can't block streaming

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

can't block streaming

Vacheslav

Peace,

I tired searching and debugging but I couldn’t find a solution, whatever I do youtube keeps working.

Here is my configuration:

 

 

# Recommended minimum configuration:

#

 

# Example rule allowing access from your local networks.

# Adapt to list your (internal) IP networks from where browsing

# should be allowed

acl localnet src 10.0.0.0/8              # RFC1918 possible internal network

#acl localnet src 172.16.0.0/12    # RFC1918 possible internal network

#acl localnet src 192.168.0.0/16  # RFC1918 possible internal network

#acl localnet src fc00::/7       # RFC 4193 local private network range

#acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

 

acl SSL_ports port 443

acl Safe_ports port 80                    # http

acl Safe_ports port 21                    # ftp

acl Safe_ports port 443                  # https

acl Safe_ports port 70                    # gopher

acl Safe_ports port 210                  # wais

acl Safe_ports port 1025-65535  # unregistered ports

acl Safe_ports port 280                  # http-mgmt

acl Safe_ports port 488                  # gss-http

acl Safe_ports port 591                  # filemaker

acl Safe_ports port 777                  # multiling http

acl CONNECT method CONNECT

acl blockfiles urlpath_regex -i "/etc/squid/blocks.files.acl"

 

 

 

# Media Streams

 

 

## MediaPlayer MMS Protocol

acl media rep_mime_type mms

acl mediapr url_regex dvrplayer mediastream ^mms://

## (Squid does not yet handle the URI as a known proto type.)

 

 

## Active Stream Format (Windows Media Player)

acl media rep_mime_type x-ms-asf

acl mediapr1 urlpath_regex \.(afx|asf)(\?.*)?$

 

 

## Flash Video Format

acl media rep_mime_type video/flv video/x-flv

acl mediapr2 urlpath_regex \.flv(\?.*)?$

 

 

## Flash General Media Scripts (Animation)

acl media rep_mime_type application/x-shockwave-flash

acl mediapr3 urlpath_regex \.swf(\?.*)?$

 

 

## Others currently unknown

acl media rep_mime_type ms-hdr

acl media rep_mime_type x-fcs

 

 

http_access deny mediapr

http_access deny mediapr1

http_access deny mediapr2

http_access deny mediapr3

http_reply_access deny media

#

# Recommended minimum Access Permission configuration:

#

# Deny requests to certain unsafe ports

http_access deny !Safe_ports

 

# Deny CONNECT to other than secure SSL ports

http_access deny CONNECT !SSL_ports

 

# Only allow cachemgr access from localhost

http_access allow localhost manager

http_access deny manager

 

# We strongly recommend the following be uncommented to protect innocent

# web applications running on the proxy server who think the only

# one who can access services on "localhost" is a local user

#http_access deny to_localhost

 

# Deny all blocked extension

error_directory /usr/share/squid/errors/en

deny_info ERR_BLOCKED_FILES blockfiles

http_access deny blockfiles

 

#

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

#

 

# Example rule allowing access from your local networks.

# Adapt localnet in the ACL section to list your (internal) IP networks

# from where browsing should be allowed

http_access allow localnet

 

# Allow localhost always proxy functionality

http_access allow localhost

 

# And finally deny all other access to this proxy

http_access deny all

 

# Squid normally listens to port 3128

http_port 3128

 

# Uncomment and adjust the following to add a disk cache directory.

#cache_dir aufs /var/cache/squid 100 16 256

 

# Leave coredumps in the first cache dir

coredump_dir /var/cache/squid

 

#

# Add any of your own refresh_pattern entries above these.

#

refresh_pattern ^ftp:                     1440       20%        10080

refresh_pattern ^gopher:            1440       0%          1440

refresh_pattern -i (/cgi-bin/|\?) 0             0%          0

refresh_pattern .                             0              20%        4320

 

#url_rewrite_program /usr/sbin/squidGuard

#url_rewrite_children 5

#debug_options ALL,1 33,2 28,9

 

And where must I place the before last 2 lines in order for squid guard to work?


