDaV-rAOcS7adLmucAF&s=3&v=2&pv=0.19272099408438004&me=4:1473925301533,e,U&zx=1473925301536
 HTTP/1.1" 204 401 1571 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; 
rv:48.0) Gecko/20100101 Firefox/48.0" 
127.0.0.1 - myaccount [15/Sep/2016:09:40:08 +0200] "GET 
https://www.google.fr/?gws_rd=ssl HTTP/1.1" 200 61953 1387 TCP_MISS:HIER_DIRECT 
"Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0" 
127.0.0.1 - myaccount [15/Sep/2016:09:40:08 +0200] "POST 
https://www.google.fr/gen_204?atyp=i&ct=slh&cad=&ei=EVDaV-rAOcS7adLmucAF&s=4&v=2&pv=0.19272099408438004&me=5:1473925302218,e,H&zx=1473925302220
 HTTP/1.1" 204 401 1571 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; 
rv:48.0) Gecko/20100101 Firefox/48.0" 
127.0.0.1 - myaccount [15/Sep/2016:09:40:08 +0200] "GET 
https://www.google.fr/complete/search?sclient=psy-ab&site=&source=hp&q=&oq=&gs_l=&pbx=1&bav=on.2,or.r_cp.&fp=1&biw=995&bih=554&dpr=1.25&pf=p&gs_rn=64&gs_ri=psy-ab&tok=yZHeL-_L5Be_JazeSm0Mtg&cp=0&gs_id=0&xhr=t&tch=1&ech=1&psi=tVDaV7_DMsXqauCygeAF.1473925302436.1
 HTTP/1.1" 200 913 1618 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; 
rv:48.0) Gecko/20100101 Firefox/48.0" 
127.0.0.1 - myaccount [15/Sep/2016:09:40:08 +0200] "GET 
https://www.google.fr/gen_204?v=3&s=webhp&atyp=csi&ei=tVDaV7_DMsXqauCygeAF&imc=2&imn=2&imp=0&adh=&xjs=init.26.20.sb.18.p.3.jsa.1.abd.1.foot.1&ima=0&rt=xjsls.21,prt.41,iml.41,dcl.82,xjses.124,jraids.149,jraide.153,xjsee.185,xjs.185,ol.217,aft.41,wsrt.748,cst.1,dnst.0,rqst.522,rspt.533,rqstt.161,unt.143,cstt.144,dit.816
 HTTP/1.1" 204 401 1616 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; 
rv:48.0) Gecko/20100101 Firefox/48.0" 
10.x.x.x.x - myaccount [15/Sep/2016:09:40:08 +0200] "CONNECT 
plus.google.com:443 HTTP/1.0" 200 0 446 TAG_NONE:HIER_NONE "Mozilla/5.0 
(Windows NT 6.1; rv:48.0) Gecko/20100101 Firefox/48.0" 
127.0.0.1 - myaccount [15/Sep/2016:09:40:08 +0200] "POST 
https://plus.google.com/u/0/_/n/gcosuc HTTP/1.1" 200 862 1388 
TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; rv:48.0) Gecko/20100101 
Firefox/48.0" 
10.x.x.x.x - myaccount [15/Sep/2016:09:40:18 +0200] "CONNECT 
p5-d67enuz43bu7a-hck6hyjacaic2rnf-280807-i1-v6exp3-v4.metric.gstatic.com:443 
HTTP/1.0" 200 0 617 TAG_NONE:HIER_NONE "Mozilla/5.0 (Windows NT 6.1; rv:48.0) 
Gecko/20100101 Firefox/48.0" 
10.x.x.x.x - myaccount [15/Sep/2016:09:40:18 +0200] "CONNECT 
p5-d67enuz43bu7a-hck6hyjacaic2rnf-280807-i2-v6exp3-ds.metric.gstatic.com:443 
HTTP/1.0" 200 0 617 TAG_NONE:HIER_NONE "Mozilla/5.0 (Windows NT 6.1; rv:48.0) 
Gecko/20100101 Firefox/48.0" 
127.0.0.1 - myaccount [15/Sep/2016:09:40:18 +0200] "GET 
https://p5-d67enuz43bu7a-hck6hyjacaic2rnf-280807-i2-v6exp3-ds.metric.gstatic.com/v6exp3/6.gif
 HTTP/1.1" 200 1214 702 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; 
rv:48.0) Gecko/20100101 Firefox/48.0" 
127.0.0.1 - myaccount [15/Sep/2016:09:40:18 +0200] "GET 
https://p5-d67enuz43bu7a-hck6hyjacaic2rnf-280807-i1-v6exp3-v4.metric.gstatic.com/v6exp3/6.gif
 HTTP/1.1" 200 1214 702 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; 
rv:48.0) Gecko/20100101 Firefox/48.0" 
10.x.x.x.x - myaccount [15/Sep/2016:09:40:48 +0200] "CONNECT 
p5-d67enuz43bu7a-hck6hyjacaic2rnf-280807-s1-v6exp3-v4.metric.gstatic.com:443 
HTTP/1.0" 200 0 617 TAG_NONE:HIER_NONE "Mozilla/5.0 (Windows NT 6.1; rv:48.0) 
Gecko/20100101 Firefox/48.0" 
127.0.0.1 - myaccount [15/Sep/2016:09:40:48 +0200] "GET 
https://p5-d67enuz43bu7a-hck6hyjacaic2rnf-280807-s1-v6exp3-v4.metric.gstatic.com/gen_204?ipv6exp=3&sentinel=1&v4_img_dt=270&ds_img_dt=253
 HTTP/1.1" 204 1393 601 TCP_MISS:HIER_DIRECT "Mozilla/5.0 (Windows NT 6.1; 
rv:48.0) Gecko/20100101 Firefox/48.0" 

Fred

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users