Hey Martin,
I just opened a bug-report on a similar issue which there is a
possibility that this is a duplicate of yours.
http://bugs.squid-cache.org/show_bug.cgi?id=4083
I have a tiny reverse proxy server with no Vary used at all on it.
I am using squid 3.4.5-2 on it(my RPM).
I did noticed
How do I get svn+http working through squid? I've already got the svn
prereq of ~/.subversion/servers http-proxy-host/port
But I haven't been able to find a modern doc describing how to make
squid handle the requests. I tried:
acl CONNECT method GET POST HEAD CONNECT PROFIND PROPATCH PATCH
But
The basic connection stats are in the mgr:info:
File descriptor usage for squid:
Maximum number of file descriptors: 65536
Largest file desc currently in use: 1351
Number of file desc currently in use: 249
Files queued for open: 0
It is not true that IOS and others do not support authentication.
They do.
And in a case you want to use another authentication method you can use
such as Radius for WIFI and if not then Radius tokens which will
whitelist the originating IP.
It is not recommended in many environments but it's
What OS are you using?
Did you had the chance of looking at:
http://wiki.squid-cache.org/ConfigExamples/UbuntuTproxy4Wccp2
Eliezer
On 07/11/2014 07:09 AM, johnzeng wrote: Hello Dear Everyone:
i config wccp mode recently , but i found http request don't succeed
to be sent via gre tunnel at
No, we use our own compiled/rpmified version.
Note that we have a Perf environment, where we could test it, but I fear it
might be quite hard to reproduce it in non-production like-circumstances
(possibly forced disconnects,...)
And I believe it requires lots of requests to see the behavior
On 07/11/2014 09:30 AM, Eliezer Croitoru wrote:
Hey Martin,
I just opened a bug-report on a similar issue which there is a
possibility that this is a duplicate of yours.
http://bugs.squid-cache.org/show_bug.cgi?id=4083
Sorry the wrong bugzilla, here the real one:
Thanks for the reply everyone, I was trying to implement this in my squid.conf
but 1) squid fails to restart 2)if it starts, no webpage will load.
I even tried to paste only the akamaihd\.net\/battlelog\/background-videos\/ in
my “adserver” file as well but no dice.
Here is my (working)
It is not true that IOS and others do not support authentication.
They do.
I think, this is not the point. As the starter of the thread wrote:
...makes it possible to proxy a lot of MOBILE APPS on ios devices and
android which don't support traditional proxy authentication.
Many APPs are not
On 07/11/2014 10:54 AM, babajaga wrote:
But I would like to know, what is the reason for proxying the APPS ? And
would caching of their http-data (if any !) really make sense ?
In the case which it uses Ads, images or text which is the same each and
every time coming from the same url..
Then
No, that's not how this proxying service work. You have to enter the correct
combination of hostname and port number to get access. Everytime i use a new
account to try their service, i get a new proxy address
(eg,3121212.proxy.com) and a port number(in the range of 3). it's not
the listening
Pls, publish your complete non-working squid.conf
OR
at least the part invoking your
/etc/squid3/adservers
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Blocking-spesific-url-tp4666791p4666836.html
Sent from the Squid - Users mailing list archive at
the reason is to bypass the GFW. many well-known global sites are blocked
here, including various google services. While VPN is a solution, i found
proxying is more convenient for ordinary user.
--
View this message in context:
On 11/07/2014 6:54 p.m., shawn wilson wrote:
How do I get svn+http working through squid? I've already got the svn
prereq of ~/.subversion/servers http-proxy-host/port
But I haven't been able to find a modern doc describing how to make
squid handle the requests. I tried:
acl CONNECT method
Having some issues replying to the thread, thought I had pasted both already.
Anyway, here goes.
Here is my (working) squid.conf without the acl.
http_port 192.168.0.1:3128 transparent
#Block
acl ads dstdom_regex -i /etc/squid3/adservers
http_access deny ads
acl LAN src 192.168.0.0/24
On 11/07/2014 7:50 p.m., Andreas Westvik wrote:
Thanks for the reply everyone, I was trying to implement this in my
squid.conf but 1) squid fails to restart 2)if it starts, no webpage will load.
I even tried to paste only the akamaihd\.net\/battlelog\/background-videos\/
in my “adserver”
Finally! :D
192.168.0.20 TCP_DENIED/403 3654 GET
http://eaassets-a.akamaihd.net/battlelog/background-videos/naval-mov.webm -
NONE/- text/html
Thanks everyone! :)
On 11 Jul 2014, at 10:47, Amos Jeffries squ...@treenet.co.nz wrote:
On 11/07/2014 7:50 p.m., Andreas Westvik wrote:
Thanks for
i get a new proxy address (eg,3121212.proxy.com) and a port number(in the
range of 3). it's not the listening port.