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: can't block streaming

Amos Jeffries
Administrator
On 31/10/17 22:05, Vacheslav wrote:
> Peace,
>
> I tired searching and debugging but I couldn’t find a solution, whatever
> I do youtube keeps working.
>
> Here is my configuration:
...
> # Media Streams
>
> ## MediaPlayer MMS Protocol
>
> acl media rep_mime_type mms
>
> acl mediapr url_regex dvrplayer mediastream ^mms://
>
> ## (Squid does not yet handle the URI as a known proto type.)

Unsupported URI schemes should result in the client receiving an HTTP
error page instead of Squid handling the traffic.

Which also explains your problems: the Browser is either not using the
proxy at all for this traffic, or sending the traffic through a CONNECT
tunnel that is allowed to be created for other reasons.

...

> # We strongly recommend the following be uncommented to protect innocent
>
> # web applications running on the proxy server who think the only
>
> # one who can access services on "localhost" is a local user
>
> #http_access deny to_localhost
>
> # Deny all blocked extension
>
> error_directory /usr/share/squid/errors/en
>
> deny_info ERR_BLOCKED_FILES blockfiles
>
> http_access deny blockfiles
>
> #
>
> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
>

Please read the above line, and consider all the custom rules you placed
above it.

...

>
> #url_rewrite_program /usr/sbin/squidGuard
>
> #url_rewrite_children 5
>
> #debug_options ALL,1 33,2 28,9
>
> And where must I place the before last 2 lines in order for squid guard
> to work?
>

Right there where they are in your config will do.

What do you expect SquidGuard to do?

If Squid itself cannot identify any URLs with "mms://" scheme there is
no hope of SG being passed the non-existent URLs.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: can't block streaming

Amos Jeffries
Administrator
On 01/11/17 21:54, Vacheslav wrote:

> Thanks for your time,
>
> -----Original Message-----
> From: Amos Jeffries
> Sent: Tuesday, October 31, 2017 5:45 PM
>
> On 31/10/17 22:05, Vacheslav wrote:
>> Peace,
>>
>> I tired searching and debugging but I couldn’t find a solution,
>> whatever I do youtube keeps working.
>>
>> Here is my configuration:
> ...
>> # Media Streams
>>
>> ## MediaPlayer MMS Protocol
>>
>> acl media rep_mime_type mms
>>
>> acl mediapr url_regex dvrplayer mediastream ^mms://
>>
>> ## (Squid does not yet handle the URI as a known proto type.)
>
>> Unsupported URI schemes should result in the client receiving an HTTP error page instead of Squid handling the traffic.
>
>> Which also explains your problems: the Browser is either not using the proxy at all for this traffic, or sending the traffic through a CONNECT tunnel that is allowed to be created for other reasons.
>
> Well I tried unchecking automatically detect proxy settings. There are 2 network cards on the squid, one with a gateway, the same  is used as the proxy ip port 3128 and youtube is not in the bypass proxylist. I tried using opera, the same result.

Things like YT do not have to be on any bypass list to avoid the proxy.
It just has to have a URL scheme for some protocol the browser detects
as not able to go through the HTTP-only proxy. eg "mms:"

Since mms:// means a non-HTTP protocol and it is not commonly supported
by HTTP proxies, the browsers usually send it directly to the mms
protocol port(s) AFAIK.


> What do you mean by a connect tunnel?

Things like this:

"
  CONNECT r1---sn-ntqe6n76.googlevideo.com:443 HTTP/1.1

  ... non-HTTP data stream.
"

Which tells Squid to open a TCP connection to the named server and port.
That is how a YouTube video I'm watching right now is currently going
through a test Squid. The browser of course shows it as a GET request
for some https: URI, but the proxy only sees that CONNECT.

To see what is inside that particular port 443 tunnel one has to use
SSL_Bump feature to decrypt the HTTPS protocol that is supposed to be on
that port.


