Send squid-users mailing list submissions to
squid-users@xxxxxxxxxxxxxxxxxxxxx
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.squid-cache.org/listinfo/squid-users
or, via email, send a message with subject or body 'help' to
squid-users-request@xxxxxxxxxxxxxxxxxxxxx
You can reach the person managing the list at
squid-users-owner@xxxxxxxxxxxxxxxxxxxxx
When replying, please edit your Subject line so it is more specific
than "Re: Contents of squid-users digest..."
Today's Topics:
1. Re: Trying to recompile squid 4.13 with ./configure
CXXFLAGS="-DMAXTCPLISTENPORTS=256" (ngtech1ltd@xxxxxxxxx)
2. Re: Squid and Epic Games HCapctca (Alex Rousskov)
----------------------------------------------------------------------
Message: 1
Date: Fri, 5 Aug 2022 17:26:31 +0300
From: <ngtech1ltd@xxxxxxxxx>
To: <squid-users@xxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Trying to recompile squid 4.13 with
./configure CXXFLAGS="-DMAXTCPLISTENPORTS=256"
Message-ID: <007b01d8a8d7$5c50bde0$14f239a0$@gmail.com>
Content-Type: text/plain; charset="utf-8"
Hey Marcelo,
What OS are you using? Debian? Ubuntu?
The `which squid` command will show you where squid binary of squid -v
is being take/used from.
And also, just wondering why 4.13? and not 4.17?
Eliezer
----
Eliezer Croitoru
NgTech, Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd@xxxxxxxxx
Web: https://ngtech.co.il/
My-Tube: https://tube.ngtech.co.il/
-----Original Message-----
From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On
Behalf Of marcelorodrigo@xxxxxxxxxxxxxxxx
Sent: Thursday, 4 August 2022 1:17
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: Trying to recompile squid 4.13 with
./configure CXXFLAGS="-DMAXTCPLISTENPORTS=256"
Some important information.
I am trying to recompile using:
./configure CXXFLAGS="-DMAXTCPLISTENPORTS=10000 -g -O2 -fPIE
-fstack-protector-strong -Wformat -Werror=format-security"
--build="x86_64-linux-gnu" --prefix="/usr"
--includedir="${prefix}/include" --mandir="${prefix}/share/man"
--infodir="${prefix}/share/info" --sysconfdir="/etc"
--localstatedir="/var" --libexecdir="${prefix}/lib/squid3" --srcdir="."
--disable-maintainer-mode --disable-dependency-tracking
--disable-silent-rules BUILDCXXFLAGS="-g -O2 -fPIE
-fstack-protector-strong -Wformat -Werror=format-security
-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now"
--datadir="/usr/share/squid" --sysconfdir="/etc/squid"
--libexecdir="/usr/lib/squid" --mandir="/usr/share/man" --enable-inline
--disable-arch-native --enable-async-io="8"
--enable-storeio="ufs,aufs,diskd,rock"
--enable-removal-policies="lru,heap" --enable-delay-pools
--enable-cache-digests --enable-icap-client
--enable-follow-x-forwarded-for
--enable-auth-basic="DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB"
--enable-auth-digest="file,LDAP"
--enable-auth-negotiate="kerberos,wrapper"
--enable-auth-ntlm="fake,smb_lm"
--enable-external-acl-helpers="file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,unix_group,wbinfo_group"
--enable-url-rewrite-helpers="fake" --enable-eui --enable-esi
--enable-icmp --enable-zph-qos --enable-ecap --disable-translation
--with-swapdir="/var/spool/squid" --with-logdir="/var/log/squid"
--with-pidfile="/var/run/squid.pid" --with-filedescriptors="65536"
--with-large-files --with-default-user="proxy"
--enable-build-info="Ubuntu linux" --enable-linux-netfilter
build_alias="x86_64-linux-gnu" CFLAGS="-g -O2 -fPIE
-fstack-protector-strong -Wformat -Werror=format-security -Wall"
LDFLAGS="-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now"
CPPFLAGS="-Wdate-time -D_FORTIFY_SOURCE=2" --with-openssl
--enable-ssl-crtd
Then make and make install from /build/squid/squid-4.13/ folder, but
nothin seems to change when squid -v is used.