It is not their listening port ? I doubt it, how else could you use it ?
I can think about some type of DNS rotation, they use. When their proxy.com
at any time slot points to
Hi!
I've configured a squid version 3.HEAD-20140127-r13248 on centos (get
precompiled by http://ngtech.co.il/rpm/centos/6/$basearch) and i've
successfully configured it with basic LDAP authentication and groups
management.
It work as it should. If i add an user to a group it navigate, else it's
Don't jump fast towards what might be recognized pretty simply using
squid.conf output.
You can use http://www1.ngtech.co.il/squid/basic_data.sh to get
everything needed about your machine\setup.
Eliezer
On 07/11/2014 01:53 PM, masterx81 wrote:
What i can try to do?
Any help is much
I've got an error on
egrep: invalid option -- '^'
on squid.conf listing
I've fixed it simply putting a space after the -v parameter.
So, i'll attach the output.
Thanks!!
log.txt
http://squid-web-proxy-cache.1019090.n4.nabble.com/file/n4666847/log.txt
--
View this message in context:
babajaga wrote
It is not their listening port ? I doubt it, how else could you use it ?
i check the port using telnet and it is closed. i guess they employ iptables
to redirect a certain range of ports to a single port.
you are right that DNS rotation is involved, and all sub domains resolve
I need to add that i'm quite new on the squid (and, in general, linux) world,
so i'm sorry i'f i've done some strange things on the setup or if i don't
understand something at the first try
--
View this message in context:
Is it possible for squid to intercept and apply acl's to https without actually
decrypting and generating certificates etc? The conversation would go something
like:
. Client makes connection to IP 1.2.3.4
. Squid intercepts the connection (but doesn't respond yet)
. Squid connects to 1.2.3.4
Em 11/07/14 05:38, Andreas Westvik escreveu:
Here is my (working) squid.conf without the acl.
http_port 192.168.0.1:3128 transparent
#Block
acl ads dstdom_regex -i /etc/squid3/adservers
...
And here is the top of my /etc/squid3/adservers file
akamaihd\.net\/battlelog\/background-videos\/ —
Is it possible for squid to intercept and apply acl's to https without
actually
decrypting and generating certificates etc? The conversation would go
something like:
It actually almost works if I put a dummy cert on the https_port config line
with ssl-bump, but then use none for
On 12/07/2014 12:24 a.m., James Harper wrote:
Is it possible for squid to intercept and apply acl's to https
without actually decrypting and generating certificates etc? The
conversation would go something like:
It actually almost works if I put a dummy cert on the https_port
config
Unfortunately it seems to throw the details it gathered
away after checking what bump to use as all I get in there is the
destination IP. Logging %ssl::cert_subject just shows -.
http:/www.squid-cache.org/Doc/config/logformat/:
%ssl::cert_subject log the Subject field of a SSL
On Friday 11 July 2014 at 13:33:26, freefall12 wrote:
babajaga wrote
It is not their listening port ? I doubt it, how else could you use it ?
i check the port using telnet and it is closed. i guess they employ
iptables to redirect a certain range of ports to a single port.
It sounds to
Hello Dear Eliezer:
Thanks , i build squid2.7stable9 at ubuntu
and i prepare to realize wccp at http_port 3128 transparent( but this
is interception mode only ) at firep step.
second step is wccp at http_port 3128 transparent tproxy ( it will
is transparent mode ) .
although i search more
what about the unique proxy address? it seems to me it does play a role in
granting access. if i understand it correctly, the port knocking technique
works by sending a sequence of ports to get the server to execute a
predefined command but proxy client cannot do that.
--
View this message in
In case, the port knocking supervisor keeps track of the knocking IP, then
finally the real proxy port is opened ONLY for this knocking IP.
So, unless you know how the port knocking is done correctly, you will not be
granted access to the real proxy port.
Practically secure, in case
- check for
Hello,
I have squid 3.2 set up with SSL bumping and ICAP configured for reqmod and
respmod. From my ICAP client I am able to see the the request line (or
status line for REQMOD) and the HTTP headers. However, for HTTPS, I am
unable to see the payload in plain text. Basically when I try to read
I changed my iptables rule to
iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination
SQUIDIP:3128
doing a tail -f /var/log//squid/access.log, it seem like no http traffic
going through
the squid server at all.
