On 10/24/2016 01:21 PM, Yuri Voinov wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
24.10.2016 22:19, Nicolas Valera пишет:
Hi Yuri, thanks for the answer!
we don't have the squid in transparent mode in this network.
So, you route all traffic to proxy box?
Yes, clients do not have direct Internet access
the squid configuration is very basic. here is the conf:
-------------------------------------------------------------------------
http_port 1280 connection-auth=off
forwarded_for delete
httpd_suppress_version_string on
client_persistent_connections off
cache_mem 16 GB
maximum_object_size_in_memory 8 MB
url_rewrite_program /usr/bin/squidGuard
url_rewrite_children 10
url_rewrite_access allow all
acl numeric_IPs dstdom_regex
^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9a-f]+)?:([0-9a-f:]+)?:([0-9a-f]+|0-9\.]+)?\])):443
acl Skype_UA browser ^skype
acl SSL_ports port 443 563 873 1445 2083 8000 8088 10017 8443 5443
7443 50001
acl Safe_ports port 80 82 88 182 210 554 591 777 873 1001 21 443 70
280 488
acl Safe_ports port 1025-65535 # unregistered ports
acl CONNECT method CONNECT
acl safe_method method GET
acl safe_method method PUT
acl safe_method method POST
acl safe_method method HEAD
acl safe_method method CONNECT
acl safe_method method OPTIONS
acl safe_method method PROPFIND
acl safe_method method REPORT
acl safe_method method MERGE
acl safe_method method MKACTIVITY
acl safe_method method CHECKOUT
http_access deny !Safe_ports
http_access allow CONNECT localnet numeric_IPS Skype_UA
http_access deny CONNECT !SSL_ports
http_access deny !safe_method
http_access allow localnet
http_access allow localhost
http_access deny all
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern Packages\.tar$ 0 20% 4320 refresh-ims
ignore-no-cache
refresh_pattern Packages\.bz2$ 0 20% 4320 refresh-ims
ignore-no-cache
refresh_pattern Sources\.bz2$ 0 20% 4320 refresh-ims
ignore-no-cache
refresh_pattern Release\.gpg$ 0 20% 4320 refresh-ims
refresh_pattern Release$ 0 20% 4320 refresh-ims
refresh_pattern -i
microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80%
43200 reload-into-ims ignore-no-cache
refresh_pattern -i
windowsupdate.com/.*\.(esd|cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip)
4320 80% 43200 reload-into-ims ignore-no-cache
refresh_pattern -i
windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80%
43200 reload-into-ims ignore-no-cache
refresh_pattern -i
live.net/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200
reload-into-ims ignore-no-cache
refresh_pattern . 0 20% 4320
-------------------------------------------------------------------------
please, can you send me your settings for ssl bump?
Copy-n-paste unknown configs is very bad idea, Nicolas.
sorry about that!
the only way to make skype works through squid is with ssl bump?
thanks again!
nicolás.
On 10/23/2016 07:28 PM, Yuri Voinov wrote:
24.10.2016 4:11, N V пишет:
>>> hi there,
>>> i've had problems with windows skype clients with the only internet
connection is through squid. the clients can login successful but when
they make a call, it hangs after 12 secconds.
>>>
>>> I checked the client connections and see that attempts to connect
directly even if the proxy is properly configured.
Exactly, Skype does not use HTTP to calls. So, why you expect it calls
should goes via proxy?
>>>
>>> my squid version is 3.5.12
>>> the skype clients have the last version available.
>>> does anyone have the same issues?
>>> any idea?
With properly configured ssl bump and transparent proxy we have not any
problems with skype. I don't know your details.
>>>
>>> thanks in advance!
>>> Nicolás.
>>>
>>> pd. sorry about my english
>>>
>>>
>>>
>>> _______________________________________________
>>> squid-users mailing list
>>> squid-users@xxxxxxxxxxxxxxxxxxxxx
>>> http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
- --
Cats - delicious. You just do not know how to cook them.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJYDjURAAoJENNXIZxhPexGJAYH/jWHDNBJz43d17Lx1iUZSn1N
88PER8+AcS9aVlAzBWnu7uSu2yCWdcmMMNz1g5O2PYOnzuzMpyBHd2fKZFgksoP8
azdw5AXeHT9FOvXnY1qjGGWmn/vcBXC06NDpA8OEeuW9qNpEoRYR/0LQUrAOokW3
vLFft2FWT127ZK5c2DlD/p7yPrW7FmlovSkMlAAoe+sXkMMmPomSu75PhDBv3dKs
HCsTpama4Cwv+huJg/HDMyOLCsy4uiYZoFmilNiOF92Hg6RNq18LymVqe2FX0IlY
guY1U/DrkugmeGF1n8M+6Z5VWhR1Nhq2+lna9wlozRF1EqfuwsYT/a6EUSkx/LU=
=fHtH
-----END PGP SIGNATURE-----
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users