I also tryied do recompile with this example:
./configure --build="x86_64-linux-gnu" --prefix="/usr"
--includedir="${prefix}/include" --mandir="${prefix}/share/man"
--infodir="${prefix}/share/info" --sysconfdir="/etc"
--localstatedir="/var" --libexecdir="${prefix}/lib/squid3" --srcdir="."
--disable-maintainer-mode --disable-dependency-tracking
--disable-silent-rules BUILDCXXFLAGS="-g -O2 -fPIE
-fstack-protector-strong -Wformat -Werror=format-security
-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now"
--datadir="/usr/share/squid" --sysconfdir="/etc/squid"
--libexecdir="/usr/lib/squid" --mandir="/usr/share/man" --enable-inline
--disable-arch-native --enable-async-io="8"
--enable-storeio="ufs,aufs,diskd,rock"
--enable-removal-policies="lru,heap" --enable-delay-pools
--enable-cache-digests --enable-icap-client
--enable-follow-x-forwarded-for
--enable-auth-basic="DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB"
--enable-auth-digest="file,LDAP"
--enable-auth-negotiate="kerberos,wrapper"
--enable-auth-ntlm="fake,smb_lm"
--enable-external-acl-helpers="file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,unix_group,wbinfo_group"
--enable-url-rewrite-helpers="fake" --enable-eui --enable-esi
--enable-icmp --enable-zph-qos --enable-ecap --disable-translation
--with-swapdir="/var/spool/squid" --with-logdir="/var/log/squid"
--with-pidfile="/var/run/squid.pid" --with-filedescriptors="65536"
--with-large-files --with-default-user="proxy"
--enable-build-info="Ubuntu linux" --enable-linux-netfilter
build_alias="x86_64-linux-gnu" CFLAGS="-g -O2 -fPIE
-fstack-protector-strong -Wformat -Werror=format-security -Wall"
LDFLAGS="-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now"
CPPFLAGS="-Wdate-time -D_FORTIFY_SOURCE=2"
CXXFLAGS="-DMAXTCPLISTENPORTS=450 -g -O2 -fPIE -fstack-protector-strong
-Wformat -Werror=format-security"
I used several virtualserver sessions and clones, but the
CXXFLAGS="-DMAXTCPLISTENPORTS=" dont appears in the squid -v
What is wrong in this rebuilding?
On 2022-08-03 11:12, marcelorodrigo@xxxxxxxxxxxxxxxx wrote:
Hi,
I am trying to recompile squid 4.13 using ./configure
CXXFLAGS="-DMAXTCPLISTENPORTS=256".
It runs the recompile but the CXXFLAGS= does not even appears in the
squid -v.
Is there a way to include this feature in the squid instalation?
Tks.
Marcelo.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
------------------------------
Message: 2
Date: Fri, 5 Aug 2022 10:57:02 -0400
From: Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx>
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: Squid and Epic Games HCapctca
Message-ID:
<075bbc18-b0f5-a037-d904-6b62ef72888f@xxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset=UTF-8; format=flowed
On 8/5/22 05:10, Adam Barnett wrote:
maybe i am doing something?wrong, here is my config
ssl_bump splice ...
ssl_bump bump dst_quixel
ssl_bump peek dst_quixel
ssl_bump stare dst_quixel
The combination of the last three ssl_bump rules does not make sense
because Squid will never reach those peek and stare rules. The bump
rule
can be applied during any SslBump step, so Squid will not see any
same-ACL ssl_bump directives below it -- the first matching rule (that
can be applied during the current step) wins.
I do not know what logic you are trying to express with those rules,
but
the above configuration does not express that (or any) logic well. I
hope Eliezer can guide you towards a reasonable solution here.
HTH,
Alex.