> ...
>
>> # We strongly recommend the following be uncommented to protect
>> innocent
>>
>> # web applications running on the proxy server who think the only
>>
>> # one who can access services on "localhost" is a local user
>>
>> #http_access deny to_localhost
>>
>> # Deny all blocked extension
>>
>> error_directory /usr/share/squid/errors/en
>>
>> deny_info ERR_BLOCKED_FILES blockfiles
>>
>> http_access deny blockfiles
>>
>> #
>>
>> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
>>
>
>> Please read the above line, and consider all the custom rules you placed above it.
> I moved the below text to under
> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
>
> http_access deny mediapr
> http_access deny mediapr1
> http_access deny mediapr2
> http_access deny mediapr3
> http_reply_access deny media
> ...
>>
>> #url_rewrite_program /usr/sbin/squidGuard
>>
>> #url_rewrite_children 5
>>
>> #debug_options ALL,1 33,2 28,9
>>
>> And where must I place the before last 2 lines in order for squid
>> guard to work?
>>
>
>> Right there where they are in your config will do.
>
>> What do you expect SquidGuard to do?
>
> At first, I thought squid guard is needed to block file extension, then I discovered that it blocks urls so it is not a bad idea to block porn sites and porn search terms.

Ah, I see. Well, if you are new to it I advise to try using squid.conf
ACLs first. Sending things to helpers is quite I/O and memory intensive
and most of what SG does can be done better by modern Squid.

Also, SquidGuard specifically is very outdated software and no longer
maintained. If you have to do access control in a helper at all it is
better to use the external_acl_type interface and other helpers that
meet the more specific need.


>
>> If Squid itself cannot identify any URLs with "mms://" scheme there is no hope of SG being passed the non-existent URLs.
>
> This I didn't digest!
>

See above with the CONNECT example. *If* the request is actually going
through the proxy, the URI as far as Squid can see would be something
like "r1---sn-ntqe6n76.googlevideo.com:443", or maybe just a raw-IP and
port.

So what Squid can pass the URI helper is only that origin-form URI, not
the encrypted (if HTTPS) or tunneled (if non-HTTP/HTTPS) absolute-URI
stuff where the scheme is.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: can't block streaming

Vacheslav


-----Original Message-----
From: squid-users [mailto:[hidden email]] On Behalf Of Amos Jeffries
Sent: Wednesday, November 1, 2017 3:52 PM
To: [hidden email]
Subject: Re: [squid-users] can't block streaming

On 01/11/17 21:54, Vacheslav wrote:

> Thanks for your time,
>
> -----Original Message-----
> From: Amos Jeffries
> Sent: Tuesday, October 31, 2017 5:45 PM
>
> On 31/10/17 22:05, Vacheslav wrote:
>> Peace,
>>
>> I tired searching and debugging but I couldn’t find a solution,
>> whatever I do youtube keeps working.
>>
>> Here is my configuration:
> ...
>> # Media Streams
>>
>> ## MediaPlayer MMS Protocol
>>
>> acl media rep_mime_type mms
>>
>> acl mediapr url_regex dvrplayer mediastream ^mms://
>>
>> ## (Squid does not yet handle the URI as a known proto type.)
>
>> Unsupported URI schemes should result in the client receiving an HTTP
>> error page instead of Squid handling the traffic.
>
>> Which also explains your problems: the Browser is either not using
>> the proxy at all for this traffic, or sending the traffic through a
>> CONNECT tunnel that is allowed to be created for other reasons.
>
> Well I tried unchecking automatically detect proxy settings. There are
> 2 network cards on the squid, one with a gateway, the same  is used as
> the proxy ip port 3128 and youtube is not in the bypass proxylist. I
> tried using opera, the same result.

>Things like YT do not have to be on any bypass list to avoid the proxy.
>It just has to have a URL scheme for some protocol the browser detects as not able to go through the HTTP-only proxy. eg "mms:"

>Since mms:// means a non-HTTP protocol and it is not commonly supported by HTTP proxies, the browsers usually send it directly >to the mms protocol port(s) AFAIK.

