On 13/12/2011 8:48 p.m., Saleh Madi wrote:
Thanks Amos for your good work, from squid-3.2.0.13 and squid-3.2.0.14
version we facing a big problem with SECURITY ALERT: By user agent and
SECURITY ALERT: on URL the squid box and the clients using the same DNS
servers, what mean flags=33 and flags=17
I use linux policy based routing.
Example: linux pppoe server have tow interfaces one interface connected
with the main linux router the other interface connected with squid box
and I redirect all http traffic form the pppoe server via "policy based
routing" to the squid box.
Note: the pppoe serve
tis 2011-12-13 klockan 22:59 +1300 skrev Amos Jeffries:
> Squid has resolved the domain name (www.facebook.com) the client
> (10.0.2.45) was supposedly contacting and determined that the IP
> (66.220.147.33) the packet was going to does not belong to that domain name.
>
> Details about the aler
tis 2011-12-13 klockan 12:59 +0200 skrev Saleh Madi:
> Dos the policy based routing make the "Host header forgery detected" problem.
All forms of interception runs into this.
The best cure is to get the browser configured to use the proxy. This
avoids the issue entirely.
See WPAD for one way to
Thanks Henrik for your reply, but when you have 1000 clients , its
difficult to lit all clients to configure there browser with proxy, I
think the redirect rule via policy based routing or other redirect method
is easy than the configuration of the client bowser , have you any idea
what the best
Il 13/12/2011 13:14, Saleh Madi ha scritto:
> Thanks Henrik for your reply, but when you have 1000 clients , its
> difficult to lit all clients to configure there browser with proxy, I
> think the redirect rule via policy based routing or other redirect method
> is easy than the configuration of t
Hi,
The problem:
after successful tests with a self-signed cert for sslbump, the idea
is to use a "real" cert signed by a CA know in common browsers. Such a
cert has a hierarchy "chain", i.e. the proxy cert is signed by a
official CA, which is signed by a CA who's keys is in browsers.
Support fo
Thanks Marcello for your reply, we have linux pppoe server work for 1000
clients , how I can use the WPAD (web proxy autodiscovery protocol) for
them.
Thanks and Best Regards,
Saleh
> Il 13/12/2011 13:14, Saleh Madi ha scritto:
>> Thanks Henrik for your reply, but when you have 1000 clients , its
Hello,
I've configured squid 3.1.16 to use the icap reqmod and my icap virus
scanner scans the trafic.
When my icap virusscanner founds a virus it returns an empty page with
HTTP 403 statuscode like (from wireshark):
--snip--
ICAP/1.0 403 Forbidden
Server: Avira-WebGate/3.2.0
ISTag: "0302-08
Hello,
I wish to limit the bandwidth like this
1) Limit 64000 by user for objects more big than 30 ko
2) Limit global bandwidth to 1625000 - 13MB -
I tried this configuration
acl myusers src 10.0.0.0/8
acl proto-pool port 80 81 21
delay_pools 2
delay_class 1 2
delay_parameters 1 -1/-1 64000/3
Il 13/12/2011 13:53, Saleh Madi ha scritto:
> Thanks Marcello for your reply, we have linux pppoe server work for 1000
> clients , how I can use the WPAD (web proxy autodiscovery protocol) for
> them.
>
> Thanks and Best Regards,
> Saleh
>
>> Il 13/12/2011 13:14, Saleh Madi ha scritto:
>>> Thanks
why dont you use the interception\transparent mode instead of TPROXY?
for your setup it seems just the perfect idea.
i'm using a range setup like this:
-A PREROUTING -p tcp -m tcp -m iprange ! -d 192.168.0.0/16 -i eth1
--dport 80 -j REDIRECT --to-ports 3128 --src-range
192.168.0.0-192.168.0.190
On 13/12/2011 00:15, Markus Moeller wrote:
Hi Emmanuel,
I did not do any performance testing, so I don't know.
ok, I'll let you informed when I put this on production servers ;)
Dear
I would like to connect my squid 3.2 to the Active Directory 2003
All Kerberos settings should working
# /usr/bin/kinit administrat...@maison.touzeau.biz -V 2>&1
Password for administrat...@maison.touzeau.biz:
Authenticated to Kerberos v5
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Defa
Hi,
I configured 4 cache_dir in squid.conf
cache_dir aufs /c1 75776 64 512
cache_dir aufs /c2 102400 64 512
cache_dir aufs /c3 102400 64 512
cache_dir aufs /c4 102400 64 512
But when i check df -kh on server, i got
/dev/sda4 99G 189M 94G 1% /c1
/dev/sdb1 135G 17
Hi,
When i run squidclient mgr:info
squidclient mgr:info
HTTP/1.0 200 OK
Server: squid
Mime-Version: 1.0
Date: Tue, 13 Dec 2011 17:37:47 GMT <
Content-Type: text/plain
Expires: Tue, 13 Dec 2011 17:37:47 GMT <-
Last-Modified: Tue, 13 Dec 2011 17:37:47 GMT <--
Video streaming on this site
http://www.echo.msk.ru/blog/video/838893-echo/ not working. I am not
sure if it has anything to do with it, but I am using ssl bump.