On Thu, 4 Aug 2022 at 22:58, <ngtech1ltd@xxxxxxxxx
<mailto:ngtech1ltd@xxxxxxxxx>> wrote:
Please don?t bang your head? everybody is here for you.____
Sometimes it takes time to respond but you will get your
answers.____
__ __
https://www.ngtech.co.il/squid/support-save/support-save-2022-08-05_00-51-47.tar.gz
<https://www.ngtech.co.il/squid/support-save/support-save-2022-08-05_00-51-47.tar.gz>____
__ __
Is not the fastest connection and it has a blacklist in the DB
dump
so for now it?s a production system but works good enough for
me.____
I hope it?s not too much information in the support save file.____
__ __
Let me know if it makes more sense for you.____
AlsoI am happy that you have asked this question since now others
can enjoy from the answer ?____
__ __
Eliezer____
__ __
----____
Eliezer Croitoru____
NgTech, Tech Support____
Mobile: +972-5-28704261____
Email: ngtech1ltd@xxxxxxxxx <mailto:ngtech1ltd@xxxxxxxxx>____
Web: https://ngtech.co.il/ <https://ngtech.co.il/>____
My-Tube: https://tube.ngtech.co.il/
<https://tube.ngtech.co.il/>____
__ __
*From:*Adam Barnett <abarnett@xxxxxxxxxx
<mailto:abarnett@xxxxxxxxxx>>
*Sent:* Friday, 5 August 2022 0:44
*To:* ngtech1ltd@xxxxxxxxx <mailto:ngtech1ltd@xxxxxxxxx>
*Cc:* squid-users@xxxxxxxxxxxxxxxxxxxxx
<mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>
*Subject:* Re: Squid and Epic Games HCapctca____
__ __
Sure, the more the beter, ive been banging my head against?the
wall
for a while on this____
__ __
Adam ____
__ __
On Thu, 4 Aug 2022 at 22:41, <ngtech1ltd@xxxxxxxxx
<mailto:ngtech1ltd@xxxxxxxxx>> wrote:____
You are welcome.____
____
I wrote an app that does everything for me so I just need to
dump the database into a:____
ssl::server_namedirective____
____
it?s basically:____
## START____
aclNoBump_server_name ssl::server_name
"/etc/squid/no-ssl-bump-server-name.list"____
____
acltls_to_splice any-of inspect_only NoBump_src
NoBump_server_name NoBump_server_regex_by_urls_domain
NoBump_server_regex____
____
ssl_bumppeek app_matcher_helper____
ssl_bumppeek tls_s1_connect____
____
ssl_bumpbump app_matcher_helper____
ssl_bumpbump app_reader_helper____
ssl_bumpbump deny_note____
____
ssl_bumpsplice app_matcher_helper____
ssl_bumpsplice tls_to_splice____
____
ssl_bumpstare app_matcher_helper____
ssl_bumpstare tls_s2_client_hello____
____
ssl_bumpbump app_matcher_helper____
ssl_bumpbump tls_to_bump____
## END____
____
If you want I can upload a snippet of the whole setup dump
with
hope you could make use of it.____
____
Eliezer____
____
----____
Eliezer Croitoru____
NgTech, Tech Support____
Mobile: +972-5-28704261____
Email: ngtech1ltd@xxxxxxxxx <mailto:ngtech1ltd@xxxxxxxxx>____
Web: https://ngtech.co.il/ <https://ngtech.co.il/>____
My-Tube: https://tube.ngtech.co.il/
<https://tube.ngtech.co.il/>____
____
*From:*Adam Barnett <abarnett@xxxxxxxxxx
<mailto:abarnett@xxxxxxxxxx>>
*Sent:* Friday, 5 August 2022 0:26
*To:* ngtech1ltd@xxxxxxxxx <mailto:ngtech1ltd@xxxxxxxxx>
*Cc:* squid-users@xxxxxxxxxxxxxxxxxxxxx
<mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>
*Subject:* Re: Squid and Epic Games HCapctca____
____
???? ???
