Questions tagged as ['squid']
Ubuntu 20.04; Squid 4.10 (build with ssl);common dns-server for clients and server 192.168.15.1
I can't configure squid4 proxy with only whitelist(with SSL) allow policy for all. I build squid by sources with ssl support, and generate cert, all works (when allow all for all), but when i configure squid to allow only whitelist, it not works: all users have permissions for all sites, not only whitelist ...
I have Squid configured with SSL bumping and a whitelist. Users have submitted domains to add to the whitelist including a couple with paths to a specific service, e.g. gstatic.com/recaptcha.
A comment on another post (Allow a certain URL path with Squid) says that using regexes is not possible when using SSL bumping. I'm wondering, though, if this can be accomplished using a specific directive.
In ...
According to Squid documentation, when debug_options rotate=1 ALL,9 is set in squid.conf, I should see HTTP Message Body in cache.log
However, it's not showing up.
I do see, everything, including HTTP headers, but not the body.
I even tried to set debug_options to 11,9, but I only see HTTP headers, not the body.
Squid is configured as transparent proxy for both HTTP and HTTPS. The request I'm sending is ...
I have strongswan running fine, I need to block some bad websites by it's domains from being visiting by VPN users, I tried many methods but no luck as redirect traffic from vpn to proxy server like squid but I discovered that forwarded traffic to squid it done by it's website IP not domain name so this technique not succeeded.
maybe this is not strongswan business but any idea will be welcomed.
...
This answer seem not fit my requirement: Squid config - same user multiple ips
Assume that I have a proxy server with 3 IPV4 (202.6.7.8-9-10) and 20 IPV6 (ipv6_1 -> ipv6_20)
I want to config to
Allow IP(s) 203.166.233.16-17-18 to connect to port 3000 to 3010 to use proxy ipv6_1 to ipv6_10
Allow IP(s) 203.166.233.20-21-22 to connect to port 4000 to 4010 to use proxy ipv6_11 to ipv6_20
username1/pwd1 ...
I finally managed to get squid with kerberos authentication and LDAP group checking to work. I am using squid 4.1, kerberos v5 and Linux Mint Cinnamon 20.1.
Everything works fine, but I got a little problem: As soon as I am using Kerberos as authentication method, squid won't write the access.log anymore. When I use NTLM, squid is writing the access.log perfectly. But with Kerberos it won't work. ...
How do I disable ipv4 in squid proxy so when I visit a site it will use ipv6 ip only. I install squid proxy on ubuntu 20.04. I tested my config but on whatismyipaddress.com it can still detect ipv4. Here's my config
forwarded_for off
via off
follow_x_forwarded_for deny all
request_header_access X-Forwarded-For deny all
request_header_access From deny all
request_header_access Referer deny all
reque ...
I'm trying to add authentication to squid installed on windows, here is the config:
auth_param basic program C:\Squid\lib\squid\basic_ncsa_auth.exe C:\Squid\etc\squid\.htpasswd
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users
http_port 2001
http_access allow localnet
http_access deny all
In .htpasswd
admin:$apr1$kWA/DRFy$klaeXRe3S3jIPqc64HTMA0
This corresponds to username admin and ...
I have a windows machine with a squid server and VPN client connection(which is not the default gateway)
What I want is to redirect some traffic from squid to my default ethernet connection and some to VPN.
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 192.168.100.11
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . ...
I have a series of lab linux server (centos/rh) that are built using an automated PXE install via kickstart file. I would like to use another automated process (ansible) to monitor when the installations have completed. Normally I would use a simple tool like ping but these servers can only be accessed remotely through an internal proxy.
One idea was to add httpd and a simple index.html page via the k ...
I'm trying to allow only one ip to connect to the squid server but it seems it's not working I did ban all domains and allow only one domain but for the ip address it's not working here what I have done:
http_access allow localhost manager
http_access deny manager
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the o ...
I am using Squid version 4.6 on a Raspberry Pi 4 which has 7 Huawei Wifi Modems connected to it through a hub. After successfully setting up squid to work with all 7 ports and redirect traffic to the modems, everything worked well and I could connect to it from every single port. However, as time went on, some ports/connections just casually stop working for a few minutes or even entire hours and then g ...
I'm configuring wccp and squid.
Here is wccp configuration or router:
ip wccp web-cache redirect-list wccp-access group-list wccp-server
!
interface FastEthernet1/0
ip address 10.10.10.1 255.255.255.0
ip wccp web-cache redirect in
duplex auto
speed auto
!
ip access-list standard wccp-server
permit 10.10.10.2
!
ip access-list extended wccp-access
deny ip host 10.10.10.2 any
permit tcp host 10. ...
I want to know if with Squid I can use as a proxy with basic auth, to use with cURL for example:
curl -vvv "https://ifconfig.me" -x user:password@localhost:8000
Where localhost is the Squid instance.
Is it possible with Squid and HTTPS websites?
i got a ubuntu vps and i want to turn it to a proxy server with multiple ip,so far every guid just needs me to a range of ip for this proxy like 49.12.xxx.101 but i got only one ip for this vps
http_port 49.12.xxx.101:3128 name=3128
http_port 49.12.xxx.101:8000 name=8000
http_port 49.12.xxx.101:8585 name=8080
acl tasty3128 myportname 3128 src 49.12.xxx.101/24
http_access allow tasty3128
tcp_outgoi ...
