I would like to use both ufdbguard and squidgard with squid.
It appears I am not able to specify both entries at the same time.
Either entry individually works. Perhaps, there are other setting to
make it work?
Thanks in advance
I have configured squid with filtering using squidguard. Is there a
way to decrypt SSL requests at the squid server so that squidguard
could filter it?
Thanks in advance
I am currently running i-cap/squidclamav/squidguard. Is there a way
to add privoxy?
Thanks in advance
In case of certificate error, is it possible to redirect to another
page describing the certificate with a choice/hyperlink to view the
page or not.
Thanks in advance
Can somebody recommend an opensource content filtering software that
works with SQUID.
What I mean by content filtering is...
1. Block pages based on words or word patterns like regular expressions.
2. Block pages based on type image, etc...
Thanks in advance
Video streaming on this site
http://www.echo.msk.ru/blog/video/838893-echo/ not working. I am not
sure if it has anything to do with it, but I am using ssl bump.
The squid version is 3.1.16. Squidclamav version is 6.4. c-icap
version is 0.1.7
1323811211.100369 192.168.3.210 TCP_MISS/304
only one is expected:
http://234.adru.net//cgi-bin/banner/2031?215045login=echomsk234-1referer=http://www.echo.msk.ru/blog/video/838893-echo/
On Tue, Dec 13, 2011 at 6:21 PM, Amos Jeffries squ...@treenet.co.nz wrote:
On Tue, 13 Dec 2011 16:49:02 -0500, Roman Gelfand wrote:
Video streaming
No, squidguard doesn't seem to be the problem as when I remove
squidguard out of the picture the problem is still there.
Any ideas.
Thanks
On Tue, Dec 13, 2011 at 8:48 PM, Roman Gelfand rgelfa...@gmail.com wrote:
Actually, I didn't see this at first, but it looks like the issue
This was working for quite well in the past. I had since upgraded a
number server software.
I am getting the following message in access.log.
1324250287.644 5125 192.168.3.210 TCP_MISS/000 0 GET
http://villeradio.mixstream.net:8000/ - DIRECT/87.98.168.27 -
I ran the following command to
Consider the following configuration lines
https_port 443 cert=/etc/apache2/certs/server.pem
key=/etc/apache2/certs/server.key vhost vport
cache_peer 127.0.0.1 parent 8443 0 ssl no-query originserver
sslflags=DONT_VERIFY_PEER front-end-https login=PASS
What if there is more site ssl sites which
version 3.16.
On Wed, Dec 28, 2011 at 1:21 PM, Pieter De Wit pie...@insync.za.net wrote:
Hi Roman,
What version of Squid are you using ?
Cheers,
Pieter
On Wed, 28 Dec 2011, Roman Gelfand wrote:
Consider the following configuration lines
https_port 443 cert=/etc/apache2/certs
I suppose you answered my question. I was referring to multiple
certificates on one port.
Any eta on the 3.2 stable version?
Thanks
On Fri, Dec 30, 2011 at 6:18 AM, Amos Jeffries squ...@treenet.co.nz wrote:
On Wed, 28 Dec 2011, Roman Gelfand wrote:
Consider the following configuration
My squid server 3.1.6 sits in dmz. On this server, I am running
apache server 2.2.9. My goal is to a) cash owa responses b) forward
https owa requests to the Apache server on port 8443 c) The Apache
server forwards the request to internal exchange server.
Below, is my squid reverse proxy
like to use squid. If you, have an example, I would
greatly appreciate it.
BTW... if 2) could be done with ssl, I would appreciate an example.
Thanks for your help.
On Mon, Jan
2, 2012 at 10:16 AM, Amos Jeffries squ...@treenet.co.nz wrote:
On 2/01/2012 1:52 p.m., Roman Gelfand wrote:
My
I have setup configuration to forward requests to a backend server...
acl dspam urlpath_regex ^/mesg
https_port 443 cert=/etc/certs/mail.pem key=/etc/certs/mail.key vhost vport
cache_peer host.mydomain.com parent 80 0 no-query originserver
name=mail login=PASS
cache_peer_access mail allow mail
AM, Amos Jeffries squ...@treenet.co.nz wrote:
On 16/01/2012 5:36 p.m., Roman Gelfand wrote:
I have setup configuration to forward requests to a backend server...
acl dspam urlpath_regex ^/mesg
https_port 443 cert=/etc/certs/mail.pem key=/etc/certs/mail.key vhost
vport
cache_peer
which depends on header.
Thanks for your help
On Mon, Jan 16, 2012 at 4:55 PM, Amos Jeffries squ...@treenet.co.nz wrote:
On 17.01.2012 04:15, Roman Gelfand wrote:
I made several mistakes in my original post. So, I am rewriting it
here...
I have setup configuration to forward requests
I am using squid 3.16.