Well I tired switching the ip of the pc to one that can't do http and https at all without proxy. I tested it without proxy enabled and internet sites don't open, I switched the proxy back on and youtube works when it is forbidden.


> What do you mean by a connect tunnel?

>Things like this:

"
  >CONNECT r1---sn-ntqe6n76.googlevideo.com:443 HTTP/1.1

  >... non-HTTP data stream.
"

>Which tells Squid to open a TCP connection to the named server and port.
That is how a YouTube video I'm watching right now is currently going through a test Squid. The browser of course shows it as a GET request for some https: URI, but the proxy only sees that CONNECT.

To see what is inside that particular port 443 tunnel one has to use SSL_Bump feature to decrypt the HTTPS protocol that is supposed to be on that port.


> ...
>
>> # We strongly recommend the following be uncommented to protect
>> innocent
>>
>> # web applications running on the proxy server who think the only
>>
>> # one who can access services on "localhost" is a local user
>>
>> #http_access deny to_localhost
>>
>> # Deny all blocked extension
>>
>> error_directory /usr/share/squid/errors/en
>>
>> deny_info ERR_BLOCKED_FILES blockfiles
>>
>> http_access deny blockfiles
>>
>> #
>>
>> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
>>
>
>> Please read the above line, and consider all the custom rules you
>> placed above it.
> I moved the below text to under
> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
>
> http_access deny mediapr
> http_access deny mediapr1
> http_access deny mediapr2
> http_access deny mediapr3
> http_reply_access deny media
> ...
>>
>> #url_rewrite_program /usr/sbin/squidGuard
>>
>> #url_rewrite_children 5
>>
>> #debug_options ALL,1 33,2 28,9
>>
>> And where must I place the before last 2 lines in order for squid
>> guard to work?
>>
>
>> Right there where they are in your config will do.
>
>> What do you expect SquidGuard to do?
>
> At first, I thought squid guard is needed to block file extension,
> then I discovered that it blocks urls so it is not a bad idea to block
> porn sites and porn search terms.

>Ah, I see. Well, if you are new to it I advise to try using squid.conf ACLs first. Sending things to helpers is quite I/O and memory intensive and most of what SG does can be done better by modern Squid.

Also, SquidGuard specifically is very outdated software and no longer maintained. If you have to do access control in a helper at all it is better to use the external_acl_type interface and other helpers that meet the more specific need.

Well then, I'll go with your advice and not use prehistoric software.

>
>> If Squid itself cannot identify any URLs with "mms://" scheme there
>> is no hope of SG being passed the non-existent URLs.
>
> This I didn't digest!
>

>See above with the CONNECT example. *If* the request is actually going through the proxy, the URI as far as Squid can see would be something like "r1---sn-ntqe6n76.googlevideo.com:443", or maybe just a raw-IP and port.

So what Squid can pass the URI helper is only that origin-form URI, not the encrypted (if HTTPS) or tunneled (if non-HTTP/HTTPS) absolute-URI stuff where the scheme is.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: can't block streaming

Amos Jeffries
Administrator
On 03/11/17 22:42, Vacheslav wrote:

>
>
> -----Original Message-----
> From: Amos Jeffries
> Sent: Wednesday, November 1, 2017 3:52 PM
>
> On 01/11/17 21:54, Vacheslav wrote:
>> Thanks for your time,
>>
>> -----Original Message-----
>> From: Amos Jeffries
>> Sent: Tuesday, October 31, 2017 5:45 PM
>>
>> On 31/10/17 22:05, Vacheslav wrote:
>>> Peace,
>>>
>>> I tired searching and debugging but I couldn’t find a solution,
>>> whatever I do youtube keeps working.
>>>
>>> Here is my configuration:
>> ...
>>> # Media Streams
>>>
>>> ## MediaPlayer MMS Protocol
>>>
>>> acl media rep_mime_type mms
>>>
>>> acl mediapr url_regex dvrplayer mediastream ^mms://
>>>
>>> ## (Squid does not yet handle the URI as a known proto type.)
>>
>>> Unsupport> To: [hidden email]
> Subject: Re: [squid-users] can't block streaming
ed URI schemes should result in the client receiving an HTTP

