[squid-users] intercept squid 3.5.1, http://mail.ru

Yuri Voinov yvoinov at gmail.com
Sat Feb 14 10:22:26 UTC 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

No problem. ;)

100 ip's is no problem. If they in one subnet, you can pass only this
sublet with one row in acl. Overall *.mail.ru is much more networks,
so 100 ip's no matter. ;) But bumping remains can give your better hit
rate.


14.02.15 16:20, Dima Ermakov пишет:
> Now i can upload, after adding ip addresses from my previous
> message to ssl_bump none acl. Thank you. On Feb 14, 2015 1:15 PM,
> "Yuri Voinov" <yvoinov at gmail.com> wrote:
> 
> I.e, you want to say you cannot upload file above 25 megabytes?
> 
> 14.02.15 12:55, Dima Ermakov пишет:
>>>> I think, that it's not good solution too, but 
>>>> uploadXXX.files.mail.ru has about 100 servers.
>>>> 
>>>> Now i write small script on python, that creates a file with
>>>> ip addresses of uploadXXX.files.mail.ru.
>>>> 
>>>> Script and list of ip addresses in attachment.
>>>> 
>>>> On 13 February 2015 at 22:32, Yuri Voinov
>>>> <yvoinov at gmail.com> wrote:
>>>> 
>>>> You have no bump whole .mail.ru domain, which is contains
>>>> minimum 40% and over overall traffic...... Not good
>>>> solution.
>>>> 
>>>> I think, be better to no bump only attachments servers.
>>>> 
>>>> 14.02.15 1:28, Dima Ermakov пишет:
>>>>>>> Thank you for your help, but your solution doesn't work
>>>>>>> on my server. I have same error, but other ip addresses
>>>>>>> of uploadXXX.mail.ru servers. Now I use: acl mail_ru
>>>>>>> dstdomain .mail.ru ssl_bump none mail_ru
>>>>>>> 
>>>>>>> 
>>>>>>> Good day!
>>>>>>> 
>>>>>>> On 13 February 2015 at 21:37, Yuri Voinov 
>>>>>>> <yvoinov at gmail.com> wrote:
>>>>>>> 
>>>>>>> Dmitry,
>>>>>>> 
>>>>>>> you need to pass mail.ru attachments servers as dst no
>>>>>>> bump ACL's to work.
>>>>>>> 
>>>>>>> In my configuration I use following workaround:
>>>>>>> 
>>>>>>> squid.conf:
>>>>>>> 
>>>>>>> # Only ip-based dst acl! acl dst_nobump dst 
>>>>>>> "/usr/local/squid/etc/dst.nobump"
>>>>>>> 
>>>>>>> # SSL bump rules sslproxy_cert_error allow all ssl_bump
>>>>>>> none localhost ssl_bump none url_nobump ssl_bump none
>>>>>>> dst_nobump ssl_bump server-first net_bump
>>>>>>> 
>>>>>>> (squid 3.4.11)
>>>>>>> 
>>>>>>> dst.nobump contents contains:
>>>>>>> 
>>>>>>> # Attachments Mail.ru 94.100.180.215/32
>>>>>>> 94.100.180.216/32 217.69.139.215/32 217.69.139.216/32
>>>>>>> 217.69.139.126/32
>>>>>>> 
>>>>>>> That's all. Works for me.
>>>>>>> 
>>>>>>> Hope this helps.
>>>>>>> 
>>>>>>> WBR, Yuri
>>>>>>> 
>>>>>>> 14.02.15 0:32, Dima Ermakov пишет:
>>>>>>>>>> Good day!
>>>>>>>>>> 
>>>>>>>>>> I have a problem with squid proxy in intercept 
>>>>>>>>>> ssl_bump mode.
>>>>>>>>>> 
>>>>>>>>>> If I want to attach big file (>25MB) to my
>>>>>>>>>> e-mail message on https://mail.ru web site, I
>>>>>>>>>> have error "Can not upload file".
>>>>>>>>>> 
>>>>>>>>>> Into access.log I have errors:
>>>>>>>>>> TCP_MISS_ABORTED/000
>>>>>>>>>> 
>>>>>>>>>> My squid configuration, access.log, cache.log in 
>>>>>>>>>> attachment. Thank you!
>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>>> _______________________________________________ 
>>>>>>>>>> squid-users mailing list 
>>>>>>>>>> squid-users at lists.squid-cache.org 
>>>>>>>>>> http://lists.squid-cache.org/listinfo/squid-users
>>>>>>>>>>
>>>>>>>>
>>>>>>>>>> 
_______________________________________________
>>>>>>>> squid-users mailing list
>>>>>>>> squid-users at lists.squid-cache.org 
>>>>>>>> http://lists.squid-cache.org/listinfo/squid-users
>>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> _______________________________________________
>>>>>>> squid-users mailing list
>>>>>>> squid-users at lists.squid-cache.org 
>>>>>>> http://lists.squid-cache.org/listinfo/squid-users
>>>>>>> 
>>>>> _______________________________________________
>>>>> squid-users mailing list squid-users at lists.squid-cache.org 
>>>>> http://lists.squid-cache.org/listinfo/squid-users
>>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________ squid-users
>>>> mailing list squid-users at lists.squid-cache.org 
>>>> http://lists.squid-cache.org/listinfo/squid-users
>>>> 
>> _______________________________________________ squid-users
>> mailing list squid-users at lists.squid-cache.org 
>> http://lists.squid-cache.org/listinfo/squid-users
>> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJU3yHiAAoJENNXIZxhPexGN34H/2fo1Ky6mBpjUCYqmfLOMcNA
UD8pmQlvsPEc+AFzq0aGod9Wd7Dv/LJSxYx9WeUZb5ltUUCaG6MnVAkh/fxhMH6X
/CYswYi83j+o6C/PmfD2vilm/Ee4kGuhTlT3Tq7L3oT/8g4MiF3o1z2aLEfN1xYy
evl6dKUm8obEDO8qsx+PLPPGVeFpR546g4qmLPbIVY0T3GY4zxwOrzvSg4G3VDJY
C07H6jpzFa35nDFiwbqQPsUlNOIqS3DLFp+47cRonUBCvbaESXJvjQ2Y4mMlYR0Q
xR8nAdZz+ZoWwZyzBybdFXsF2OYCJPpujc8h0KnXJj29652/0zBB8Q+qKGSRO3c=
=oF+/
-----END PGP SIGNATURE-----

More information about the squid-users mailing list