Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - AlexV

Pages1
#1
24.7, 24.10 Legacy Series / C-ICAP cant Bind to Ip6 or Ipv4 Address
December 08, 2024, 05:32:52 PM
I am trying to configure ICAP, ClamAV, and the Squid proxy, but I am having issues with ICAP, which refuses to bind to the loopback addresses, both IPv6 and IPv4.
I tried manually setting the address to 127.0.0.1, but it still won't start.

Can you help me ?

this is the error i recive.   

Sun Dec 8 17:29:09 2024, main proc, Error binding   
           Sun Dec 8 17:29:09 2024, main proc, WARNING! Error binding to an ipv6 address. Trying ipv4...   
           Sun Dec 8 17:29:09 2024, main proc, Error converting ipv6 address to the network byte order   
           Sun Dec 8 17:28:50 2024, main proc, Error binding
#2
Web Proxy Filtering and Caching / SSL Inspection at wire speed
February 27, 2020, 07:53:39 PM
SSL Inspection is a very useful thing but it slowly the internet experience .
I use a test platform with a xeon 5650 and 8 gb of ram and one HD 7200 rpm.
but is not enough.
i can replace  the disk with an nvme ssd (if supported by freebsd)

But there is a pci-e  board that can i add to the system to  do the work of ssl inspection a sort of ssl inspection hardware engine ?
#3
General Discussion / Feature Request: More Flexible Squid Configuration Interface
February 25, 2020, 02:28:29 AM
I am trying the SSL Inspection with Squid and Clam AV, all worrks fine with most sites, but there are some sites
like Windows Update or Cisco or adobe sites and so on that can cause issue

The problem is the same for all these  sites
QuoteThe following error was encountered while trying to retrieve the URL: https://72.163.4.74/*

    Failed to establish a secure connection to 72.163.4.74

The system returned:

    (92) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

    Handshake with SSL server failed: error:141A10F4:SSL routines:ossl_statem_client_read_transition:unexpected message

This proxy and the remote host failed to negotiate a mutually acceptable security settings for handling your request. It is possible that the remote host does not support secure connections, or the proxy is not satisfied with the host security credentials.

Your cache administrator is admin@localhost.local.

the problem can be solved by manually changing the squid configuration in CLI, unfortunately, however, if for any reason changes are made to the configuration via GUI, the changes made by editing the configuration in CLI are lost because the file is regenerated from scratch.

You could implement fields to make these changes directly from the GUI ?

Best Regards

A.V

#4
Italian - Italiano / Squid, Ssl Nobump and Windows Update.
February 19, 2020, 09:55:13 PM
Salve a tutti,
è il mio primo post qui sul forum italiano.
Ho problemi a configurare squid con gli update di windows 10 .
utilizzo squid con l'ispezione SSL attivata e CLAM, AV
in pratica  c'è un errore da qualche parte nella catena dei certificati.
se provo a contattare l'url incriminato (lod di Windoews update )  dal browser ottengo questo
https://fe3cr.delivery.mp.microsoft.com/
QuoteThe following error was encountered while trying to retrieve the URL: https://fe3cr.delivery.mp.microsoft.com/*

    Failed to establish a secure connection to 191.232.139.2

The system returned:

    (92) Protocol error (TLS code: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)

    SSL Certficate error: certificate issuer (CA) not known: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft ECC Product Root Certificate Authority 2018

This proxy and the remote host failed to negotiate a mutually acceptable security settings for handling your request. It is possible that the remote host does not support secure connections, or the proxy is not satisfied with the host security credentials.

Your cache administrator is admin@localhost.local.

ho visto che sul forum tedesco piu o meno c'è una soluzione,ma vorrei capire bene quelli che devo fare
sinceramente non mi va di incasinare il file di configurazione di squid senza motivo

Qualcuno puo darmi una mano ?



Cordiali Saluti

A.V.

Opnsense 20.1
x86

#5
General Discussion / Feature Request Sandbox.
January 23, 2020, 02:20:34 PM
I was checking the new features of Fortinet firewalls, and I found a couple of things interesting the first is the integration with a sandbox, which allows you to analyze the behavior of suspicious files even with 0 day viruses.
and the second is the Intent based segmentation and ZERO Trust concept.

Check this   videos for more detail

https://www.youtube.com/watch?v=k6s6g3mTWW8

https://www.youtube.com/watch?v=J6217_AL4ps

https://www.youtube.com/watch?v=0dAx-44gC2I

Pages1