It looks like you are using a database and then building the
config from that? any cahnce?you can send me the snippet?of
the
config instead of the DB bits? ? ____
____
Thanks again ____
____
Adam ____
____
On Thu, 4 Aug 2022 at 22:18, <ngtech1ltd@xxxxxxxxx
<mailto:ngtech1ltd@xxxxxxxxx>> wrote:____
Hey Adam,____
____
I recorded a video for you on how I do it at:____
https://cloud1.ngtech.co.il/static/squid-data/splice-epic-games.mp4
<https://cloud1.ngtech.co.il/static/squid-data/splice-epic-games.mp4>____
____
So basically the relevant domains are:____
____
epicgames-download1.akamaized.net
<http://epicgames-download1.akamaized.net>____
.epicgames.com <http://epicgames.com>____
.unrealengine.com <http://unrealengine.com>____
____
And you can peek at robert k Wild mail: ?regex for normal
websites?____
____
And it contains the relevant technical details.____
If for any reason you need a more detailed answer let me
know.____
____
Yours,____
Eliezer ____
____
----____
Eliezer Croitoru____
NgTech, Tech Support____
Mobile: +972-5-28704261____
Email: ngtech1ltd@xxxxxxxxx
<mailto:ngtech1ltd@xxxxxxxxx>____
Web: https://ngtech.co.il/ <https://ngtech.co.il/>____
My-Tube: https://tube.ngtech.co.il/
<https://tube.ngtech.co.il/>____
____
*From:*squid-users
<squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx
<mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx>> *On
Behalf Of *Adam Barnett
*Sent:* Thursday, 4 August 2022 14:28
*To:* squid-users@xxxxxxxxxxxxxxxxxxxxx
<mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>
*Subject:* Squid and Epic Games HCapctca____
____
Hi All, ____
____
I am trying to get squid to allow me to login to
Epicgames.com with my epic login, i get to the login page
and get the hcaptca?images and everytime i get "invalid
response" ____
____
i looked at the headers and the only error that i can see
is
"The cache?information?is missing from the entry" ____
____
My config looks like so
workers 2
```
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid
http_port 3128 ssl-bump ?dynamic_cert_mem_cache_size=16MB
?generate-host-certificates=on
cert=/etc/squid/certs/squid-ca-cert-key.pem
sslcrtd_program /usr/lib64/squid/security_file_certgen -s
/var/spool/squid/ssl -M 16MB
dns_nameservers 10.5.1.2 8.8.8.8
visible_hostname foo-proxy-1
forwarded_for truncate
via off
# Send to file
access_log daemon:/var/log/squid/access.log
acl CONNECT method CONNECT
acl local src 10.0.0.0/8 <http://10.0.0.0/8>
always_direct allow all
request_header_add X-GoogApps-Allowed-Domains "foo.com
<http://foo.com>" all
memory_replacement_policy heap GDSF
maximum_object_size 100 KB
maximum_object_size 1 MB
cache allow all
cache_mem 256 MB
cache_dir rock /var/spool/squid 1024
memory_pools off
cache_swap_low 90
client_persistent_connections on
http_access allow localhost manager
http_access deny manager
# SquidGaurd
url_rewrite_program /usr/bin/squidGuard
```
Any suggestions? ____
____
Thanks____
Adam Barnett
Senior SysAdmin beloFX____
**____
____
abarnett@xxxxxxxxxx
<https://514584150-atari-embeds.googleusercontent.com/embeds/16cb204cf3a9d4d223a0a3fd8b0eec5d/inner-frame-minified.html?jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.dzXZWX9QTbE.O%2Fd%3D1%2Frs%3DAHpOoo_epIQDPHdjFr3MLkazUi2Jmy50dQ%2Fm%3D__features__>____
**____
____
www.belofx.com <http://www.belofx.com/>____
**____
____
LinkedIn <http://www.linkedin.com/company/belofx>____
____
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
------------------------------
Subject: Digest Footer
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
------------------------------
End of squid-users Digest, Vol 96, Issue 18
*******************************************