Failed to establish a secure connection to *ip-address*
The system returned:
(104) Connection reset by peer (TLS code: SQUID_ERR_SSL_HANDSHAKE)
Handshake with SSL server failed: [No Error]
This proxy and the remote host failed to negotiate a mutually acceptable security settings for handling your request. It is possible that the remote host does not support secure connections, or the proxy is no ...
I am managing a couple of web proxies running Squid 4.10 on Ubuntu 20.04LTS in several locations distributed worldwide. One of them has developed a nasty habit of occasionally failing to access a web page. The user receives instead an error page saying:
Hmmm... can't reach this page
It looks like the webpage at <URL> might be having issues,
or it may have moved permanently to a new web addres ...
I have Squid (version 6) with SSL bump. Most sites are trusted but some of them are not.
I get the error message: The following error was encountered while trying to retrieve the URL:
Failed to establish a secure connection to [unknown]
The system returned:
[No Error] (TLS code: SQUID_TLS_ERR_CONNECT+TLS_IO_ERR=1)
Failed to establish a secure connection: [No Error]
This proxy and the remote host f ...
I'd like to enable both socks5 (I have checked and this is possible) and http at the same time for my squid proxy. So far the only way I've found to do this is to run 2 squid instances via docker but if there's a less resource intensive way I'd prefer that. I have also looked into using 3proxy and dante for socks5 but for my purposes they will not work.
I configure squid proxy on Centos 7. I am using Squid version 3.5.20. I also try squid 4.10 on Ubuntu 20.04, but I got the same problem. Maybe my ACL was wrong.
I configure DSTNAT on Router to intercept HTTP traffic from 192.168.1.0/24 to Squid Proxy 10.10.10.10:3128.
This is /etc/squid/squid.conf file:
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 ...
Is there a way to disable ipv4 fallback in squid, i will only use ipv6 outgoing address but if e.g. site is accepting only ipv4 squid fallback to ipv4 i will no fallback.
I have a virtual proxy client and I have a squid proxy server.
root@arch:/etc/squid # cat /etc/squid/acls/ports.acl
80 # http
21 # ftp
root@arch:/etc/squid # cat /etc/squid/acls/sslports.acl
443 # https
3001 # ntop
I am curious about port numbers and squid. I know that the port number is not "magic", you can use any port from 1-65535 you like. Ports in the range 1-1023 are "well-known ports" which ar ...
I have a virtual proxy client and I have a squid proxy server. I would like to add some addresses to block caching for them. Either their domain or IP address:
www.apache.org
188.184.21.108
root@SERVER:/etc/squid # cat /etc/squid/acls/dst_nocache.acl
www.apache.org
188.184.21.108
I added them to the list for non-cache, but it still caches. I check from here:
root@SERVER:/etc/squid # tail -f /var/log/s ...
I have a non-transparent proxy server (squid on debian 11) implemented with basic authentication. The web filtering is done with the squidGuard, in it create two groups of users: usradmins and usinternet. The blacklist used is the shallalist. I try to block access to entertainment content at a certain time of the day, but I can't configure the squidGuard acl taking into account the time. I do not pr ...
I am planning to deploy a WSUS server. Of course this WSUS server will need access to Windows Update Catalog to download the patches. So it needs Internet access and we have a Squid proxy on the network.
I know you can configure Internet browser with the Squid Proxy URL so the users can browse the Internet but how do we give WSUS server access to the Internet to download the patches? Is there som ...
Sorry if I wasn't able to find the relevant doc on this: how does Squid 4 compute a given GET request's cache key? Is there a way to instruct to ignore HTTP headers in how it does this, i.e. only use the URL?
Long story short, I would need Squid to cache (and serve cached answers) purely based on the URL, and ignoring in particular Authorization headers (but still use that header if it needs to hit the ...
192.168.1.10/24 client<--->cisco_router<----IPSec/Ikev2----->eth1(192.168.15.4)-strongswan/Squid-eth0(192.168.16.4)<------->Internet.
on the scenario above I have IPSec working. The client can ping eth0 and vice versa. My issue is with IPTABLES. How do I route my traffic after coming out of the IPSec tunnel through squid(proxy) to access the internet.
I try to redirect to an internal page when a squid error occurs. In order not to customize squid template by template and that the error messages are different, what I try to do is in each original squid lang error file, change the onload event of the page so that it redirects to the own php script: For example, in the ERR_DNS_FAIL file I added a script tag:
<script type="text/javascript">funct ...I don't know if this is a common requirement, but usually when you whitelist a single domain say facebook.com or instagram.com, you usually have to also whitelist some other cdns or other external dependencies may be required to be loaded, with some websites, payment systems for example, this domains can be dynamic or changing.
Is it possible to write use something like ContentStream or ecap alon ...
My requirements are:
- The proxy should be transparent.
- I should be able to filter websites by domain name.
- I do not want to decrypt traffic. I'm looking for an SNI sniffing based solution -- no installing certificates on clients.
There are plenty of answers floating around but they are either incorrect (claiming you need to decrypt traffic in order to do this) or incomplete.