I have no problem getting streaming content with flash plugin.
However, wmp plugin breaks.
The url in question
http://www.radioshaker.com/
At the site, attempt to play any radio station. You will find it is
not working. However, when not using squid proxy, it works.
am not sure what is the
relationship between the two.
Thanks,
On Fri, Feb 10, 2012 at 12:34 AM, Roman Gelfand rgelfa...@gmail.com wrote:
I am using squid 3.16.
I have no problem getting streaming content with flash plugin.
However, wmp plugin breaks.
The url in question
http
Is there a way I could access error pages from a web browser?
Thanks
Consider the following configuration...
acl host1 dst host1.dom.com
http_port 80 accel defaultsite=host1.dom.com vhost
cache_peer 192.168.1.42 parent 80 0 no-query originserver name=host1server
never_direct allow host1
http_access allow host1
cache_peer_access host1server allow host1
Currently, my NAT firewall (fortigate) is both forwarding wan web
requests in reverse proxy and receiving web requests in proxy to squid
server. The communication between the firewall and squid server is
done through http/https.
I am thinking of connecting squid server with fortigate firewall
Hi Amos,
I could be wrong, but I understood from your several posts that this
type of configuration is not recommended (either due to security
issues or performance, I don't remember exactly).
Is that right?
Thanks,
On Tue, Feb 21, 2012 at 7:29 AM, Amos Jeffries squ...@treenet.co.nz wrote:
On
Is there a facility on squid server that would allow me to publish a
http site as https?
If yes, could you provide sample config.
Thanks in advance
My client access configuration is as follows.
always_direct allow all
http_access allow all
# Squid normally listens to port 3128
http_port 3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/etc/host.pem
url_rewrite_children 64
url_rewrite_program
my ip as 192.168.1.101 instead of wan ip.
I am using squid 3.19
Thanks for your help
On Mon, Apr 30, 2012 at 9:03 AM, Amos Jeffries squ...@treenet.co.nz wrote:
On 30/04/2012 11:56 p.m., Roman Gelfand wrote:
My client access configuration is as follows.
always_direct allow all
http_access
I have setup squid server to function as both forward and reverse
proxy. It appears that I am getting flooded with http requests with
non existant urls. Consequently, this slows down my firewall as the
dns server is slowing down the query response. Is there a way to
prevent dns lookup if url
.(compatible;.MSIE.6.0;.Windows.5.1;Windows.5.5;Windows.6.0)..Host:.www.asd818.com..Proxy-Connection:.Keep-Alive..Pragma:.no-cache..Cookie:.Keep-Alive...
Thanks again
On Mon, Jun 4, 2012 at 7:42 AM, Amos Jeffries squ...@treenet.co.nz wrote:
On 4/06/2012 8:36 a.m., Roman Gelfand wrote:
I have
I am running squid 3.19 on debian lenny. I have changed the ip
address in /etc/network/interfaces. Majority of sites work. However,
there are instances where squid responds to a workstation request with
the old ip as return address.
Where could squid still be getting the old ip from? What is
sorry for the false alarm. As it turns out, it was calling java
application which had old ip for proxy.
Thanks
On Wed, Jul 4, 2012 at 1:25 PM, Roman Gelfand rgelfa...@gmail.com wrote:
I am running squid 3.19 on debian lenny. I have changed the ip
address in /etc/network/interfaces. Majority
My goal is to make suid as transparent proxy. I see several options.
Not sure which one I should be using. I am looking for standard
transparent proxy server.
--enable-ipfw-transparent or --enable-ipf-transparent or --enable-pf-transparent
Thanks in advance
debian/2.6.26-2-686
Thanks for your help
On Sun, Aug 19, 2012 at 3:14 PM, Eliezer Croitoru elie...@ngtech.co.il wrote:
On 8/19/2012 10:00 PM, Roman Gelfand wrote:
My goal is to make suid as transparent proxy. I see several options.
Not sure which one I should be using. I am looking
I have setup squid 3.1.20 in transparent mode with GRE tunneling over
wccp to my firewall. In monitoring the firewall, the traffic is
moving correctly.
On the squid server, I setup rewrite based on squidguard. I tested
it in non-transparent mode and it works. However, using the above
I am running transparent proxy.
In my squid.conf, I have a url rewrite base on squidguard program.
Why would rewrite leave TCP_REFRESH_UNMODIFIED/200 message.
Thanks in advance
Assuming that configuring client browsers' proxy is not a problem, is
there a good (where good overweighs bad) reason to use squid
transparent proxy feature?
The reason why I am asking is I just skimmed through squid book and
they are not painting a rosy picture around transparent proxy.
Thanks
Is /usr/local/squid a link? if so, try it using the actual
directories. Make sure that /usr/local/squid/var/lib, which ever you
will use, directory exists.