--
View this message in context:
Hi Amos,
I configured my squid.conf to generate a second access log but using the
client request size (%st) in place of the response size (%st):
My goal was to use sarg to generate a report for upload sizes alongside
the standard report wich contains only download sizes.
after I uploaded
On 07/11/2014 05:43 AM, James Harper wrote:
Is it possible for squid to intercept and apply acl's to https
without actually decrypting and generating certificates etc? The
conversation would go something like:
. Client makes connection to IP 1.2.3.4
. Squid intercepts the connection (but
On 2014-07-11 10:14, Alex Rousskov wrote:
On 07/11/2014 05:43 AM, James Harper wrote:
Is it possible for squid to intercept and apply acl's to https
without actually decrypting and generating certificates etc? The
conversation would go something like:
. Client makes connection to IP 1.2.3.4
On 07/11/2014 10:18 AM, James Lay wrote:
On 2014-07-11 10:14, Alex Rousskov wrote:
On 07/11/2014 05:43 AM, James Harper wrote:
Is it possible for squid to intercept and apply acl's to https
without actually decrypting and generating certificates etc? The
conversation would go something like:
On 2014-07-11 15:05, Alex Rousskov wrote:
On 07/11/2014 10:18 AM, James Lay wrote:
On 2014-07-11 10:14, Alex Rousskov wrote:
On 07/11/2014 05:43 AM, James Harper wrote:
Is it possible for squid to intercept and apply acl's to https
without actually decrypting and generating certificates etc?
Alex.
Ok last questionwho do I get compile bugs to:
make[3]: Entering directory
`/home/jlay/peek-splice/peek-and-splice/src/acl'
/bin/bash ../../libtool --tag=CXX --mode=compile g++ -DHAVE_CONFIG_H
-I../.. -I../../include -I../../lib -I../../src -I../../include
-Wall
I believe the above is one of the use cases that SSL Peek and Splice
project aims to address. Look for step2 peek and terminate actions
specifically:
http://wiki.squid-cache.org/Features/SslPeekAndSplice
Awesome. I'll try it out once it's in the official branch.
Thanks
James
Hi,
We just installed a new Squid 3.4.6 on another machine, and to the
best of our knowledge, we followed every step that we did in our other
machine.
When we run Squid with the -N option, everything works perfectly.
The Store Directory Stats are here:
http://pastebin.com/Bcu97ah4
However,
On 12/07/2014 2:10 a.m., johnzeng wrote:
Hello Dear Eliezer:
Thanks , i build squid2.7stable9 at ubuntu
and i prepare to realize wccp at http_port 3128 transparent( but this
is interception mode only ) at firep step.
second step is wccp at http_port 3128 transparent tproxy ( it will
On 12/07/2014 4:03 a.m., Fernando Lozano wrote:
Hi Amos,
I configured my squid.conf to generate a second access log but using the
client request size (%st) in place of the response size (%st):
My goal was to use sarg to generate a report for upload sizes alongside
the standard report wich
On 12/07/2014 1:04 p.m., James Harper wrote:
I believe the above is one of the use cases that SSL Peek and Splice
project aims to address. Look for step2 peek and terminate actions
specifically:
http://wiki.squid-cache.org/Features/SslPeekAndSplice
Awesome. I'll try it out once it's in
On 12/07/2014 1:23 p.m., Nyamul Hassan wrote:
Hi,
We just installed a new Squid 3.4.6 on another machine, and to the
best of our knowledge, we followed every step that we did in our other
machine.
When we run Squid with the -N option, everything works perfectly.
The Store Directory Stats
Hi,
Is that out to the client?
or out to the server?
or both (when out means servicing clients over the same NIC)?
Both, only one NIC.
Then you are not able to distinguish outbound to client and outboud to
server.
That's right.
You would be better off using %st for logging the sizes.
On 07/11/2014 07:53 PM, Amos Jeffries wrote:
On 12/07/2014 1:04 p.m., James Harper wrote:
I believe the above is one of the use cases that SSL Peek and Splice
project aims to address. Look for step2 peek and terminate actions
specifically:
On 07/11/2014 05:47 PM, James Lay wrote:
On Fri, 2014-07-11 at 15:05 -0600, Alex Rousskov wrote:
https://code.launchpad.net/~measurement-factory/squid/peek-and-splice
See the URL above. You will need a bzr client to check the code out and
development environment to bootstrap the sources and
On 07/11/2014 07:23 PM, Nyamul Hassan wrote:
However, whenever we start without the -N, we get the same error:
FATAL: Rock cache_dir at /cachestore/cache1/rock/rock failed to open
db file: (11) Resource temporarily unavailable
Most likely, this is a side effect, not the cause. Ignore until all
The docs says that ident doesn't work with intercept proxying, and it doesn't,
but I think it wouldn't be too hard to make it work. In fact maybe as simple as
setting COMM_TRANSPARENT on the ident socket.
Does that sound plausible? What I've found is that not only doesn't ident not
work on an
51 matches
Mail list logo