>>> error page instead of Squid handling the traffic.
>>
>>> Which also explains your problems: the Browser is either not using
>>> the proxy at all for this traffic, or sending the traffic through a
>>> CONNECT tunnel that is allowed to be created for other reasons.
>>
>> Well I tried unchecking automatically detect proxy settings. There are
>> 2 network cards on the squid, one with a gateway, the same  is used as
>> the proxy ip port 3128 and youtube is not in the bypass proxylist. I
>> tried using opera, the same result.
>
>> Things like YT do not have to be on any bypass list to avoid the proxy.
>> It just has to have a URL scheme for some protocol the browser detects as not able to go through the HTTP-only proxy. eg "mms:"
>
>> Since mms:// means a non-HTTP protocol and it is not commonly supported by HTTP proxies, the browsers usually send it directly >to the mms protocol port(s) AFAIK.
>
> Well I tired switching the ip of the pc to one that can't do http and https at all without proxy. I tested it without proxy enabled and internet sites don't open, I switched the proxy back on and youtube works when it is forbidden.
>

That test is not conclusive enough I'm afraid. YouTube system is very
complex and requires about a dozen transactions to take place in order
to find the video content. Any one of those HTTP(S) responses may
reference a non-HTTP video type as being in use at the end of the chain
so your ACLs dont block it specifically.

That complexity might make it _seem_ easier to 'block' YT videos by
breaking the chain of transactions. But unfortunately you have to
isolate and block the right ones for that to happen without letting the
client do any failover behaviour it might be capable of. AND many of
them are buried inside encrypted tunnels nowdays.

So blocking one of Google service usually means blocking large areas, or
all, of their other services as well. Unless you want to go down the
MITM road and decrypt the HTTPS at the proxy - with limited success even
then thanks to the cert pinning Google does.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: can't block streaming

Marcus Kool
In reply to this post by Vacheslav
It is not clear what exactly you want to achieve.
Block everything from youtube ?

Amos told you that squidGuard is not maintained for many years but forgot to mention that ufdbGuard does the same thing and has regular updates.
ufdbGuard has a feature to block a set of Youtube videos identified by the video ID and automagically block all related images too.

Marcus


On 03/11/17 07:42, Vacheslav wrote:

