Ahh.. on my backup proxy in which I allow that subnet I was again on attack
but this time on the squid version is 3.4.5.
Squid Cache: Version 3.4.5
configure options: '--build=x86_64-unknown-linux-gnu'
'--host=x86_64-unknown-linux-gnu' '--target=x86_64-redhat-linux-gnu'
'--program-prefix='
On May 26, 2014, at 2:34 AM, Amos Jeffries squ...@treenet.co.nz wrote:
On 26/05/2014 1:42 p.m., jeffrey j donovan wrote:
Greetings,
squid 3.3.8 intercept ssl bump connecting to Facebook is returning an ipv6
address . chrome refuses , safari ssl bump happens the cert can be saved.
the
I was wondering about very few HITs in this squid installation, and did some
checking:
access.log:
1401203150.334 1604 10.1.10.121 TCP_MISS/200 718707 GET
http://l5.yimg.com/av/moneyball/ads/0-1399331780-5313.jpg -
ORIGINAL_DST/66.196.65.174 image/jpeg
1401203186.100 1327 10.1.10.121
Hi there,
My boss give me a certificate purchased from Godaddy to intercept HTTPS request.
squid.conf :
http_port 3127 transparent
http_port 3128
https_port 3129 transparent ssl-bump cert=/etc/ssl/myGodaddyCertif.crt
sslproxy_capath /etc/ssl/certs
When i restart squid i have an error :
ERROR:
Hi there,
My boss give me a certificate purchased from Godaddy to intercept HTTPS request.
squid.conf :
http_port 3127 transparent
http_port 3128
https_port 3129 transparent ssl-bump cert=/etc/ssl/myGodaddyCertif.crt
sslproxy_capath /etc/ssl/certs
When i restart squid i have an error :
ERROR:
Hi,
You can't possibly do this. To ssl-bump you need access to a private key
to sign the certs you offer to clients. Not in a million years is a
Commercial CA going to give you their private key. Such a key can sign
any certificate which would then be trusted by any software that
includes
Hi,
Mistake in my post: should be:
and jump through many hoops you will *NOT* get a subordinate signing
key from a reputable commercial CA.
Otherwise, the internet and SSL would already be more borken than it
is right now ;-)
Alex
On 27/05/14 19:13, Antoine Klein wrote:
Hi there,
My
Hi babajaga,
You can add 'debug_options 20,9 27,9 31,9 70,9 82,9 22,9 84,9 90,9' to
your squid config to debug caching issues.
Search through log for string that contains 'NO' (in uppercase). This
string should explain why squid made decision not to cache http response.
Best wishes,
Pavel
Thanx, you are the man !
Problem was here in squid.conf:
maximum_object_size_in_memory
Default is 500 kB, which is too small.
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Why-not-cached-tp4666117p4666123.html
Sent from the Squid - Users mailing list
On 05/27/2014 09:13 PM, Antoine Klein wrote:
My boss give me a certificate purchased from Godaddy to intercept HTTPS request.
Do you need it for a reverse proxy by any chance or bumping legit ssl
connections?
I am not sure you know that but I asked anyway.
Eliezer
I want to bump ssl connections, but without produce a warning of course.
I read it is possible to generate a request of certification with a
key and send this file to an authority to sign it, do you know that ?
2014-05-27 16:08 GMT-04:00 Eliezer Croitoru elie...@ngtech.co.il:
On 05/27/2014
On 05/27/2014 11:19 PM, Antoine Klein wrote:
I want to bump ssl connections, but without produce a warning of course.
I read it is possible to generate a request of certification with a
key and send this file to an authority to sign it, do you know that ?
If indeed you where an authority I
On 28/05/2014 8:19 a.m., Antoine Klein wrote:
I want to bump ssl connections, but without produce a warning of course.
I read it is possible to generate a request of certification with a
key and send this file to an authority to sign it, do you know that ?
Having your cert signed by a widely
13 matches
Mail list logo