On Fri, Sep 7, 2012 at 5:59 AM, Ahmed Talha Khan aun...@gmail.com wrote:
Hey,
I am using squid-3.HEAD-20120421-r12120 and compiled it
I previously understood that with squid 3.2 end user will be able to
see filtered certificate errors and decide whether to accept or reject
a certificate. By filtered, I mean, certificate errors found by squid
were going to be passed to end user to decide on whether to accept or
reject. Is this
I am running into a problem when chaining 2 icap services. I tried
configuring one of the services and that worked fine. The issue
happens with specific sites.
For example, http://www.php.net/get/php-5.3.16.tar.bz2/from/a/mirror
The error I get...
The following error was encountered while
What do these messages mean?
Why is squid interested in certificate revocation?
btw... I was able to download this file from box running squid using
wget command.
2012/10/10 23:41:37 kid1| Failed to select source for
'http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl'
2012/10/10
I am getting the following error when chaining qlproxy and squidclamav
services. If I was to configure just qlproxy or just squidclamav
service, it works. Note, this is a rare case as for the most part
everything works fine. I am guessing because I hit mixed content
(http and https). The
It appears that signed certificates are being cached. How can I flush
that cache?
Thanks in advance
I have the same configuration, except I use wccp/gre tunnel. Port 80
requests work but 443 don't. I am not sure if this is right, but even
though data was received on wccp, no data was transmitted back over
wccp. Is this expected behavior? If not, what do I do to make
response go over wccp?
I use wccp/gre tunnel. Port 80
requests work but 443 don't. I am not sure if this is right, but even
though data was received on wccp, no data was transmitted back over
wccp. In other words, squid server response was routed back, through
eth0 interface, rather than go through wccp0 interface.
auto WCCP service registration.
Try to do it manually on the fortigate and see the results.
Best regards,
Eliezer
On 1/4/2013 1:22 AM, Roman Gelfand wrote:
Thanks for your help. Please, see attached configuration files and
topology picture.
I am not using cisco device. I configured
Please, see below...
Some bit of clarification here. WCCP is a protocol consisting of two
packets HERE_I_AM and I_SEE_YOU. The HTTP traffic always goes via GRE
protocol interface or layer-2 packet routing via Ethernet interface. The
WCCP protocol configuratino in Squid and Cisco determins
When squid is acting as transparent proxy, does squid rewrite ip or
layer 2 data.
Let's say the route is as follows. Will the outgoing traffic be seen
as coming from client's ip as source ip or squid's ip as source ip?
client firewall wan
^ ||
)
Connection: close
On Tue, Jan 29, 2013 at 1:23 AM, Amos Jeffries squ...@treenet.co.nz wrote:
On 29/01/2013 12:57 p.m., Roman Gelfand wrote:
When squid is acting as transparent proxy, does squid rewrite ip or
layer 2 data.
Let's say the route is as follows. Will the outgoing traffic be seen
I am attempting to debug the problem I am hitting. Looking at this, I
am not sure if squid or target server doesn't like client's ssl
handshaking request. Also, I am not sure how to interpret local or
remote addresses as what says remote is the client machine that is
trying to acces the target
Is the request or response arrives on port 80?
Thanks
From: Amos Jeffries
Sent: 1/31/2013 11:15 PM
To: squid-users@squid-cache.org
Subject: Re: [squid-users] SQUID Debugging
On 1/02/2013 6:32 a.m., Roman Gelfand wrote:
I am attempting to debug the problem I am hitting. Looking at this, I
am
k.. I figured this out already. I was under the impression there was
no command https_port. After changing the http_port to https_port, I
am getting results.
Thanks
On Thu, Jan 31, 2013 at 11:27 PM, Roman Gelfand rgelfa...@gmail.com wrote:
Is the request or response arrives on port 80
In non-transparent mode, ie 9 worked much faster chrome. In
trasparent mode, just the opposite. Why?
Thanks
Is content filtering possible with tproxy? If yes, would somebody
have a working iptable configuration for tproxy?
Thanks in advance
I have configured the tproxy as follows, but it appears packets are
not hitting squid. Please note, the wccp configuration on the router
is already working with squid http_port transparent configuration and,
obviously, different iptables configuration. Any help is appreciated.
Thanks in
Please, ignore this post. I found I need to add more configuration as
in
http://wiki.squid-cache.org/ConfigExamples/UbuntuTproxy4Wccp2#Linux_and_Squid_Configuration
On Wed, Feb 6, 2013 at 9:27 AM, Roman Gelfand rgelfa...@gmail.com wrote:
I have configured the tproxy as follows, but it appears
I meant authentication helper.
Sorry about that.