>
>
> -----Original Message-----
> From: squid-users [mailto:[hidden email]] On Behalf Of Amos Jeffries
> Sent: Wednesday, November 1, 2017 3:52 PM
> To: [hidden email]
> Subject: Re: [squid-users] can't block streaming
>
> On 01/11/17 21:54, Vacheslav wrote:
>> Thanks for your time,
>>
>> -----Original Message-----
>> From: Amos Jeffries
>> Sent: Tuesday, October 31, 2017 5:45 PM
>>
>> On 31/10/17 22:05, Vacheslav wrote:
>>> Peace,
>>>
>>> I tired searching and debugging but I couldn’t find a solution,
>>> whatever I do youtube keeps working.
>>>
>>> Here is my configuration:
>> ...
>>> # Media Streams
>>>
>>> ## MediaPlayer MMS Protocol
>>>
>>> acl media rep_mime_type mms
>>>
>>> acl mediapr url_regex dvrplayer mediastream ^mms://
>>>
>>> ## (Squid does not yet handle the URI as a known proto type.)
>>
>>> Unsupported URI schemes should result in the client receiving an HTTP
>>> error page instead of Squid handling the traffic.
>>
>>> Which also explains your problems: the Browser is either not using
>>> the proxy at all for this traffic, or sending the traffic through a
>>> CONNECT tunnel that is allowed to be created for other reasons.
>>
>> Well I tried unchecking automatically detect proxy settings. There are
>> 2 network cards on the squid, one with a gateway, the same  is used as
>> the proxy ip port 3128 and youtube is not in the bypass proxylist. I
>> tried using opera, the same result.
>
>> Things like YT do not have to be on any bypass list to avoid the proxy.
>> It just has to have a URL scheme for some protocol the browser detects as not able to go through the HTTP-only proxy. eg "mms:"
>
>> Since mms:// means a non-HTTP protocol and it is not commonly supported by HTTP proxies, the browsers usually send it directly >to the mms protocol port(s) AFAIK.
>
> Well I tired switching the ip of the pc to one that can't do http and https at all without proxy. I tested it without proxy enabled and internet sites don't open, I switched the proxy back on and youtube works when it is forbidden.
>
>
>> What do you mean by a connect tunnel?
>
>> Things like this:
>
> "
>    >CONNECT r1---sn-ntqe6n76.googlevideo.com:443 HTTP/1.1
>
>    >... non-HTTP data stream.
> "
>
>> Which tells Squid to open a TCP connection to the named server and port.
> That is how a YouTube video I'm watching right now is currently going through a test Squid. The browser of course shows it as a GET request for some https: URI, but the proxy only sees that CONNECT.
>
> To see what is inside that particular port 443 tunnel one has to use SSL_Bump feature to decrypt the HTTPS protocol that is supposed to be on that port.
>
>
>> ...
>>
>>> # We strongly recommend the following be uncommented to protect
>>> innocent
>>>
>>> # web applications running on the proxy server who think the only
>>>
>>> # one who can access services on "localhost" is a local user
>>>
>>> #http_access deny to_localhost
>>>
>>> # Deny all blocked extension
>>>
>>> error_directory /usr/share/squid/errors/en
>>>
>>> deny_info ERR_BLOCKED_FILES blockfiles
>>>
>>> http_access deny blockfiles
>>>
>>> #
>>>
>>> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
>>>
>>
>>> Please read the above line, and consider all the custom rules you
>>> placed above it.
>> I moved the below text to under
>> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
>>
>> http_access deny mediapr
>> http_access deny mediapr1
>> http_access deny mediapr2
>> http_access deny mediapr3
>> http_reply_access deny media
>> ...
>>>
>>> #url_rewrite_program /usr/sbin/squidGuard
>>>
>>> #url_rewrite_children 5
>>>
>>> #debug_options ALL,1 33,2 28,9
>>>
>>> And where must I place the before last 2 lines in order for squid
>>> guard to work?
>>>
>>
>>> Right there where they are in your config will do.
>>
>>> What do you expect SquidGuard to do?
>>
>> At first, I thought squid guard is needed to block file extension,
>> then I discovered that it blocks urls so it is not a bad idea to block
>> porn sites and porn search terms.
>
>> Ah, I see. Well, if you are new to it I advise to try using squid.conf ACLs first. Sending things to helpers is quite I/O and memory intensive and most of what SG does can be done better by modern Squid.
>
> Also, SquidGuard specifically is very outdated software and no longer maintained. If you have to do access control in a helper at all it is better to use the external_acl_type interface and other helpers that meet the more specific need.
>
> Well then, I'll go with your advice and not use prehistoric software.
>
>>
>>> If Squid itself cannot identify any URLs with "mms://" scheme there
>>> is no hope of SG being passed the non-existent URLs.
>>
>> This I didn't digest!
>>
>
>> See above with the CONNECT example. *If* the request is actually going through the proxy, the URI as far as Squid can see would be something like "r1---sn-ntqe6n76.googlevideo.com:443", or maybe just a raw-IP and port.
>
> So what Squid can pass the URI helper is only that origin-form URI, not the encrypted (if HTTPS) or tunneled (if non-HTTP/HTTPS) absolute-URI stuff where the scheme is.
>
> Amos
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
>
>
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
>
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users