The squid version is 3.1.16. Squidclamav version is 6.4. c-icap
version is 0.1.7
1323811211.100369 192.168.3.210 TCP_MISS/304 2
On Tue, 13 Dec 2011 14:12:34 +0100, Dieter Bloms wrote:
Hello,
I've configured squid 3.1.16 to use the icap reqmod and my icap virus
scanner scans the trafic.
When my icap virusscanner founds a virus it returns an empty page
with
HTTP 403 statuscode like (from wireshark):
--snip--
ICAP/1.0 4
On Tue, 13 Dec 2011 16:20:57 +0200, Eliezer Croitoru wrote:
why dont you use the interception\transparent mode instead of TPROXY?
for your setup it seems just the perfect idea.
i'm using a range setup like this:
-A PREROUTING -p tcp -m tcp -m iprange ! -d 192.168.0.0/16 -i eth1
--dport 80 -j REDI
On Tue, 13 Dec 2011 18:27:00 +0100, David Touzeau wrote:
Dear
I would like to connect my squid 3.2 to the Active Directory 2003
All Kerberos settings should working
# /usr/bin/kinit administrat...@maison.touzeau.biz -V 2>&1
Password for administrat...@maison.touzeau.biz:
Authenticated to Kerbe
On Tue, 13 Dec 2011 23:14:48 +0530, Benjamin wrote:
Hi,
When i run squidclient mgr:info
squidclient mgr:info
HTTP/1.0 200 OK
Server: squid
Mime-Version: 1.0
Date: Tue, 13 Dec 2011 17:37:47 GMT <
Notice how the timezone here is *GMT*. Also known as "international
standard time",
Thank you :-)
"Emmanuel Lacour" wrote in message
news:4ee76014.5010...@easter-eggs.com...
On 13/12/2011 00:15, Markus Moeller wrote:
Hi Emmanuel,
I did not do any performance testing, so I don't know.
ok, I'll let you informed when I put this on production servers ;)
On Tue, 13 Dec 2011 16:49:02 -0500, Roman Gelfand wrote:
Video streaming on this site
http://www.echo.msk.ru/blog/video/838893-echo/ not working. I am not
sure if it has anything to do with it, but I am using ssl bump.
The squid version is 3.1.16. Squidclamav version is 6.4. c-icap
version i
On Tue, 13 Dec 2011 22:58:00 +0530, Benjamin wrote:
Hi,
I configured 4 cache_dir in squid.conf
cache_dir aufs /c1 75776 64 512
cache_dir aufs /c2 102400 64 512
cache_dir aufs /c3 102400 64 512
cache_dir aufs /c4 102400 64 512
But when i check df -kh on server, i got
/dev/sda4 99G
On Tue, 13 Dec 2011 14:12:48 +0100 (CET), FredB wrote:
Hello,
I wish to limit the bandwidth like this
1) Limit 64000 by user for objects more big than 30 ko
2) Limit global bandwidth to 1625000 - 13MB -
I tried this configuration
acl myusers src 10.0.0.0/8
acl proto-pool port 80 81 21
delay_
Le mercredi 14 décembre 2011 à 10:41 +1300, Amos Jeffries a écrit :
> On Tue, 13 Dec 2011 18:27:00 +0100, David Touzeau wrote:
> > Dear
> >
> > I would like to connect my squid 3.2 to the Active Directory 2003
> >
> > All Kerberos settings should working
> >
> > # /usr/bin/kinit administrat...@mais
Actually, I didn't see this at first, but it looks like the issue is
with the squidguard. I realize this is not squidguard forum, but if
you know a way to solve this I would appreciate it.
2011-12-13 20:38:22 [3699] WARN: Possible bypass attempt. Found
multiple slashes where only one is expected:
No, squidguard doesn't seem to be the problem as when I remove
squidguard out of the picture the problem is still there.
Any ideas.
Thanks
On Tue, Dec 13, 2011 at 8:48 PM, Roman Gelfand wrote:
> Actually, I didn't see this at first, but it looks like the issue is
> with the squidguard. I reali
28 matches
Mail list logo