On Sun, Feb 17, 2013 at 4:52 PM, Amos Jeffries squ...@treenet.co.nz wrote:
On 18/02/2013 3:38 a.m., Roman Gelfand wrote:
I am running squid 3.3. I have compiled squid with
'--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam
What does this message mean?
configure: Basic auth helper LDAP ... found but cannot be built
Thanks in advance
Below, are the configuration parameters I use to build squid. After
make install, the basic_ldap_auth is not found in /usr/local/libexec.
Why?
It is interesting as it did create these
-rwxr-xr-x 1 root staff 72755 Feb 18 00:40 basic_fake_auth
-rwxr-xr-x 1 root staff 103712 Feb 18 00:40
thanks for the clarification.
On Tue, Feb 19, 2013 at 5:25 PM, Amos Jeffries squ...@treenet.co.nz wrote:
On 20/02/2013 4:22 a.m., Roman Gelfand wrote:
Below, are the configuration parameters I use to build squid. After
make install, the basic_ldap_auth is not found in /usr/local/libexec
I guess the 2 don't mix as per NOTICE: Authentication not applicable
on intercepted requests. message.
Would it follow user access control via transparent proxy? or is there
a way around the above limitation?
Thanks in advance
Please, find below the network topology, squid.conf and rc.local
configuration files. It appears that the squid is not routing the
http requests. I am not sure what I am doing wrong here
Please note, the same squid.conf works on transparent proxy (non
tproxy), for the exception of tproxy
On Thu, Feb 21, 2013 at 6:10 PM, Amos Jeffries squ...@treenet.co.nz wrote:
On 22/02/2013 11:03 a.m., Roman Gelfand wrote:
Please, find below the network topology, squid.conf and rc.local
configuration files. It appears that the squid is not routing the
http requests. I am not sure what I
MARK set 0x1
226 48201 ACCEPT all -- anyany anywhere anywhere
On Fri, Feb 22, 2013 at 2:14 AM, Amos Jeffries squ...@treenet.co.nz wrote:
On 22/02/2013 5:07 p.m., Roman Gelfand wrote:
On Thu, Feb 21, 2013 at 6:10 PM, Amos Jeffries squ...@treenet.co.nz
wrote
||
||
||
Client Workstation 192.168.7.110
On Wed, Feb 20, 2013 at 7:55 PM, Amos Jeffries squ...@treenet.co.nz wrote:
On 21/02/2013 4:42 a.m., Roman Gelfand wrote:
I guess the 2 don't mix as per NOTICE: Authentication
yep, it is an ip based authentication.
On Fri, Feb 22, 2013 at 8:40 PM, Amos Jeffries squ...@treenet.co.nz wrote:
On 23/02/2013 8:48 a.m., Roman Gelfand wrote:
Please, consider the network topology below. I could always configure
outgoing http traffic on the firewall to authenticate
Amos,
Do you have an idea as to what I am doing wrong here?
Thanks,
On Fri, Feb 22, 2013 at 12:40 PM, Roman Gelfand rgelfa...@gmail.com wrote:
Thanks for taking time to help me out.
If I understood you correctly, I think I made the changes you
mentioned including iptables -A FORWARD -i eth0
Is there a way I could control access to various sites based on user
irregardless of workstation they are on? All in transparent proxy.
Thanks in advance
What configure options should I add if I would like to deploy all language packs
and perform translations?
Thanks in advance
For 99.9% of the sites, my icap services are working, There
instances where I am getting the following icap error. Not sure as
to how to start debugging it. I am using the latest squid and icap
versions.
The following error was encountered while trying to retrieve the URL:
I have an ssl bump setup with ssl_bump server-first all.
When firefox is attempting an update, end user gets error something
is trying to trick firefox into accepting an insecure update.
From what I gathered, unless I am wrong, firefox doesn't like when
certificate changes in the middle.
In any
I am getting an error, below, when when attempting to bring up
http://ads.adfox.ru/173362/goLink?.
How can I troubleshoot this?
ERROR
The requested URL could not be retrieved
The following error was encountered while trying to retrieve the URL:
I accidentally deleted the squid.conf while squid has been running. The
squid is still running. Is there a way to retrieve a running configuration?
___
squid-users mailing list
squid-users@lists.squid-cache.org
I am getting the following error. Would anyone know the reason?
Error negotiating SSL connection on FD 37: error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong version number
My sslbump config is
http_port 3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB
t; No.
>
> 18.01.16 0:56, Roman Gelfand пишет:
> > I am getting an error, below, in a cache.log. How can I identify the
> > request associated with this error? It doesn't appear to be an issue
> with
> > client-to-proxy. It seems like a problem with proxy-to-remote_serve
I am getting an error, below, in a cache.log. How can I identify the
request associated with this error? It doesn't appear to be an issue with
client-to-proxy. It seems like a problem with proxy-to-remote_server.
Error negotiating SSL on FD 43: error:14090086:SSL
74 matches
Mail list logo